Appendix A. Collecting Information for Troubleshooting IdM and SSSD Running in a Container

This appendix describes procedures that help you to troubleshoot IdM and SSSD running in a container, as well as collecting important configuration and log files that you can attach to Red Hat support tickets.

A.1. Creating an sosreport on Atomic Host

This section describes how to install and start the rhel7/rhel-tools container, as well as creating an sosreport.

The rhel7/rhel-tools container uses privileged security switches that enables processes running in this container:

  • To interact with all semaphores and shared memory segments on the host
  • To listen to ports and raw IP traffic on the host’s network
  • Interact with all processes on the host

Note that rhel7/rhel-tools runs without any separation from the host. Using the utilities provided by this container is similar as running them as the root user directly on the system.


  1. Install the rhel7/rhel-tools container:

    # docker pull rhel7/rhel-tools
  2. Start the rhel7/rhel-tools container:

    # atomic run rhel7/rhel-tools
  3. Run the sosreport utility:

    # sosreport

    The utility stores the archive of the collected information in the /host/var/tmp/sos_tal4k_* file.

  4. Enter exit to leave the container.

    # exit
  5. Attach the sosreport archive to a support request.

A.2. Displaying the versions of IdM and SSSD containers

This section describes how to display the version of installed IdM and SSSD containers. For example, use this information to search the Red Hat Enterprise Linux Release Notes if a problem has been fixed in a newer version.


  • Display the version of the rhel7/ipa-server container:

    # atomic images version rhel7/ipa-server
    IMAGE NAME                                            VERSION   IMAGE ID    4.6.5-29  9d500a8e4296
  • Display the version of the rhel7/sssd container:

    # atomic images version rhel7/sssd
    IMAGE NAME                                       VERSION   IMAGE ID     7.7-12    19e5cab1c905

A.3. Creating debug logs for SSSD running in a container

This section describes how to create an archive with important SSSD configuration and log files.


  1. Stop the sssd container:

    # docker stop sssd
  2. Remove the contents of the SSSD cache and log directories:

    # rm -rf /var/lib/sss/db/* /var/lib/sss/mc/* /var/log/sssd/*
  3. Edit the /etc/sssd/sssd.conf file, and set the debug_level parameters to 9:

    debug_level = 9
    debug_level = 9
  4. Start the sssd container:

    docker start sssd
  5. Create the /tmp/sssd-debug.tar.gz archive that contains the relevant SSSD configuration and log files:

    # tar czvf /tmp/sssd-debug.tar.gz /etc/sssd/sssd.conf  /etc/nsswitch.conf /etc/krb5.conf /etc/pam.d /etc/samba/smb.conf /var/log/secure /var/log/messages /var/log/sssd
  6. Attach the /tmp/sssd-debug.tar.gz file to the support case.

A.4. Displaying the IdM client installation log

This section describes how you display the IdM client installation log. The log files help you to debug the problem if the client installation fails.


  • To display the IdM client installation log:

    # cat /var/log/sssd/install/ipaclient-install.log