[Freeipa-users] basic docker deploy failing

Fri, 28 Jun 2019 11:15:19 -0700 

Hello,


I need some assistance getting a basic functional docker-based FreeIPA server 
deploy working.  I am not sure what I am missing, but the install is 
consistently failing on the client setup portion at the end.  I have tried a 
number of variations for install options, but always end up with the same 
result.  Any assistance would be much appreciated.


This is a good example of how I am bootstrapping the container:


host=ipa
domain=example.com
realm=EXAMPLE.COM
password=Secret123
rm -rf /data/ipa/*
cat << EOF > /data/ipa/ipa-server-install-options
--setup-dns \
--forwarder=10.2.0.2 \
--allow-zone-overlap \
--domain=${domain} \
--realm=${realm} \
--hostname=${host}.${domain} \
--ds-password=${password} \
--admin-password=${password} \
--no-ntp \
--verbose \
--unattended
EOF
docker run -it --rm -e DEBUG_TRACE=1 -e DEBUG_NO_EXIT=1 --name ${host} -h 
${host}.${domain} \
-e PASSWORD=$password \
-v /data/ipa:/data:Z -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs 
/tmp \
-p 53:53/udp -p 53:53 -p 80:80 -p 443:443 -p 389:389 -p 636:636 -p 88:88 -p 
464:464 \
-p 88:88/udp -p 464:464/udp -p 123:123/udp -p 7389:7389 -p 9443:9443 -p 
9444:9444 -p 9445:9445 \
--privileged --userns=host freeipa/freeipa-server


It appears that most of the install runs as expected, but this is what I get in 
the end:


No valid Negotiate header in server response
The ipa-client-install command failed. See /var/log/ipaclient-install.log for 
more information



Here are some additional details from the ipaclient-install.log:


Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/ipaclient/remote_plugins/__init__.py", 
line 126, in get_package
    plugins = api._remote_plugins
AttributeError: 'API' object has no attribute '_remote_plugins'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 726, in 
single_request
    if not self._auth_complete(response):
  File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 679, in 
_auth_complete
    message=u"No valid Negotiate header in server response")
ipalib.errors.KerberosError: No valid Negotiate header in server response
2019-06-28T17:01:04Z DEBUG Destroyed connection 
context.rpcclient_140381178350560





_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

Reply via email to