| Summary: | Tracker bug -- 7.2.4 respin of sssd-docker | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Lukas Slebodnik <lslebodn> |
| Component: | sssd-container | Assignee: | Lukas Slebodnik <lslebodn> |
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.2 | CC: | jhrozek, jpazdziora, lfriedma, mniranja, ndehadra |
| Target Milestone: | rc | Keywords: | Tracking |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-05-12 16:56:07 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Lukas Slebodnik
2016-04-19 12:50:47 UTC
SSSD Container tests done:
==========================
Versions:
=========
-bash-4.2# atomic version rhel7/sssd
f10bd6cfe4e0bd0fc7473635a4efe7b8d569e0a6e56c7deb68db2b2f0ed9c456 rhel7/sssd-7.2-13 registry.access.stage.redhat.com/rhel7/sssd:latest
1. Joining to Windows 2008R2 Domain:
-bash-4.2# atomic install rhel7/sssd realm -v join HYDRA.TEST
docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=rhel7/sssd -e HOST=/host rhel7/sssd /bin/install.sh realm -v join HYDRA.TEST
Initializing configuration context from host ...
* Resolving: _ldap._tcp.hydra.test
* Performing LDAP DSE lookup on: 10.65.223.35
* Successfully discovered: hydra.test
Password for Administrator: * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/bin/net
* LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.DK8OHY -U Administrator ads join hydra.test
Enter Administrator's password:DNS update failed: NT_STATUS_INVALID_PARAMETER
Using short domain name -- HYDRA
Joined 'ATOMIC-00' to dns domain 'hydra.test'
No DNS domain configured for atomic-00. Unable to perform DNS Update.
* LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.DK8OHY -U Administrator ads keytab create
Enter Administrator's password:
* /usr/bin/systemctl enable sssd.service
* /usr/bin/systemctl restart sssd.service
* /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service
* Successfully enrolled machine in realm
Copying new configuration to host ...
Full path required for exclude: net:[4026531956].
Service sssd.service configured to run SSSD container.
2.Restart sssd service and verify sssd is running from container
-bash-4.2# service sssd restart
Redirecting to /bin/systemctl restart sssd.service
-bash-4.2# systemctl status sssd
● sssd.service - System Security Services Daemon in container
Loaded: loaded (/etc/systemd/system/sssd.service; disabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/sssd.service.d
└─journal.conf
Active: active (exited) since Mon 2016-05-09 18:24:07 IST; 2s ago
Process: 3200 ExecStart=/usr/bin/atomic run --name=sssd rhel7/sssd (code=exited, status=0/SUCCESS)
Main PID: 3200 (code=exited, status=0/SUCCESS)
3. Verify id Administrator works from atomic host
-bash-4.2# id Administrator
uid=970600500(administrator) gid=970600513(domain users) groups=970600513(domain users),970600512(domain admins),970600572(denied rodc password replication group),970600519(enterprise admins),970600518(schema admins),970600520(group policy creator owners)
4. Join sssd container to AD Domain in Windows 2012 using realm
$ systeminfo.exe
Host Name: SRV1
OS Name: Microsoft Windows Server 2012 R2 Standard
OS Version: 6.3.9600 N/A Build 9600
OS Manufacturer: Microsoft Corporation
OS Configuration: Primary Domain Controller
OS Build Type: Multiprocessor Free
-bash-4.2# atomic install rhel7/sssd realm -v join CENTAUR.TEST
docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=rhel7/sssd -e HOST=/host rhel7/sssd /bin/install.sh realm -v join CENTAUR.TEST
Initializing configuration context from host ...
* Resolving: _ldap._tcp.centaur.test
* Performing LDAP DSE lookup on: 192.168.122.187
* Successfully discovered: CENTAUR.TEST
Password for Administrator: * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/bin/net
* LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.YHUNHY -U Administrator ads join CENTAUR.TEST
Enter Administrator's password:DNS update failed: NT_STATUS_INVALID_PARAMETER
Using short domain name -- CENTAUR
Joined 'ATOMIC-00' to dns domain 'CENTAUR.TEST'
No DNS domain configured for atomic-00. Unable to perform DNS Update.
* LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.YHUNHY -U Administrator ads keytab create
Enter Administrator's password:
* /usr/bin/systemctl enable sssd.service
* /usr/bin/systemctl restart sssd.service
* /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service
* Successfully enrolled machine in realm
Copying new configuration to host ...
