subject:"\[Freeipa\-users\] Free IPA Client in Docker"

Re: [Freeipa-users] Free IPA Client in Docker

2016-05-11 Thread Outback Dingo

On Wed, May 11, 2016 at 5:53 PM, Jan Pazdziora 
wrote:

> On Wed, May 11, 2016 at 05:33:55PM +0200, Outback Dingo wrote:
> > > On Wed, May 11, 2016 at 04:19:48PM +0200, Martin Basti wrote:
> > > >
> > > > https://hub.docker.com/r/adelton/freeipa-server/
> > >
> > > Also http://www.freeipa.org/page/Docker and
> > > https://github.com/adelton/docker-freeipa.
> >
> > great now the question im afraid to ask is how can i migrate my running
> > FreeIPA into the docker freeipa and save myself a whole server :)
>
> Start by understanding that FreeIPA in container is still proof of
> concept.
>
> You probably already have at least one replica -- just create the
> FreeIPA server in the container as another replica in your environment.
> That way you can test it gradually -- point clients to it, add it to
> DNS. I would not recommend attempting to convert existing installation
> in one swoop, by replacing it in place.
>

yupp step by step, small personal enviironment mostly for personal dev lab
and dns for my domains.

>
> --
> Jan Pazdziora
> Senior Principal Software Engineer, Identity Management Engineering, Red
> Hat
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Free IPA Client in Docker

2016-05-11 Thread Jan Pazdziora

On Wed, May 11, 2016 at 05:33:55PM +0200, Outback Dingo wrote:
> > On Wed, May 11, 2016 at 04:19:48PM +0200, Martin Basti wrote:
> > >
> > > https://hub.docker.com/r/adelton/freeipa-server/
> >
> > Also http://www.freeipa.org/page/Docker and
> > https://github.com/adelton/docker-freeipa.
>
> great now the question im afraid to ask is how can i migrate my running
> FreeIPA into the docker freeipa and save myself a whole server :)

Start by understanding that FreeIPA in container is still proof of
concept.

You probably already have at least one replica -- just create the
FreeIPA server in the container as another replica in your environment.
That way you can test it gradually -- point clients to it, add it to
DNS. I would not recommend attempting to convert existing installation
in one swoop, by replacing it in place.

-- 
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Free IPA Client in Docker

2016-05-11 Thread Outback Dingo

On Wed, May 11, 2016 at 4:31 PM, Jan Pazdziora 
wrote:

> On Wed, May 11, 2016 at 04:19:48PM +0200, Martin Basti wrote:
> > On 11.05.2016 16:13, Outback Dingo wrote:
> > >
> > >not to fork the subject, but it would be nice it there was a freeipa
> > >server on docker
> >
> > https://hub.docker.com/r/adelton/freeipa-server/
>
> Also http://www.freeipa.org/page/Docker and
> https://github.com/adelton/docker-freeipa.
>
>
great now the question im afraid to ask is how can i migrate my running
FreeIPA into the docker freeipa and save myself a whole server :)


> --
> Jan Pazdziora
> Senior Principal Software Engineer, Identity Management Engineering, Red
> Hat
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Free IPA Client in Docker

2016-05-11 Thread Jan Pazdziora

On Wed, May 11, 2016 at 04:19:48PM +0200, Martin Basti wrote:
> On 11.05.2016 16:13, Outback Dingo wrote:
> >
> >not to fork the subject, but it would be nice it there was a freeipa
> >server on docker
> 
> https://hub.docker.com/r/adelton/freeipa-server/

Also http://www.freeipa.org/page/Docker and
https://github.com/adelton/docker-freeipa.

-- 
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Free IPA Client in Docker

2016-05-11 Thread Outback Dingo

On Wed, May 11, 2016 at 4:19 PM, Martin Basti  wrote:

>
>
> On 11.05.2016 16:13, Outback Dingo wrote:
>
>
>
> On Wed, May 11, 2016 at 3:50 PM, Jan Pazdziora 
> wrote:
>
>> On Tue, May 03, 2016 at 09:27:44PM +, Hosakote Nagesh, Pawan wrote:
>> > Our apps are running in a docker image based on Ubuntu 14.04 that
>> cannot be changed to redhat. We want to install freeipa-clietn within this
>> docker so that our app
>> > Uses freeipa ldap as against default ldap.
>> >
>> > The freeipa-client gets successfully installed in Ubuntu 14.04 plain
>> machine, that why is why I am hoping making it run in a Ubun14.04 docker
>> should also be very much possible.
>> >
>> > As you can see the things get stuck in not starting bus process
>> properly(this problem is not seen in ubuntu on plain machine). I cannot see
>> much debug statements by enabling —debug option in ipa-client-install.
>> > Its not clear why this process doesn’t get started and what is missing
>> in container as against plain machine which is making this install fail.
>> >
>> > I am on to this issue for 2 full days now. I am pasting whatever debug
>> statements I got during install, here:
>> >
>> > Command
>> > —
>> > ipa-client-install —domain= —server=  hostname=
>> jupyterhub.com --no-ntp --no-dns-sshfp
>> >
>> >
>> >
>> > Log (After Error starts to happen)
>> > —
>> > Attached
>> >
>> > My main suspect is dbus service unable to start in this container where
>> it launches on a plain machine.
>>
>> Certainly.
>>
>> What steps did you take to make dbus startable in the container? Do
>> you have the dbus package installed?
>>
>>
> not to fork the subject, but it would be nice it there was a freeipa
> server on docker
>
>
> https://hub.docker.com/r/adelton/freeipa-server/
>
> this?
>


