[Freeipa-users] Re: How to I get FreeIPA running in Docker Swarm?

Mon, 25 Sep 2023 14:41:47 -0700 

On Fri, Sep 22, 2023 at 12:10:50PM -0000, Jay Smith via FreeIPA-users wrote:
> I have the following Setup.
> 
> MK_INTERNAL_SUB_DOMAIN=example.test
> MK_FREEIPA_SERVER_REALM=EXAMPLE.TEST
> MK_FREEIPA_SERVER_DS_PASSWORD=password
> MK_FREEIPA_SERVER_ADMIN_PASSWORD=password
> MK_FREEIPA_SERVER_DNS_REVERSE_ZONE=0.18.172.in-addr.arpa
> MK_FREEIPA_SERVER_IP=172.18.0.10
> MK_FREEIPA_SERVER_DOMAIN_NAME=ipa.example.test
> 
> docker service create \
>     --hostname ${MK_FREEIPA_SERVER_DOMAIN_NAME} \
>     --name ipa \
>     --sysctl net.ipv6.conf.all.disable_ipv6=0 \
>     -e "IPA_SERVER_HOSTNAME=${MK_FREEIPA_SERVER_DOMAIN_NAME}" \
>     -e "IPA_SERVER_IP=${MK_FREEIPA_SERVER_IP}" \
>     -e "DEBUG_NO_EXIT=1" \
>     -e "DEBUG_TRACE=1" \
>     --ip "${MK_FREEIPA_SERVER_IP}" \
>     --add-host "${MK_FREEIPA_SERVER_DOMAIN_NAME}:${MK_FREEIPA_SERVER_IP}" \
>     -p "443:443" \
>     --privileged=true \
>     freeipa/freeipa-server:fedora-38-4.10.2 \
>     --skip-mem-check \
>     --domain=${MK_INTERNAL_SUB_DOMAIN} \
>     --realm=${MK_FREEIPA_SERVER_REALM} \
>     --ds-password=${MK_FREEIPA_SERVER_DS_PASSWORD} \
>     --ip-address=${MK_FREEIPA_SERVER_IP} \
>     --admin-password=${MK_FREEIPA_SERVER_ADMIN_PASSWORD} \
>     --no-host-dns \
>     --unattended \
>     --setup-dns \
>     --allow-zone-overlap \
>     --auto-reverse \
>     --reverse-zone=${MK_FREEIPA_SERVER_DNS_REVERSE_ZONE} \
>     --auto-forwarders \
>     --no-ntp 
> 
> The first problem is I can't run the container in privileged mode

Which is a good news -- you shouldn't be doing that anyway.

> and --ip and --add-host options are missing.

Why do you need those? And if you think you need those, why do you try
to use the swarm mode when by very nature of the FreeIPA server you
will not be able to use swarm scaling.

-- 
Jan Pazdziora | OpenShift AI | Red Hat 
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to