Bug 1572249

[root@host-8-251-130 sssd]# atomic host status
State: idle
Deployments:
● ostree://rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
                   Version: 7.5.1 (2018-04-19 14:39:11)
                    Commit: 506129139134ad61959180b1ea6be373812abe8062b7a1c95341ae3e994bd63b

  ostree://rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
                   Version: 7.5.0 (2018-02-22 15:51:49)
                    Commit: 474534b1a1a2945c8ff2ad72cb646aaa25ec7b2d9fa9413a99a8cd2ef885dfdc

Following errors are seen in journalctl

Apr 26 14:11:53 host-8-251-130.host.centralci.eng.rdu2.redhat.com dockerd-current[1256]: time="2018-04-26T14:11:53.754876368Z" level=error msg="Handler for GET /v1.26/containers/sssd/json returned error: No such container: sssd"
Apr 26 14:11:53 host-8-251-130.host.centralci.eng.rdu2.redhat.com dockerd-current[1256]: time="2018-04-26T14:11:53.755078661Z" level=error msg="Handler for GET /v1.26/containers/sssd/json returned error: No such container: sssd"

Do you have the registries.conf file setup correctly?

I haven't touched registries.conf, i never had to,

[root@host-8-251-130 sssd]# cat /etc/containers/registries.conf
# This is a system-wide configuration file used to
# keep track of registries for various container backends.
# It adheres to TOML format and does not support recursive
# lists of registries.

# The default location for this configuration file is /etc/containers/registries.conf.

# The only valid categories are: 'registries.search', 'registries.insecure', 
# and 'registries.block'.

[registries.search]
registries = ['registry.access.redhat.com']

# If you need to access insecure registries, add the registry's fully-qualified name.
# An insecure registry is one that does not have a valid SSL certificate or only does HTTP.
[registries.insecure]
registries = []


# If you need to block pull access from a registry, uncomment the section below
# and add the registries fully-qualified name.
#
# Docker only
[registries.block]
registries = []

[root@host-8-251-130 sssd]# docker images
REPOSITORY                                    TAG                 IMAGE ID            CREATED             SIZE
registry.access.stage.redhat.com/rhel7/sssd   latest              4ded565230b4        3 days ago          382 MB
rhel7/sssd                                    latest              4ded565230b4        3 days ago          382 MB

atomic uninstall fails with error message . will open a separate bug.

is there anything in ps -a ?

if so, anything in the container logs?

ps -a doesn't show anything, Container logs ?, the sssd container didn't start at all.

Also atomic run works and sssd container starts if i don't use --display.
$ atomic run rhel7/sssd

But if i use --display it doesn't start the sssd container. This was working in all previous atomic versions.

Any update on this ?

Additional observation:


Steps:
1. Install sssd-container image as application using ipa-client

# atomic install --opt1='--hostname=<client-name> -e SSSD_CONTAINER_TYPE=application --net=default' rhel7/sssd --principal admin --password Secret123  --domain nd2may.pnq --server=ipadocker.nd2may.pnq --realm ND2MAY.PNQ --force-join 

2. # atomic run --display rhel7/sssd
3. # docker ps, Error response from daemon: No such container: sssd
4. # atomic run rhel7/sssd
5. # docker ps, Container named 'sssd' is running
6. # docker stop sssd, Stop this container
7. # atomic run --display rhel7/sssd
8. # docker ps,  This time Container named 'sssd' is running


Console:
-----------
[root@ipasssdclient ~]# docker stop sssd
sssd
[root@ipasssdclient ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@ipasssdclient ~]# atomic run --display rhel7/sssd
sssd
[root@ipasssdclient ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
849662e9d760        rhel7/sssd          "/bin/run.sh"       59 seconds ago      Up 3 seconds                            sssd
[root@ipasssdclient ~]# docker exec -it sssd kinit admin
Password for admin: 
[root@ipasssdclient ~]#

It looks to me like atomic run --display is working just as it was defined to run.

man atomic run
...
 --display
         Display the image's run options and environment variables populated into the run command.  The run command will not execute if --display is specified.  If --display is not specified the run
       command will execute.

If in previous versions the command was actually running, then that was the bug.

(In reply to Daniel Walsh from comment #12)
> It looks to me like atomic run --display is working just as it was defined
> to run.
> 
> man atomic run
> ...
>  --display
>          Display the image's run options and environment variables populated
> into the run command.  The run command will not execute if --display is
> specified.  If --display is not specified the run
>        command will execute.
> 
> If in previous versions the command was actually running, then that was the
> bug.

In that case as per observations in above comment#11, after step7, the run command using --display option does run the container, is this expected?

Correct.

Based on the latest comments, it appears that `atomic run --display` was incorrectly starting a container, instead of just previewing the command that would be used to start the container.

Since the behavior of `atomic run --display` in the most recent version (atomic-1.22.1-22.git5a342e3.el7.x86_64) now matches the documented behavior, I'm going to close this as NOTABUG.