1729185 – rebuild of ipa-server-container 7.6

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1729185 - rebuild of ipa-server-container 7.6

Summary: rebuild of ipa-server-container 7.6

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa-server-container
Sub Component:
Version:	7.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Tibor Dudlák
QA Contact:	Nikhil Dehadrai
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1734119 (view as bug list)
Depends On:	1733299
Blocks:
TreeView+	depends on / blocked

Reported:	2019-07-11 13:55 UTC by Ferdinand bot (Userspace containerization team)
Modified:	2019-07-30 14:46 UTC (History)
CC List:	1 user (show)
Fixed In Version:	ipa-server-container-4.6.4-29
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-07-29 16:39:43 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2019:1927	0	None	None	None	2019-07-29 16:39:43 UTC

Description Ferdinand bot (Userspace containerization team) 2019-07-11 13:55:20 UTC

Hello,

this bug has been created by bot Ferdinand
in order to be able to create Errata advisory.

With regards,
Ferdinand, member of the bot family,
Userspace Containerization Team, <user-cont>

Comment 5 Nikhil Dehadrai 2019-07-26 12:56:10 UTC

Tested the bug with following observations:

Atomic host Version: 7.6.6 (2019-07-24 08:47:27)
IPA-IMAGE: ipa-server-container-4.6.4-28
SSSD-IMAGE: sssd-container-7.6-29
# atomic run ipadocker rpm -q ipa-server
ipa-server-4.6.4-10.el7_6.6.x86_64
# atomic run sssd rpm -q ipa-client
ipa-client-4.6.4-10.el7_6.6.x86_64


Verified the bug with following scenarios:
A) CVE Scan:

IPA-IMAGE
------------
[root@nikhil-atomic-host-7 ~]# atomic scan --scanner openscap --scan_type cve rhel7/ipa-server
docker run -t --rm -v /etc/localtime:/etc/localtime -v /run/atomic/2019-07-25-14-55-14-754765:/scanin -v /var/lib/atomic/openscap/2019-07-25-14-55-14-754765:/scanout:rw,Z -v /etc/oscapd:/etc/oscapd:ro registry.access.redhat.com/rhel7/openscap oscapd-evaluate scan --no-standard-compliance --targets chroots-in-dir:///scanin --output /scanout -j1

rhel7/ipa-server (7a59f8d4e569e6c)

rhel7/ipa-server passed the scan

Files associated with this scan are in /var/lib/atomic/openscap/2019-07-25-14-55-14-754765.


SSSD-IMAGE
-------------
[root@nikhil-atomic-host-7 ~]# atomic scan --scanner openscap --scan_type cve rhel7/sssd
docker run -t --rm -v /etc/localtime:/etc/localtime -v /run/atomic/2019-07-25-14-56-19-990281:/scanin -v /var/lib/atomic/openscap/2019-07-25-14-56-19-990281:/scanout:rw,Z -v /etc/oscapd:/etc/oscapd:ro registry.access.redhat.com/rhel7/openscap oscapd-evaluate scan --no-standard-compliance --targets chroots-in-dir:///scanin --output /scanout -j1

rhel7/sssd (18820ca6d4d40a2)

rhel7/sssd passed the scan

Files associated with this scan are in /var/lib/atomic/openscap/2019-07-25-14-56-19-990281.

B) Regressions Tests:
------------------------
1. Verified that IPA-server is installed through ipa-container image.
2. Verified that IPA-replica is installed through ipa-container image.
3. Verified that klist command works both on ipa-server/ipa-replica configured through ipa-container image.
4. Verified that 2-way trust can be setup with windows AD with IPA-server configured through ipa-container image.
5. Verified that IPA-client(type1) configured with sssd-container image can be setup against this IPA-server.
6. Verified that IPA-client(type2) configured with sssd-container image can be setup against this IPA-server.
7. Verified that RHEL(rpm) IPA-client can be setup against this IPA-server.
8. Verified that RHEL(rpm) IPA-Replica can be setup against this IPA-server configured using ipa-container image.
9. Verified that sudo rules work for IPA-server installed through ipa-container image.
10. Verified that latest version of ipa-server is available with ipa-container image.
11. Verified that IPA-server is accessible when it is installed through ipa-docker image.
12. Verified that command ipa-adtrust-install is successful.
13. Verified that ipa-kra-install is successful.
14. Verified that ipa-vault-add, ipa vault-archive and ipa-retrieve run successfully.
15. Verified that SUBCA setup run successfully.
16. Verified that IPA-server/IPA-replica can be uninstalled.

Thus on the basis of above observations, changing status to VERIFIED

Comment 6 Nikhil Dehadrai 2019-07-26 12:56:46 UTC

Correction: IPA-IMAGE: ipa-server-container-4.6.4-29

Comment 8 errata-xmlrpc 2019-07-29 16:39:43 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1927

Comment 9 dhodovsk 2019-07-30 14:46:03 UTC

*** Bug 1734119 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.