Full path required for exclude: net:[4026531956].
Service sssd.service configured to run SSSD container.
5. Verify sssd service running from container
-bash-4.2# systemctl status sssd
● sssd.service - System Security Services Daemon in container
Loaded: loaded (/etc/systemd/system/sssd.service; disabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/sssd.service.d
└─journal.conf
Active: active (exited) since Mon 2016-05-09 18:28:54 IST; 5s ago
Process: 17183 ExecStart=/usr/bin/atomic run --name=sssd rhel7/sssd (code=exited, status=0/SUCCESS)
Main PID: 17183 (code=exited, status=0/SUCCESS)
Filed https://bugzilla.redhat.com/show_bug.cgi?id=1334368 atomic rhel7/sssd uninstall doesn't remove the host from AD Domain SSSD Container tests done w.r.t IPA:
=====================================
Setup details:
Atomic Host Version: 7.2.4
SSSD-Container Image Version: rhel7/sssd-7.2-13
IPA Client- ipa-client-4.2.0-15.el7_2.15.x86_64
Server: ipa-server-4.2.0-15.el7_2.15.x86_64
1) Install IPA client
========
atomic install rhel7/sssd --server <ipa server> --domain testrelm.test --principal admin --password 'Secret123' --force-join
Using default tag: latest
f10bd6cfe4e0: Download complete
c453594215e4: Download complete
Status: Downloaded newer image for registry.access.stage.redhat.com/rhel7/sssd:latest
registry.access.stage.redhat.com/rhel7/sssd: this image was pulled from a legacy registry. Important: This registry version will not be supported in future versions of docker.
docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=rhel7/sssd -e HOST=/host rhel7/sssd /bin/install.sh --server auto-hv-01-guest06.testrelm.test --domain testrelm.test --principal admin --password Secret123 --force-join
Initializing configuration context from host ...
Client hostname: auto-hv-01-guest08.testrelm.test
Realm: TESTRELM.TEST
DNS Domain: testrelm.test
IPA Server: <ipa server>.testrelm.test
BaseDN: dc=testrelm,dc=test
Skipping synchronizing time with NTP server.
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=TESTRELM.TEST
Issuer: CN=Certificate Authority,O=TESTRELM.TEST
Valid From: Mon May 09 06:42:39 2016 UTC
Valid Until: Fri May 09 06:42:39 2036 UTC
Enrolled in IPA realm TESTRELM.TEST
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TESTRELM.TEST
trying https://ipaserver.testrelm.test/ipa/json
Forwarding 'ping' to json server 'https://auto-hv-01-guest06.testrelm.test/ipa/json'
Forwarding 'ca_is_enabled' to json server 'https://ipaserver/ipa/json'
Systemwide CA database updated.
Added CA certificates to the default NSS database.
Hostname (client.testrelm.test) does not have A/AAAA record.
Missing reverse record(s) for address(es): 10.x.x.x, 2620:52:0:1060:5054:ff:fe1b:22b1, fec0:0:a10:6000:5054:ff:fe1b:22b1.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Forwarding 'host_mod' to json server 'https://ipaserver.testrelm.test/ipa/json'
SSSD enabled
Configured /etc/openldap/ldap.conf
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring testrelm.test as NIS domain.
Client configuration complete.
Copying new configuration to host ...
Full path required for exclude: net:[4026531956].
Service sssd.service configured to run SSSD container.
