Hide Forgot
Tracking rebuild of sssd-docker.
Versions: [root@atomic-1 ~]# atomic host status State: idle Deployments: ● rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard Version: 7.3 (2016-10-26 14:24:09) Commit: 90c9735becfff1c55c8586ae0f2c904bc0928f042cd4d016e9e0e2edd16e5e97 OSName: rhel-atomic-host [root@atomic-1 ~]# atomic images list REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE TYPE > lslebodn/sssd-docker extras-rhel-7.3-docker-candidate-20161108091312 e3dfb8ab878f 2016-11-08 14:16 357.12 MB Docker REPOSITORY TAG IMAGE ID CREATED SIZE rhel7/sssd latest e3dfb8ab878f 6 days ago 357.1 MB Created test run of all the test cases in Polarion: https://polarion.engineering.redhat.com/polarion/#/project/RedHatEnterpriseLinux7/testrun?id=sssd%2Drhel73 Passed [Revision: 1286912] RHEL7-58014 - IDM-SSSD-TC: SSSD-Container: Permit specific ad user login to Atomic host 7.451 s Mallapadi Niranjan (mniranja) 2016-11-15 04:09 Passed [Revision: 1286914] RHEL7-58015 - IDM-SSSD-TC: SSSD-Container: verify AD user can sudo on atomc host with sudo provider as AD 1.550 s Mallapadi Niranjan (mniranja) 2016-11-15 04:11 Passed [Revision: 1286917] RHEL7-58012 - IDM-SSSD-TC: SSSD-Container: Disjoin Atomic host from AD Domain using realm leave Cli 1.582 s Mallapadi Niranjan (mniranja) 2016-11-15 04:12 Passed [Revision: 1286805] RHEL7-58013 - IDM-SSSD-TC: SSSD-Container: Verify uninstall container leaves domain 91.993 s Mallapadi Niranjan (mniranja) 2016-11-15 03:22 Passed [Revision: 1286791] RHEL7-58007 - IDM-SSSD-TC: SSSD-Container: Realm join with membership software samba 332.935 s Mallapadi Niranjan (mniranja) 2016-11-15 03:06 Passed [Revision: 1286792] RHEL7-58008 - IDM-SSSD-TC: SSSD-Container: Verify sssd selinux label 53.694 s Mallapadi Niranjan (mniranja) 2016-11-15 03:07 Passed [Revision: 1286786] RHEL7-58006 - IDM-SSSD-TC: SSSD-Container : Discover Windows Domain on atomic host using realm cli 90.335 s Mallapadi Niranjan (mniranja) 2016-11-15 02:58 Passed [Revision: 1286793] RHEL7-58009 - IDM-SSSD-TC: SSSD-Container: Query AD users using ID command 8.455 s Mallapadi Niranjan (mniranja) 2016-11-15 03:07 Passed [Revision: 1286794] RHEL7-58010 - IDM-SSSD-TC: SSSD-Container: Query AD user using id command from new container 1.769 s Mallapadi Niranjan (mniranja) 2016-11-15 03:09 Passed [Revision: 1286801] RHEL7-58011 - IDM-SSSD-TC: SSSD-Container: Join AD Domain using adcli as membership-software 1.815 s Mallapadi Niranjan (mniranja)
Versions: ========= [root@atomic-2 ~]# atomic host status State: idle Deployments: ● rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard Version: 7.3 (2016-12-02 03:56:37) BaseCommit: 90c9735becfff1c55c8586ae0f2c904bc0928f042cd4d016e9e0e2edd16e5e97 Commit: 5c125b4dd85f83b304ec5725daf73dea1bae3900c42f1a866e6026392b52d2bb OSName: rhel-atomic-host Packages: ansible expect rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard Version: 7.3 (2016-11-15 21:32:56) BaseCommit: bd5ac48f6195637c0230d9b0ab0a2e5fb843764f85bc64757106238bdf31e757 Commit: d86ecc756f6382063e709fecb43d60838ae2eac704812a4f444b138730d4f8d2 OSName: rhel-atomic-host Packages: ansible expect Test Result Test Case Defect Duration Executed by Executed Passed [Revision: 1319421] RHEL7-58014 - IDM-SSSD-TC: SSSD-Container: Permit specific ad user login to Atomic host 26.183 s Mallapadi Niranjan (mniranja) 2016-12-01 23:47 Passed [Revision: 1319439] RHEL7-58015 - IDM-SSSD-TC: SSSD-Container: verify AD user can sudo on atomc host with sudo provider as AD 1.579 s Mallapadi Niranjan (mniranja) 2016-12-01 23:49 Passed [Revision: 1319401] RHEL7-58012 - IDM-SSSD-TC: SSSD-Container: Disjoin Atomic host from AD Domain using realm leave Cli 11.868 s Mallapadi Niranjan (mniranja) 2016-12-01 23:42 Passed [Revision: 1319402] RHEL7-58013 - IDM-SSSD-TC: SSSD-Container: Verify uninstall container leaves domain 3.663 s Mallapadi Niranjan (mniranja) 2016-12-01 23:43 Passed [Revision: 1319393] RHEL7-58007 - IDM-SSSD-TC: SSSD-Container: Realm join with membership software samba 23.822 s Mallapadi Niranjan (mniranja) 2016-12-01 23:26 Passed [Revision: 1319394] RHEL7-58008 - IDM-SSSD-TC: SSSD-Container: Verify sssd selinux label 23.018 s Mallapadi Niranjan (mniranja) 2016-12-01 23:27 Passed [Revision: 1319392] RHEL7-58006 - IDM-SSSD-TC: SSSD-Container : Discover Windows Domain on atomic host using realm cli 83.719 s Mallapadi Niranjan (mniranja) 2016-12-01 23:13 Passed [Revision: 1319395] RHEL7-58009 - IDM-SSSD-TC: SSSD-Container: Query AD users using ID command 7.381 s Mallapadi Niranjan (mniranja) 2016-12-01 23:28 Passed [Revision: 1319399] RHEL7-58010 - IDM-SSSD-TC: SSSD-Container: Query AD user using id command from new container 11.801 s Mallapadi Niranjan (mniranja) 2016-12-01 23:39 Passed [Revision: 1319400] RHEL7-58011 - IDM-SSSD-TC: SSSD-Container: Join AD Domain using adcli as membership-software 28.009 s Mallapadi Niranjan (mniranja) 2016-12-01 23:41
sssd-docker container image tested: > lslebodn/sssd-docker extras-rhel-7.3-docker-candidate-20161201185120 085c61d0829a 2016-12-01 19:00 357.91 MB Docker
IPA-server-version: ipa-server-4.4.0-14.el7_3.x86_64 IPA-server within docker version: ipa-server-4.4.0-14.el7_3.x86_64 IPA-client version: ipa-client-4.4.0-14.el7_3.x86_64 Atomic-host: rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard Version: 7.3 (2016-10-26 14:24:09) Tested the bug on the basis of below observations: 1) Testing sssd-container as an IPA client: -bash-4.2# docker images REPOSITORY TAG IMAGE ID CREATED SIZE lslebodn/sssd-docker extras-rhel-7.3-docker-candidate-20161201185120 085c61d0829a 16 hours ago 357.9 MB -bash-4.2# docker tag 085c61d0829a sssd -bash-4.2# docker images REPOSITORY TAG IMAGE ID CREATED SIZE lslebodn/sssd-docker extras-rhel-7.3-docker-candidate-20161201185120 085c61d0829a 16 hours ago 357.9 MB sssd latest 085c61d0829a 16 hours ago 357.9 MB -bash-4.2# vi /etc/resolv.conf -bash-4.2# systemctl status sssd ● sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; disabled; vendor preset: disabled) Drop-In: /etc/systemd/system/sssd.service.d └─journal.conf Active: failed (Result: exit-code) since Fri 2016-12-02 05:51:00 EST; 12min ago Process: 11883 ExecStart=/usr/sbin/sssd -D -f (code=exited, status=4) Dec 02 05:51:00 auto-hv-01-guest06.testrelm.test systemd[1]: Starting System Security Services Daemon... Dec 02 05:51:00 auto-hv-01-guest06.testrelm.test systemd[1]: sssd.service: control process exited, code=exited status=4 Dec 02 05:51:00 auto-hv-01-guest06.testrelm.test systemd[1]: Failed to start System Security Services Daemon. Dec 02 05:51:00 auto-hv-01-guest06.testrelm.test systemd[1]: Unit sssd.service entered failed state. Dec 02 05:51:00 auto-hv-01-guest06.testrelm.test systemd[1]: sssd.service failed. Hint: Some lines were ellipsized, use -l to show in full. -bash-4.2# systemctl stop sssd -bash-4.2# atomic install sssd docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=sssd -e HOST=/host sssd /bin/install.sh Initializing configuration context from host ... Client hostname: auto-hv-01-guest06.testrelm.test Realm: TESTRELM.TEST DNS Domain: testrelm.test IPA Server: auto-hv-01-guest09.testrelm.test BaseDN: dc=testrelm,dc=test Skipping