I'm trying to deploy freeipa using a deployment yaml file using my Kubernetes cluster , my OS is Rocky9, my deployment yaml is:
apiVersion: apps/v1
kind: Deployment
metadata:
name: ipa-test
labels:
app: ipa
spec:
replicas: 1
selector:
matchLabels:
app: ipa
template:
metadata:
name: ipa
labels:
app: ipa
spec:
containers:
- name: ipa
image: git.elcld.net:9000/slatif/ast_ccx_api/freeipa:v2
args: ["ipa-server-install","-U","-r","DEV.ELCLD.NET","--no-ntp"]
env:
- name: IPA_SERVER_HOSTNAME
value: dailywagesipa.dev.elcld.net
- name: PASSWORD
value: bNnK^28NXEGsiL#
securityContext:
privileged: true
volumeMounts:
- name: data-test
mountPath: /data:Z
- name: dshm
mountPath: /dev/shm
volumes:
- name: dshm
emptyDir:
medium: Memory
- name: data-test
nfs:
path: /ifs/AR2-PSC/ipatest/ipa-data/
server: pscl-nfs.elcld.net
imagePullSecrets:
- name: regcred
PS: I already ran the podman build -t Dockerfile for Rocky9 and then uploaded the podman image to my registry.
the pod is running the ipa-server-install command and it's reaching this point then fails
[10/10]: starting directory server
Done.
Restarting the KDC
Configuring SID generation
[1/8]: adding RID bases
[2/8]: creating samba domain object
[3/8]: adding admin(group) SIDs
[4/8]: updating Kerberos config
'dns_lookup_kdc' already set to 'true', nothing to do.
[5/8]: activating sidgen task
[6/8]: restarting Directory Server to take MS PAC and LDAP plugins changes into account
[7/8]: adding fallback group
[8/8]: adding SIDs to existing users and groups
This step may take considerable amount of time, please wait..
Done.
Configuring client side components
This program will set up IPA client.
Version 4.10.2
FreeIPA server configuration failed.
After i inspected the logs of the /var/log/ipaclient-install.log i saw this error
plugins = schema.get_package(server_info, client)
File "/usr/lib/python3.9/site-packages/ipaclient/remote_plugins/schema.py", line 546, in get_package
schema = Schema(client)
File "/usr/lib/python3.9/site-packages/ipaclient/remote_plugins/schema.py", line 395, in __init__
fingerprint, ttl = self._fetch(client, ignore_cache=read_failed)
File "/usr/lib/python3.9/site-packages/ipaclient/remote_plugins/schema.py", line 420, in _fetch
schema = client.forward(u'schema', **kwargs)['result']
File "/usr/lib/python3.9/site-packages/ipalib/rpc.py", line 1146, in forward
return self._call_command(command, params)
File "/usr/lib/python3.9/site-packages/ipalib/rpc.py", line 1122, in _call_command
return command(*params)
File "/usr/lib/python3.9/site-packages/ipalib/rpc.py", line 1276, in _call
return self.__request(name, args)
File "/usr/lib/python3.9/site-packages/ipalib/rpc.py", line 1239, in __request
response = self.__transport.request(
File "/usr/lib64/python3.9/xmlrpc/client.py", line 1166, in request
return self.single_request(host, handler, request_body, verbose)
File "/usr/lib/python3.9/site-packages/ipalib/rpc.py", line 724, in single_request
if not self._auth_complete(response):
File "/usr/lib/python3.9/site-packages/ipalib/rpc.py", line 673, in _auth_complete
raise errors.KerberosError(
2024-03-02T08:48:43Z DEBUG The ipa-client-install command failed, exception: KerberosError: No valid Negotiate header in server response
2024-03-02T08:48:43Z ERROR No valid Negotiate header in server response
2024-03-02T08:48:43Z ERROR The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
Anyone faced this issue before ? any ideas ?
I managed to get it resolved by changing the image from rocky9 to fedoria