possibly, maybe, ive not tried to deploy this under DC/OS mesosphere yet...
might give it a go


>
>
>
>> --
>> Jan Pazdziora
>> Senior Principal Software Engineer, Identity Management Engineering, Red
>> Hat
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
>
>
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Free IPA Client in Docker

2016-05-11 Thread Martin Basti




On 11.05.2016 16:13, Outback Dingo wrote:



On Wed, May 11, 2016 at 3:50 PM, Jan Pazdziora > wrote:


On Tue, May 03, 2016 at 09:27:44PM +, Hosakote Nagesh, Pawan
wrote:
> Our apps are running in a docker image based on Ubuntu 14.04
that cannot be changed to redhat. We want to install
freeipa-clietn within this docker so that our app
> Uses freeipa ldap as against default ldap.
>
> The freeipa-client gets successfully installed in Ubuntu 14.04
plain machine, that why is why I am hoping making it run in a
Ubun14.04 docker should also be very much possible.
>
> As you can see the things get stuck in not starting bus process
properly(this problem is not seen in ubuntu on plain machine). I
cannot see much debug statements by enabling —debug option in
ipa-client-install.
> Its not clear why this process doesn’t get started and what is
missing in container as against plain machine which is making this
install fail.
>
> I am on to this issue for 2 full days now. I am pasting whatever
debug statements I got during install, here:
>
> Command
> —
> ipa-client-install —domain= —server= 
hostname=jupyterhub.com  --no-ntp
--no-dns-sshfp
>
>
>
> Log (After Error starts to happen)
> —
> Attached
>
> My main suspect is dbus service unable to start in this
container where it launches on a plain machine.

Certainly.

What steps did you take to make dbus startable in the container? Do
you have the dbus package installed?


not to fork the subject, but it would be nice it there was a freeipa 
server on docker


https://hub.docker.com/r/adelton/freeipa-server/

this?


--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management
Engineering, Red Hat

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project






-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Free IPA Client in Docker

2016-05-11 Thread Outback Dingo

On Wed, May 11, 2016 at 3:50 PM, Jan Pazdziora 
wrote:

> On Tue, May 03, 2016 at 09:27:44PM +, Hosakote Nagesh, Pawan wrote:
> > Our apps are running in a docker image based on Ubuntu 14.04 that cannot
> be changed to redhat. We want to install freeipa-clietn within this docker
> so that our app
> > Uses freeipa ldap as against default ldap.
> >
> > The freeipa-client gets successfully installed in Ubuntu 14.04 plain
> machine, that why is why I am hoping making it run in a Ubun14.04 docker
> should also be very much possible.
> >
> > As you can see the things get stuck in not starting bus process
> properly(this problem is not seen in ubuntu on plain machine). I cannot see
> much debug statements by enabling —debug option in ipa-client-install.
> > Its not clear why this process doesn’t get started and what is missing
> in container as against plain machine which is making this install fail.
> >
> > I am on to this issue for 2 full days now. I am pasting whatever debug
> statements I got during install, here:
> >
> > Command
> > —
> > ipa-client-install —domain= —server=  hostname=
> jupyterhub.com --no-ntp --no-dns-sshfp
> >
> >
> >
> > Log (After Error starts to happen)
> > —
> > Attached
> >
> > My main suspect is dbus service unable to start in this container where
> it launches on a plain machine.
>
> Certainly.
>
> What steps did you take to make dbus startable in the container? Do
> you have the dbus package installed?
>
>
not to fork the subject, but it would be nice it there was a freeipa server
on docker


> --
> Jan Pazdziora
> Senior Principal Software Engineer, Identity Management Engineering, Red
> Hat
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Free IPA Client in Docker

