Bug 975456
Summary: | [RFE] add option to ipa-client-install to configure automount | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jenny Severance <jgalipea> |
Component: | ipa | Assignee: | Martin Kosek <mkosek> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | bpeck, mkosek, xdong |
Target Milestone: | rc | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.0.3-1.el7 | Doc Type: | Enhancement |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-05 10:09:33 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jenny Severance
2013-06-18 13:52:37 UTC
The kickstart command should support this as well. realm join --one-time-password=MyPassword ad.example.com for further info see here: http://fedoraproject.org/wiki/Features/AnacondaRealmIntegration Thanks realmd would also need to optionally pass in the automount location to use. Upstream ticket: https://fedorahosted.org/freeipa/ticket/3740 Fixed upstream: master: 95483d3b9f0973e825cf37340f8ca91b567ab134 ipa-client-install could not pass a new location successfully other than default. [root@cisco-b200m3-01 ~]# ipa-client-install --hostname=`hostname` --domain=$DOMAIN --realm=$RELM -p $ADMINID -w $ADMINPW --server=$MASTER --automount-location=Westford -U WARNING: ntpd time&date synchronization service will not be configured as conflicting service (chronyd) is enabled Use --force-ntpd option to disable it and force configuration of ntpd Hostname: cisco-b200m3-01.testrelm.test Realm: TESTRELM.TEST DNS Domain: testrelm.test IPA Server: cisco-b420m3-01.testrelm.test BaseDN: dc=testrelm,dc=test Synchronizing time with KDC... Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened. Successfully retrieved CA cert Subject: CN=Certificate Authority,O=TESTRELM.TEST Issuer: CN=Certificate Authority,O=TESTRELM.TEST Valid From: Mon Oct 27 16:24:51 2014 UTC Valid Until: Fri Oct 27 16:24:51 2034 UTC Enrolled in IPA realm TESTRELM.TEST Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm TESTRELM.TEST trying https://cisco-b420m3-01.testrelm.test/ipa/json Forwarding 'ping' to json server 'https://cisco-b420m3-01.testrelm.test/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://cisco-b420m3-01.testrelm.test/ipa/json' Added the CA to the systemwide CA trust database. Added CA certificates to the default NSS database. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://cisco-b420m3-01.testrelm.test/ipa/json' SSSD enabled Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring automount: Automount configuration failed: Command ''ipa-client-automount' '--debug' '-U' '--location' 'Westford' '--server' 'cisco-b420m3-01.testrelm.test'' returned non-zero exit status 1 Configuring testrelm.test as NIS domain. Client configuration complete. /var/log/ipaclient-instlal.log: . . . Automount location 'Westford' does not exist 2014-10-28T13:06:22Z ERROR Automount configuration failed: Command ''ipa-client-automount' '--debug' '-U' '--location' 'Westford' '--server' 'cisco-b420m3-01.testrelm.test'' returned non-zero exit status 1 2014-10-28T13:06:22Z INFO Configuring testrelm.test as NIS domain. 2014-10-28T13:06:22Z DEBUG Starting external process 2014-10-28T13:06:22Z DEBUG args='/usr/bin/nisdomainname' 2014-10-28T13:06:22Z DEBUG Process finished, return code=1 2014-10-28T13:06:22Z DEBUG stdout=nisdomainname: Local domain name not set . . . Have to install client , add the location and then run ipa-client-automount with location option: [root@cisco-b200m3-01 ~]# ipa-client-install --hostname=`hostname` --domain=$DOMAIN --realm=$RELM -p $ADMINID -w $ADMINPW --server=$MASTER -U WARNING: ntpd time&date synchronization service will not be configured as conflicting service (chronyd) is enabled Use --force-ntpd option to disable it and force configuration of ntpd Hostname: cisco-b200m3-01.testrelm.test Realm: TESTRELM.TEST DNS Domain: testrelm.test IPA Server: cisco-b420m3-01.testrelm.test BaseDN: dc=testrelm,dc=test Synchronizing time with KDC... Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened. Successfully retrieved CA cert Subject: CN=Certificate Authority,O=TESTRELM.TEST Issuer: CN=Certificate Authority,O=TESTRELM.TEST Valid From: Mon Oct 27 16:24:51 2014 UTC Valid Until: Fri Oct 27 16:24:51 2034 UTC Enrolled in IPA realm TESTRELM.TEST Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm TESTRELM.TEST trying https://cisco-b420m3-01.testrelm.test/ipa/json Forwarding 'ping' to json server 'https://cisco-b420m3-01.testrelm.test/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://cisco-b420m3-01.testrelm.test/ipa/json' Added the CA to the systemwide CA trust database. Added CA certificates to the default NSS database. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://cisco-b420m3-01.testrelm.test/ipa/json' SSSD enabled Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring testrelm.test as NIS domain. Client configuration complete. [root@cisco-b200m3-01 ~]# ipa automountlocation-add Westford ----------------------------------- Added automount location "Westford" ----------------------------------- Location: Westford [root@cisco-b200m3-01 ~]# ipa-client-automount --location=Westford Searching for IPA server... IPA server: DNS discovery Location: Westford Continue to configure the system with these values? [no]: y Configured /etc/sysconfig/nfs Configured /etc/idmapd.conf Started rpcidmapd Started rpcgssd Restarting sssd, waiting for it to become available. Started autofs or default is the only location we can use in order to config automount automatically during ipa-client-install ? [root@cisco-b200m3-01 ~]# ipa-client-install --hostname=`hostname` --domain=$DOMAIN --realm=$RELM -p $ADMINID -w $ADMINPW --server=$MASTER --automount-location=default -U WARNING: ntpd time&date synchronization service will not be configured as conflicting service (chronyd) is enabled Use --force-ntpd option to disable it and force configuration of ntpd Hostname: cisco-b200m3-01.testrelm.test Realm: TESTRELM.TEST DNS Domain: testrelm.test IPA Server: cisco-b420m3-01.testrelm.test BaseDN: dc=testrelm,dc=test Synchronizing time with KDC... Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened. Successfully retrieved CA cert Subject: CN=Certificate Authority,O=TESTRELM.TEST Issuer: CN=Certificate Authority,O=TESTRELM.TEST Valid From: Mon Oct 27 16:24:51 2014 UTC Valid Until: Fri Oct 27 16:24:51 2034 UTC Enrolled in IPA realm TESTRELM.TEST Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm TESTRELM.TEST trying https://cisco-b420m3-01.testrelm.test/ipa/json Forwarding 'ping' to json server 'https://cisco-b420m3-01.testrelm.test/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://cisco-b420m3-01.testrelm.test/ipa/json' Added the CA to the systemwide CA trust database. Added CA certificates to the default NSS database. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://cisco-b420m3-01.testrelm.test/ipa/json' SSSD enabled Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring automount: IPA server: cisco-b420m3-01.testrelm.test Location: default Configured /etc/sysconfig/nfs Configured /etc/idmapd.conf Started rpcidmapd Started rpcgssd Restarting sssd, waiting for it to become available. Started autofs Configuring testrelm.test as NIS domain. Client configuration complete. [root@cisco-b200m3-01 ~]# ipa-client-automount Searching for IPA server... IPA server: DNS discovery Location: default Continue to configure the system with these values? [no]: y Configured /etc/sysconfig/nfs Configured /etc/idmapd.conf Started rpcidmapd Started rpcgssd An automount location is already configured Was the location available/created before running ipa-client-install ... --automount-location=Westford ? If it was not available, the error is expected. In the second run you added it manually before running ipa-client-automount so you exercised a different test case than in the first run. so the only location I could put into automount-location option during ipa-client-install is default ? As I don't know a way to add a location before ipa-client-install, the way I added the location is running "ipa automountlocation-add Westford",which requires ipa-client-install prior to that. You can add the automount location on any other enrolled IPA client, IPA server, via Web UI, JSON-RPC call... Verified on ipa-client-4.1.0-2 : :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipaclientinstall_bugcheck_975456: [RFE] add option to ipa-client-install to configure automount. BZ975456i :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: IPA client is not configured on this system. :: [ PASS ] :: uninstall ipa client success :: [ BEGIN ] :: Verify automount location option has been added to the help page :: actually running 'ipa-client-install --help |grep 