Hide Forgot
Tracking rebuild of sssd-docker.
SSSD Container tests done: ========================== Versions: ========= -bash-4.2# atomic version rhel7/sssd f10bd6cfe4e0bd0fc7473635a4efe7b8d569e0a6e56c7deb68db2b2f0ed9c456 rhel7/sssd-7.2-13 registry.access.stage.redhat.com/rhel7/sssd:latest 1. Joining to Windows 2008R2 Domain: -bash-4.2# atomic install rhel7/sssd realm -v join HYDRA.TEST docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=rhel7/sssd -e HOST=/host rhel7/sssd /bin/install.sh realm -v join HYDRA.TEST Initializing configuration context from host ... * Resolving: _ldap._tcp.hydra.test * Performing LDAP DSE lookup on: 10.65.223.35 * Successfully discovered: hydra.test Password for Administrator: * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/bin/net * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.DK8OHY -U Administrator ads join hydra.test Enter Administrator's password:DNS update failed: NT_STATUS_INVALID_PARAMETER Using short domain name -- HYDRA Joined 'ATOMIC-00' to dns domain 'hydra.test' No DNS domain configured for atomic-00. Unable to perform DNS Update. * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.DK8OHY -U Administrator ads keytab create Enter Administrator's password: * /usr/bin/systemctl enable sssd.service * /usr/bin/systemctl restart sssd.service * /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service * Successfully enrolled machine in realm Copying new configuration to host ... Full path required for exclude: net:[4026531956]. Service sssd.service configured to run SSSD container. 2.Restart sssd service and verify sssd is running from container -bash-4.2# service sssd restart Redirecting to /bin/systemctl restart sssd.service -bash-4.2# systemctl status sssd ● sssd.service - System Security Services Daemon in container Loaded: loaded (/etc/systemd/system/sssd.service; disabled; vendor preset: disabled) Drop-In: /etc/systemd/system/sssd.service.d └─journal.conf Active: active (exited) since Mon 2016-05-09 18:24:07 IST; 2s ago Process: 3200 ExecStart=/usr/bin/atomic run --name=sssd rhel7/sssd (code=exited, status=0/SUCCESS) Main PID: 3200 (code=exited, status=0/SUCCESS) 3. Verify id Administrator works from atomic host -bash-4.2# id Administrator uid=970600500(administrator) gid=970600513(domain users) groups=970600513(domain users),970600512(domain admins),970600572(denied rodc password replication group),970600519(enterprise admins),970600518(schema admins),970600520(group policy creator owners) 4. Join sssd container to AD Domain in Windows 2012 using realm $ systeminfo.exe Host Name: SRV1 OS Name: Microsoft Windows Server 2012 R2 Standard OS Version: 6.3.9600 N/A Build 9600 OS Manufacturer: Microsoft Corporation OS Configuration: Primary Domain Controller OS Build Type: Multiprocessor Free -bash-4.2# atomic install rhel7/sssd realm -v join CENTAUR.TEST docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=rhel7/sssd -e HOST=/host rhel7/sssd /bin/install.sh realm -v join CENTAUR.TEST Initializing configuration context from host ... * Resolving: _ldap._tcp.centaur.test * Performing LDAP DSE lookup on: 192.168.122.187 * Successfully discovered: CENTAUR.TEST Password for Administrator: * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/bin/net * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.YHUNHY -U Administrator ads join CENTAUR.TEST Enter Administrator's password:DNS update failed: NT_STATUS_INVALID_PARAMETER Using short domain name -- CENTAUR Joined 'ATOMIC-00' to dns domain 'CENTAUR.TEST' No DNS domain configured for atomic-00. Unable to perform DNS Update. * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.YHUNHY -U Administrator ads keytab create Enter Administrator's password: * /usr/bin/systemctl enable sssd.service * /usr/bin/systemctl restart sssd.service * /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service * Successfully enrolled machine in realm Copying new configuration to host ... Full path required for exclude: net:[4026531956]. Service sssd.service configured to run SSSD container. 