Description of problem:
I installed a 6.4 snap25 satellite and have hit a bug getting it to join kickstarting machines to my IDM realm.
The relevant part of the "kickstart default" template says:
<% if host_enc['parameters']['realm'] && @host.realm && @host.realm.realm_type == 'FreeIPA' -%>
<%= snippet 'freeipa_register' %>
<% end -%>
but there is no option in the Realms creation page to create a "FreeIPA" realm_type, instead you get "Red Hat Identity Management" so the snippet is not called.
Updating the kickstart to:
<% if host_enc['parameters']['realm'] && @host.realm && @host.realm.realm_type == 'Red Hat Identity Management' -%>
should be enough to fix the issue (or, as I did, stripping out the "&& @host.realm.realm_type" part entirely which fixes this but may cause issues with AD domains)
Version-Release number of selected component (if applicable):
sat 6.4beta snap25
Steps to Reproduce:
1. create 'Red Hat Identity Management' realm
2. kickstart new host
The new machine fails to join the domain as the freeipa_register snippet is never called
freeipa_register snippet is called and the now host joins the realm
I've raised an issue with a PR for upstream
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/25117 has been resolved.
*** Bug 1633661 has been marked as a duplicate of this bug. ***
*** Bug 1645054 has been marked as a duplicate of this bug. ***
Build: Satellite 6.5 snap 8
Rendered template for created host.
yum install -y libsss_sudo $freeipa_client
## IPA Client Installation
# One-time password will be requested at install time. Otherwise, $HOST[OTP] is used as a placeholder value.
/usr/sbin/ipa-client-install -w '7Ps!camJaNRza7:kTO?*hN' --realm=RELAM -U $freeipa_mkhomedir $freeipa_opts $freeipa_server $freeipa_domain $freeipa_ssh
satellite-installer --foreman-proxy-realm true --foreman-proxy-realm-keytab /etc/foreman-proxy/freeipa.keytab --foreman-proxy-realm-principal foreman-proxy@RELAM --foreman-proxy-realm-provider freeipa
Resetting puppet server version param...
Installing Done [100%] [................................................................................................................................]
* Satellite is running at https://qe-sat6-feature-rhel7.sat-domain
* To install an additional Capsule on separate machine continue by running:
capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" --certs-tar "/root/$CAPSULE-certs.tar"
* To upgrade an existing 6.4 Capsule to 6.5:
Please see official documentation for steps and parameters to use when upgrading a 6.4 Capsule to 6.5.
The full log is at /var/log/foreman-installer/satellite.log
[root@eldon-guster ~]# id foreman-proxy
uid=632600010(foreman-proxy) gid=632600010(foreman-proxy) groups=632600010(foreman-proxy)
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.