Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2018:3799
Build: Satellite 6.4.1 host was provisioned with a realm proxy and was successfully enrolled hammer host info --id 2 Id: 2 UUID: 501e07bb-7c13-2767-d346-bc1ae15d5396 Name: daisy-figueira.domain Organization: Default Organization Location: Default Location Host Group: rhel7_hstgrp Compute Resource: vmware Compute Profile: 2-Medium Puppet Environment: production Puppet CA Proxy: qe-sat6-feature-rhel7.domain Puppet Master Proxy: qe-sat6-feature-rhel7.domain Cert name: daisy-figueira.domain Managed: yes Installed at: 2018/11/16 13:44:26 Last report: 2018/11/16 13:45:25 Network: IPv4 address: 0.0.0.157 IPv6 address: 2620:52:0:86f:250:56ff:fe9e:683b MAC: 00:50:56:9e:68:3b Subnet ipv4: Default Subnet Domain: domain Network interfaces: 1) Id: 2 Identifier: ens160 Type: interface (primary, provision) MAC address: 00:50:56:9e:68:3b IPv4 address: 0.0.0.157 IPv6 address: 2620:52:0:86f: FQDN: daisy-figueira.domain Operating system: Architecture: x86_64 Operating System: RHEL Server 7.6 Build: no Partition Table: Kickstart default PXE Loader: PXELinux BIOS Custom partition table: Parameters: All parameters: kt_activation_keys => rhel7_ak enable-puppet5 => true enable-epel => false Additional info: Owner: Admin User Owner Type: User Enabled: yes Model: VMware Virtual Platform Comment: OpenSCAP Proxy: 1 Content Information: Content View: ID: 2 Name: rhel7_cv Lifecycle Environment: ID: 2 Name: DEV Content Source: ID: 1 Name: qe-sat6-feature-rhel7.domain Kickstart Repository: ID: Name: Applicable Packages: 0 Upgradable Packages: 0 Applicable Errata: Enhancement: 0 Bug Fix: 0 Security: 0 Subscription Information: UUID: 46927e9d-7c71-44f1-8590-b6f823788f61 Last Checkin: 2018-11-16 13:44:10 UTC Service Level: Release Version: Autoheal: true Registered To: qe-sat6-feature-rhel7.domain Registered At: 2018-11-16 13:38:02 UTC Registered by Activation Keys: 1) rhel7_ak Host Collections: psotinstall.log: Discovery was successful! Client hostname: daisy-figueira.domain Realm: domain DNS Domain: domain IPA Server: qe-sat6-ipa.domain BaseDN: dc=domain,dc=lab,dc=eng,dc=rdu2,dc=redhat,dc=com Skipping synchronizing time with NTP server. Downloading the CA certificate via HTTP, this is INSECURE Successfully retrieved CA cert Subject: CN=Certificate Authority,O=domain Issuer: CN=Certificate Authority,O=domain Valid From: 2016-03-17 17:17:12 Valid Until: 2036-03-17 17:17:12 Enrolled in IPA realm domain Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm domain trying https://qe-sat6-ipa.domain/ipa/json [try 1]: Forwarding 'schema' to json server 'https://qe-sat6-ipa.domain/ipa/json' trying https://qe-sat6-ipa.domain/ipa/session/json [try 1]: Forwarding 'ping' to json server 'https://qe-sat6-ipa.domain/ipa/session/json' [try 1]: Forwarding 'ca_is_enabled' to json server 'https://qe-sat6-ipa.domain/ipa/session/json' Systemwide CA database updated. Hostname (daisy-figueira.domain) does not have A/AAAA record. Missing reverse record(s) for address(es): 2620:52:0:86f:250:56ff:fe9e:683b. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub [try 1]: Forwarding 'host_mod' to json server 'https://qe-sat6-ipa.domain/ipa/session/json' SSSD enabled Configured /etc/openldap/ldap.conf Principal is not set when enrolling with OTP; using principal 'admin@domain' for 'getent passwd' Unable to find 'admin' user with 'getent passwd admin@domain'! Unable to reliably detect configuration. Check NSS setup manually. Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring domain as NIS domain. Client configuration complete. The ipa-client-install command was successful WARNING: ntpd time&date synchronization service will not be configured as conflicting service (chronyd) is enabled Use --force-ntpd option to disable it and force configuration of ntpd [root@daisy-figueira ~]# id realm-proxy uid=632600001(realm-proxy) gid=632600001(realm-proxy) groups=632600001(realm-proxy) [root@daisy-figueira ~]# id admin uid=632600000(admin) gid=632600000(admins) groups=632600000(admins) Host is successfully enrolled