I have the following Setup.
MK_INTERNAL_SUB_DOMAIN=example.test MK_FREEIPA_SERVER_REALM=EXAMPLE.TEST MK_FREEIPA_SERVER_DS_PASSWORD=password MK_FREEIPA_SERVER_ADMIN_PASSWORD=password MK_FREEIPA_SERVER_DNS_REVERSE_ZONE=0.18.172.in-addr.arpa MK_FREEIPA_SERVER_IP=172.18.0.10 MK_FREEIPA_SERVER_DOMAIN_NAME=ipa.example.test
docker service create \ --hostname ${MK_FREEIPA_SERVER_DOMAIN_NAME} \ --name ipa \ --sysctl net.ipv6.conf.all.disable_ipv6=0 \ -e "IPA_SERVER_HOSTNAME=${MK_FREEIPA_SERVER_DOMAIN_NAME}" \ -e "IPA_SERVER_IP=${MK_FREEIPA_SERVER_IP}" \ -e "DEBUG_NO_EXIT=1" \ -e "DEBUG_TRACE=1" \ --ip "${MK_FREEIPA_SERVER_IP}" \ --add-host "${MK_FREEIPA_SERVER_DOMAIN_NAME}:${MK_FREEIPA_SERVER_IP}" \ -p "443:443" \ --privileged=true \ freeipa/freeipa-server:fedora-38-4.10.2 \ --skip-mem-check \ --domain=${MK_INTERNAL_SUB_DOMAIN} \ --realm=${MK_FREEIPA_SERVER_REALM} \ --ds-password=${MK_FREEIPA_SERVER_DS_PASSWORD} \ --ip-address=${MK_FREEIPA_SERVER_IP} \ --admin-password=${MK_FREEIPA_SERVER_ADMIN_PASSWORD} \ --no-host-dns \ --unattended \ --setup-dns \ --allow-zone-overlap \ --auto-reverse \ --reverse-zone=${MK_FREEIPA_SERVER_DNS_REVERSE_ZONE} \ --auto-forwarders \ --no-ntp
The first problem is I can't run the container in privileged mode and --ip and --add-host options are missing. It is even possible to run FreeIPA in Docker Swarm?
On Fri, Sep 22, 2023 at 12:10:50PM -0000, Jay Smith via FreeIPA-users wrote:
I have the following Setup.
MK_INTERNAL_SUB_DOMAIN=example.test MK_FREEIPA_SERVER_REALM=EXAMPLE.TEST MK_FREEIPA_SERVER_DS_PASSWORD=password MK_FREEIPA_SERVER_ADMIN_PASSWORD=password MK_FREEIPA_SERVER_DNS_REVERSE_ZONE=0.18.172.in-addr.arpa MK_FREEIPA_SERVER_IP=172.18.0.10 MK_FREEIPA_SERVER_DOMAIN_NAME=ipa.example.test
docker service create \ --hostname ${MK_FREEIPA_SERVER_DOMAIN_NAME} \ --name ipa \ --sysctl net.ipv6.conf.all.disable_ipv6=0 \ -e "IPA_SERVER_HOSTNAME=${MK_FREEIPA_SERVER_DOMAIN_NAME}" \ -e "IPA_SERVER_IP=${MK_FREEIPA_SERVER_IP}" \ -e "DEBUG_NO_EXIT=1" \ -e "DEBUG_TRACE=1" \ --ip "${MK_FREEIPA_SERVER_IP}" \ --add-host "${MK_FREEIPA_SERVER_DOMAIN_NAME}:${MK_FREEIPA_SERVER_IP}" \ -p "443:443" \ --privileged=true \ freeipa/freeipa-server:fedora-38-4.10.2 \ --skip-mem-check \ --domain=${MK_INTERNAL_SUB_DOMAIN} \ --realm=${MK_FREEIPA_SERVER_REALM} \ --ds-password=${MK_FREEIPA_SERVER_DS_PASSWORD} \ --ip-address=${MK_FREEIPA_SERVER_IP} \ --admin-password=${MK_FREEIPA_SERVER_ADMIN_PASSWORD} \ --no-host-dns \ --unattended \ --setup-dns \ --allow-zone-overlap \ --auto-reverse \ --reverse-zone=${MK_FREEIPA_SERVER_DNS_REVERSE_ZONE} \ --auto-forwarders \ --no-ntp
The first problem is I can't run the container in privileged mode
Which is a good news -- you shouldn't be doing that anyway.
and --ip and --add-host options are missing.
Why do you need those? And if you think you need those, why do you try to use the swarm mode when by very nature of the FreeIPA server you will not be able to use swarm scaling.
freeipa-users@lists.fedorahosted.org
-
Jan Pazdziora -
Jay Smith