Docker run freeipa/freeipa-server:centos-7

anp135 commented 3 years ago

Hi. I tried run centos-7 and centos-8 tags from hub docker but errors the same.

My docker-compose is:

version: '3.8'
services:
  ldap:
    image: freeipa/freeipa-server:centos-7
    restart: unless-stopped
    hostname: ldap.test.ru
    privileged: true
    sysctls:
      net.ipv6.conf.all.disable_ipv6: 0
    environment:
      - DEBUG_TRACE=1
      - DEBUG_NO_EXIT=1
      - HOSTNAME=ldap.test.ru
      - PASSWORD=Secret123
      - NO_NTP=1
    ports:
      - "389"
      - "636"
      - "88"
      - "464"
      - "443"
    command: "-N --domain=test.ru"
    volumes:
      - ./data:/data
      - ./run:/run

I have no enabled selinux. OS on the docker host is Ubuntu-20.4 the docker logs of the container:

+ cd /
+ case "$1" in
+ for i in '/run/*' '/tmp/var/tmp/*' '/tmp/*'
+ '[' '/run/*' == /run/secrets ']'
+ '[' -L '/run/*' -o -f '/run/*' ']'
+ for j in '"$i"/*'
+ '[' '/run/*/*' '!=' /tmp/var/tmp ']'
+ rm -rf '/run/*/*'
+ for i in '/run/*' '/tmp/var/tmp/*' '/tmp/*'
+ '[' '/tmp/var/tmp/*' == /run/secrets ']'
+ '[' -L '/tmp/var/tmp/*' -o -f '/tmp/var/tmp/*' ']'
+ for j in '"$i"/*'
+ '[' '/tmp/var/tmp/*/*' '!=' /tmp/var/tmp ']'
+ rm -rf '/tmp/var/tmp/*/*'
+ for i in '/run/*' '/tmp/var/tmp/*' '/tmp/*'
+ '[' /tmp/hsperfdata_root == /run/secrets ']'
+ '[' -L /tmp/hsperfdata_root -o -f /tmp/hsperfdata_root ']'
+ for j in '"$i"/*'
+ '[' '/tmp/hsperfdata_root/*' '!=' /tmp/var/tmp ']'
+ rm -rf '/tmp/hsperfdata_root/*'
+ for i in '/run/*' '/tmp/var/tmp/*' '/tmp/*'
+ '[' /tmp/ks-script-h2MyUP == /run/secrets ']'
+ '[' -L /tmp/ks-script-h2MyUP -o -f /tmp/ks-script-h2MyUP ']'
+ rm -f /tmp/ks-script-h2MyUP
+ for i in '/run/*' '/tmp/var/tmp/*' '/tmp/*'
+ '[' /tmp/yum.log == /run/secrets ']'
+ '[' -L /tmp/yum.log -o -f /tmp/yum.log ']'
+ rm -f /tmp/yum.log
+ /usr/local/bin/populate-volume-from-template /tmp
+ mkdir -p /run/lock
+ DATA=/data
+ DATA_TEMPLATE=/data-template
+ mkdir -p /run/ipa /run/log /data/var/log/journal
+ ln -s /data/var/log/journal /run/log/journal
+ '[' -N == no-exit -o -n 1 ']'
+ '[' -N == no-exit ']'
+ for i in ipa-server-configure-first.service ipa-server-upgrade.service
+ mkdir -p /run/systemd/system/ipa-server-configure-first.service.d
+ echo -e '[Service]\nFailureAction=none'