2016-05-11 Thread Jan Pazdziora

On Tue, May 03, 2016 at 09:27:44PM +, Hosakote Nagesh, Pawan wrote:
> Our apps are running in a docker image based on Ubuntu 14.04 that cannot be 
> changed to redhat. We want to install freeipa-clietn within this docker so 
> that our app
> Uses freeipa ldap as against default ldap.
> 
> The freeipa-client gets successfully installed in Ubuntu 14.04 plain machine, 
> that why is why I am hoping making it run in a Ubun14.04 docker should also 
> be very much possible.
> 
> As you can see the things get stuck in not starting bus process properly(this 
> problem is not seen in ubuntu on plain machine). I cannot see much debug 
> statements by enabling —debug option in ipa-client-install.
> Its not clear why this process doesn’t get started and what is missing in 
> container as against plain machine which is making this install fail.
> 
> I am on to this issue for 2 full days now. I am pasting whatever debug 
> statements I got during install, here:
> 
> Command
> —
> ipa-client-install —domain= —server=  
> hostname=jupyterhub.com --no-ntp --no-dns-sshfp
> 
> 
> 
> Log (After Error starts to happen)
> —
> Attached
> 
> My main suspect is dbus service unable to start in this container where it 
> launches on a plain machine.

Certainly.

What steps did you take to make dbus startable in the container? Do
you have the dbus package installed?

-- 
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Free IPA Client in Docker

2016-05-04 Thread Rob Crittenden


Hosakote Nagesh, Pawan wrote:

Our apps are running in a docker image based on Ubuntu 14.04 that cannot be 
changed to redhat. We want to install freeipa-clietn within this docker so that 
our app
Uses freeipa ldap as against default ldap.

The freeipa-client gets successfully installed in Ubuntu 14.04 plain machine, 
that why is why I am hoping making it run in a Ubun14.04 docker should also be 
very much possible.

As you can see the things get stuck in not starting bus process properly(this 
problem is not seen in ubuntu on plain machine). I cannot see much debug 
statements by enabling debug option in ipa-client-install.
Its not clear why this process doesnt get started and what is missing in 
container as against plain machine which is making this install fail.

I am on to this issue for 2 full days now. I am pasting whatever debug 
statements I got during install, here:

Command

ipa-client-install domain= server=  
hostname=jupyterhub.com --no-ntp --no-dns-sshfp



Log (After Error starts to happen)

Attached

My main suspect is dbus service unable to start in this container where it 
launches on a plain machine.


The root of the problem appears to be:

dbus: unrecognized service

rob



-
Best,
Pawan






On 5/3/16, 2:03 PM, "Lukas Slebodnik"  wrote:


On (03/05/16 18:25), Hosakote Nagesh, Pawan wrote:

Currently this is the error I m stuck with. There isnt enough material online 
to proceed further. Failure starts with bus error..

Logs during ipa-client-install..


Synchronizing time with KDC...
Password for service_...@eaz.ebayc3.com:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=EAZ.EBAYC3.COM
Issuer:  CN=Certificate Authority,O=EAZ.EBAYC3.COM
Valid From:  Mon Dec 07 05:17:30 2015 UTC
Valid Until: Fri Dec 07 05:17:30 2035 UTC


Enrolled in IPA realm EAZ.EBAYC3.COM
Created /etc/ipa/default.conf
New SSSD config will be created
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm EAZ.EBAYC3.COM
dbus failed to start: Command '/usr/sbin/service dbus start ' returned non-zero 
exit status 1

I think the error message is clear.
There was a problem with starting dbus service within a container.


certmonger failed to stop: [Errno 2] No such file or directory: 
'/var/run/ipa/services.list'
certmonger request for host certificate failed
2016-05-02 22:11:53,099 CRIT reaped unknown pid 241)
.

On 5/3/16, 1:45 AM, "Lukas Slebodnik"  wrote:


On (29/04/16 17:16), Hosakote Nagesh, Pawan wrote:

Thanks for your quick response. I am trying this on ubuntu.

This is the bug I m facing right now: 
https://lists.launchpad.net/freeipa/msg00236.html
They say its fixed in Trusty release of Ubuntu. But it doesnt work for me. 
There is no other material also
On how to fix this dbus error.

root@jupyterhub:/#  lsb_release -rd
Description:Ubuntu 14.04.4 LTS
Release:14.04
root@jupyterhub:/#

Do I understand it correctly that you want to build your own image
based on ubuntu?

If answer is yes then I would recommend to use ubuntu xenial (16.04).

But the benefit of container technologies is that you can use
image based on different distribution and therefore it would be the
best if you could use https://hub.docker.com/r/fedora/sssd/
(which was already mentioned.


May I know why you do not want to use existing working contianer
based on image fedora/sssd.

You would save some time with troubleshooting things which were already solved.

If you want a help then please provide more info.
I assume you use docker and not lxd (based on subject)
Please share details how did you build an image and how do you
run container ...

