Bug 1572249
| Summary: | atomic run --display rhel7/sssd doesn't start sssd container | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Niranjan Mallapadi Raghavender <mniranja> |
| Component: | atomic | Assignee: | Lokesh Mandvekar <lsm5> |
| Status: | CLOSED NOTABUG | QA Contact: | atomic-bugs <atomic-bugs> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.5 | CC: | bbaude, ddarrah, dwalsh, fkluknav, gscrivan, miabbott, ndehadra |
| Target Milestone: | rc | Keywords: | Extras, Regression |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-08-27 17:27:14 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
[root@host-8-251-130 sssd]# atomic host status
State: idle
Deployments:
● ostree://rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
Version: 7.5.1 (2018-04-19 14:39:11)
Commit: 506129139134ad61959180b1ea6be373812abe8062b7a1c95341ae3e994bd63b
ostree://rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
Version: 7.5.0 (2018-02-22 15:51:49)
Commit: 474534b1a1a2945c8ff2ad72cb646aaa25ec7b2d9fa9413a99a8cd2ef885dfdc
Following errors are seen in journalctl Apr 26 14:11:53 host-8-251-130.host.centralci.eng.rdu2.redhat.com dockerd-current[1256]: time="2018-04-26T14:11:53.754876368Z" level=error msg="Handler for GET /v1.26/containers/sssd/json returned error: No such container: sssd" Apr 26 14:11:53 host-8-251-130.host.centralci.eng.rdu2.redhat.com dockerd-current[1256]: time="2018-04-26T14:11:53.755078661Z" level=error msg="Handler for GET /v1.26/containers/sssd/json returned error: No such container: sssd" Do you have the registries.conf file setup correctly? I haven't touched registries.conf, i never had to, [root@host-8-251-130 sssd]# cat /etc/containers/registries.conf # This is a system-wide configuration file used to # keep track of registries for various container backends. # It adheres to TOML format and does not support recursive # lists of registries. # The default location for this configuration file is /etc/containers/registries.conf. # The only valid categories are: 'registries.search', 'registries.insecure', # and 'registries.block'. [registries.search] registries = ['registry.access.redhat.com'] # If you need to access insecure registries, add the registry's fully-qualified name. # An insecure registry is one that does not have a valid SSL certificate or only does HTTP. [registries.insecure] registries = [] # If you need to block pull access from a registry, uncomment the section below # and add the registries fully-qualified name. # # Docker only [registries.block] registries = [] [root@host-8-251-130 sssd]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry.access.stage.redhat.com/rhel7/sssd latest 4ded565230b4 3 days ago 382 MB rhel7/sssd latest 4ded565230b4 3 days ago 382 MB atomic uninstall fails with error message . will open a separate bug. is there anything in ps -a ? if so, anything in the container logs? ps -a doesn't show anything, Container logs ?, the sssd container didn't start at all. Also atomic run works and sssd container starts if i don't use --display. $ atomic run rhel7/sssd But if i use --display it doesn't start the sssd container. This was working in all previous atomic versions. Any update on this ? Additional observation: Steps: 1. Install sssd-container image as application using ipa-client # atomic install --opt1='--hostname=<client-name> -e SSSD_CONTAINER_TYPE=application --net=default' rhel7/sssd --principal admin --password Secret123 --domain nd2may.pnq --server=ipadocker.nd2may.pnq --realm ND2MAY.PNQ --force-join 2. # atomic run --display rhel7/sssd 3. # docker ps, Error response from daemon: No such container: sssd 4. # atomic run rhel7/sssd 5. # docker ps, Container named 'sssd' is running 6. # docker stop sssd, Stop this container 7. # atomic run --display rhel7/sssd 8. # docker ps, This time Container named 'sssd' is running Console: ----------- [root@ipasssdclient ~]# docker stop sssd sssd [root@ipasssdclient ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@ipasssdclient ~]# atomic run --display rhel7/sssd sssd [root@ipasssdclient ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 849662e9d760 rhel7/sssd "/bin/run.sh" 59 seconds ago Up 3 seconds sssd [root@ipasssdclient ~]# docker exec -it sssd kinit admin Password for admin: [root@ipasssdclient ~]# It looks to me like atomic run --display is working just as it was defined to run.
man atomic run
...
--display
Display the image's run options and environment variables populated into the run command. The run command will not execute if --display is specified. If --display is not specified the run
command will execute.
If in previous versions the command was actually running, then that was the bug.