+ for i in ipa-server-configure-first.service ipa-server-upgrade.service
+ mkdir -p /run/systemd/system/ipa-server-upgrade.service.d
+ echo -e '[Service]\nFailureAction=none'
+ test -z 1
+ touch /run/ipa/debug-trace
+ COMMAND=
+ '[' -n -N ']'
+ case "$1" in
+ :
+ '[' -z '' ']'
+ '[' -f /data/ipa-replica-install-options ']'
+ COMMAND=ipa-server-install
+ '[' -n '' -a ipa-server-install '!=' ipa-server-install -a ipa-server-install '!=' ipa-replica-install ']'
+ OPTIONS_FILE=/run/ipa/ipa-server-install-options
+ DATA_OPTIONS_FILE=/data/ipa-server-install-options
+ touch /run/ipa/ipa-server-install-options
+ chmod 600 /run/ipa/ipa-server-install-options
+ for i in '"$@"'
+ printf '%q\n' -N
+ for i in '"$@"'
+ printf '%q\n' --domain=test.ru
+ _HOSTNAME_IN_NEXT=false
++ cat /run/ipa/ipa-server-install-options
+ for i in '$( cat $OPTIONS_FILE )'
+ false
+ case "$i" in
+ for i in '$( cat $OPTIONS_FILE )'
+ false
+ case "$i" in
+ for i in '$( cat $OPTIONS_FILE )'
+ false
+ case "$i" in
+ '[' -f /data/hostname ']'
+ HOSTNAME_SHORT=ldap
+ '[' ldap == ldap.test.ru ']'
+ '[' -f /data/hostname ']'
+ echo ldap.test.ru
+ '[' -f /etc/ipa/ca.crt ']'
+ '[' -f /data/ipa.csr ']'
+ /usr/local/bin/populate-volume-from-template /data
+ create_machine_id
+ '[' -L /etc/machine-id -a '!' -f /data/etc/machine-id ']'
+ '[' -n Secret123 ']'
+ '[' ipa-server-install == ipa-server-install ']'
+ printf '%q\n' --admin-password=Secret123
+ grep -sq '^--ds-password' /run/ipa/ipa-server-install-options /data/ipa-server-install-options
+ printf '%q\n' --ds-password=Secret123
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -f /data/volume-version ']'
+ '[' -f /data/build-id ']'
+ cmp -s /data/build-id /data-template/build-id
+ '[' -f /etc/ipa/ca.crt ']'
++ date
+ echo 'Mon Aug  9 13:38:36 UTC 2021 /usr/local/sbin/init -N' --domain=test.ru
+ SHOW_LOG=1
+ '[' 1 == 1 ']'
+ for i in /var/log/ipa-server-configure-first.log /var/log/ipa-server-run.log
+ '[' -f /var/log/ipa-server-configure-first.log ']'
+ for i in /var/log/ipa-server-configure-first.log /var/log/ipa-server-run.log
+ '[' -f /var/log/ipa-server-run.log ']'
+ touch /var/log/ipa-server-run.log
+ trap '' SIGHUP
+ '[' -n '' ']'
+ tail --silent -n 0 -f --retry /var/log/ipa-server-configure-first.log /var/log/ipa-server-run.log
+ exec /usr/sbin/init --show-status=false