5. Verify sssd service running from container -bash-4.2# systemctl status sssd ● sssd.service - System Security Services Daemon in container Loaded: loaded (/etc/systemd/system/sssd.service; disabled; vendor preset: disabled) Drop-In: /etc/systemd/system/sssd.service.d └─journal.conf Active: active (exited) since Mon 2016-05-09 18:28:54 IST; 5s ago Process: 17183 ExecStart=/usr/bin/atomic run --name=sssd rhel7/sssd (code=exited, status=0/SUCCESS) Main PID: 17183 (code=exited, status=0/SUCCESS)
Filed https://bugzilla.redhat.com/show_bug.cgi?id=1334368 atomic rhel7/sssd uninstall doesn't remove the host from AD Domain
SSSD Container tests done w.r.t IPA: ===================================== Setup details: Atomic Host Version: 7.2.4 SSSD-Container Image Version: rhel7/sssd-7.2-13 IPA Client- ipa-client-4.2.0-15.el7_2.15.x86_64 Server: ipa-server-4.2.0-15.el7_2.15.x86_64 1) Install IPA client ======== atomic install rhel7/sssd --server <ipa server> --domain testrelm.test --principal admin --password 'Secret123' --force-join Using default tag: latest f10bd6cfe4e0: Download complete c453594215e4: Download complete Status: Downloaded newer image for registry.access.stage.redhat.com/rhel7/sssd:latest registry.access.stage.redhat.com/rhel7/sssd: this image was pulled from a legacy registry. Important: This registry version will not be supported in future versions of docker. docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=rhel7/sssd -e HOST=/host rhel7/sssd /bin/install.sh --server auto-hv-01-guest06.testrelm.test --domain testrelm.test --principal admin --password Secret123 --force-join Initializing configuration context from host ... Client hostname: auto-hv-01-guest08.testrelm.test Realm: TESTRELM.TEST DNS Domain: testrelm.test IPA Server: <ipa server>.testrelm.test BaseDN: dc=testrelm,dc=test Skipping synchronizing time with NTP server. Successfully retrieved CA cert Subject: CN=Certificate Authority,O=TESTRELM.TEST Issuer: CN=Certificate Authority,O=TESTRELM.TEST Valid From: Mon May 09 06:42:39 2016 UTC Valid Until: Fri May 09 06:42:39 2036 UTC Enrolled in IPA realm TESTRELM.TEST Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm TESTRELM.TEST trying https://ipaserver.testrelm.test/ipa/json Forwarding 'ping' to json server 'https://auto-hv-01-guest06.testrelm.test/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://ipaserver/ipa/json' Systemwide CA database updated. Added CA certificates to the default NSS database. Hostname (client.testrelm.test) does not have A/AAAA record. Missing reverse record(s) for address(es): 10.x.x.x, 2620:52:0:1060:5054:ff:fe1b:22b1, fec0:0:a10:6000:5054:ff:fe1b:22b1. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://ipaserver.testrelm.test/ipa/json' SSSD enabled Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring testrelm.test as NIS domain. Client configuration complete. Copying new configuration to host ... Full path required for exclude: net:[4026531956]. Service sssd.service configured to run SSSD container. 