Hide Forgot
Hello, this bug has been created by bot Ferdinand in order to be able to create Errata advisory. With regards, Ferdinand, member of the bot family, Userspace Containerization Team, <user-cont@redhat.com>
Tested the bug with following observations: Atomic host Version: 7.6.6 (2019-07-24 08:47:27) IPA-IMAGE: ipa-server-container-4.6.4-28 SSSD-IMAGE: sssd-container-7.6-29 # atomic run ipadocker rpm -q ipa-server ipa-server-4.6.4-10.el7_6.6.x86_64 # atomic run sssd rpm -q ipa-client ipa-client-4.6.4-10.el7_6.6.x86_64 Verified the bug with following scenarios: A) CVE Scan: IPA-IMAGE ------------ [root@nikhil-atomic-host-7 ~]# atomic scan --scanner openscap --scan_type cve rhel7/ipa-server docker run -t --rm -v /etc/localtime:/etc/localtime -v /run/atomic/2019-07-25-14-55-14-754765:/scanin -v /var/lib/atomic/openscap/2019-07-25-14-55-14-754765:/scanout:rw,Z -v /etc/oscapd:/etc/oscapd:ro registry.access.redhat.com/rhel7/openscap oscapd-evaluate scan --no-standard-compliance --targets chroots-in-dir:///scanin --output /scanout -j1 rhel7/ipa-server (7a59f8d4e569e6c) rhel7/ipa-server passed the scan Files associated with this scan are in /var/lib/atomic/openscap/2019-07-25-14-55-14-754765. SSSD-IMAGE ------------- [root@nikhil-atomic-host-7 ~]# atomic scan --scanner openscap --scan_type cve rhel7/sssd docker run -t --rm -v /etc/localtime:/etc/localtime -v /run/atomic/2019-07-25-14-56-19-990281:/scanin -v /var/lib/atomic/openscap/2019-07-25-14-56-19-990281:/scanout:rw,Z -v /etc/oscapd:/etc/oscapd:ro registry.access.redhat.com/rhel7/openscap oscapd-evaluate scan --no-standard-compliance --targets chroots-in-dir:///scanin --output /scanout -j1 rhel7/sssd (18820ca6d4d40a2) rhel7/sssd passed the scan Files associated with this scan are in /var/lib/atomic/openscap/2019-07-25-14-56-19-990281. B) Regressions Tests: ------------------------ 1. Verified that IPA-server is installed through ipa-container image. 2. Verified that IPA-replica is installed through ipa-container image. 3. Verified that klist command works both on ipa-server/ipa-replica configured through ipa-container image. 4. Verified that 2-way trust can be setup with windows AD with IPA-server configured through ipa-container image. 5. Verified that IPA-client(type1) configured with sssd-container image can be setup against this IPA-server. 6. Verified that IPA-client(type2) configured with sssd-container image can be setup against this IPA-server. 7. Verified that RHEL(rpm) IPA-client can be setup against this IPA-server. 8. Verified that RHEL(rpm) IPA-Replica can be setup against this IPA-server configured using ipa-container image. 9. Verified that sudo rules work for IPA-server installed through ipa-container image. 10. Verified that latest version of ipa-server is available with ipa-container image. 11. Verified that IPA-server is accessible when it is installed through ipa-docker image. 12. Verified that command ipa-adtrust-install is successful. 13. Verified that ipa-kra-install is successful. 14. Verified that ipa-vault-add, ipa vault-archive and ipa-retrieve run successfully. 15. Verified that SUBCA setup run successfully. 16. Verified that IPA-server/IPA-replica can be uninstalled. Thus on the basis of above observations, changing status to VERIFIED
Correction: IPA-IMAGE: ipa-server-container-4.6.4-29
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:1927
*** Bug 1734119 has been marked as a duplicate of this bug. ***