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the IPA Server.

This includes:
  * Configure a stand-alone CA (dogtag) for certificate management
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)
  * Configure the KDC to enable PKINIT

Excluded by options:
  * Configure the Network Time Daemon (ntpd)

To accept the default shown in brackets, press the Enter key.

Do you want to configure integrated DNS (BIND)? [no]:
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.

Server host name [ldap.test.ru]:

The IPA Master Server will be configured with:
Hostname:       ldap.test.ru
IP address(es): 172.16.0.9
Domain name:    test.ru
Realm name:     TEST.RU

Continue to configure the system with these values? [no]: + ret=123
+ echo 'FreeIPA server configuration failed.'
FreeIPA server configuration failed.
+ exit 123
+ mark_exit_code
+ exit_code=123
+ echo 123
+ exit 123

The ipaserver-install.log is:

2021-08-09T13:38:36Z DEBUG Logging to /var/log/ipaserver-install.log
2021-08-09T13:38:36Z DEBUG ipa-server-install was invoked with arguments [] and options: {'no_dns_sshfp': False, 'ignore_topology_disconnect': False, 'verbose': False, 'domain_level': None, 'ip_addresses': None, 'secondary_rid_base': None, 'netbios_name': None, 'mkhomedir': False, 'http_cert_files': None, 'zonemgr':
None, 'no_pkinit': False, 'reverse_zones': None, 'no_forwarders': False, 'external_ca_profile': None, 'external_ca_type': None, 'no_ntp': True, 'no_msdcs': False, 'setup_kra': False, 'domain_name': 'rtk-s.ru', 'idmax': None, 'setup_adtrust': False, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validat
ion': False, 'ca_signing_algorithm': None, 'no_reverse': False, 'ssh_trust_dns': False, 'pkinit_cert_files': None, 'ca_cert_files': None, 'subject_base': None, 'auto_reverse': False, 'auto_forwarders': False, 'no_host_dns': False, 'no_sshd': False, 'no_ui_redirect': False, 'ignore_last_of_role': False, 'realm_name':
'RTK-S.ru', 'forwarders': None, 'idstart': None, 'external_ca': False, 'pkinit_cert_name': None, 'no_ssh': False, 'external_cert_files': None, 'enable_compat': False, 'no_hbac_allow': False, 'forward_policy': None, 'dirsrv_cert_name': None, 'unattended': False, 'rid_base': None, 'quiet': False, 'setup_dns': False, 'c
a_subject': None, 'host_name': None, 'dirsrv_config_file': None, 'log_file': None, 'allow_zone_overlap': False, 'uninstall': False}
2021-08-09T13:38:36Z DEBUG IPA version 4.6.8-5.el7.centos.7
2021-08-09T13:38:36Z DEBUG Searching for an interface of IP address: ::1
2021-08-09T13:38:36Z DEBUG Testing local IP address: ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff (interface: lo)
2021-08-09T13:38:36Z DEBUG Starting external process
2021-08-09T13:38:36Z DEBUG args=/usr/sbin/selinuxenabled
2021-08-09T13:38:36Z DEBUG Process finished, return code=1
2021-08-09T13:38:36Z DEBUG stdout=
2021-08-09T13:38:36Z DEBUG stderr=
2021-08-09T13:38:36Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2021-08-09T13:38:36Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2021-08-09T13:38:36Z DEBUG httpd is not configured
2021-08-09T13:38:36Z DEBUG kadmin is not configured
2021-08-09T13:38:36Z DEBUG dirsrv is not configured
2021-08-09T13:38:36Z DEBUG pki-tomcatd is not configured
2021-08-09T13:38:36Z DEBUG install is not configured
2021-08-09T13:38:36Z DEBUG krb5kdc is not configured
2021-08-09T13:38:36Z DEBUG ntpd is not configured
2021-08-09T13:38:36Z DEBUG named is not configured
2021-08-09T13:38:36Z DEBUG filestore is tracking no files
2021-08-09T13:38:36Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2021-08-09T13:38:36Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2021-08-09T13:38:36Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2021-08-09T13:38:36Z DEBUG Starting external process
2021-08-09T13:38:36Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS
2021-08-09T13:38:36Z DEBUG Process finished, return code=0
2021-08-09T13:38:36Z DEBUG stdout=VirtualHost configuration:
*:8443                 ldap.test.ru (/etc/httpd/conf.d/nss.conf:81)

2021-08-09T13:38:36Z DEBUG stderr=
2021-08-09T13:38:36Z DEBUG Check if ldap.test.ru is a primary hostname for localhost
2021-08-09T13:38:36Z DEBUG Primary hostname for localhost: ldap.test.ru
2021-08-09T13:38:36Z DEBUG Search DNS for ldap.test.ru
2021-08-09T13:38:36Z DEBUG Check if ldap.test.ru is not a CNAME
2021-08-09T13:38:36Z DEBUG Check reverse address of 172.16.0.9
2021-08-09T13:38:36Z DEBUG Found reverse name: ldap.test.ru
2021-08-09T13:38:36Z DEBUG will use host_name: ldap.test.ru

