Unattended IPA enrollment during kickstart does not add SSH public keys and does not create DNS SSHFP Resource Records

Solution Verified - Updated -

Issue

  • When configuring a RHEL 6.x (tested 6.4, 6.5 and 6.6) as an ipa-client on a RHEL 7 based IdM server there are no SSHFP resource records created in the IdM DNS server.
  • If this same procedure is executed after install these RR are correctly created.
  • These are the steps:
    • create a host with a one time password in IdM
    • prepare provisioning on the satellite (cobbler, post script)
    • install system (via PXE boot from satellite)

  • The command to configure the ipa-client in the kickstart procedure is:

    if [ ! "x${OTP}" = "x" ]
then
  ipa-client-install -w $OTP -U --enable-dns-updates
else
  echo "One Time Password not set! Skipping IPA client install!"
fi

  • OTP is defined in ks-meta in cobbler.

  • In a second test the ipa-client-install was not executed during kickstart, but after the system was installed. The same command was used. In this test the SSHFP RR were created correctly.

Environment

  • Red Hat Enterprise Linux (RHEL) 6 and 7
  • Red Hat Identity Management (IPA) server

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content