Appendix A. Collecting Information for Troubleshooting IdM and SSSD Running in a Container
This appendix describes procedures that help you to troubleshoot IdM and SSSD running in a container, as well as collecting important configuration and log files that you can attach to Red Hat support tickets.
A.1. Creating an sosreport on Atomic Host
This section describes how to install and start the rhel7/rhel-tools
container, as well as creating an sosreport
.
The rhel7/rhel-tools
container uses privileged security switches that enables processes running in this container:
- To interact with all semaphores and shared memory segments on the host
- To listen to ports and raw IP traffic on the host’s network
- Interact with all processes on the host
Note that rhel7/rhel-tools
runs without any separation from the host. Using the utilities provided by this container is similar as running them as the root
user directly on the system.
Procedure
Install the
rhel7/rhel-tools
container:# docker pull rhel7/rhel-tools
Start the
rhel7/rhel-tools
container:# atomic run rhel7/rhel-tools
Run the
sosreport
utility:# sosreport
The utility stores the archive of the collected information in the
/host/var/tmp/sos_tal4k_*
file.Enter
exit
to leave the container.# exit
-
Attach the
sosreport
archive to a support request.
A.2. Displaying the versions of IdM and SSSD containers
This section describes how to display the version of installed IdM and SSSD containers. For example, use this information to search the Red Hat Enterprise Linux Release Notes if a problem has been fixed in a newer version.
Procedure
Display the version of the
rhel7/ipa-server
container:# atomic images version rhel7/ipa-server IMAGE NAME VERSION IMAGE ID registry.access.redhat.com/rhel7/ipa-server:latest 4.6.5-29 9d500a8e4296
Display the version of the
rhel7/sssd
container:# atomic images version rhel7/sssd IMAGE NAME VERSION IMAGE ID registry.access.redhat.com/rhel7/sssd:latest 7.7-12 19e5cab1c905
A.3. Creating debug logs for SSSD running in a container
This section describes how to create an archive with important SSSD configuration and log files.
Procedure
Stop the
sssd
container:# docker stop sssd
Remove the contents of the SSSD cache and log directories:
# rm -rf /var/lib/sss/db/* /var/lib/sss/mc/* /var/log/sssd/*
Edit the
/etc/sssd/sssd.conf
file, and set thedebug_level
parameters to9
:[domain/dockerlab.local] ... debug_level = 9 [nss] debug_level = 9
Start the
sssd
container:docker start sssd
Create the
/tmp/sssd-debug.tar.gz
archive that contains the relevant SSSD configuration and log files:# tar czvf /tmp/sssd-debug.tar.gz /etc/sssd/sssd.conf /etc/nsswitch.conf /etc/krb5.conf /etc/pam.d /etc/samba/smb.conf /var/log/secure /var/log/messages /var/log/sssd
-
Attach the
/tmp/sssd-debug.tar.gz
file to the support case.
A.4. Displaying the IdM client installation log
This section describes how you display the IdM client installation log. The log files help you to debug the problem if the client installation fails.
Procedure
To display the IdM client installation log:
# cat /var/log/sssd/install/ipaclient-install.log