synchronizing time with NTP server. Successfully retrieved CA cert Subject: CN=Certificate Authority,O=TESTRELM.TEST Issuer: CN=Certificate Authority,O=TESTRELM.TEST Valid From: Fri Dec 02 05:35:23 2016 UTC Valid Until: Tue Dec 02 05:35:23 2036 UTC Enrolled in IPA realm TESTRELM.TEST Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm TESTRELM.TEST trying https://auto-hv-01-guest09.testrelm.test/ipa/json Forwarding 'schema' to json server 'https://auto-hv-01-guest09.testrelm.test/ipa/json' trying https://auto-hv-01-guest09.testrelm.test/ipa/json Forwarding 'ping' to json server 'https://auto-hv-01-guest09.testrelm.test/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://auto-hv-01-guest09.testrelm.test/ipa/json' Systemwide CA database updated. Hostname (auto-hv-01-guest06.testrelm.test) does not have A/AAAA record. Missing reverse record(s) for address(es): 2620:52:0:1060:5054:ff:fe13:e72d, fec0:0:a10:6000:5054:ff:fe13:e72d. Incorrect reverse record(s): 10.16.96.34 is pointing to auto-hv-01-guest06.idmqe.lab.eng.bos.redhat.com. instead of auto-hv-01-guest06.testrelm.test. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://auto-hv-01-guest09.testrelm.test/ipa/json' SSSD enabled Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring testrelm.test as NIS domain. Client configuration complete. Copying new configuration to host ... Full path required for exclude: net:[4026531956]. Service sssd.service configured to run SSSD container. -bash-4.2# systemctl restart sssd -bash-4.2# systemctl status sssd ● sssd.service - System Security Services Daemon in container Loaded: loaded (/etc/systemd/system/sssd.service; disabled; vendor preset: disabled) Drop-In: /etc/systemd/system/sssd.service.d └─journal.conf Active: active (exited) since Fri 2016-12-02 06:05:07 EST; 5s ago Process: 12465 ExecStart=/usr/bin/atomic run --name=sssd sssd (code=exited, status=0/SUCCESS) Main PID: 12465 (code=exited, status=0/SUCCESS) Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test systemd[1]: Starting System Security Services Daemon in container... Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: docker run -d --restart=always --privileged --net...nld Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: This container uses privileged security switches: Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: INFO: --net=host Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: Processes in this container can listen to ports (...rk. Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: INFO: --privileged Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: This container runs without separation and should...em. Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: 9364355fdfdd850dd0b4a91f69e00142266ef9fcbf0ad0612...71a Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: For more information on these switches and their ...n'. Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test systemd[1]: Started System Security Services Daemon in container. Hint: Some lines were ellipsized, use -l to show in full. -bash-4.2# ls -al /etc/systemd/system/sssd.service -rw-r--r--. 