Bug 1635680 - 6.4 snap25 bug joining a realm on kickstart
Summary: 6.4 snap25 bug joining a realm on kickstart
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Provisioning Templates
Version: 6.4
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: Released
Assignee: satellite6-bugs
QA Contact: Sanket Jagtap
URL:
Whiteboard:
: 1633661 1645054 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-10-03 13:24 UTC by chris procter
Modified: 2019-10-07 17:17 UTC (History)
8 users (show)

Fixed In Version: foreman-1.20.0-0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1646747 (view as bug list)
Environment:
Last Closed: 2019-05-14 12:38:11 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:1222 None None None 2019-05-14 12:38:19 UTC
Foreman Issue Tracker 25117 None None None 2018-10-04 09:14:04 UTC

Description chris procter 2018-10-03 13:24:00 UTC
Description of problem:

I installed a 6.4 snap25 satellite and have hit a bug getting it to join kickstarting machines to my IDM realm.

The relevant part of the "kickstart default" template says:

<% if host_enc['parameters']['realm'] && @host.realm && @host.realm.realm_type == 'FreeIPA' -%>
<%= snippet 'freeipa_register' %>
<% end -%>

but there is no option in the Realms creation page to create a "FreeIPA" realm_type, instead you get  "Red Hat Identity Management"  so the snippet is not called.

Updating the kickstart to:
<% if host_enc['parameters']['realm'] && @host.realm && @host.realm.realm_type == 'Red Hat Identity Management' -%>

should be enough to fix the issue (or, as I did, stripping out the "&& @host.realm.realm_type" part entirely which fixes this but may cause issues with AD domains)


Version-Release number of selected component (if applicable):
sat 6.4beta snap25

How reproducible:
every time

Steps to Reproduce:
1. create 'Red Hat Identity Management' realm 
2. kickstart new host
3. fail

Actual results:
The new machine fails to join the domain as the freeipa_register snippet is never called


Expected results:
freeipa_register snippet is called and the now host joins the realm

Additional info:

Comment 4 chris procter 2018-10-03 17:49:34 UTC
I've raised an issue with a PR for upstream

https://projects.theforeman.org/issues/25117

Comment 5 pm-sat@redhat.com 2018-10-04 12:03:45 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/25117 has been resolved.

Comment 6 Stephen Benjamin 2018-10-04 12:08:14 UTC
*** Bug 1633661 has been marked as a duplicate of this bug. ***

Comment 9 Brad Buckingham 2018-11-13 17:15:14 UTC
*** Bug 1645054 has been marked as a duplicate of this bug. ***

Comment 10 Sanket Jagtap 2018-12-20 14:13:40 UTC
Build: Satellite 6.5 snap 8


Rendered template for created host.
<snip>

      freeipa_client=ipa-client
        /usr/sbin/sshd-keygen
  
yum install -y libsss_sudo $freeipa_client

##
## IPA Client Installation
##


freeipa_mkhomedir="--mkhomedir"



# One-time password will be requested at install time. Otherwise, $HOST[OTP] is used as a placeholder value.
/usr/sbin/ipa-client-install -w '7Ps!camJaNRza7:kTO?*hN' --realm=RELAM -U $freeipa_mkhomedir $freeipa_opts $freeipa_server $freeipa_domain $freeipa_ssh

##
## Automounter
<snip>


On Satellite:
satellite-installer --foreman-proxy-realm true --foreman-proxy-realm-keytab /etc/foreman-proxy/freeipa.keytab --foreman-proxy-realm-principal foreman-proxy@RELAM --foreman-proxy-realm-provider freeipa
Resetting puppet server version param...
Installing             Done                                               [100%] [................................................................................................................................]
  Success!
  * Satellite is running at https://qe-sat6-feature-rhel7.sat-domain
  * To install an additional Capsule on separate machine continue by running:

      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" --certs-tar "/root/$CAPSULE-certs.tar"

  * To upgrade an existing 6.4 Capsule to 6.5:
      Please see official documentation for steps and parameters to use when upgrading a 6.4 Capsule to 6.5.

  The full log is at /var/log/foreman-installer/satellite.log




On Host:
[root@eldon-guster ~]# id foreman-proxy
uid=632600010(foreman-proxy) gid=632600010(foreman-proxy) groups=632600010(foreman-proxy)
[root@eldon-guster ~]#

Comment 13 errata-xmlrpc 2019-05-14 12:38:11 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222


Note You need to log in before you can comment on or make changes to this bug.