2. Verify Kinit / Klist / Kdestroy / Kinit works: ======== -bash-4.2# atomic run rhel7/sssd kinit admin Password for admin: -bash-4.2# atomic run rhel7/sssd klist Ticket cache: KEYRING:persistent:0:0 Default principal: admin Valid starting Expires Service principal 05/09/16 05:52:43 05/10/16 05:52:40 krbtgt/TESTRELM.TEST -bash-4.2# atomic run rhel7/sssd kdestroy -bash-4.2# atomic run rhel7/sssd klist klist: Credentials cache keyring 'persistent:0:0' not found -bash-4.2# atomic run rhel7/sssd kinit admin Password for admin: -bash-4.2# atomic run rhel7/sssd klist Ticket cache: KEYRING:persistent:0:0 Default principal: admin Valid starting Expires Service principal 05/09/16 05:53:07 05/10/16 05:53:04 krbtgt/TESTRELM.TEST -bash-4.2# atomic run rhel7/sssd klist Ticket cache: KEYRING:persistent:0:0 Default principal: admin Valid starting Expires Service principal 05/09/16 05:53:07 05/10/16 05:53:04 krbtgt/TESTRELM.TEST 3. id user details: ========= -bash-4.2# atomic run rhel7/sssd kinit admin Password for admin: -bash-4.2# id admin uid=1546000000(admin) gid=1546000000(admins) groups=1546000000(admins) -bash-4.2# atomic run rhel7/sssd id admin uid=1546000000(admin) gid=1546000000(admins) groups=1546000000(admins) -bash-4.2# id test1 uid=1546000001(test1) gid=1546000001(test1) groups=1546000001(test1) -bash-4.2# atomic run rhel7/sssd id test1 uid=1546000001(test1) gid=1546000001(test1) groups=1546000001(test1) 4. ssh ========= -bash-4.2# ssh admin@localhost admin@localhost's password: Could not chdir to home directory /home/admin: No such file or directory -bash-4.2$ exit logout Connection to localhost closed. -bash-4.2# 5. HBAC (configure HBAC on ipa server to not allow admin user ssh access and allow test1 user ssh access for atomic host client) ========== -bash-4.2# ssh admin@localhost admin@localhost's password: Connection closed by UNKNOWN -bash-4.2# ssh test1@localhost test1@localhost's password: Could not chdir to home directory /home/test1: No such file or directory -sh-4.2$ whoami test1 -sh-4.2$ 6. SUDO Tests (configure test1 user to allow cat command to be run as sudo) ========= -bash-4.2# ssh test1@localhost test1@localhost's password: Could not chdir to home directory /home/test1: No such file or directory -sh-4.2$ cat /etc/shadow cat: /etc/shadow: Permission denied -sh-4.2$ sudo cat /etc/shadow [sudo] password for test1: Sorry, user test1 is not allowed to execute '/bin/cat /etc/shadow' as root on auto-hv-01-guest08.testrelm.test. -sh-4.2$ exit logout Connection to localhost closed. -bash-4.2# rm -rf ccache_TESTRELM.TEST cache_testrelm.test.ldb -bash-4.2# systemctl restart sssd -bash-4.2# ssh test1@localhost test1@localhost's password: Could not chdir to home directory /home/test1: No such file or directory -sh-4.2$ cat /etc/shadow cat: /etc/shadow: Permission denied -sh-4.2$ sudo cat /etc/shadow [sudo] password for test1: root:$6$URBZw2sg$JTNW.vjDMIrd9v5A13zvPXPa95e5xlZaGc4N/ELVkx9TIAuqi3RDxSEED4570/7bOpVW8BWyLlX9ImYHqDH0T.:16930:0:99999:7::: bin:*:16579:0:99999:7::: daemon:*:16579:0:99999:7::: adm:*:16579:0:99999:7::: lp:*:16579:0:99999:7::: sync:*:16579:0:99999:7::: shutdown:*:16579:0:99999:7::: halt:*:16579:0:99999:7::: mail:*:16579:0:99999:7::: operator:*:16579:0:99999:7::: games:*:16579:0:99999:7::: ftp:*:16579:0:99999:7::: nobody:*:16579:0:99999:7::: systemd-bus-proxy:!!:16927:::::: systemd-network:!!:16927:::::: test:$6$oIW3o2Mr$XbWZKaM7nA.cQqudfDJScupXOia5h1u517t6Htx/Q/MgXm82Pc/OcytatTeI4ULNWOMJzvpCigWiL4xKP9PX4.:16930:0:99999:7::: cloud-user:!!:16930:0:99999:7::: 7.AD-TRUST (verify AD user/group/subgroups on atomic client) ======== -bash-4.2# atomic run rhel7/sssd kinit admin Password for admin: -bash-4.2# atomic run rhel7/sssd klist Ticket cache: KEYRING:persistent:0:0 Default principal: admin Valid starting Expires Service principal 05/10/16 04:35:15 05/11/16 04:35:12 krbtgt/TESTRELM.TEST -bash-4.2# atomic run rhel7/sssd id admin uid=1506600000(admin) gid=1506600000(admins) groups=1506600000(admins) -bash-4.2# atomic run rhel7/sssd id aduser1 