2. Verify Kinit / Klist / Kdestroy / Kinit works:
========
-bash-4.2# atomic run rhel7/sssd kinit admin
Password for admin:
-bash-4.2# atomic run rhel7/sssd klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin
Valid starting Expires Service principal
05/09/16 05:52:43 05/10/16 05:52:40 krbtgt/TESTRELM.TEST
-bash-4.2# atomic run rhel7/sssd kdestroy
-bash-4.2# atomic run rhel7/sssd klist
klist: Credentials cache keyring 'persistent:0:0' not found
-bash-4.2# atomic run rhel7/sssd kinit admin
Password for admin:
-bash-4.2# atomic run rhel7/sssd klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin
Valid starting Expires Service principal
05/09/16 05:53:07 05/10/16 05:53:04 krbtgt/TESTRELM.TEST
-bash-4.2# atomic run rhel7/sssd klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin
Valid starting Expires Service principal
05/09/16 05:53:07 05/10/16 05:53:04 krbtgt/TESTRELM.TEST
3. id user details:
=========
-bash-4.2# atomic run rhel7/sssd kinit admin
Password for admin:
-bash-4.2# id admin
uid=1546000000(admin) gid=1546000000(admins) groups=1546000000(admins)
-bash-4.2# atomic run rhel7/sssd id admin
uid=1546000000(admin) gid=1546000000(admins) groups=1546000000(admins)
-bash-4.2# id test1
uid=1546000001(test1) gid=1546000001(test1) groups=1546000001(test1)
-bash-4.2# atomic run rhel7/sssd id test1
uid=1546000001(test1) gid=1546000001(test1) groups=1546000001(test1)
4. ssh
=========
-bash-4.2# ssh admin@localhost
admin@localhost's password:
Could not chdir to home directory /home/admin: No such file or directory
-bash-4.2$ exit
logout
Connection to localhost closed.
-bash-4.2#
5. HBAC (configure HBAC on ipa server to not allow admin user ssh access and allow test1 user ssh access for atomic host client)
==========
-bash-4.2# ssh admin@localhost
admin@localhost's password:
Connection closed by UNKNOWN
-bash-4.2# ssh test1@localhost
test1@localhost's password:
Could not chdir to home directory /home/test1: No such file or directory
-sh-4.2$ whoami
test1
-sh-4.2$
6. SUDO Tests (configure test1 user to allow cat command to be run as sudo)
=========
-bash-4.2# ssh test1@localhost
test1@localhost's password:
Could not chdir to home directory /home/test1: No such file or directory
-sh-4.2$ cat /etc/shadow
cat: /etc/shadow: Permission denied
-sh-4.2$ sudo cat /etc/shadow
[sudo] password for test1:
Sorry, user test1 is not allowed to execute '/bin/cat /etc/shadow' as root on auto-hv-01-guest08.testrelm.test.
-sh-4.2$ exit
logout
Connection to localhost closed.
-bash-4.2# rm -rf ccache_TESTRELM.TEST cache_testrelm.test.ldb
-bash-4.2# systemctl restart sssd
-bash-4.2# ssh test1@localhost
test1@localhost's password:
Could not chdir to home directory /home/test1: No such file or directory
-sh-4.2$ cat /etc/shadow
cat: /etc/shadow: Permission denied
-sh-4.2$ sudo cat /etc/shadow
[sudo] password for test1:
root:$6$URBZw2sg$JTNW.vjDMIrd9v5A13zvPXPa95e5xlZaGc4N/ELVkx9TIAuqi3RDxSEED4570/7bOpVW8BWyLlX9ImYHqDH0T.:16930:0:99999:7:::
bin:*:16579:0:99999:7:::
daemon:*:16579:0:99999:7:::
adm:*:16579:0:99999:7:::
lp:*:16579:0:99999:7:::
sync:*:16579:0:99999:7:::
shutdown:*:16579:0:99999:7:::
halt:*:16579:0:99999:7:::
mail:*:16579:0:99999:7:::
operator:*:16579:0:99999:7:::
games:*:16579:0:99999:7:::
ftp:*:16579:0:99999:7:::
nobody:*:16579:0:99999:7:::
systemd-bus-proxy:!!:16927::::::
systemd-network:!!:16927::::::
test:$6$oIW3o2Mr$XbWZKaM7nA.cQqudfDJScupXOia5h1u517t6Htx/Q/MgXm82Pc/OcytatTeI4ULNWOMJzvpCigWiL4xKP9PX4.:16930:0:99999:7:::
cloud-user:!!:16930:0:99999:7:::
7.AD-TRUST (verify AD user/group/subgroups on atomic client)
========
-bash-4.2# atomic run rhel7/sssd kinit admin
Password for admin:
-bash-4.2# atomic run rhel7/sssd klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin
Valid starting Expires Service principal
05/10/16 04:35:15 05/11/16 04:35:12 krbtgt/TESTRELM.TEST
-bash-4.2# atomic run rhel7/sssd id admin
uid=1506600000(admin) gid=1506600000(admins) groups=1506600000(admins)
-bash-4.2# atomic run rhel7/sssd id aduser1
uid=738801106(aduser1) gid=738801106(aduser1) groups=738801106(aduser1),738800513(domain users),738801107(adgroup1)
-bash-4.2#
-bash-4.2# atomic run rhel7/sssd id subgroupuser1
uid=738801109(subgroupuser1) gid=738801109(subgroupuser1) groups=738801109(subgroupuser1),738800513(domain users),738801107(adgroup1),738801108(subgroup)
-bash-4.2#
8. Uninstall IPA-client/Unenroll:
===============
-bash-4.2# systemctl status sssd
● sssd.service - System Security Services Daemon in container
Loaded: loaded (/etc/systemd/system/sssd.service; disabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/sssd.service.d
└─journal.conf
Active: active (exited) since Wed 2016-05-11 06:13:26 EDT; 1s ago
Process: 2880 ExecStart=/usr/bin/atomic run --name=sssd rhel7/sssd (code=exited, status=0/SUCCESS)
Main PID: 2880 (code=exited, status=0/SUCCESS)
May 11 06:13:26 auto-hv-01-guest07.testrelm.test systemd[1]: Starting System Security Services Daemon in container...
