Bug 1646747 - 6.4 snap25 bug joining a realm on kickstart
Summary: 6.4 snap25 bug joining a realm on kickstart
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Provisioning Templates
Version: 6.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: 6.4.1
Assignee: satellite6-bugs
QA Contact: Sanket Jagtap
: 1651643 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2018-11-05 22:51 UTC by Mike McCune
Modified: 2021-12-10 18:10 UTC (History)
12 users (show)

Fixed In Version: foreman-
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1635680
Last Closed: 2018-12-06 22:32:53 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 25117 0 None None None 2018-11-05 22:51:44 UTC
Red Hat Product Errata RHBA-2018:3799 0 None None None 2018-12-06 22:33:26 UTC

Comment 3 Sanket Jagtap 2018-11-16 13:57:19 UTC
Build: Satellite 6.4.1

host was provisioned with a realm proxy and was successfully enrolled

hammer host info --id 2
Id:                       2
UUID:                     501e07bb-7c13-2767-d346-bc1ae15d5396
Name:                     daisy-figueira.domain
Organization:             Default Organization
Location:                 Default Location
Host Group:               rhel7_hstgrp
Compute Resource:         vmware
Compute Profile:          2-Medium
Puppet Environment:       production
Puppet CA Proxy:          qe-sat6-feature-rhel7.domain
Puppet Master Proxy:      qe-sat6-feature-rhel7.domain
Cert name:                daisy-figueira.domain
Managed:                  yes
Installed at:             2018/11/16 13:44:26
Last report:              2018/11/16 13:45:25
    IPv4 address:
    IPv6 address: 2620:52:0:86f:250:56ff:fe9e:683b
    MAC:          00:50:56:9e:68:3b
    Subnet ipv4:  Default Subnet
    Domain:       domain
Network interfaces:       
 1) Id:           2
    Identifier:   ens160
    Type:         interface (primary, provision)
    MAC address:  00:50:56:9e:68:3b
    IPv4 address:
    IPv6 address: 2620:52:0:86f:
    FQDN:         daisy-figueira.domain
Operating system:         
    Architecture:           x86_64
    Operating System:       RHEL Server 7.6
    Build:                  no
    Partition Table:        Kickstart default
    PXE Loader:             PXELinux BIOS
    Custom partition table:

All parameters:           
    kt_activation_keys => rhel7_ak
    enable-puppet5 => true
    enable-epel => false
Additional info:          
    Owner:      Admin User
    Owner Type: User
    Enabled:    yes
    Model:      VMware Virtual Platform
OpenSCAP Proxy:           1
Content Information:      
    Content View:          
        ID:   2
        Name: rhel7_cv
    Lifecycle Environment: 
        ID:   2
        Name: DEV
    Content Source:        
        ID:   1
        Name: qe-sat6-feature-rhel7.domain
    Kickstart Repository:  
    Applicable Packages:   0
    Upgradable Packages:   0
    Applicable Errata:     
        Enhancement: 0
        Bug Fix:     0
        Security:    0
Subscription Information: 
    UUID:                          46927e9d-7c71-44f1-8590-b6f823788f61
    Last Checkin:                  2018-11-16 13:44:10 UTC
    Service Level:                 
    Release Version:               
    Autoheal:                      true
    Registered To:                 qe-sat6-feature-rhel7.domain
    Registered At:                 2018-11-16 13:38:02 UTC
    Registered by Activation Keys: 
     1) rhel7_ak
Host Collections:

Discovery was successful!
Client hostname: daisy-figueira.domain
Realm: domain
DNS Domain: domain
IPA Server: qe-sat6-ipa.domain
BaseDN: dc=domain,dc=lab,dc=eng,dc=rdu2,dc=redhat,dc=com
Skipping synchronizing time with NTP server.
Downloading the CA certificate via HTTP, this is INSECURE
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=domain
    Issuer:      CN=Certificate Authority,O=domain
    Valid From:  2016-03-17 17:17:12
    Valid Until: 2036-03-17 17:17:12

Enrolled in IPA realm domain
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm domain
trying https://qe-sat6-ipa.domain/ipa/json
[try 1]: Forwarding 'schema' to json server 'https://qe-sat6-ipa.domain/ipa/json'
trying https://qe-sat6-ipa.domain/ipa/session/json
[try 1]: Forwarding 'ping' to json server 'https://qe-sat6-ipa.domain/ipa/session/json'
[try 1]: Forwarding 'ca_is_enabled' to json server 'https://qe-sat6-ipa.domain/ipa/session/json'
Systemwide CA database updated.
Hostname (daisy-figueira.domain) does not have A/AAAA record.
Missing reverse record(s) for address(es): 2620:52:0:86f:250:56ff:fe9e:683b.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
[try 1]: Forwarding 'host_mod' to json server 'https://qe-sat6-ipa.domain/ipa/session/json'
SSSD enabled
Configured /etc/openldap/ldap.conf
Principal is not set when enrolling with OTP; using principal 'admin@domain' for 'getent passwd'
Unable to find 'admin' user with 'getent passwd admin@domain'!
Unable to reliably detect configuration. Check NSS setup manually.
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring domain as NIS domain.
Client configuration complete.
The ipa-client-install command was successful
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd 

[root@daisy-figueira ~]# id realm-proxy
uid=632600001(realm-proxy) gid=632600001(realm-proxy) groups=632600001(realm-proxy)
[root@daisy-figueira ~]# id admin
uid=632600000(admin) gid=632600000(admins) groups=632600000(admins)

Host is successfully enrolled

Comment 4 Evgeni Golov 2018-11-20 13:36:38 UTC
*** Bug 1651643 has been marked as a duplicate of this bug. ***

Comment 6 errata-xmlrpc 2018-12-06 22:32:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.