Bug 1572249 - atomic run --display rhel7/sssd doesn't start sssd container
Summary: atomic run --display rhel7/sssd doesn't start sssd container
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: atomic
Version: 7.5
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: rc
: ---
Assignee: Lokesh Mandvekar
QA Contact: atomic-bugs@redhat.com
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-26 14:02 UTC by Niranjan Mallapadi Raghavender
Modified: 2018-08-28 01:19 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-08-27 17:27:14 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Niranjan Mallapadi Raghavender 2018-04-26 14:02:51 UTC
Description of problem:

atomic run --display rhel7/sssd doesn't start sssd container. 



Version-Release number of selected component (if applicable):
atomic-1.22.1-3.git2fd0860.el7.x86_64

How reproducible:


Steps to Reproduce:
1. Update AD ip in /etc/resolv.conf
2. save the AD administrator password in /etc/sssd/realm-join-password
echo "Secret123" > /etc/sssd/realm-join-password
3. Create an application sssd container joining to AD 

atomic install --opt1='--dns=10.65.223.136 --dns-search=juno.test --hostname=abc.juno.test -e SSSD_CONTAINER_TYPE=application --net=default' rhel7/sssd realm join -v JUNO.TEST

4. Start the container as below:
atomic run --display rhel7/sssd


[root@host-8-251-130 atomic]# atomic run --display rhel7/sssd                                                                                                                                         
docker run -d --restart=always --name sssd -e NAME=sssd -e IMAGE=rhel7/sssd --hostname abc.juno.test -v /var/lib/sssd_container/sssd/container/etc/dbus-1/system.d/:/etc/dbus-1/system.d/:Z -v /var/li
b/sssd_container/sssd/container/etc/ipa/:/etc/ipa/:Z -v /var/lib/sssd_container/sssd/container/etc/openldap/:/etc/openldap/:Z -v /var/lib/sssd_container/sssd/container/etc/ssh/:/etc/ssh/:Z -v /var/lib/sssd_container/sssd/container/etc/sssd/:/etc/sssd/:Z -v /var/lib/sssd_container/sssd/container/var/cache/realmd/:/var/cache/realmd/:Z -v /var/lib/sssd_container/sssd/container/var/lib/authconfig/last/:/var/lib/authconfig/last/:Z -v /var/lib/sssd_container/sssd/container/var/lib/ipa-client/sysrestore/:/var/lib/ipa-client/sysrestore/:Z -v /var/lib/sssd_container/sssd/container/var/lib/samba/:/var/lib/samba/:Z -v /var/lib/sssd_container/sssd/container/var/lib/sss/db/:/var/lib/sss/db/:Z -v /var/lib/sssd_container/sssd/container/var/lib/sss/gpo_cache/:/var/lib/sss/gpo_cache/:Z -v /var/lib/sssd_container/sssd/container/var/lib/sss/secrets/:/var/lib/sss/secrets/:Z -v /var/lib/sssd_container/sssd/container/var/lib/sss/keytabs/:/var/lib/sss/keytabs/:Z -v /var/lib/sssd_container/sssd/container/var/log/sssd/:/var/log/sssd/:Z -v /var/lib/sssd_container/sssd/container/etc/krb5.keytab:/etc/krb5.keytab:Z -v /var/lib/sssd_container/sssd/container/etc/nsswitch.conf:/etc/nsswitch.conf:Z -v /var/lib/sssd_container/sssd/container/etc/sysconfig/authconfig:/etc/sysconfig/authconfig:Z -v /var/lib/sssd_container/sssd/container/etc/sysconfig/network:/etc/sysconfig/network:Z -v /var/lib/sssd_container/sssd/container/etc/yp.conf:/etc/yp.conf:Z -v /var/lib/sssd_container/sssd/container/etc/resolv.conf:/etc/resolv.conf:Z -v /var/lib/sssd_container/sssd/client/etc/krb5.conf.d/:/etc/krb5.conf.d/:z -v /var/lib/sssd_container/sssd/client/var/lib/sss/mc/:/var/lib/sss/mc/:z -v /var/lib/sssd_container/sssd/client/var/lib/sss/pipes/:/var/lib/sss/pipes/:z -v /var/lib/sssd_container/sssd/client/var/lib/sss/pubconf/:/var/lib/sss/pubconf/:z -v /var/lib/sssd_container/sssd/client/var/run/dbus/:/var/run/dbus/:z -v /var/lib/sssd_container/sssd/client/etc/krb5.conf:/etc/krb5.conf:z -v /var/lib/sssd_container/sssd/client/etc/pam.d/fingerprint-auth-ac:/etc/pam.d/fingerprint-auth:z -v /var/lib/sssd_container/sssd/client/etc/pam.d/password-auth-ac:/etc/pam.d/password-auth:z -v /var/lib/sssd_container/sssd/client/etc/pam.d/smartcard-auth-ac:/etc/pam.d/smartcard-auth:z -v /var/lib/sssd_container/sssd/client/etc/pam.d/system-auth-ac:/etc/pam.d/system-auth:z -e WITH_KCM=yes -e SSSD_CONTAINER_TYPE=application --tmpfs /etc/selinux/ rhel7/sssd /bin/run.sh