May 11 06:13:26 auto-hv-01-guest07.testrelm.test atomic[2880]: Container is running
May 11 06:13:26 auto-hv-01-guest07.testrelm.test systemd[1]: Started System Security Services Daemon in container.
Hint: Some lines were ellipsized, use -l to show in full.
-bash-4.2# systemctl stop sssd
-bash-4.2# ls -l /etc/systemd/system/sssd.service
-rw-r--r--. 1 root root 732 May 11 03:42 /etc/systemd/system/sssd.service
-bash-4.2# atomic uninstall rhel7/sssd
docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=rhel7/sssd -e HOST=/host rhel7/sssd /bin/uninstall.sh
Initializing configuration context from host ...
Unenrolling client from IPA server
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
Restoring client configuration files
Unconfiguring the NIS domain.
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Client uninstall complete.
Copying new configuration to host ...
Removing /etc/ipa/nssdb/pwdfile.txt
Removing /etc/ipa/nssdb/secmod.db
Removing /etc/ipa/nssdb/cert8.db
Removing /etc/ipa/nssdb/key3.db
Removing /etc/ipa/ca.crt
Removing /etc/ipa/default.conf
Removing /etc/sssd/systemctl-lite-enabled/sssd.service
Removing /etc/sssd/systemctl-lite-enabled/rhel-domainname.service
Removing /etc/sssd/sssd.conf
Removing /var/lib/authconfig/last/system-auth-ac
Removing /var/lib/authconfig/last/postlogin-ac
Removing /var/lib/authconfig/last/password-auth-ac
Removing /var/lib/authconfig/last/fingerprint-auth-ac
Removing /var/lib/authconfig/last/smartcard-auth-ac
Removing /var/lib/ipa-client/sysrestore/e777a8b2a06a4090-nsswitch.conf
Removing /var/lib/ipa-client/sysrestore/sysrestore.index
Removing /var/lib/ipa-client/sysrestore/69e686c155440f95-krb5.conf
Removing /var/lib/ipa-client/sysrestore/sysrestore.state
Removing /var/lib/ipa-client/sysrestore/7730892c02cacc6a-ldap.conf
Removing /var/lib/ipa-client/sysrestore/cc2ef06c2005ebbe-ssh_config
Removing /var/lib/ipa-client/sysrestore/f9676e85349f4ab8-sshd_config
Removing /var/lib/sss/pipes/private
Removing /var/lib/sss/pipes/private/sbus-dp_testrelm.test.126
Removing /var/lib/sss/pipes/private/sbus-monitor
Removing /var/lib/sss/pipes/private/sbus-dp_testrelm.test.14
Removing /var/lib/sss/pipes/private/sbus-dp_testrelm.test
Removing /var/lib/sss/pipes/private/pam
Removing /var/lib/sss/pipes/pam
Removing /var/lib/sss/pipes/sudo
Removing /var/lib/sss/pipes/ssh
Removing /var/lib/sss/pipes/nss
Removing /var/lib/sss/pipes/pac
Removing /var/lib/sss/db/cache_testrelm.test.ldb
Removing /var/lib/sss/db/ccache_TESTRELM.TEST
Removing /var/lib/sss/mc/passwd
Removing /var/lib/sss/mc/group
Removing /var/lib/sss/mc/initgroups
-bash-4.2# rm -rf /etc/systemd/system/sssd.service
-bash-4.2# systemctl daemon-reload
-bash-4.2# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
-bash-4.2# atomic run rhel7/sssd kinit admin
kinit: Configuration file does not specify default realm when parsing name admin
-bash-4.2# systemctl status sssd
● sssd.service - System Security Services Daemon
Loaded: loaded (/usr/lib/systemd/system/sssd.service; disabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/sssd.service.d
└─journal.conf
Active: inactive (dead)
May 11 06:13:26 auto-hv-01-guest07.testrelm.test systemd[1]: Starting System Security Services Daemon in container...
