Error starting FreeIPA server as docker container

Question

I am getting error when I run the following command:

docker run --name freeipa-server-container -ti \
   -h ipa.example.test \
   --read-only \
   -v /var/lib/ipa-data:/data:Z freeipa-server [ opts ]

ERROR:

systemd 239 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy)

Detected virtualization container-other.

Detected architecture x86-64. Set hostname to <ipa.example.test>.

Initializing machine ID from random generator.

Couldn't move remaining userspace processes, ignoring: Input/output error

Sun Mar 22 16:47:43 UTC 2020 /usr/sbin/ipa-server-configure-first

IPv6 stack is enabled in the kernel but there is no interface that has ::1 address assigned. Add ::1 address resolution to 'lo' interface. You might need to enable IPv6 on the interface 'lo' in sysctl.conf. The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

Last part says I need to enable enable IPv6 on the interface 'lo' in sysctl.conf.

Here is the output of ifconfig. It is already enabled. Isn't it?

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 661  bytes 56283 (56.2 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 661  bytes 56283 (56.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

and also I couldn't find much about

Couldn't move remaining userspace processes, ignoring: Input/output error

Any pointers?? I am following this resource: https://github.com/freeipa/freeipa-container

Answer 1

I was able to resolve the same issue following this other answer, basically by adding --sysctl net.ipv6.conf.lo.disable_ipv6=0 into my docker run ... command. I don't actually know why it needs to be there but my symptoms were the same as yours and this did the trick. Here is my full command for testing:

$ docker run -it --rm \
    --sysctl net.ipv6.conf.lo.disable_ipv6=0 
    --name freeipa-server-container \
    -h idm.example.test \
    -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
    -v /var/lib/ipa-data:/data \
    --tmpfs /run \
    --tmpfs /tmp \
    freeipa/freeipa-server:latest

Sorry this isn't a great answer, but it might at least get you further down the road if you're still stuck.