Project

General

Profile

Actions

Bug #17292

closed

HOST[OTP] is not correctly rendered in user-data

Added by Maxim Burgerhout over 7 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Realm
Target version:
-
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

Description of problem:
If I integrate with IdM in RHEL 7, and use a user-data template to configure my system, my system is not enrolled in IdM. I end up with this in my user-data (on my new machine)

/usr/sbin/ipa-client-install -w '$HOST[OTP]' --realm=REDHAT.LAB -U $idm_mkhomedir $idm_opts $idm_server $idm_ssh

and thus with an error

Nov 7 16:33:52 localhost cloud-init: Successfully retrieved CA cert
Nov 7 16:33:52 localhost cloud-init: Subject: CN=Certificate Authority,O=REE
DHAT.LAB
Nov 7 16:33:52 localhost cloud-init: Issuer: CN=Certificate Authority,O=REE
DHAT.LAB
Nov 7 16:33:52 localhost cloud-init: Valid From: Tue Sep 06 13:01:52 2016 UTC
Nov 7 16:33:52 localhost cloud-init: Valid Until: Sat Sep 06 13:01:52 2036 UTC
Nov 7 16:33:52 localhost cloud-init: Joining realm failed: Incorrect password.
Nov 7 16:33:52 localhost cloud-init: Installation failed. Rolling back changes.
Nov 7 16:33:52 localhost cloud-init: IPA client is not configured on this systee
m.

Version-Release number of selected component (if applicable):
6.2.3

How reproducible:

Steps to Reproduce:
1. Create new image, configure for user-data
2. Configure Satellite for idm integration (follow docs :))
3. Create new host

Actual results:
See the above error, system listed not enrolled in idm (so satellite actually did create the object in idm)

Expected results:
system is enrolled, i can log in

Additional info:


Related issues 1 (0 open1 closed)

Related to Foreman - Bug #10119: @host.otp isn't detemplated in user-dataRejected04/12/2015Actions
Actions #1

Updated by Maxim Burgerhout over 7 years ago

  • Related to Bug #10119: @host.otp isn't detemplated in user-data added
Actions #2

Updated by Dis McCarthy almost 7 years ago

This is still affecting us when provisioning AWS hosts. It sets the random OTP in FreeIPA, but the host template receives "$HOST[OTP]" (as seen in the template on the host as well as in the process list while it tries to enroll.)

As a bonus, it prevents the hult/ipa module from fixing the install on later runs because it just looks for 'host exists', not for 'with the wrong password'.

Actions #3

Updated by Steve D over 6 years ago

Also seeing this issue in 1.15.6 with ec2 resource.

Actions #4

Updated by The Foreman Bot almost 6 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/5542 added
Actions #5

Updated by Sven Vogel over 5 years ago

Hi,

the issue should be resolved in this pull request.

https://github.com/theforeman/foreman/pull/5542

when it will be merged?

thanks

Sven

Actions #6

Updated by Stephan Schultchen over 5 years ago

I just stumbled across this issue, i applied the patch to my foreman 1.20 installation, and it fixed the issue.

would be great if this could be merged into foreman 1.20.1

Actions #7

Updated by Lukas Zapletal about 5 years ago

  • Fixed in Releases 1.22.0 added
Actions #8

Updated by dmitry Vasilets about 5 years ago

  • Status changed from Ready For Testing to Closed
Actions

Also available in: Atom PDF