HOST[OTP] is not correctly rendered in user-data
Description of problem:
If I integrate with IdM in RHEL 7, and use a user-data template to configure my system, my system is not enrolled in IdM. I end up with this in my user-data (on my new machine)
/usr/sbin/ipa-client-install -w '$HOST[OTP]' --realm=REDHAT.LAB -U $idm_mkhomedir $idm_opts $idm_server $idm_ssh
and thus with an error
Nov 7 16:33:52 localhost cloud-init: Successfully retrieved CA cert
Nov 7 16:33:52 localhost cloud-init: Subject: CN=Certificate Authority,O=REE
Nov 7 16:33:52 localhost cloud-init: Issuer: CN=Certificate Authority,O=REE
Nov 7 16:33:52 localhost cloud-init: Valid From: Tue Sep 06 13:01:52 2016 UTC
Nov 7 16:33:52 localhost cloud-init: Valid Until: Sat Sep 06 13:01:52 2036 UTC
Nov 7 16:33:52 localhost cloud-init: Joining realm failed: Incorrect password.
Nov 7 16:33:52 localhost cloud-init: Installation failed. Rolling back changes.
Nov 7 16:33:52 localhost cloud-init: IPA client is not configured on this systee
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create new image, configure for user-data
2. Configure Satellite for idm integration (follow docs :))
3. Create new host
See the above error, system listed not enrolled in idm (so satellite actually did create the object in idm)
system is enrolled, i can log in
Updated by Dis McCarthy over 6 years ago
This is still affecting us when provisioning AWS hosts. It sets the random OTP in FreeIPA, but the host template receives "$HOST[OTP]" (as seen in the template on the host as well as in the process list while it tries to enroll.)
As a bonus, it prevents the hult/ipa module from fixing the install on later runs because it just looks for 'host exists', not for 'with the wrong password'.