Description of problem: After setting an appliance's hostname via the appliance console, configuring external authentication with an IPA server fails with the following error: Invalid hostname, 'localhost.localdomain' must not be used. Version-Release number of selected component (if applicable): 5.5.0.12 How reproducible: always Steps to Reproduce: 1. Bring up a 5.5.0.12 appliance 2. Setup DB/Appliance 3. Set hostname via appliance_console 4. Configure external authentication via appliance_console Actual results: Proceed? (Y/N): y Checking connectivity to aab-ipaserver7.aabtest.redhat.com ... Succeeded. Configuring IPA (may take a minute) ... Configuring the IPA Client ... Invalid hostname, 'localhost.localdomain' must not be used. Installation failed. Rolling back changes. IPA client is not configured on this system. Failed to Configure External Authentication - /usr/sbin/ipa-client-install exit code: 1 External Authentication configuration failed! Press any key to continue. Expected results: Proceed? (Y/N): y Checking connectivity to aab-ipaserver7.aabtest.redhat.com ... Succeeded. Configuring IPA (may take a minute) ... Configuring the IPA Client ... Configuring pam ... Configuring sssd ... Configuring IPA HTTP Service and Keytab ... Configuring httpd ... Configuring SELinux ... Restarting sssd and httpd ... Configuring sssd to start upon reboots ... External Authentication configured successfully. Press any key to continue. Additional info: When the hostname is set via the appliance_console, the FQDN gets added to the /etc/hosts file as follows: 127.0.0.1 localhost localhost.localdomain FQDN ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 IPA sees FQDN as an alias and picks "localhost" so uses "localhost.localdomain" as the FQDN. One workaround is to update the /etc/hosts file as follows after setting the hostname via the appliance_console as follows: 127.0.0.1 FQDN localhost localhost.localdomain ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 and then re-attempt the External Authentication setup.
https://github.com/ManageIQ/linux_admin/pull/144
New commit detected on ManageIQ/linux_admin/master: https://github.com/ManageIQ/linux_admin/commit/e7738efb10f245161acbb33ea770eb6f96164034 commit e7738efb10f245161acbb33ea770eb6f96164034 Author: Nick Carboni <ncarboni> AuthorDate: Tue Dec 1 09:23:08 2015 -0500 Commit: Nick Carboni <ncarboni> CommitDate: Wed Dec 2 15:39:31 2015 -0500 Added a method to set the canonical hostname in `/etc/hosts` Fixes #143 https://bugzilla.redhat.com/show_bug.cgi?id=1286830 lib/linux_admin/hosts.rb | 41 ++++++++++++++++++++++++++++------------- spec/hosts_spec.rb | 21 +++++++++++++++++++++ 2 files changed, 49 insertions(+), 13 deletions(-)
The PR on linux_admin added the required functionality to the Hosts class. The PR here https://github.com/ManageIQ/manageiq/pull/5714 uses that new functionality to fix the bug.
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/1e48b727d895a7e94bfbf50f20bd932243ada71d commit 1e48b727d895a7e94bfbf50f20bd932243ada71d Author: Nick Carboni <ncarboni> AuthorDate: Fri Dec 4 13:33:50 2015 -0500 Commit: Nick Carboni <ncarboni> CommitDate: Fri Dec 4 13:33:50 2015 -0500 Altered the console to set the canonical hostname rather than an alias The /etc/hosts man page describes a difference between the "canonical_hostname" (fqdn) and the aliases for that hostname. This difference is reflected in the behaviour of some external tools such as cloud-init and freeipa. These tools will retrieve the hostname (typically via the hostname command or from /etc/hostname) then consult /etc/hosts to find the fqdn by taking the name in the "canonical_hostname" place in the line where the found hostname is an alias. This can cause problems when the application acts differently based on whether the fqdn is "localhost" or not. https://bugzilla.redhat.com/show_bug.cgi?id=1286830 gems/pending/Gemfile | 2 +- gems/pending/appliance_console.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
Discussion on this here https://github.com/ManageIQ/manageiq/pull/5854
Luke, I don't think this issue is related to that conversation. This was to fix appliance_console so that it would set the canonical hostname rather than an alias so IPA would see that the hostname was indeed set to something other than localhost. I think the bug related to that PR is https://bugzilla.redhat.com/show_bug.cgi?id=1291879
Verified in 5.6.0.4-beta2.3
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1348