(In reply to Daniel Walsh from comment #12) > It looks to me like atomic run --display is working just as it was defined > to run. > > man atomic run > ... > --display > Display the image's run options and environment variables populated > into the run command. The run command will not execute if --display is > specified. If --display is not specified the run > command will execute. > > If in previous versions the command was actually running, then that was the > bug. In that case as per observations in above comment#11, after step7, the run command using --display option does run the container, is this expected? Correct. Based on the latest comments, it appears that `atomic run --display` was incorrectly starting a container, instead of just previewing the command that would be used to start the container. Since the behavior of `atomic run --display` in the most recent version (atomic-1.22.1-22.git5a342e3.el7.x86_64) now matches the documented behavior, I'm going to close this as NOTABUG. |
Description of problem: atomic run --display rhel7/sssd doesn't start sssd container. Version-Release number of selected component (if applicable): atomic-1.22.1-3.git2fd0860.el7.x86_64 How reproducible: Steps to Reproduce: 1. Update AD ip in /etc/resolv.conf 2. save the AD administrator password in /etc/sssd/realm-join-password echo "Secret123" > /etc/sssd/realm-join-password 3. Create an application sssd container joining to AD atomic install --opt1='--dns=10.65.223.136 --dns-search=juno.test --hostname=abc.juno.test -e SSSD_CONTAINER_TYPE=application --net=default' rhel7/sssd realm join -v JUNO.TEST 4. Start the container as below: atomic run --display rhel7/sssd [root@host-8-251-130 atomic]# atomic run --display rhel7/sssd docker run -d --restart=always --name sssd -e NAME=sssd -e IMAGE=rhel7/sssd --hostname abc.juno.test -v /var/lib/sssd_container/sssd/container/etc/dbus-1/system.d/:/etc/dbus-1/system.d/:Z -v /var/li b/sssd_container/sssd/container/etc/ipa/:/etc/ipa/:Z -v /var/lib/sssd_container/sssd/container/etc/openldap/:/etc/openldap/:Z -v /var/lib/sssd_container/sssd/container/etc/ssh/:/etc/ssh/:Z -v /var/lib/sssd_container/sssd/container/etc/sssd/:/etc/sssd/:Z -v /var/lib/sssd_container/sssd/container/var/cache/realmd/:/var/cache/realmd/:Z -v /var/lib/sssd_container/sssd/container/var/lib/authconfig/last/:/var/lib/authconfig/last/:Z -v /var/lib/sssd_container/sssd/container/var/lib/ipa-client/sysrestore/:/var/lib/ipa-client/sysrestore/:Z -v /var/lib/sssd_container/sssd/container/var/lib/samba/:/var/lib/samba/:Z -v /var/lib/sssd_container/sssd/container/var/lib/sss/db/:/var/lib/sss/db/:Z -v /var/lib/sssd_container/sssd/container/var/lib/sss/gpo_cache/:/var/lib/sss/gpo_cache/:Z -v /var/lib/sssd_container/sssd/container/var/lib/sss/secrets/:/var/lib/sss/secrets/:Z -v /var/lib/sssd_container/sssd/container/var/lib/sss/keytabs/:/var/lib/sss/keytabs/:Z -v /var/lib/sssd_container/sssd/container/var/log/sssd/:/var/log/sssd/:Z -v /var/lib/sssd_container/sssd/container/etc/krb5.keytab:/etc/krb5.keytab:Z -v /var/lib/sssd_container/sssd/container/etc/nsswitch.conf:/etc/nsswitch.conf:Z -v /var/lib/sssd_container/sssd/container/etc/sysconfig/authconfig:/etc/sysconfig/authconfig:Z -v /var/lib/sssd_container/sssd/container/etc/sysconfig/network:/etc/sysconfig/network:Z -v /var/lib/sssd_container/sssd/container/etc/yp.conf:/etc/yp.conf:Z -v /var/lib/sssd_container/sssd/container/etc/resolv.conf:/etc/resolv.conf:Z -v /var/lib/sssd_container/sssd/client/etc/krb5.conf.d/:/etc/krb5.conf.d/:z -v /var/lib/sssd_container/sssd/client/var/lib/sss/mc/:/var/lib/sss/mc/:z -v /var/lib/sssd_container/sssd/client/var/lib/sss/pipes/:/var/lib/sss/pipes/:z -v /var/lib/sssd_container/sssd/client/var/lib/sss/pubconf/:/var/lib/sss/pubconf/:z -v /var/lib/sssd_container/sssd/client/var/run/dbus/:/var/run/dbus/:z -v /var/lib/sssd_container/sssd/client/etc/krb5.conf:/etc/krb5.conf:z -v /var/lib/sssd_container/sssd/client/etc/pam.d/fingerprint-auth-ac:/etc/pam.d/fingerprint-auth:z -v /var/lib/sssd_container/sssd/client/etc/pam.d/password-auth-ac:/etc/pam.d/password-auth:z -v /var/lib/sssd_container/sssd/client/etc/pam.d/smartcard-auth-ac:/etc/pam.d/smartcard-auth:z -v /var/lib/sssd_container/sssd/client/etc/pam.d/system-auth-ac:/etc/pam.d/system-auth:z -e WITH_KCM=yes -e SSSD_CONTAINER_TYPE=application --tmpfs /etc/selinux/ rhel7/sssd /bin/run.sh Actual results: No sssd container started [root@host-8-251-130 sssd]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES Expected results: sssd container should be started. Additional info: [root@host-8-251-130 sssd]# cat /var/lib/atomic/install.json {"registry.access.redhat.com/rhel7/sssd:latest": [{"install_date": "2018-04-26 13:50:20", "id": "4ded565230b4c2bf9da4f1ea7a3c80c36c023f0e6b8658ba44f1b265c8c79476", "container_name": "sssd"}]}[root@host-8-251-130 sssd]#