Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1729185

Summary: rebuild of ipa-server-container 7.6
Product: Red Hat Enterprise Linux 7 Reporter: Ferdinand bot (Userspace containerization team) <cyborg-bugzilla>
Component: ipa-server-containerAssignee: Tibor Dudlák <tdudlak>
Status: CLOSED ERRATA QA Contact: Nikhil Dehadrai <ndehadra>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.6CC: slaznick
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-server-container-4.6.4-29 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-07-29 16:39:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1733299    
Bug Blocks:    

Description Ferdinand bot (Userspace containerization team) 2019-07-11 13:55:20 UTC 
Hello,

this bug has been created by bot Ferdinand
in order to be able to create Errata advisory.

With regards,
Ferdinand, member of the bot family,
Userspace Containerization Team, <user-cont>
Comment 5 Nikhil Dehadrai 2019-07-26 12:56:10 UTC 
Tested the bug with following observations:

Atomic host Version: 7.6.6 (2019-07-24 08:47:27)
IPA-IMAGE: ipa-server-container-4.6.4-28
SSSD-IMAGE: sssd-container-7.6-29
# atomic run ipadocker rpm -q ipa-server
ipa-server-4.6.4-10.el7_6.6.x86_64
# atomic run sssd rpm -q ipa-client
ipa-client-4.6.4-10.el7_6.6.x86_64


Verified the bug with following scenarios:
A) CVE Scan:

IPA-IMAGE
------------
[root@nikhil-atomic-host-7 ~]# atomic scan --scanner openscap --scan_type cve rhel7/ipa-server
docker run -t --rm -v /etc/localtime:/etc/localtime -v /run/atomic/2019-07-25-14-55-14-754765:/scanin -v /var/lib/atomic/openscap/2019-07-25-14-55-14-754765:/scanout:rw,Z -v /etc/oscapd:/etc/oscapd:ro registry.access.redhat.com/rhel7/openscap oscapd-evaluate scan --no-standard-compliance --targets chroots-in-dir:///scanin --output /scanout -j1

rhel7/ipa-server (7a59f8d4e569e6c)

rhel7/ipa-server passed the scan

Files associated with this scan are in /var/lib/atomic/openscap/2019-07-25-14-55-14-754765.


SSSD-IMAGE
-------------
[root@nikhil-atomic-host-7 ~]# atomic scan --scanner openscap --scan_type cve rhel7/sssd
docker run -t --rm -v /etc/localtime:/etc/localtime -v /run/atomic/2019-07-25-14-56-19-990281:/scanin -v /var/lib/atomic/openscap/2019-07-25-14-56-19-990281:/scanout:rw,Z -v /etc/oscapd:/etc/oscapd:ro registry.access.redhat.com/rhel7/openscap oscapd-evaluate scan --no-standard-compliance --targets chroots-in-dir:///scanin --output /scanout -j1

rhel7/sssd (18820ca6d4d40a2)

rhel7/sssd passed the scan

Files associated with this scan are in /var/lib/atomic/openscap/2019-07-25-14-56-19-990281.

B) Regressions Tests:
------------------------
1. Verified that IPA-server is installed through ipa-container image.
2. Verified that IPA-replica is installed through ipa-container image.
3. Verified that klist command works both on ipa-server/ipa-replica configured through ipa-container image.
4. Verified that 2-way trust can be setup with windows AD with IPA-server configured through ipa-container image.
5. Verified that IPA-client(type1) configured with sssd-container image can be setup against this IPA-server.
6. Verified that IPA-client(type2) configured with sssd-container image can be setup against this IPA-server.
7. Verified that RHEL(rpm) IPA-client can be setup against this IPA-server.
8. Verified that RHEL(rpm) IPA-Replica can be setup against this IPA-server configured using ipa-container image.
9. Verified that sudo rules work for IPA-server installed through ipa-container image.
10. Verified that latest version of ipa-server is available with ipa-container image.
11. Verified that IPA-server is accessible when it is installed through ipa-docker image.
12. Verified that command ipa-adtrust-install is successful.
13. Verified that ipa-kra-install is successful.
14. Verified that ipa-vault-add, ipa vault-archive and ipa-retrieve run successfully.
15. Verified that SUBCA setup run successfully.
16. Verified that IPA-server/IPA-replica can be uninstalled.

Thus on the basis of above observations, changing status to VERIFIED
Comment 6 Nikhil Dehadrai 2019-07-26 12:56:46 UTC 
Correction: IPA-IMAGE: ipa-server-container-4.6.4-29
Comment 8 errata-xmlrpc 2019-07-29 16:39:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1927
Comment 9 dhodovsk 2019-07-30 14:46:03 UTC 
*** Bug 1734119 has been marked as a duplicate of this bug. ***