Project

General

Profile

Bug #17292

HOST[OTP] is not correctly rendered in user-data

Added by Maxim Burgerhout almost 3 years ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Realm
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Description of problem:
If I integrate with IdM in RHEL 7, and use a user-data template to configure my system, my system is not enrolled in IdM. I end up with this in my user-data (on my new machine)

/usr/sbin/ipa-client-install -w '$HOST[OTP]' --realm=REDHAT.LAB -U $idm_mkhomedir $idm_opts $idm_server $idm_ssh

and thus with an error

Nov 7 16:33:52 localhost cloud-init: Successfully retrieved CA cert
Nov 7 16:33:52 localhost cloud-init: Subject: CN=Certificate Authority,O=REE
DHAT.LAB
Nov 7 16:33:52 localhost cloud-init: Issuer: CN=Certificate Authority,O=REE
DHAT.LAB
Nov 7 16:33:52 localhost cloud-init: Valid From: Tue Sep 06 13:01:52 2016 UTC
Nov 7 16:33:52 localhost cloud-init: Valid Until: Sat Sep 06 13:01:52 2036 UTC
Nov 7 16:33:52 localhost cloud-init: Joining realm failed: Incorrect password.
Nov 7 16:33:52 localhost cloud-init: Installation failed. Rolling back changes.
Nov 7 16:33:52 localhost cloud-init: IPA client is not configured on this systee
m.

Version-Release number of selected component (if applicable):
6.2.3

How reproducible:

Steps to Reproduce:
1. Create new image, configure for user-data
2. Configure Satellite for idm integration (follow docs :))
3. Create new host

Actual results:
See the above error, system listed not enrolled in idm (so satellite actually did create the object in idm)

Expected results:
system is enrolled, i can log in

Additional info:


Related issues

Related to Foreman - Bug #10119: @host.otp isn't detemplated in user-dataRejected2015-04-12

Associated revisions

Revision b48d799a (diff)
Added by dmitry Vasilets 5 months ago

Fixes #17292 - take otp before save host

History

#1 Updated by Maxim Burgerhout almost 3 years ago

  • Related to Bug #10119: @host.otp isn't detemplated in user-data added

#2 Updated by Dis McCarthy over 2 years ago

This is still affecting us when provisioning AWS hosts. It sets the random OTP in FreeIPA, but the host template receives "$HOST[OTP]" (as seen in the template on the host as well as in the process list while it tries to enroll.)

As a bonus, it prevents the hult/ipa module from fixing the install on later runs because it just looks for 'host exists', not for 'with the wrong password'.

#3 Updated by Steve D almost 2 years ago

Also seeing this issue in 1.15.6 with ec2 resource.

#4 Updated by The Foreman Bot over 1 year ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/5542 added

#5 Updated by Sven Vogel 11 months ago

Hi,

the issue should be resolved in this pull request.

https://github.com/theforeman/foreman/pull/5542

when it will be merged?

thanks

Sven

#6 Updated by Stephan Schultchen 9 months ago

I just stumbled across this issue, i applied the patch to my foreman 1.20 installation, and it fixed the issue.

would be great if this could be merged into foreman 1.20.1

#7 Updated by Lukas Zapletal 5 months ago

  • Fixed in Releases 1.22.0 added

#8 Updated by dmitry Vasilets 5 months ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF