Bug 1460929
| Summary: | starting sssd container using systemctl creates /etc/yp.conf directory | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Niranjan Mallapadi Raghavender <mniranja> |
| Component: | sssd-container | Assignee: | SSSD Maintainers <sssd-maint> |
| Status: | CLOSED NOTABUG | QA Contact: | sssd-qe <sssd-qe> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.3 | CC: | jhrozek, jpazdziora, lslebodn |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-06-13 07:59:10 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Niranjan Mallapadi Raghavender
2017-06-13 07:40:57 UTC
It is not a bug. Because if docker tries to mount bind non-existing file it will create directory on host. And /etc/yp.conf is created only by ipa-client install and not by adcli/realmd. Therefore the file /etc/yp.conf does not exist after "atomic install rhel7/sssd ..." OTOH, can't this prevent us from uninstalling the AD-joined setup and intalling ipa-client-install-based one? Maybe we should touch and create empty files in install.sh that we plan to bind-mount in run.sh, to prevent them from being autocreated of wrong type? I have not tested ipa-client-install. but it does prevent from uninstall realmd ones. [root@dione sssd_container]# atomic uninstall -f rhel7/sssd realm leave -v U administrator docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=rhel7/sssd -e HOST=/host rhel7/sssd /bin/uninstall.sh realm leave -v U administrator Initializing configuration context from host ... Warning: Failed to copy /etc/yp.conf to host. It cannot be a directory realm: Couldn't find a matching realm ot@dione sssd_container]# atomic install rhel7/sssd realm join -v --membership-software=adcli CENTAUR.TEST docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=rhel7/sssd -e HOST=/host rhel7/sssd /bin/install.sh realm join -v --membership-software=adcli CENTAUR.TEST Initializing configuration context from host ... * Resolving: _ldap._tcp.centaur.test * Performing LDAP DSE lookup on: 192.168.122.187 Password for Administrator: * Performing LDAP DSE lookup on: 192.168.122.27 * Successfully discovered: CENTAUR.TEST * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/sbin/adcli * LANG=C /usr/sbin/adcli join --verbose --domain CENTAUR.TEST --domain-realm CENTAUR.TEST --domain-controller 192.168.122.187 --login-type user --login-user Administrator --stdin-password * Using domain name: CENTAUR.TEST * Calculated computer account name from fqdn: DIONE * Using domain realm: CENTAUR.TEST * Sending netlogon pings to domain controller: cldap://192.168.122.187 * Received NetLogon info from: srv1.CENTAUR.TEST * Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-SN2i2V/krb5.d/adcli-krb5-conf-MVDZUN * Authenticated as user: Administrator * Looked up short domain name: CENTAUR * Using fully qualified name: dione.centaur.test * Using domain name: CENTAUR.TEST * Using computer account name: DIONE * Using domain realm: CENTAUR.TEST * Calculated computer account name from fqdn: DIONE * Generated 120 character computer password * Using keytab: FILE:/etc/krb5.keytab * Found computer account for DIONE$ at: CN=DIONE,CN=Computers,DC=CENTAUR,DC=TEST * Set computer password * Retrieved kvno '4' for computer account in directory: CN=DIONE,CN=Computers,DC=CENTAUR,DC=TEST * Modifying computer account: userAccountControl * Modifying computer account: operatingSystemVersion, operatingSystemServicePack * Modifying computer account: userPrincipalName * Discovered which keytab salt to use * Added the entries to the keytab: DIONE$@CENTAUR.TEST: FILE:/etc/krb5.keytab * Added the entries to the keytab: host/DIONE: FILE:/etc/krb5.keytab * Added the entries to the keytab: host/dione.centaur.test: FILE:/etc/krb5.keytab * Added the entries to the keytab: RestrictedKrbHost/DIONE: FILE:/etc/krb5.keytab * Added the entries to the keytab: RestrictedKrbHost/dione.centaur.test: FILE:/etc/krb5.keytab * /usr/bin/systemctl enable sssd.service * /usr/bin/systemctl restart sssd.service * /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service * Successfully enrolled machine in realm Copying new configuration to host ... Service sssd.service configured to run SSSD container. [root@dione sssd_container]# ls -l /etc/yum yum/ yum.conf yum.repos.d/ [root@dione sssd_container]# atomic install rhel7/sssd realm join -v --membership-software=adcli CENTAUR.TEST^C [root@dione sssd_container]# systemctl start sssd [root@dione sssd_container]# atomic uninstall -f rhel7/sssd realm leave -v U administrator CENTAUR.TEST^C [root@dione sssd_container]# ls -l /etc/yp.conf/ total 0 [root@dione sssd_container]# #atomic uninstall -f rhel7/sssd realm leave -v -U administrator CENTAUR.TEST [root@dione sssd_container]# systemctl stop sssd [root@dione sssd_container]# #atomic uninstall -f rhel7/sssd realm leave -v -U administrator CENTAUR.TEST [root@dione sssd_container]# atomic uninstall -f rhel7/sssd realm leave -v -U administrator CENTAUR.TEST- docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=rhel7/sssd -e HOST=/host rhel7/sssd /bin/uninstall.sh realm leave -v -U administrator CENTAUR.TEST- Initializing configuration context from host ... Warning: Failed to copy /etc/yp.conf to host. It cannot be a directory realm: Couldn't find a matching realm (In reply to Niranjan Mallapadi Raghavender from comment #4) > I have not tested ipa-client-install. but it does prevent from uninstall > realmd ones. > > [root@dione sssd_container]# atomic uninstall -f rhel7/sssd realm leave -v U > administrator > docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e > IMAGE=rhel7/sssd -e HOST=/host rhel7/sssd /bin/uninstall.sh realm leave -v U > administrator > Initializing configuration context from host ... > Warning: Failed to copy /etc/yp.conf to host. It cannot be a directory This warning is not related to realm leave failure. Because in case of "atomic uninstall" we just print warning and skip importing problematic file/directory to container > realm: Couldn't find a matching realm Seems to be a PEBKAC or copy&paste problem. Different REALM was used for joining machine and leaving machine "CENTAUR.TEST" != "CENTAUR.TEST-" Lukas you are right, it does print warning [root@dione repo]# atomic install rhel7/sssd realm join -v CENTAUR.TEST docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=rhel7/sssd -e HOST=/host rhel7/sssd /bin/install.sh realm join -v CENTAUR.TEST Initializing configuration context from host ... * Resolving: _ldap._tcp.centaur.test * Performing LDAP DSE lookup on: 192.168.122.27 Password for Administrator: * Performing LDAP DSE lookup on: 192.168.122.187 * Successfully discovered: CENTAUR.TEST * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/bin/net * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.SG6S2Y -U Administrator ads join CENTAUR.TEST Enter Administrator's password:DNS update failed: NT_STATUS_UNSUCCESSFUL Using short domain name -- CENTAUR Joined 'DIONE' to dns domain 'CENTAUR.TEST' DNS Update for dione.centaur.test failed: ERROR_DNS_UPDATE_FAILED * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.SG6S2Y -U Administrator ads keytab create Enter Administrator's password: * /usr/bin/systemctl enable sssd.service * /usr/bin/systemctl restart sssd.service * /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service * Successfully enrolled machine in realm Copying new configuration to host ... Service sssd.service configured to run SSSD container. [root@dione repo]# systemctl start sssd [root@dione repo]# ls -l /etc/yp.conf/ total 0 [root@dione repo]# atomic uninstall rhel7/sssd realm leave -v CENTAUR.TEST docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=rhel7/sssd -e HOST=/host rhel7/sssd /bin/uninstall.sh realm leave -v CENTAUR.TEST Initializing configuration context from host ... Warning: Failed to copy /etc/yp.conf to host. It cannot be a directory * Removing entries from keytab for realm * /usr/sbin/sss_cache --users --groups --netgroups --services --autofs-maps * Removing domain configuration from sssd.conf * /usr/sbin/authconfig --update --disablesssdauth --nostart * /usr/bin/systemctl disable sssd.service * Successfully unenrolled machine from realm Copying new configuration to host ... Removing /etc/krb5.keytab Removing /etc/sssd/systemctl-lite-enabled/sssd.service Removing /etc/yp.conf Removing /var/lib/sss/pipes/private/sbus-dp_CENTAUR.TEST.69 Removing /var/lib/sss/pipes/private/sbus-monitor Removing /var/lib/sss/pipes/private/sbus-dp_CENTAUR.TEST.11 Removing /var/lib/sss/pipes/private/sbus-dp_CENTAUR.TEST Removing /var/lib/sss/pipes/private/pam Removing /var/lib/sss/mc/passwd Removing /var/lib/sss/mc/group Removing /var/lib/sss/mc/initgroups |