LS




--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Free IPA Client in Docker

2016-05-04 Thread Lukas Slebodnik

On (03/05/16 21:27), Hosakote Nagesh, Pawan wrote:
>Our apps are running in a docker image based on Ubuntu 14.04 that cannot be 
>changed to redhat. We want to install freeipa-clietn within this docker so 
>that our app
>Uses freeipa ldap as against default ldap.
>
and that's the reason why you needn't care about base image
in container world.

sssd container can be based on fedora and other application
can be based on ubuntu. And they will share common directories
with unix pipes which are used communication with sssd.

In another words, you just need to install package  libnss-sss
and libpam-sss (if you need an authenticatio as well)
in client/application container
+ bind mount directories /var/lib/sss/pipes/ /var/lib/sss/mc/.

LS

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Free IPA Client in Docker

2016-05-03 Thread Hosakote Nagesh, Pawan

Our apps are running in a docker image based on Ubuntu 14.04 that cannot be 
changed to redhat. We want to install freeipa-clietn within this docker so that 
our app
Uses freeipa ldap as against default ldap.

The freeipa-client gets successfully installed in Ubuntu 14.04 plain machine, 
that why is why I am hoping making it run in a Ubun14.04 docker should also be 
very much possible.

As you can see the things get stuck in not starting bus process properly(this 
problem is not seen in ubuntu on plain machine). I cannot see much debug 
statements by enabling —debug option in ipa-client-install.
Its not clear why this process doesn’t get started and what is missing in 
container as against plain machine which is making this install fail.

I am on to this issue for 2 full days now. I am pasting whatever debug 
statements I got during install, here:

Command
—
ipa-client-install —domain= —server=  
hostname=jupyterhub.com --no-ntp --no-dns-sshfp



Log (After Error starts to happen)
—
Attached

My main suspect is dbus service unable to start in this container where it 
launches on a plain machine.

-
Best,
Pawan






On 5/3/16, 2:03 PM, "Lukas Slebodnik"  wrote:

>On (03/05/16 18:25), Hosakote Nagesh, Pawan wrote:
>>Currently this is the error I m stuck with. There isn’t enough material 
>>online to proceed further. Failure starts with bus error..
>>
>>Logs during ipa-client-install..
>>
>>
>>Synchronizing time with KDC...
>>Password for service_...@eaz.ebayc3.com: 
>>Successfully retrieved CA cert
>>Subject: CN=Certificate Authority,O=EAZ.EBAYC3.COM
>>Issuer:  CN=Certificate Authority,O=EAZ.EBAYC3.COM
>>Valid From:  Mon Dec 07 05:17:30 2015 UTC
>>Valid Until: Fri Dec 07 05:17:30 2035 UTC
>>
>>
>>Enrolled in IPA realm EAZ.EBAYC3.COM
>>Created /etc/ipa/default.conf
>>New SSSD config will be created
>>Configured /etc/sssd/sssd.conf
>>Configured /etc/krb5.conf for IPA realm EAZ.EBAYC3.COM
>>dbus failed to start: Command '/usr/sbin/service dbus start ' returned 
>>non-zero exit status 1
>I think the error message is clear.
>There was a problem with starting dbus service within a container.
>
>>certmonger failed to stop: [Errno 2] No such file or directory: 
>>'/var/run/ipa/services.list'
>>certmonger request for host certificate failed
>>2016-05-02 22:11:53,099 CRIT reaped unknown pid 241)
>>.
>>
>>On 5/3/16, 1:45 AM, "Lukas Slebodnik"  wrote:
>>
>>>On (29/04/16 17:16), Hosakote Nagesh, Pawan wrote:
Thanks for your quick response. I am trying this on ubuntu.

This is the bug I m facing right now: 
https://lists.launchpad.net/freeipa/msg00236.html 
They say its fixed in Trusty release of Ubuntu. But it doesn’t work for me. 
There is no other material also 
On how to fix this dbus error.

root@jupyterhub:/#  lsb_release -rd
Description:Ubuntu 14.04.4 LTS
Release:14.04
root@jupyterhub:/#
>>>Do I understand it correctly that you want to build your own image
>>>based on ubuntu?
>>>
>>>If answer is yes then I would recommend to use ubuntu xenial (16.04).
>>>
>>>But the benefit of container technologies is that you can use
>>>image based on different distribution and therefore it would be the
>>>best if you could use https://hub.docker.com/r/fedora/sssd/
>>>(which was already mentioned.
>>>
>May I know why you do not want to use existing working contianer
>based on image fedora/sssd.
>
>You would save some time with troubleshooting things which were already solved.
>
>If you want a help then please provide more info.
>I assume you use docker and not lxd (based on subject)
>Please share details how did you build an image and how do you
>run container ...
>
>LS
{\rtf1\ansi\ansicpg1252\cocoartf1404\cocoasubrtf460
{\fonttbl\f0\fnil\fcharset0 AndaleMono;}
{\colortbl;\red255\green255\blue255;\red47\green255\blue18;}
\margl1440\margr1440\vieww10800\viewh8400\viewkind0
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\partightenfactor0