uid=738801106(aduser1) gid=738801106(aduser1) groups=738801106(aduser1),738800513(domain users),738801107(adgroup1) -bash-4.2# -bash-4.2# atomic run rhel7/sssd id subgroupuser1 uid=738801109(subgroupuser1) gid=738801109(subgroupuser1) groups=738801109(subgroupuser1),738800513(domain users),738801107(adgroup1),738801108(subgroup) -bash-4.2# 8. Uninstall IPA-client/Unenroll: =============== -bash-4.2# systemctl status sssd ● sssd.service - System Security Services Daemon in container Loaded: loaded (/etc/systemd/system/sssd.service; disabled; vendor preset: disabled) Drop-In: /etc/systemd/system/sssd.service.d └─journal.conf Active: active (exited) since Wed 2016-05-11 06:13:26 EDT; 1s ago Process: 2880 ExecStart=/usr/bin/atomic run --name=sssd rhel7/sssd (code=exited, status=0/SUCCESS) Main PID: 2880 (code=exited, status=0/SUCCESS) May 11 06:13:26 auto-hv-01-guest07.testrelm.test systemd[1]: Starting System Security Services Daemon in container... May 11 06:13:26 auto-hv-01-guest07.testrelm.test atomic[2880]: Container is running May 11 06:13:26 auto-hv-01-guest07.testrelm.test systemd[1]: Started System Security Services Daemon in container. Hint: Some lines were ellipsized, use -l to show in full. -bash-4.2# systemctl stop sssd -bash-4.2# ls -l /etc/systemd/system/sssd.service -rw-r--r--. 1 root root 732 May 11 03:42 /etc/systemd/system/sssd.service -bash-4.2# atomic uninstall rhel7/sssd docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=rhel7/sssd -e HOST=/host rhel7/sssd /bin/uninstall.sh Initializing configuration context from host ... Unenrolling client from IPA server Removing Kerberos service principals from /etc/krb5.keytab Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted Restoring client configuration files Unconfiguring the NIS domain. nscd daemon is not installed, skip configuration nslcd daemon is not installed, skip configuration Client uninstall complete. Copying new configuration to host ... Removing /etc/ipa/nssdb/pwdfile.txt Removing /etc/ipa/nssdb/secmod.db Removing /etc/ipa/nssdb/cert8.db Removing /etc/ipa/nssdb/key3.db Removing /etc/ipa/ca.crt Removing /etc/ipa/default.conf Removing /etc/sssd/systemctl-lite-enabled/sssd.service Removing /etc/sssd/systemctl-lite-enabled/rhel-domainname.service Removing /etc/sssd/sssd.conf Removing /var/lib/authconfig/last/system-auth-ac Removing /var/lib/authconfig/last/postlogin-ac Removing /var/lib/authconfig/last/password-auth-ac Removing /var/lib/authconfig/last/fingerprint-auth-ac Removing /var/lib/authconfig/last/smartcard-auth-ac Removing /var/lib/ipa-client/sysrestore/e777a8b2a06a4090-nsswitch.conf Removing /var/lib/ipa-client/sysrestore/sysrestore.index Removing /var/lib/ipa-client/sysrestore/69e686c155440f95-krb5.conf Removing /var/lib/ipa-client/sysrestore/sysrestore.state Removing /var/lib/ipa-client/sysrestore/7730892c02cacc6a-ldap.conf Removing /var/lib/ipa-client/sysrestore/cc2ef06c2005ebbe-ssh_config Removing /var/lib/ipa-client/sysrestore/f9676e85349f4ab8-sshd_config Removing /var/lib/sss/pipes/private Removing /var/lib/sss/pipes/private/sbus-dp_testrelm.test.126 Removing /var/lib/sss/pipes/private/sbus-monitor Removing /var/lib/sss/pipes/private/sbus-dp_testrelm.test.14 Removing /var/lib/sss/pipes/private/sbus-dp_testrelm.test Removing /var/lib/sss/pipes/private/pam Removing /var/lib/sss/pipes/pam Removing /var/lib/sss/pipes/sudo Removing /var/lib/sss/pipes/ssh Removing /var/lib/sss/pipes/nss Removing /var/lib/sss/pipes/pac Removing /var/lib/sss/db/cache_testrelm.test.ldb Removing /var/lib/sss/db/ccache_TESTRELM.TEST Removing /var/lib/sss/mc/passwd Removing /var/lib/sss/mc/group Removing /var/lib/sss/mc/initgroups -bash-4.2# rm -rf /etc/systemd/system/sssd.service -bash-4.2# systemctl daemon-reload -bash-4.2# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -bash-4.2# atomic run rhel7/sssd kinit admin kinit: Configuration file does not specify default realm when parsing name admin -bash-4.2# systemctl status sssd ● sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; disabled; vendor preset: disabled) Drop-In: /etc/systemd/system/sssd.service.d └─journal.conf Active: inactive (dead) May 11 06:13:26 auto-hv-01-guest07.testrelm.test systemd[1]: Starting System Security Services Daemon in container... May 11 06:13:26 auto-hv-01-guest07.testrelm.test atomic[2880]: Container is running May 11 06:13:26 auto-hv-01-guest07.testrelm.test systemd[1]: Started System Security Services Daemon in container. May 11 06:13:36 auto-hv-01-guest07.testrelm.test systemd[1]: Stopping System Security Services Daemon in container... May 11 06:13:36 auto-hv-01-guest07.testrelm.test systemd[1]: Stopped System Security Services Daemon in container. Hint: Some lines were ellipsized, use -l to show in full. -bash-4.2# 9. Atomic host Upgrade (7.2.2 > 7.2.4 with sssd-container image 7.2-13, Here ipa client is configured at 7.2.2) =========== -bash-4.2# atomic host upgrade -bash-4.2# atomic host status TIMESTAMP (UTC) VERSION ID OSNAME REFSPEC 2016-05-06 05:57:30 7.2.4 b060975ce3 atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard * 2016-03-01 01:35:21 7.2.2-2 8b2cf24b42 atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard -bash-4.2# atomic run rhel7/sssd rpm -qa | grep ipa-client ipa-client-4.2.0-15.el7_2.15.x86_64 -bash-4.2# atomic run rhel7/sssd kinit admin kinit: Cannot contact any KDC for realm 'TESTRELM.TEST' while getting initial credentials -bash-4.2# vi /etc/resolv.conf -bash-4.2# atomic run rhel7/sssd kinit admin kinit: Cannot contact any KDC for realm 'TESTRELM.TEST' while getting initial credentials -bash-4.2# ls /etc/systemd/system/sssd.service /etc/systemd/system/sssd.service -bash-4.2# ls -l /etc/systemd/system/sssd.service -rw-r--r--. 1 root root 732 May 11 03:42 /etc/systemd/system/sssd.service -bash-4.2# atomic run rhel7/sssd kinit admin kinit: Cannot contact any KDC for realm 'TESTRELM.TEST' while getting initial credentials -bash-4.2# systemctl restart docker -bash-4.2# atomic run rhel7/sssd kinit admin Password for admin: -bash-4.2# -bash-4.2# atomic run rhel7/sssd klist Ticket cache: KEYRING:persistent:0:0 Default principal: admin Valid starting Expires Service principal 05/11/16 04:14:01 05/12/16 04:13:52 krbtgt/TESTRELM.TEST -bash-4.2# atomic run rhel7/sssd kdestroy -bash-4.2# atomic run rhel7/sssd klist klist: Credentials cache keyring 'persistent:0:0' not found -bash-4.2# atomic run rhel7/sssd kinit admin Password for admin: -bash-4.2# atomic run rhel7/sssd klist Ticket cache: KEYRING:persistent:0:0 Default principal: admin Valid starting Expires Service principal 05/11/16 04:14:45 05/12/16 04:14:43 krbtgt/TESTRELM.TEST -bash-4.2# #ipactl stopped -bash-4.2# atomic run rhel7/sssd kinit admin kinit: Cannot contact any KDC for realm 'TESTRELM.TEST' while getting initial credentials -bash-4.2# atomic run rhel7/sssd klist Ticket cache: KEYRING:persistent:0:0 Default principal: admin Valid starting Expires Service principal 05/11/16 04:14:45 05/12/16 04:14:43 krbtgt/TESTRELM.TEST -bash-4.2# atomic run rhel7/sssd kinit admin kinit: Cannot contact any KDC for realm 'TESTRELM.TEST' while getting initial credentials -bash-4.2# #ipactl started -bash-4.2# systemctl restart docker -bash-4.2# atomic run rhel7/sssd kinit admin Password for admin: -bash-4.2# atomic run rhel7/sssd klist Ticket cache: KEYRING:persistent:0:0 Default principal: admin Valid starting Expires Service principal 05/11/16 04:45:27 