May 11 06:13:26 auto-hv-01-guest07.testrelm.test atomic[2880]: Container is running
May 11 06:13:26 auto-hv-01-guest07.testrelm.test systemd[1]: Started System Security Services Daemon in container.
May 11 06:13:36 auto-hv-01-guest07.testrelm.test systemd[1]: Stopping System Security Services Daemon in container...
May 11 06:13:36 auto-hv-01-guest07.testrelm.test systemd[1]: Stopped System Security Services Daemon in container.
Hint: Some lines were ellipsized, use -l to show in full.
-bash-4.2#
9. Atomic host Upgrade (7.2.2 > 7.2.4 with sssd-container image 7.2-13, Here ipa client is configured at 7.2.2)
===========
-bash-4.2# atomic host upgrade
-bash-4.2# atomic host status
TIMESTAMP (UTC) VERSION ID OSNAME REFSPEC
2016-05-06 05:57:30 7.2.4 b060975ce3 atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
* 2016-03-01 01:35:21 7.2.2-2 8b2cf24b42 atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
-bash-4.2# atomic run rhel7/sssd rpm -qa | grep ipa-client
ipa-client-4.2.0-15.el7_2.15.x86_64
-bash-4.2# atomic run rhel7/sssd kinit admin
kinit: Cannot contact any KDC for realm 'TESTRELM.TEST' while getting initial credentials
-bash-4.2# vi /etc/resolv.conf
-bash-4.2# atomic run rhel7/sssd kinit admin
kinit: Cannot contact any KDC for realm 'TESTRELM.TEST' while getting initial credentials
-bash-4.2# ls /etc/systemd/system/sssd.service
/etc/systemd/system/sssd.service
-bash-4.2# ls -l /etc/systemd/system/sssd.service
-rw-r--r--. 1 root root 732 May 11 03:42 /etc/systemd/system/sssd.service
-bash-4.2# atomic run rhel7/sssd kinit admin
kinit: Cannot contact any KDC for realm 'TESTRELM.TEST' while getting initial credentials
-bash-4.2# systemctl restart docker
-bash-4.2# atomic run rhel7/sssd kinit admin
Password for admin:
-bash-4.2#
-bash-4.2# atomic run rhel7/sssd klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin
Valid starting Expires Service principal
05/11/16 04:14:01 05/12/16 04:13:52 krbtgt/TESTRELM.TEST
-bash-4.2# atomic run rhel7/sssd kdestroy
-bash-4.2# atomic run rhel7/sssd klist
klist: Credentials cache keyring 'persistent:0:0' not found
-bash-4.2# atomic run rhel7/sssd kinit admin
Password for admin:
-bash-4.2# atomic run rhel7/sssd klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin
Valid starting Expires Service principal
05/11/16 04:14:45 05/12/16 04:14:43 krbtgt/TESTRELM.TEST
-bash-4.2# #ipactl stopped
-bash-4.2# atomic run rhel7/sssd kinit admin
kinit: Cannot contact any KDC for realm 'TESTRELM.TEST' while getting initial credentials
-bash-4.2# atomic run rhel7/sssd klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin
Valid starting Expires Service principal
05/11/16 04:14:45 05/12/16 04:14:43 krbtgt/TESTRELM.TEST
-bash-4.2# atomic run rhel7/sssd kinit admin
kinit: Cannot contact any KDC for realm 'TESTRELM.TEST' while getting initial credentials
-bash-4.2# #ipactl started
-bash-4.2# systemctl restart docker
-bash-4.2# atomic run rhel7/sssd kinit admin
Password for admin:
-bash-4.2# atomic run rhel7/sssd klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin
Valid starting Expires Service principal
05/11/16 04:45:27 05/12/16 04:45:25 krbtgt/TESTRELM.TEST
-bash-4.2# ssh admin@localhost
admin@localhost's password:
Could not chdir to home directory /home/admin: No such file or directory
-bash-4.2$ whoami
admin
-bash-4.2$ exit
logout
Connection to localhost closed.