\f0\fs38 \cf2 \cb0 \CocoaLigature0 New SSSD config will be created\
Configured /etc/sssd/sssd.conf\
Starting external process\
args=/usr/bin/certutil -A -d sql:/etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt\
Process finished, return code=0\
stdout=\
stderr=\
Backing up system configuration file '/etc/krb5.conf'\
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'\
Starting external process\
args=keyctl get_persistent @s 0\
Process finished, return code=2\
stdout=\
stderr=Unknown command\
\
Writing Kerberos configuration to /etc/krb5.conf:\
#File modified by ipa-client-install\
\
includedir /var/lib/sss/pubconf/krb5.include.d/\
\
[libdefaults]\
  default_realm = EAZ.EBAYC3.COM\
  dns_lookup_realm = false\
  dns_lookup_kdc = false\
  rdns = false\
  ticket_lifetime = 24h\
  forwardable = yes\
\
[realms]\
  EAZ.EBAYC3.COM = \{\
kdc =

Re: [Freeipa-users] Free IPA Client in Docker

2016-05-03 Thread Lukas Slebodnik

On (03/05/16 18:25), Hosakote Nagesh, Pawan wrote:
>Currently this is the error I m stuck with. There isn’t enough material online 
>to proceed further. Failure starts with bus error..
>
>Logs during ipa-client-install..
>
>
>Synchronizing time with KDC...
>Password for service_...@eaz.ebayc3.com: 
>Successfully retrieved CA cert
>Subject: CN=Certificate Authority,O=EAZ.EBAYC3.COM
>Issuer:  CN=Certificate Authority,O=EAZ.EBAYC3.COM
>Valid From:  Mon Dec 07 05:17:30 2015 UTC
>Valid Until: Fri Dec 07 05:17:30 2035 UTC
>
>
>Enrolled in IPA realm EAZ.EBAYC3.COM
>Created /etc/ipa/default.conf
>New SSSD config will be created
>Configured /etc/sssd/sssd.conf
>Configured /etc/krb5.conf for IPA realm EAZ.EBAYC3.COM
>dbus failed to start: Command '/usr/sbin/service dbus start ' returned 
>non-zero exit status 1
I think the error message is clear.
There was a problem with starting dbus service within a container.

>certmonger failed to stop: [Errno 2] No such file or directory: 
>'/var/run/ipa/services.list'
>certmonger request for host certificate failed
>2016-05-02 22:11:53,099 CRIT reaped unknown pid 241)
>.
>
>On 5/3/16, 1:45 AM, "Lukas Slebodnik"  wrote:
>
>>On (29/04/16 17:16), Hosakote Nagesh, Pawan wrote:
>>>Thanks for your quick response. I am trying this on ubuntu.
>>>
>>>This is the bug I m facing right now: 
>>>https://lists.launchpad.net/freeipa/msg00236.html 
>>>They say its fixed in Trusty release of Ubuntu. But it doesn’t work for me. 
>>>There is no other material also 
>>>On how to fix this dbus error.
>>>
>>>root@jupyterhub:/#  lsb_release -rd
>>>Description:Ubuntu 14.04.4 LTS
>>>Release:14.04
>>>root@jupyterhub:/#
>>Do I understand it correctly that you want to build your own image
>>based on ubuntu?
>>
>>If answer is yes then I would recommend to use ubuntu xenial (16.04).
>>
>>But the benefit of container technologies is that you can use
>>image based on different distribution and therefore it would be the
>>best if you could use https://hub.docker.com/r/fedora/sssd/
>>(which was already mentioned.
>>
May I know why you do not want to use existing working contianer
based on image fedora/sssd.

You would save some time with troubleshooting things which were already solved.

If you want a help then please provide more info.
I assume you use docker and not lxd (based on subject)
Please share details how did you build an image and how do you
run container ...

LS

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Free IPA Client in Docker

2016-05-03 Thread Hosakote Nagesh, Pawan

Currently this is the error I m stuck with. There isn’t enough material online 
to proceed further. Failure starts with bus error..

Logs during ipa-client-install..

Synchronizing time with KDC...
Password for service_...@eaz.ebayc3.com: 
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=EAZ.EBAYC3.COM
Issuer:  CN=Certificate Authority,O=EAZ.EBAYC3.COM
Valid From:  Mon Dec 07 05:17:30 2015 UTC
Valid Until: Fri Dec 07 05:17:30 2035 UTC

Enrolled in IPA realm EAZ.EBAYC3.COM
Created /etc/ipa/default.conf
New SSSD config will be created
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm EAZ.EBAYC3.COM
dbus failed to start: Command '/usr/sbin/service dbus start ' returned non-zero 
exit status 1
certmonger failed to stop: [Errno 2] No such file or directory: 
'/var/run/ipa/services.list'
certmonger request for host certificate failed
2016-05-02 22:11:53,099 CRIT reaped unknown pid 241)
.