05/12/16 04:45:25 krbtgt/TESTRELM.TEST -bash-4.2# ssh admin@localhost admin@localhost's password: Could not chdir to home directory /home/admin: No such file or directory -bash-4.2$ whoami admin -bash-4.2$ exit logout Connection to localhost closed. -bash-4.2# atomic run rhel7/sssd klist Ticket cache: KEYRING:persistent:0:0 Default principal: admin Valid starting Expires Service principal 05/11/16 04:45:27 05/12/16 04:45:25 krbtgt/TESTRELM.TEST -bash-4.2# #ipactl stopped -bash-4.2# ssh admin@localhost admin@localhost's password: Could not chdir to home directory /home/admin: No such file or directory -bash-4.2$ whoami admin -bash-4.2$ exit logout Connection to localhost closed. -bash-4.2# 10. Atomic host rollback (7.2.4 > 7.2.2 with sssd-container image 7.2-13) =========== -bash-4.2# atomic host rollback -bash-4.2# atomic host status TIMESTAMP (UTC) VERSION ID OSNAME REFSPEC 2016-03-01 01:35:21 7.2.2-2 8b2cf24b42 atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard * 2016-05-06 05:57:30 7.2.4 b060975ce3 atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard -bash-4.2# vi /etc/resolv.conf -bash-4.2# systemctl status docker ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/docker.service.d └─flannel.conf Active: active (running) since Wed 2016-05-11 05:08:54 EDT; 4min 26s ago Docs: http://docs.docker.com Main PID: 2279 (docker) Memory: 2.9M CGroup: /system.slice/docker.service └─2279 /usr/bin/docker daemon --selinux-enabled --storage-driver devicemapper --storage-opt dm.fs=xfs --... May 11 05:08:54 auto-hv-01-guest07.testrelm.test docker[2279]: time="2016-05-11T05:08:54.431084161-04:00" level=...se" May 11 05:08:54 auto-hv-01-guest07.testrelm.test docker[2279]: time="2016-05-11T05:08:54.524148358-04:00" level=...t." May 11 05:08:54 auto-hv-01-guest07.testrelm.test docker[2279]: .......... May 11 05:08:54 auto-hv-01-guest07.testrelm.test docker[2279]: time="2016-05-11T05:08:54.715207593-04:00" level=...e." May 11 05:08:54 auto-hv-01-guest07.testrelm.test docker[2279]: time="2016-05-11T05:08:54.715229604-04:00" level=...on" May 11 05:08:54 auto-hv-01-guest07.testrelm.test docker[2279]: time="2016-05-11T05:08:54.715249669-04:00" level=...el7 May 11 05:08:54 auto-hv-01-guest07.testrelm.test systemd[1]: Started Docker Application Container Engine. May 11 05:08:54 auto-hv-01-guest07.testrelm.test docker[2279]: time="2016-05-11T05:08:54.869196061-04:00" level=...ll" May 11 05:08:55 auto-hv-01-guest07.testrelm.test docker[2279]: time="2016-05-11T05:08:55.010908624-04:00" level=...te" May 11 05:08:55 auto-hv-01-guest07.testrelm.test docker[2279]: time="2016-05-11T05:08:55.139506693-04:00" level=...rt" Hint: Some lines were ellipsized, use -l to show in full. -bash-4.2# atomic run rhel7/sssd kinit admin kinit: Cannot contact any KDC for realm 'TESTRELM.TEST' while getting initial credentials -bash-4.2# systemctl restart docker -bash-4.2# atomic run rhel7/sssd kinit admin Password for admin: -bash-4.2# atomic run rhel7/sssd klist Ticket cache: KEYRING:persistent:0:0 Default principal: admin Valid starting Expires Service principal 05/11/16 05:14:07 05/12/16 05:14:04 krbtgt/TESTRELM.TEST -bash-4.2# ssh admin@localhost admin@localhost's password: Could not chdir to home directory /home/admin: No such file or directory -bash-4.2$ whoami admin -bash-4.2$ exit logout Connection to localhost closed. -bash-4.2#
Filed bug, https://bugzilla.redhat.com/show_bug.cgi?id=1334328, "ipa-client-install --uninstall" command when run on atomic host fails to uninstall client from IPA server.
Thus on the basis of Test results in Comment#2 and Comment#4, marking the status of bug to "VERIFIED".
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-1071.html