Unattended IPA enrollment during kickstart does not add SSH public keys and does not create DNS SSHFP Resource Records
Issue
- When configuring a RHEL 6.x (tested 6.4, 6.5 and 6.6) as an ipa-client on a RHEL 7 based IdM server there are no SSHFP resource records created in the IdM DNS server.
- If this same procedure is executed after install these RR are correctly created.
- These are the steps:
- create a host with a one time password in IdM
- prepare provisioning on the satellite (cobbler, post script)
- install system (via PXE boot from satellite)
-
The command to configure the ipa-client in the kickstart procedure is:
if [ ! "x${OTP}" = "x" ] then ipa-client-install -w $OTP -U --enable-dns-updates else echo "One Time Password not set! Skipping IPA client install!" fi
-
OTP is defined in ks-meta in cobbler.
- In a second test the ipa-client-install was not executed during kickstart, but after the system was installed. The same command was used. In this test the SSHFP RR were created correctly.
Environment
- Red Hat Enterprise Linux (RHEL) 6 and 7
- Red Hat Identity Management (IPA) server
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.