Actual results:

No sssd container started

[root@host-8-251-130 sssd]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES




Expected results:
sssd container should be started. 


Additional info:
[root@host-8-251-130 sssd]# cat /var/lib/atomic/install.json
{"registry.access.redhat.com/rhel7/sssd:latest": [{"install_date": "2018-04-26 13:50:20", "id": "4ded565230b4c2bf9da4f1ea7a3c80c36c023f0e6b8658ba44f1b265c8c79476", "container_name": "sssd"}]}[root@host-8-251-130 sssd]#

Comment 3 Niranjan Mallapadi Raghavender 2018-04-26 14:04:45 UTC
[root@host-8-251-130 sssd]# atomic host status
State: idle
Deployments:
● ostree://rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
                   Version: 7.5.1 (2018-04-19 14:39:11)
                    Commit: 506129139134ad61959180b1ea6be373812abe8062b7a1c95341ae3e994bd63b

  ostree://rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
                   Version: 7.5.0 (2018-02-22 15:51:49)
                    Commit: 474534b1a1a2945c8ff2ad72cb646aaa25ec7b2d9fa9413a99a8cd2ef885dfdc

Comment 4 Niranjan Mallapadi Raghavender 2018-04-26 14:12:53 UTC
Following errors are seen in journalctl

Apr 26 14:11:53 host-8-251-130.host.centralci.eng.rdu2.redhat.com dockerd-current[1256]: time="2018-04-26T14:11:53.754876368Z" level=error msg="Handler for GET /v1.26/containers/sssd/json returned error: No such container: sssd"
Apr 26 14:11:53 host-8-251-130.host.centralci.eng.rdu2.redhat.com dockerd-current[1256]: time="2018-04-26T14:11:53.755078661Z" level=error msg="Handler for GET /v1.26/containers/sssd/json returned error: No such container: sssd"

Comment 5 Daniel Walsh 2018-04-26 14:16:10 UTC
Do you have the registries.conf file setup correctly?

Comment 6 Niranjan Mallapadi Raghavender 2018-04-26 14:19:10 UTC
I haven't touched registries.conf, i never had to,

[root@host-8-251-130 sssd]# cat /etc/containers/registries.conf
# This is a system-wide configuration file used to
# keep track of registries for various container backends.
# It adheres to TOML format and does not support recursive
# lists of registries.