.
.
.

-
Best,
Pawan

On 5/3/16, 1:45 AM, "Lukas Slebodnik"  wrote:

>On (29/04/16 17:16), Hosakote Nagesh, Pawan wrote:
>>Thanks for your quick response. I am trying this on ubuntu.
>>
>>This is the bug I m facing right now: 
>>https://lists.launchpad.net/freeipa/msg00236.html 
>>They say its fixed in Trusty release of Ubuntu. But it doesn’t work for me. 
>>There is no other material also 
>>On how to fix this dbus error.
>>
>>root@jupyterhub:/#  lsb_release -rd
>>Description:Ubuntu 14.04.4 LTS
>>Release:14.04
>>root@jupyterhub:/#
>Do I understand it correctly that you want to build your own image
>based on ubuntu?
>
>If answer is yes then I would recommend to use ubuntu xenial (16.04).
>
>But the benefit of container technologies is that you can use
>image based on different distribution and therefore it would be the
>best if you could use https://hub.docker.com/r/fedora/sssd/
>(which was already mentioned.
>
>LS

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Free IPA Client in Docker

2016-05-03 Thread Lukas Slebodnik

On (29/04/16 17:16), Hosakote Nagesh, Pawan wrote:
>Thanks for your quick response. I am trying this on ubuntu.
>
>This is the bug I m facing right now: 
>https://lists.launchpad.net/freeipa/msg00236.html 
>They say its fixed in Trusty release of Ubuntu. But it doesn’t work for me. 
>There is no other material also 
>On how to fix this dbus error.
>
>root@jupyterhub:/#  lsb_release -rd
>Description:Ubuntu 14.04.4 LTS
>Release:14.04
>root@jupyterhub:/#
Do I understand it correctly that you want to build your own image
based on ubuntu?

If answer is yes then I would recommend to use ubuntu xenial (16.04).

But the benefit of container technologies is that you can use
image based on different distribution and therefore it would be the
best if you could use https://hub.docker.com/r/fedora/sssd/
(which was already mentioned.

LS

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Free IPA Client in Docker

2016-05-02 Thread Petr Spacek

On 28.4.2016 20:14, Hosakote Nagesh, Pawan wrote:
> As a Follow up question I also wanted to know why is absolutely necessary for 
> Kerberos Client to have hostname? Wont Client initiate the connection and 
> FreeIPA server can take it from there.
> If so what is the need of FQDN for FreeIPA client at all?

FQDN is needed as a host identifier in cases where you need to use a keytab.

Kerberos Client could function without keytab but it could not host any
services and it would be less secure as the client could not verify KDC's
identity etc.

FreeIPA right now does not support keytab-less clients.

Does it answer your question?

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Free IPA Client in Docker

2016-04-30 Thread Hosakote Nagesh, Pawan

Thanks for your quick response. I am trying this on ubuntu.

This is the bug I m facing right now: 
https://lists.launchpad.net/freeipa/msg00236.html 
They say its fixed in Trusty release of Ubuntu. But it doesn’t work for me. 
There is no other material also 
On how to fix this dbus error.

root@jupyterhub:/#  lsb_release -rd
Description:Ubuntu 14.04.4 LTS
Release:14.04
root@jupyterhub:/#


-
Best,
Pawan





On 4/29/16, 2:40 AM, "Martin Kosek"  wrote:

>On 04/28/2016 08:14 PM, Hosakote Nagesh, Pawan wrote:
>> Hi,
>>   I am planning to deploy FreeIPA Client in a docker where my Apps are
>> running. However I hit a road block as there seems to be problem with the
>> docker’s hostname settings
>> In DNS records.  
>
>CCing Jan on this one. Did you try to use SSSD Docker container we already have
>instead?
>
>https://hub.docker.com/r/fedora/sssd/
>https://www.adelton.com/docs/docker/fedora-sssd-container
>
>Martin
>
>> Debug Log
>> ———
>> 
>> ipa-client-install --hostname=`hostname -f` --mkhomedir -N --force-join 
>> —debug 
>> 
>> .
>> 
>> .
>> 
>> .
>> 
>> .
>> 
>> debug
>> 
>> zone phx01.eaz.ebayc3.com.
>> 
>> update delete . IN A
>> 
>> show
>> 
>> send
>> 
>> update add . 1200 IN A 172.17.0.3
>> 
>> show
>> 
>> send
>> 
>> 
>> Starting external process
>> 
>> args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt
>> 
>> Process execution failed
>> 
>> Traceback (most recent call last):
>> 
>>   File "/usr/sbin/ipa-client-install", line 2603, in 
>> 
>> sys.exit(main())
>> 
>>   File "/usr/sbin/ipa-client-install", line 2584, in main
>> 
>> rval = install(options, env, fstore, statestore)
>> 
>>   File "/usr/sbin/ipa-client-install", line 2387, in install
>> 
>> client_dns(cli_server[0], hostname, options.dns_updates)
>> 
>>   File "/usr/sbin/ipa-client-install", line 1423, in client_dns
>> 
>> update_dns(server, hostname)
>> 
>>   File "/usr/sbin/ipa-client-install", line 1410, in update_dns
>> 
>> if do_nsupdate(update_txt):
>> 
>>   File "/usr/sbin/ipa-client-install", line 1346, in do_nsupdate
>> 
>> ipautil.run(['/usr/bin/nsupdate', '-g', UPDATE_FILE])
>> 
>>   File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 303, in 
>> run
>> 
>> close_fds=True, env=env, cwd=cwd)
>> 
>>   File "/usr/lib/python2.7/subprocess.py", line 710, in __init__
>> 
>> errread, errwrite)
>> 
>>   File "/usr/lib/python2.7/subprocess.py", line 1327, in _execute_child
>> 
>> raise child_exception
>> 
>> OSError: [Errno 2] No such file or directory
>> 
>> 
>> 
>> As a Follow up question I also wanted to know why is absolutely necessary for
>> Kerberos Client to have hostname? Wont Client initiate the connection and
>> FreeIPA server can take it from there.
>> If so what is the need of FQDN for FreeIPA client at all?
>> 
>> -
>> Best,
>> Pawan
>> 
>> 
>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Free IPA Client in Docker

2016-04-29 Thread Martin Kosek

On 04/28/2016 08:14 PM, Hosakote Nagesh, Pawan wrote:
> Hi,
>   I am planning to deploy FreeIPA Client in a docker where my Apps are
> running. However I hit a road block as there seems to be problem with the
> docker’s hostname settings
> In DNS records.  

CCing Jan on this one. Did you try to use SSSD Docker container we already have
instead?

https://hub.docker.com/r/fedora/sssd/
https://www.adelton.com/docs/docker/fedora-sssd-container

Martin

> Debug Log
> ———
> 
> ipa-client-install --hostname=`hostname -f` --mkhomedir -N --force-join 
> —debug 
> 
> .
> 
> .
> 
> .
> 
> .
> 
> debug
> 
> zone phx01.eaz.ebayc3.com.
> 
> update delete . IN A
> 
> show
> 
> send
> 
> update add . 1200 IN A 172.17.0.3
> 
> show
> 
> send
> 
> 
> Starting external process
> 
> args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt
> 
> Process execution failed
> 
> Traceback (most recent call last):
> 
>   File "/usr/sbin/ipa-client-install", line 2603, in 
> 
> sys.exit(main())
> 
>   File "/usr/sbin/ipa-client-install", line 2584, in main
> 
> rval = install(options, env, fstore, statestore)
> 
>   File "/usr/sbin/ipa-client-install", line 2387, in install
> 
> client_dns(cli_server[0], hostname, options.dns_updates)
> 
>   File "/usr/sbin/ipa-client-install", line 1423, in client_dns
> 
> update_dns(server, hostname)
> 
>   File "/usr/sbin/ipa-client-install", line 1410, in update_dns
> 
> if do_nsupdate(update_txt):
> 
>   File "/usr/sbin/ipa-client-install", line 1346, in do_nsupdate
> 
> ipautil.run(['/usr/bin/nsupdate', '-g', UPDATE_FILE])
> 
>   File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 303, in 
> run
> 
> close_fds=True, env=env, cwd=cwd)
> 
>   File "/usr/lib/python2.7/subprocess.py", line 710, in __init__
> 
> errread, errwrite)
> 
>   File "/usr/lib/python2.7/subprocess.py", line 1327, in _execute_child
> 
> raise child_exception
> 
> OSError: [Errno 2] No such file or directory
> 
> 
> 
> As a Follow up question I also wanted to know why is absolutely necessary for
> Kerberos Client to have hostname? Wont Client initiate the connection and
> FreeIPA server can take it from there.
> If so what is the need of FQDN for FreeIPA client at all?
> 
> -
> Best,
> Pawan
> 
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Free IPA Client in Docker

