Bug 1396594

Summary: Realms using IDM / Remove host and dns records (default zone and reverse)
Product: Red Hat Satellite Reporter: Waldirio M Pinheiro <wpinheir>
Component: RealmAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED ERRATA QA Contact: Radovan Drazny <rdrazny>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.2.4CC: bbuckingham, bkearney, jcallaha, kbidarka, rdrazny, stbenjam, wpinheir
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-21 17:09:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Waldirio M Pinheiro 2016-11-18 17:20:38 UTC 
Description of problem:
Actually, when removing one client from Satellite, when using IDM as realm, the host entry is removed from IDM, but dns information still there.

It's possible to reproduce the same behavior only with idm, according steps below

Version-Release number of selected component (if applicable):
Satellite 6.2.4 / IDM 4.4.0

How reproducible:
100

Steps to Reproduce:
1. Remove content host with realms or remove the host directly via idm (webUI or cli - ipa host-del <content host - fqdn>)
2. Check dns records on IDM
3. if use the command below, the machine and all dns records will be removed
# ipa host-del --updatedns <content host - fqdn>

Actual results:
dns records still on idm

Expected results:
remove everything, host information, dns records from default and reverse maps.

Additional info:
Comment 8 Stephen Benjamin 2017-01-13 17:55:59 UTC 
Looks like it's an actual bug that was fixed upstream:    http://projects.theforeman.org/issues/10015

The fix for this is to add "System: Add DNS Entries" permission to the Smart Proxy Host Management privilege in IPA.
Comment 14 Radovan Drazny 2017-10-31 14:00:37 UTC 
Verified on Satellite 6.3 Snap 21 and ipa-server-4.5.0-21.el7_4.2.2 with a realm configuration. 

"System: Read DNS Entries", "System: Add DNS Entries", "System: Remove DNS Entries" and "System: Update DNS Entries" are all present for Smart Proxy Host Management privilege after the default install. 

* Satellite correctly created both a host object and a DNS records on the freeipa server for a freshly discovered and provisioned server

* Upon the removal of the host from the Satellite, all DNS record are automatically removed from the freeipa server.

VERIFIED
Comment 15 Bryan Kearney 2018-02-21 17:09:26 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336