On Fri, Sep 22, 2023 at 12:10:50PM -0000, Jay Smith via FreeIPA-users wrote:
I have the following Setup.
MK_INTERNAL_SUB_DOMAIN=example.test
MK_FREEIPA_SERVER_REALM=EXAMPLE.TEST
MK_FREEIPA_SERVER_DS_PASSWORD=password
MK_FREEIPA_SERVER_ADMIN_PASSWORD=password
MK_FREEIPA_SERVER_DNS_REVERSE_ZONE=0.18.172.in-addr.arpa
MK_FREEIPA_SERVER_IP=172.18.0.10
MK_FREEIPA_SERVER_DOMAIN_NAME=ipa.example.test
docker service create \
--hostname ${MK_FREEIPA_SERVER_DOMAIN_NAME} \
--name ipa \
--sysctl net.ipv6.conf.all.disable_ipv6=0 \
-e "IPA_SERVER_HOSTNAME=${MK_FREEIPA_SERVER_DOMAIN_NAME}" \
-e "IPA_SERVER_IP=${MK_FREEIPA_SERVER_IP}" \
-e "DEBUG_NO_EXIT=1" \
-e "DEBUG_TRACE=1" \
--ip "${MK_FREEIPA_SERVER_IP}" \
--add-host "${MK_FREEIPA_SERVER_DOMAIN_NAME}:${MK_FREEIPA_SERVER_IP}" \
-p "443:443" \
--privileged=true \
freeipa/freeipa-server:fedora-38-4.10.2 \
--skip-mem-check \
--domain=${MK_INTERNAL_SUB_DOMAIN} \
--realm=${MK_FREEIPA_SERVER_REALM} \
--ds-password=${MK_FREEIPA_SERVER_DS_PASSWORD} \
--ip-address=${MK_FREEIPA_SERVER_IP} \
--admin-password=${MK_FREEIPA_SERVER_ADMIN_PASSWORD} \
--no-host-dns \
--unattended \
--setup-dns \
--allow-zone-overlap \
--auto-reverse \
--reverse-zone=${MK_FREEIPA_SERVER_DNS_REVERSE_ZONE} \
--auto-forwarders \
--no-ntp
The first problem is I can't run the container in privileged mode
Which is a good news -- you shouldn't be doing that anyway.
and --ip and --add-host options are missing.
Why do you need those? And if you think you need those, why do you try
to use the swarm mode when by very nature of the FreeIPA server you
will not be able to use swarm scaling.
--
Jan Pazdziora | OpenShift AI | Red Hat