search

freeipa / freeipa-container

FreeIPA server in containers — images at https://quay.io/repository/freeipa/freeipa-server?tab=tags
https://quay.io/repository/freeipa/freeipa-server?tab=tags
Apache License 2.0
611 stars 259 forks source link

Cannot spin up FreeIPA container on Mac OS with M series chip? #636

Open juyoungkimthedev opened 2 days ago

juyoungkimthedev commented 2 days ago

Hi, I'm trying to spin up a FreeIPA container locally using this docker-compose file

version: "3.8"

services:
  freeipa:
    image: freeipa/freeipa-server:centos-8-4.9.6
    restart: unless-stopped
    hostname: freeipa.example.com
    environment:
      IPA_SERVER_HOSTNAME: freeipa.example.com
      TZ: "America/Toronto"
    tty: true
    stdin_open: true
    cap_add:
      - SYS_ADMIN
      - NET_ADMIN
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /sys/fs/cgroup:/sys/fs/cgroup:rw
      - freeipavol:/data
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.lo.disable_ipv6=0
    security_opt:
      - seccomp:unconfined
    command:
      - -U
      - --domain=example.com
      - --realm=example.com
      - --http-pin=admin
      - --dirsrv-pin=admin
      - --ds-password=admin
      - --admin-password=admin
      - --no-host-dns
      - --unattended
    ports:
      - "53:53/udp"
      - "53:53"
      - "80:80"
      - "443:443"
      - "389:389"
      - "636:636"
      - "88:88"
      - "464:464"
      - "88:88/udp"
      - "464:464/udp"
      - "123:123/udp"
      - "7389:7389"
      - "9443:9443"
      - "9444:9444"
      - "9445:9445"

volumes:
  freeipavol:

But then when I run docker-compose up I'm getting below

Attaching to freeipa-1
freeipa-1  | systemd 239 (239-41.el8_3) running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy)
freeipa-1  | Detected virtualization container-other.
freeipa-1  | Detected architecture x86-64.
freeipa-1  | Set hostname to <freeipa.example.com>.
freeipa-1  | Failed to create /init.scope control group: Read-only file system
freeipa-1  | Failed to allocate manager object: Read-only file system
freeipa-1  | [!!!!!!] Failed to allocate manager object, freezing.
freeipa-1  | Freezing execution.

Are there any missing configurations I need to setup for this to run on Mac systme?

zwets commented 1 day ago

I have no knowledge of running FreeIPA on the M chip, but would recommend starting out by running the container as de/prescribed in the README.

Once that works, add on the bells and whistles that take your fancy. This to relieve the developers of issues that are due to deviations from their instructions.

adelton commented 1 day ago

Specifically, assuming the docker-compose client just starts a Linux VM to run the processes, is the docker daemon in that Linux VM configured to run with user namespace remapping enabled?