'automount-location'' --automount-location=LOCATION :: [ PASS ] :: Verify automount location option has been added to the help page (Expected 0, got 0) :: [ BEGIN ] :: Adding automount location from master :: actually running 'ssh -o StrictHostKeyChecking=no root.test 'echo Secret123|kinit admin;ipa automountlocation-add Westford'' Password for admin: ----------------------------------- Added automount location "Westford" ----------------------------------- Location: Westford :: [ PASS ] :: Adding automount location from master (Expected 0, got 0) :: [ BEGIN ] :: Install client with passing automount location :: actually running 'ipa-client-install --hostname=intel-sugarbay-dh-02.testrelm.test --domain=testrelm.test --realm=TESTRELM.TEST -p admin -w Secret123 --server=sun-x8420-01.testrelm.test --automount-location=Westford -U' Hostname: intel-sugarbay-dh-02.testrelm.test Realm: TESTRELM.TEST DNS Domain: testrelm.test IPA Server: sun-x8420-01.testrelm.test BaseDN: dc=testrelm,dc=test Synchronizing time with KDC... Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened. Successfully retrieved CA cert Subject: CN=Certificate Authority,O=TESTRELM.TEST Issuer: CN=Certificate Authority,O=TESTRELM.TEST Valid From: Mon Nov 03 23:40:34 2014 UTC Valid Until: Fri Nov 03 23:40:34 2034 UTC Enrolled in IPA realm TESTRELM.TEST Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm TESTRELM.TEST trying https://sun-x8420-01.testrelm.test/ipa/json Forwarding 'ping' to json server 'https://sun-x8420-01.testrelm.test/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://sun-x8420-01.testrelm.test/ipa/json' Added the CA to the systemwide CA trust database. Added CA certificates to the default NSS database. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub Forwarding 'host_mod' to json server 'https://sun-x8420-01.testrelm.test/ipa/json' SSSD enabled Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring automount: Anonymous access to the LDAP server is disabled. Proceeding without strict verification. Note: This is not an error if anonymous access has been explicitly restricted. IPA server: sun-x8420-01.testrelm.test Location: Westford Configured /etc/sysconfig/nfs Configured /etc/idmapd.conf Started rpcgssd Restarting sssd, waiting for it to become available. Started autofs Configuring testrelm.test as NIS domain. Client configuration complete. WARNING: ntpd time&date synchronization service will not be configured as conflicting service (chronyd) is enabled Use --force-ntpd option to disable it and force configuration of ntpd :: [ PASS ] :: Install client with passing automount location (Expected 0, got 0) :: [ BEGIN ] :: Kinit as admin user :: actually running 'kinitAs admin Secret123' Password for admin: Default principal: admin :: [ 19:52:46 ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Kinit as admin user (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa-client-automount -U > /tmp/bz975456.txt 2>&1' :: [ PASS ] :: Command 'ipa-client-automount -U > /tmp/bz975456.txt 2>&1' (Expected 1, got 1) :: [ BEGIN ] :: Verify that automount location is already configured :: actually running 'grep "An automount location is already configured" /tmp/bz975456.txt' An automount location is already configured :: [ PASS ] :: Verify that automount location is already configured (Expected 0, got 0) :: [ BEGIN ] :: Verify automount location Westford :: actually running 'ipa automountlocation-find|grep Westford' Location: Westford :: [ PASS ] :: Verify automount location Westford (Expected 0, got 0) Unenrolling client from IPA server Removing Kerberos service principals from /etc/krb5.keytab Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted Restoring client configuration files Restoring testrelm.test as NIS domain. nscd daemon is not installed, skip configuration Systemwide CA database updated. Client uninstall complete. :: [ PASS ] :: uninstall ipa client success 'c4a04c2e-eb46-422c-a862-e620e1aac527' ipaclientinstall-bugcheck-975456 result: PASS metric: 0 Log: /var/tmp/beakerlib-25724276/journal.txt DMesg: /mnt/testarea/dmesg.log :: [ 19:52:57 ] :: checking for '^nameserver 10.16.64.249' in /etc/resolv.conf nameserver 10.16.64.249 ;sun-x8420-01.rhts.eng.bos.redhat.com. IN A sun-x8420-01.rhts.eng.bos.redhat.com. 12750 IN A 10.16.64.249 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0442.html |