Description of problem: I installed a 6.4 snap25 satellite and have hit a bug getting it to join kickstarting machines to my IDM realm. The relevant part of the "kickstart default" template says: <% if host_enc['parameters']['realm'] && @host.realm && @host.realm.realm_type == 'FreeIPA' -%> <%= snippet 'freeipa_register' %> <% end -%> but there is no option in the Realms creation page to create a "FreeIPA" realm_type, instead you get "Red Hat Identity Management" so the snippet is not called. Updating the kickstart to: <% if host_enc['parameters']['realm'] && @host.realm && @host.realm.realm_type == 'Red Hat Identity Management' -%> should be enough to fix the issue (or, as I did, stripping out the "&& @host.realm.realm_type" part entirely which fixes this but may cause issues with AD domains) Version-Release number of selected component (if applicable): sat 6.4beta snap25 How reproducible: every time Steps to Reproduce: 1. create 'Red Hat Identity Management' realm 2. kickstart new host 3. fail Actual results: The new machine fails to join the domain as the freeipa_register snippet is never called Expected results: freeipa_register snippet is called and the now host joins the realm Additional info:
I've raised an issue with a PR for upstream https://projects.theforeman.org/issues/25117
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/25117 has been resolved.
*** Bug 1633661 has been marked as a duplicate of this bug. ***
*** Bug 1645054 has been marked as a duplicate of this bug. ***
Build: Satellite 6.5 snap 8 Rendered template for created host. <snip> freeipa_client=ipa-client /usr/sbin/sshd-keygen yum install -y libsss_sudo $freeipa_client ## ## IPA Client Installation ## freeipa_mkhomedir="--mkhomedir" # One-time password will be requested at install time. Otherwise, $HOST[OTP] is used as a placeholder value. /usr/sbin/ipa-client-install -w '7Ps!camJaNRza7:kTO?*hN' --realm=RELAM -U $freeipa_mkhomedir $freeipa_opts $freeipa_server $freeipa_domain $freeipa_ssh ## ## Automounter <snip> On Satellite: satellite-installer --foreman-proxy-realm true --foreman-proxy-realm-keytab /etc/foreman-proxy/freeipa.keytab --foreman-proxy-realm-principal foreman-proxy@RELAM --foreman-proxy-realm-provider freeipa Resetting puppet server version param... Installing Done [100%] [................................................................................................................................] Success! * Satellite is running at https://qe-sat6-feature-rhel7.sat-domain * To install an additional Capsule on separate machine continue by running: capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" --certs-tar "/root/$CAPSULE-certs.tar" * To upgrade an existing 6.4 Capsule to 6.5: Please see official documentation for steps and parameters to use when upgrading a 6.4 Capsule to 6.5. The full log is at /var/log/foreman-installer/satellite.log On Host: [root@eldon-guster ~]# id foreman-proxy uid=632600010(foreman-proxy) gid=632600010(foreman-proxy) groups=632600010(foreman-proxy) [root@eldon-guster ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:1222