# The default location for this configuration file is /etc/containers/registries.conf.

# The only valid categories are: 'registries.search', 'registries.insecure', 
# and 'registries.block'.

[registries.search]
registries = ['registry.access.redhat.com']

# If you need to access insecure registries, add the registry's fully-qualified name.
# An insecure registry is one that does not have a valid SSL certificate or only does HTTP.
[registries.insecure]
registries = []


# If you need to block pull access from a registry, uncomment the section below
# and add the registries fully-qualified name.
#
# Docker only
[registries.block]
registries = []

[root@host-8-251-130 sssd]# docker images
REPOSITORY                                    TAG                 IMAGE ID            CREATED             SIZE
registry.access.stage.redhat.com/rhel7/sssd   latest              4ded565230b4        3 days ago          382 MB
rhel7/sssd                                    latest              4ded565230b4        3 days ago          382 MB

Comment 7 Niranjan Mallapadi Raghavender 2018-04-26 14:24:28 UTC
atomic uninstall fails with error message . will open a separate bug.

Comment 8 Brent Baude 2018-04-26 14:35:13 UTC
is there anything in ps -a ?

if so, anything in the container logs?

Comment 9 Niranjan Mallapadi Raghavender 2018-04-26 14:51:41 UTC
ps -a doesn't show anything, Container logs ?, the sssd container didn't start at all.

Also atomic run works and sssd container starts if i don't use --display.
$ atomic run rhel7/sssd

But if i use --display it doesn't start the sssd container. This was working in all previous atomic versions.

Comment 10 Niranjan Mallapadi Raghavender 2018-05-02 06:44:34 UTC
Any update on this ?

Comment 11 Nikhil Dehadrai 2018-05-02 07:51:59 UTC
Additional observation:


Steps:
1. Install sssd-container image as application using ipa-client

# atomic install --opt1='--hostname=<client-name> -e SSSD_CONTAINER_TYPE=application --net=default' rhel7/sssd --principal admin --password Secret123  --domain nd2may.pnq --server=ipadocker.nd2may.pnq --realm ND2MAY.PNQ --force-join 

2. # atomic run --display rhel7/sssd
3. # docker ps, Error response from daemon: No such container: sssd
4. # atomic run rhel7/sssd
5. # docker ps, Container named 'sssd' is running
6. # docker stop sssd, Stop this container
7. # atomic run --display rhel7/sssd
8. # docker ps,  This time Container named 'sssd' is running


Console:
-----------
[root@ipasssdclient ~]# docker stop sssd
sssd
[root@ipasssdclient ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@ipasssdclient ~]# atomic run --display rhel7/sssd
sssd
[root@ipasssdclient ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
849662e9d760        rhel7/sssd          "/bin/run.sh"       59 seconds ago      Up 3 seconds                            sssd
[root@ipasssdclient ~]# docker exec -it sssd kinit admin
Password for admin@ND2MAY.PNQ: 
[root@ipasssdclient ~]#

Comment 12 Daniel Walsh 2018-05-02 12:27:39 UTC
It looks to me like atomic run --display is working just as it was defined to run.

man atomic run
...
 --display
         Display the image's run options and environment variables populated into the run command.  The run command will not execute if --display is specified.  If --display is not specified the run
       command will execute.

If in previous versions the command was actually running, then that was the bug.

Comment 13 Nikhil Dehadrai 2018-05-03 05:54:48 UTC
(In reply to Daniel Walsh from comment #12)
> It looks to me like atomic run --display is working just as it was defined
> to run.
> 
> man atomic run
> ...
>  --display
>          Display the image's run options and environment variables populated
> into the run command.  The run command will not execute if --display is
> specified.  If --display is not specified the run
>        command will execute.
> 
> If in previous versions the command was actually running, then that was the
> bug.

In that case as per observations in above comment#11, after step7, the run command using --display option does run the container, is this expected?

Comment 14 Daniel Walsh 2018-05-03 13:21:12 UTC
Correct.

Comment 15 Micah Abbott 2018-08-27 17:27:14 UTC
Based on the latest comments, it appears that `atomic run --display` was incorrectly starting a container, instead of just previewing the command that would be used to start the container.

Since the behavior of `atomic run --display` in the most recent version (atomic-1.22.1-22.git5a342e3.el7.x86_64) now matches the documented behavior, I'm going to close this as NOTABUG.


Note You need to log in before you can comment on or make changes to this bug.