1 root root 720 Dec 2 06:04 /etc/systemd/system/sssd.service -bash-4.2# docker exec -i sssd kinit admin Password for admin: Secret123 -bash-4.2# docker exec -i sssd klist Ticket cache: KEYRING:persistent:0:0 Default principal: admin Valid starting Expires Service principal 12/02/16 11:05:53 12/03/16 11:05:50 krbtgt/TESTRELM.TEST -bash-4.2# docker exec -i sssd kdestroy -bash-4.2# docker exec -i sssd klist klist: Credentials cache keyring 'persistent:0:0' not found -bash-4.2# docker exec -i sssd kinit admin Password for admin: Secret123 -bash-4.2# docker exec -i sssd klist Ticket cache: KEYRING:persistent:0:0 Default principal: admin Valid starting Expires Service principal 12/02/16 11:06:19 12/03/16 11:06:16 krbtgt/TESTRELM.TEST -bash-4.2# ssh -o GSSAPIAuthentication=yes admin@`hostname` Could not chdir to home directory /home/admin: No such file or directory -bash-4.2$ whoami admin -bash-4.2$ exit logout Connection to auto-hv-01-guest06.testrelm.test closed. -bash-4.2# systemctl stop sssd -bash-4.2# atomic uninstall sssd docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=sssd -e HOST=/host sssd /bin/uninstall.sh Initializing configuration context from host ... Unenrolling client from IPA server Removing Kerberos service principals from /etc/krb5.keytab Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted Restoring client configuration files Unconfiguring the NIS domain. nscd daemon is not installed, skip configuration nslcd daemon is not installed, skip configuration Client uninstall complete. Copying new configuration to host ... Removing /etc/ipa/nssdb/pwdfile.txt Removing /etc/ipa/nssdb/secmod.db Removing /etc/ipa/nssdb/cert8.db Removing /etc/ipa/nssdb/key3.db Removing /etc/ipa/ca.crt Removing /etc/ipa/default.conf Removing /etc/sssd/systemctl-lite-enabled/sssd.service Removing /etc/sssd/systemctl-lite-enabled/rhel-domainname.service Removing /etc/sssd/sssd.conf Removing /var/lib/ipa-client/sysrestore/feb3e506ec16cb75-nsswitch.conf Removing /var/lib/ipa-client/sysrestore/sysrestore.index Removing /var/lib/ipa-client/sysrestore/bb502024a642482f-krb5.conf Removing /var/lib/ipa-client/sysrestore/sysrestore.state Removing /var/lib/ipa-client/sysrestore/033016e9d914c4e0-ldap.conf Removing /var/lib/ipa-client/sysrestore/575408b43fa9999f-ssh_config Removing /var/lib/ipa-client/sysrestore/130a652e59638bf3-sshd_config Removing /var/lib/sss/mc/passwd Removing /var/lib/sss/mc/group Removing /var/lib/sss/pipes/private/sbus-dp_testrelm.test.113 Removing /var/lib/sss/pipes/private/sbus-monitor Removing /var/lib/sss/pipes/private/sbus-dp_testrelm.test.14 Removing /var/lib/sss/pipes/private/sbus-dp_testrelm.test Removing /var/lib/sss/pipes/private/pam Removing /var/lib/sss/db/cache_testrelm.test.ldb Removing /var/lib/sss/db/ccache_TESTRELM.TEST docker rmi sssd Untagged: sssd:latest -bash-4.2# systemctl status sssd ● sssd.service - System Security Services Daemon in container Loaded: loaded (/etc/systemd/system/sssd.service; disabled; vendor preset: disabled) Drop-In: /etc/systemd/system/sssd.service.d └─journal.conf Active: inactive (dead) Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: Processes in this container can listen to ports (...rk. Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: INFO: --privileged Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: This container runs without separation and should...em. Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: 9364355fdfdd850dd0b4a91f69e00142266ef9fcbf0ad0612...71a Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: For more information on these switches and their ...n'. Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test systemd[1]: Started System Security Services Daemon in container. Dec 02 06:07:42 auto-hv-01-guest06.testrelm.test systemd[1]: Stopping System Security Services Daemon in container... Dec 02 06:07:42 auto-hv-01-guest06.testrelm.test atomic[12661]: sssd Dec 02 06:07:42 auto-hv-01-guest06.testrelm.test atomic[12661]: docker kill -s TERM sssd Dec 02 06:07:42 auto-hv-01-guest06.testrelm.test systemd[1]: Stopped System Security Services Daemon in container. Hint: Some lines were ellipsized, use -l to show in full. -bash-4.2# rm /etc/systemd/system/sssd.service -bash-4.2# systemctl daemon-reload -bash-4.2# systemctl status sssd ● sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; disabled; vendor preset: disabled) Drop-In: /etc/systemd/system/sssd.service.d └─journal.conf Active: inactive (dead) Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: Processes in this container can listen to ports (...rk. Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: INFO: --privileged Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: This container runs without separation and should...em. Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: 9364355fdfdd850dd0b4a91f69e00142266ef9fcbf0ad0612...71a Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test atomic[12465]: For more information on these switches and their ...n'. Dec 02 06:05:07 auto-hv-01-guest06.testrelm.test systemd[1]: Started System Security Services Daemon in container. Dec 02 06:07:42 auto-hv-01-guest06.testrelm.test systemd[1]: Stopping System Security Services Daemon in container... Dec 02 06:07:42 auto-hv-01-guest06.testrelm.test atomic[12661]: sssd Dec 02 06:07:42 auto-hv-01-guest06.testrelm.test atomic[12661]: docker kill -s TERM sssd Dec 02 06:07:42 auto-hv-01-guest06.testrelm.test systemd[1]: Stopped System Security Services Daemon in container. Hint: Some lines were ellipsized, use -l to show in full. ^C-bash-4.2# docker images REPOSITORY TAG IMAGE ID CREATED SIZE lslebodn/sssd-docker extras-rhel-7.3-docker-candidate-20161201185120 085c61d0829a 16 hours ago 357.9 MB -bash-4.2# docker tag 085c61d0829a sssd -bash-4.2# atomic install sssd docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=sssd -e HOST=/host sssd /bin/install.sh Initializing configuration context from host ... Client hostname: auto-hv-01-guest06.testrelm.test Realm: TESTRELM.TEST DNS Domain: testrelm.test IPA Server: auto-hv-01-guest09.testrelm.test BaseDN: dc=testrelm,dc=test Skipping synchronizing time with NTP server. Successfully retrieved CA cert Subject: CN=Certificate Authority,O=TESTRELM.TEST Issuer: CN=Certificate Authority,O=TESTRELM.TEST Valid From: Fri Dec 02 05:35:23 2016 UTC Valid Until: Tue Dec 02 05:35:23 2036 UTC Enrolled in IPA realm TESTRELM.TEST Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm TESTRELM.TEST trying https://auto-hv-01-guest09.testrelm.test/ipa/json Forwarding 'schema' to json server 'https://auto-hv-01-guest09.testrelm.test/ipa/json' trying https://auto-hv-01-guest09.testrelm.test/ipa/json Forwarding 'ping' to json server 'https://auto-hv-01-guest09.testrelm.test/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://auto-hv-01-guest09.testrelm.test/ipa/json' Systemwide CA database updated. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://auto-hv-01-guest09.testrelm.test/ipa/json' SSSD enabled Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring testrelm.test as NIS domain. Client configuration complete. Copying new configuration to host ... Full path required for exclude: net:[4026531956]. Service sssd.service configured to run SSSD container. -bash-4.2# systemctl restart sssd -bash-4.2# docker exec -i sssd rpm -q ipa-client ipa-client-4.4.0-14.el7_3.x86_64 2. Also verified that sssd-container can be configured as IPA client both for ipa-server and ipa-server-docker. Thus on the basis of above observations marking bug as "Verified".
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release. Therefore, it is being closed. If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.