Bug #17292
closedHOST[OTP] is not correctly rendered in user-data
Description
Description of problem:
If I integrate with IdM in RHEL 7, and use a user-data template to configure my system, my system is not enrolled in IdM. I end up with this in my user-data (on my new machine)
/usr/sbin/ipa-client-install -w '$HOST[OTP]' --realm=REDHAT.LAB -U $idm_mkhomedir $idm_opts $idm_server $idm_ssh
and thus with an error
Nov 7 16:33:52 localhost cloud-init: Successfully retrieved CA cert
Nov 7 16:33:52 localhost cloud-init: Subject: CN=Certificate Authority,O=REE
DHAT.LAB
Nov 7 16:33:52 localhost cloud-init: Issuer: CN=Certificate Authority,O=REE
DHAT.LAB
Nov 7 16:33:52 localhost cloud-init: Valid From: Tue Sep 06 13:01:52 2016 UTC
Nov 7 16:33:52 localhost cloud-init: Valid Until: Sat Sep 06 13:01:52 2036 UTC
Nov 7 16:33:52 localhost cloud-init: Joining realm failed: Incorrect password.
Nov 7 16:33:52 localhost cloud-init: Installation failed. Rolling back changes.
Nov 7 16:33:52 localhost cloud-init: IPA client is not configured on this systee
m.
Version-Release number of selected component (if applicable):
6.2.3
How reproducible:
Steps to Reproduce:
1. Create new image, configure for user-data
2. Configure Satellite for idm integration (follow docs :))
3. Create new host
Actual results:
See the above error, system listed not enrolled in idm (so satellite actually did create the object in idm)
Expected results:
system is enrolled, i can log in
Additional info:
Updated by Maxim Burgerhout about 8 years ago
- Related to Bug #10119: @host.otp isn't detemplated in user-data added
Updated by Dis McCarthy over 7 years ago
This is still affecting us when provisioning AWS hosts. It sets the random OTP in FreeIPA, but the host template receives "$HOST[OTP]" (as seen in the template on the host as well as in the process list while it tries to enroll.)
As a bonus, it prevents the hult/ipa module from fixing the install on later runs because it just looks for 'host exists', not for 'with the wrong password'.
Updated by Steve D about 7 years ago
Also seeing this issue in 1.15.6 with ec2 resource.
Updated by The Foreman Bot over 6 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/5542 added
Updated by Sven Vogel over 6 years ago
Hi,
the issue should be resolved in this pull request.
https://github.com/theforeman/foreman/pull/5542
when it will be merged?
thanks
Sven
Updated by Stephan Schultchen about 6 years ago
I just stumbled across this issue, i applied the patch to my foreman 1.20 installation, and it fixed the issue.
would be great if this could be merged into foreman 1.20.1
Updated by dmitry Vasilets almost 6 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset b48d799adea56355a6f6b848af5adee9c5908b3b.