2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.aci
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.automember
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.automount
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.baseldap
2021-08-09T13:38:36Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.baseuser
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.batch
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.ca
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.caacl
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.cert
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.certmap
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.certprofile
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.config
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.delegation
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.dns
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.dnsserver
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.dogtag
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.domainlevel
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.group
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.hbac
2021-08-09T13:38:36Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.hbacrule
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.hbactest
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.host
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.hostgroup
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.idrange
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.idviews
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.internal
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.join
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.ldap2
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.location
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.migration
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.misc
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.netgroup
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.otp
2021-08-09T13:38:36Z DEBUG ipaserver.plugins.otp is not a valid plugin module
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.otpconfig
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.otptoken
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.passwd
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.permission
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.ping
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.pkinit
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.privilege
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.rabase
2021-08-09T13:38:36Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.realmdomains
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.role
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.schema
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.selfservice
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.server
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.serverrole
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.serverroles
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.service
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.session
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.stageuser
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.sudo
2021-08-09T13:38:36Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.sudocmd
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.sudorule
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.topology
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.trust
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.user
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.vault
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.virtual
2021-08-09T13:38:36Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.whoami
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.plugins.xmlserver
2021-08-09T13:38:36Z DEBUG importing all plugin modules in ipaserver.install.plugins...
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.dns
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.update_services
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
2021-08-09T13:38:36Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
2021-08-09T13:38:37Z DEBUG Name ldap.test.ru resolved to set([UnsafeIPAddress('172.16.0.9')])
2021-08-09T13:38:37Z DEBUG Searching for an interface of IP address: 172.16.0.9
2021-08-09T13:38:37Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo)
2021-08-09T13:38:37Z DEBUG Testing local IP address: 172.16.0.9/255.255.255.128 (interface: eth0)
2021-08-09T13:38:37Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319, in run
    return cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 358, in run
    self.validate()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 368, in validate
    for _nothing in self._validator():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 455, in _handle_validate_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 633, in _configure
    next(validator)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 455, in _handle_validate_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 515, in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 65, in _install
    for unused in self._installer(self.parent):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", line 588, in main
    master_install_check(self)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 250, in decorated
    func(installer)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 689, in install_check
    raise ScriptError("Installation aborted")

2021-08-09T13:38:37Z DEBUG The ipa-server-install command failed, exception: ScriptError: Installation aborted
2021-08-09T13:38:37Z ERROR Installation aborted
2021-08-09T13:38:37Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

adelton commented 3 years ago

Don't you need to add the -U option to the command to enable unattended installation?

anp135 commented 3 years ago

Don't you need to add the -U option to the command to enable unattended installation?

Much better -).

The next one error is (ipa-server-configure-first.log):

...
Configuring ipa-custodia
  [1/5]: Making sure custodia container exists
  [2/5]: Generating ipa-custodia config file
  [3/5]: Generating ipa-custodia keys
  [4/5]: starting ipa-custodia
  [5/5]: configuring ipa-custodia to start on boot
Done configuring ipa-custodia.
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
  [1/30]: configuring certificate server instance
  [error] IOError: [Errno 13] Permission denied: '/tmp/tmpaNH8NW'
+ ret=123
+ echo 'FreeIPA server configuration failed.'
FreeIPA server configuration failed.
+ exit 123
+ mark_exit_code
+ exit_code=123
+ echo 123
+ exit 123

File /tmp/tmpaNH8NW created with:

-rw------- 1 pkiuser pkiuser    0 Aug 16 14:19 tmpaNH8NW

adelton commented 3 years ago

That's with freeipa/freeipa-server:centos-7, right? Any specific reason why not use freeipa/freeipa-server:centos-8?

adelton commented 3 years ago

Specifically, I believe you are hitting https://bugzilla.redhat.com/show_bug.cgi?id=1677027 which can be workarounded by

# sysctl fs.protected_regular=0

on the host which is what we also do for the centos-7 container in the CI with https://github.com/freeipa/freeipa-container/blob/master/.github/workflows/build-test.yaml#L80-L82 ... but you'd have to configure it to persist across reboots, and if this is a new deployment, using CentOS 8 based image should be more sustainable long term anyway.

anp135 commented 3 years ago

It's doesn't matter: centos 7 or 8... I tired early 8 and has another errors.

Right now, with pretty -U i got docker logs:

Local IP address and netmask pairs:
    100.127.254.14/255.255.255.128
    fe80::42:64ff:fe7f:fe0e/ffff:ffff:ffff:ffff::

Sudoers I/O plugin version 1.8.29
This program will set up IPA client.
Version 4.9.2

+ ret=123
+ echo 'FreeIPA server configuration failed.'
FreeIPA server configuration failed.
+ exit 123
+ mark_exit_code
+ exit_code=123
+ echo 123
+ exit 123

with ipaclient-install.log & ipaserver-install.log: ipaserver-install.log ipaclient-install.log

adelton commented 3 years ago

That's a different issue then, so it does matter.

Please remove that

privileged: true

for a start. By the way, where did you find a advice to use privileged: true? We see people using that and it causes problems and is a bad practice from security point of view overall.

freeipa / freeipa-container

Docker run freeipa/freeipa-server:centos-7 #415