2016-04-29 Thread Jakub Hrozek

On Thu, Apr 28, 2016 at 06:14:30PM +, Hosakote Nagesh, Pawan wrote:
> Hi,
>   I am planning to deploy FreeIPA Client in a docker where my Apps are 
> running. However I hit a road block as there seems to be problem with the 
> docker’s hostname settings
> In DNS records.
> 
> Debug Log
> ———
> 
> ipa-client-install --hostname=`hostname -f` --mkhomedir -N --force-join —debug
> 
> .
> 
> .
> 
> .
> 
> .
> 
> debug
> 
> zone phx01.eaz.ebayc3.com.
> 
> update delete . IN A
> 
> show
> 
> send
> 
> update add . 1200 IN A 172.17.0.3
> 
> show
> 
> send
> 
> 
> Starting external process
> 
> args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt
> 
> Process execution failed
> 
> Traceback (most recent call last):
> 
>   File "/usr/sbin/ipa-client-install", line 2603, in 
> 
> sys.exit(main())
> 
>   File "/usr/sbin/ipa-client-install", line 2584, in main
> 
> rval = install(options, env, fstore, statestore)
> 
>   File "/usr/sbin/ipa-client-install", line 2387, in install
> 
> client_dns(cli_server[0], hostname, options.dns_updates)
> 
>   File "/usr/sbin/ipa-client-install", line 1423, in client_dns
> 
> update_dns(server, hostname)
> 
>   File "/usr/sbin/ipa-client-install", line 1410, in update_dns
> 
> if do_nsupdate(update_txt):
> 
>   File "/usr/sbin/ipa-client-install", line 1346, in do_nsupdate
> 
> ipautil.run(['/usr/bin/nsupdate', '-g', UPDATE_FILE])
> 
>   File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 303, in 
> run
> 
> close_fds=True, env=env, cwd=cwd)
> 
>   File "/usr/lib/python2.7/subprocess.py", line 710, in __init__
> 
> errread, errwrite)
> 
>   File "/usr/lib/python2.7/subprocess.py", line 1327, in _execute_child
> 
> raise child_exception
> 
> OSError: [Errno 2] No such file or directory

Looks like nsupdate is missing from the container?

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Free IPA Client in Docker

2016-04-28 Thread Hosakote Nagesh, Pawan

Hi,
  I am planning to deploy FreeIPA Client in a docker where my Apps are 
running. However I hit a road block as there seems to be problem with the 
docker’s hostname settings
In DNS records.

Debug Log
———

ipa-client-install --hostname=`hostname -f` --mkhomedir -N --force-join —debug

.

.

.

.

debug

zone phx01.eaz.ebayc3.com.

update delete . IN A

show

send

update add . 1200 IN A 172.17.0.3

show

send


Starting external process

args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt

Process execution failed

Traceback (most recent call last):

  File "/usr/sbin/ipa-client-install", line 2603, in 

sys.exit(main())

  File "/usr/sbin/ipa-client-install", line 2584, in main

rval = install(options, env, fstore, statestore)

  File "/usr/sbin/ipa-client-install", line 2387, in install

client_dns(cli_server[0], hostname, options.dns_updates)

  File "/usr/sbin/ipa-client-install", line 1423, in client_dns

update_dns(server, hostname)

  File "/usr/sbin/ipa-client-install", line 1410, in update_dns

if do_nsupdate(update_txt):

  File "/usr/sbin/ipa-client-install", line 1346, in do_nsupdate

ipautil.run(['/usr/bin/nsupdate', '-g', UPDATE_FILE])

  File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 303, in run

close_fds=True, env=env, cwd=cwd)

  File "/usr/lib/python2.7/subprocess.py", line 710, in __init__

errread, errwrite)

  File "/usr/lib/python2.7/subprocess.py", line 1327, in _execute_child

raise child_exception

OSError: [Errno 2] No such file or directory


As a Follow up question I also wanted to know why is absolutely necessary for 
Kerberos Client to have hostname? Wont Client initiate the connection and 
FreeIPA server can take it from there.
If so what is the need of FQDN for FreeIPA client at all?

-
Best,
Pawan
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Free IPA Client in Docker

Re: [Freeipa-users] Free IPA Client in Docker

Re: [Freeipa-users] Free IPA Client in Docker

Re: [Freeipa-users] Free IPA Client in Docker

Re: [Freeipa-users] Free IPA Client in Docker

Re: [Freeipa-users] Free IPA Client in Docker

Re: [Freeipa-users] Free IPA Client in Docker

Re: [Freeipa-users] Free IPA Client in Docker

Re: [Freeipa-users] Free IPA Client in Docker

Re: [Freeipa-users] Free IPA Client in Docker

Re: [Freeipa-users] Free IPA Client in Docker

Re: [Freeipa-users] Free IPA Client in Docker

Re: [Freeipa-users] Free IPA Client in Docker

Re: [Freeipa-users] Free IPA Client in Docker

Re: [Freeipa-users] Free IPA Client in Docker

Re: [Freeipa-users] Free IPA Client in Docker

Re: [Freeipa-users] Free IPA Client in Docker

Re: [Freeipa-users] Free IPA Client in Docker

[Freeipa-users] Free IPA Client in Docker

19 matches

Site Navigation

Mail list logo

Footer information