Fix IPA client when doing brownfield deployment of internal TLS

* Always use the FQDN supplied in the metadata. * Read the metadata from network if hostname could not be determined. These changes fix issues with deploying internal TLS after initialy deploying without it (also known as a "brownfield deployment"). Change-Id: I9d1b4174dd349c29dc92079202176a11d3f85fe3 Co-Authored-By: Ade Lee <alee@redhat.com>
2019-04-23 17:43:32 +02:00 · 2019-04-23 17:43:32 +02:00 · 05f650d5da
parent 7cd0e8ff7b
commit 05f650d5da
1 changed files with 15 additions and 17 deletions
--- a/extraconfig/services/ipaclient.yaml
+++ b/extraconfig/services/ipaclient.yaml
@ -106,34 +106,32 @@ outputs:
                    fi
                }

-                if ! get_metadata_config_drive; then
-                   if ! get_metadata_network; then
-                       echo "FATAL: No metadata available"
+                function get_fqdn {
+                    # Get the instance hostname out of the metadata
+                    fqdn=`echo $data | {{ python_interpreter }} -c 'import json,sys;obj=json.load(sys.stdin);print(obj.get("join", {}).get("hostname", ""))'`
+                    if [ -z "$fqdn"]; then
+                        echo "Unable to determine hostname"
+                        return 1
+                    fi
+                    return 0
+                }
+
+                if ! get_metadata_config_drive || ! get_fqdn; then
+                   if ! get_metadata_network || ! get_fqdn; then
+                       echo "FATAL: No metadata available or could not read the hostname from the metadata"
                       exit 1
                   fi
                fi

-                # Get the instance hostname out of the metadata
-                fqdn=`echo $data | {{ python_interpreter }} -c 'import json,sys;obj=json.load(sys.stdin);print(obj.get("join", {}).get("hostname", ""))'`
-
-                if [ -z "$fqdn" ]; then
-                    echo "Unable to determine hostname"
-                    exit 1
-                fi
-
                realm=`echo $data | {{ python_interpreter }} -c 'import json,sys;obj=json.load(sys.stdin);print(obj.get("join", {}).get("krb_realm", ""))'`
                otp=`echo $data | {{ python_interpreter }} -c 'import json,sys;obj=json.load(sys.stdin);print(obj.get("join", {}).get("ipaotp", ""))'`

-                hostname=`/bin/hostname -f`
-
                # Force hostname to use the FQDN
                hostnamectl set-hostname $fqdn

                # run ipa-client-install
-                OPTS="-U -w $otp"
-                if [ $hostname != $fqdn ]; then
-                    OPTS="$OPTS --hostname $fqdn"
-                fi
+                OPTS="-U -w $otp --hostname $fqdn"
+
                if [ -n "$realm" ]; then
                    OPTS="$OPTS --realm=$realm"
                fi