-bash-4.2# atomic run rhel7/sssd klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin
Valid starting Expires Service principal
05/11/16 04:45:27 05/12/16 04:45:25 krbtgt/TESTRELM.TEST
-bash-4.2# #ipactl stopped
-bash-4.2# ssh admin@localhost
admin@localhost's password:
Could not chdir to home directory /home/admin: No such file or directory
-bash-4.2$ whoami
admin
-bash-4.2$ exit
logout
Connection to localhost closed.
-bash-4.2#
10. Atomic host rollback (7.2.4 > 7.2.2 with sssd-container image 7.2-13)
===========
-bash-4.2# atomic host rollback
-bash-4.2# atomic host status
TIMESTAMP (UTC) VERSION ID OSNAME REFSPEC
2016-03-01 01:35:21 7.2.2-2 8b2cf24b42 atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
* 2016-05-06 05:57:30 7.2.4 b060975ce3 atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
-bash-4.2# vi /etc/resolv.conf
-bash-4.2# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/docker.service.d
└─flannel.conf
Active: active (running) since Wed 2016-05-11 05:08:54 EDT; 4min 26s ago
Docs: http://docs.docker.com
Main PID: 2279 (docker)
Memory: 2.9M
CGroup: /system.slice/docker.service
└─2279 /usr/bin/docker daemon --selinux-enabled --storage-driver devicemapper --storage-opt dm.fs=xfs --...
May 11 05:08:54 auto-hv-01-guest07.testrelm.test docker[2279]: time="2016-05-11T05:08:54.431084161-04:00" level=...se"
May 11 05:08:54 auto-hv-01-guest07.testrelm.test docker[2279]: time="2016-05-11T05:08:54.524148358-04:00" level=...t."
May 11 05:08:54 auto-hv-01-guest07.testrelm.test docker[2279]: ..........
May 11 05:08:54 auto-hv-01-guest07.testrelm.test docker[2279]: time="2016-05-11T05:08:54.715207593-04:00" level=...e."
May 11 05:08:54 auto-hv-01-guest07.testrelm.test docker[2279]: time="2016-05-11T05:08:54.715229604-04:00" level=...on"
May 11 05:08:54 auto-hv-01-guest07.testrelm.test docker[2279]: time="2016-05-11T05:08:54.715249669-04:00" level=...el7
May 11 05:08:54 auto-hv-01-guest07.testrelm.test systemd[1]: Started Docker Application Container Engine.
May 11 05:08:54 auto-hv-01-guest07.testrelm.test docker[2279]: time="2016-05-11T05:08:54.869196061-04:00" level=...ll"
May 11 05:08:55 auto-hv-01-guest07.testrelm.test docker[2279]: time="2016-05-11T05:08:55.010908624-04:00" level=...te"
May 11 05:08:55 auto-hv-01-guest07.testrelm.test docker[2279]: time="2016-05-11T05:08:55.139506693-04:00" level=...rt"
Hint: Some lines were ellipsized, use -l to show in full.
-bash-4.2# atomic run rhel7/sssd kinit admin
kinit: Cannot contact any KDC for realm 'TESTRELM.TEST' while getting initial credentials
-bash-4.2# systemctl restart docker
-bash-4.2# atomic run rhel7/sssd kinit admin
Password for admin:
-bash-4.2# atomic run rhel7/sssd klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin
Valid starting Expires Service principal
05/11/16 05:14:07 05/12/16 05:14:04 krbtgt/TESTRELM.TEST
-bash-4.2# ssh admin@localhost
admin@localhost's password:
Could not chdir to home directory /home/admin: No such file or directory
-bash-4.2$ whoami
admin
-bash-4.2$ exit
logout
Connection to localhost closed.
-bash-4.2#
Filed bug, https://bugzilla.redhat.com/show_bug.cgi?id=1334328, "ipa-client-install --uninstall" command when run on atomic host fails to uninstall client from IPA server. Thus on the basis of Test results in Comment#2 and Comment#4, marking the status of bug to "VERIFIED". Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-1071.html |