Unattended IPA enrollment during kickstart does not add SSH public keys and does not create DNS SSHFP Resource Records
Issue
- When configuring a RHEL 6.x (tested 6.4, 6.5 and 6.6) as an ipa-client on a RHEL 7 based IdM server there are no SSHFP resource records created in the IdM DNS server.
- If this same procedure is executed after install these RR are correctly created.
- These are the steps:
- create a host with a one time password in IdM
- prepare provisioning on the satellite (cobbler, post script)
- install system (via PXE boot from satellite)
-
The command to configure the ipa-client in the kickstart procedure is:
if [ ! "x${OTP}" = "x" ] then ipa-client-install -w $OTP -U --enable-dns-updates else echo "One Time Password not set! Skipping IPA client install!" fi -
OTP is defined in ks-meta in cobbler.
- In a second test the ipa-client-install was not executed during kickstart, but after the system was installed. The same command was used. In this test the SSHFP RR were created correctly.
Environment
- Red Hat Enterprise Linux (RHEL) 6 and 7
- Red Hat Identity Management (IPA) server
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
