From 05f650d5da5f5e4b5d0e836a09e9cd7617be02a7 Mon Sep 17 00:00:00 2001
From: Grzegorz Grasza <xek@redhat.com>
Date: Tue, 23 Apr 2019 17:43:32 +0200
Subject: [PATCH] Fix IPA client when doing brownfield deployment of internal
 TLS

* Always use the FQDN supplied in the metadata.
* Read the metadata from network if hostname could not be determined.

These changes fix issues with deploying internal TLS after initialy
deploying without it (also known as a "brownfield deployment").

Change-Id: I9d1b4174dd349c29dc92079202176a11d3f85fe3
Co-Authored-By: Ade Lee <alee@redhat.com>
---
 extraconfig/services/ipaclient.yaml | 32 ++++++++++++++---------------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/extraconfig/services/ipaclient.yaml b/extraconfig/services/ipaclient.yaml
index 64dc50691a..c8b5963b46 100644
--- a/extraconfig/services/ipaclient.yaml
+++ b/extraconfig/services/ipaclient.yaml
@@ -106,34 +106,32 @@ outputs:
                     fi
                 }
 
-                if ! get_metadata_config_drive; then
-                   if ! get_metadata_network; then
-                       echo "FATAL: No metadata available"
+                function get_fqdn {
+                    # Get the instance hostname out of the metadata
+                    fqdn=`echo $data | {{ python_interpreter }} -c 'import json,sys;obj=json.load(sys.stdin);print(obj.get("join", {}).get("hostname", ""))'`
+                    if [ -z "$fqdn"]; then
+                        echo "Unable to determine hostname"
+                        return 1
+                    fi
+                    return 0
+                }
+
+                if ! get_metadata_config_drive || ! get_fqdn; then
+                   if ! get_metadata_network || ! get_fqdn; then
+                       echo "FATAL: No metadata available or could not read the hostname from the metadata"
                        exit 1
                    fi
                 fi
 
-                # Get the instance hostname out of the metadata
-                fqdn=`echo $data | {{ python_interpreter }} -c 'import json,sys;obj=json.load(sys.stdin);print(obj.get("join", {}).get("hostname", ""))'`
-
-                if [ -z "$fqdn" ]; then
-                    echo "Unable to determine hostname"
-                    exit 1
-                fi
-
                 realm=`echo $data | {{ python_interpreter }} -c 'import json,sys;obj=json.load(sys.stdin);print(obj.get("join", {}).get("krb_realm", ""))'`
                 otp=`echo $data | {{ python_interpreter }} -c 'import json,sys;obj=json.load(sys.stdin);print(obj.get("join", {}).get("ipaotp", ""))'`
 
-                hostname=`/bin/hostname -f`
-
                 # Force hostname to use the FQDN
                 hostnamectl set-hostname $fqdn
 
                 # run ipa-client-install
-                OPTS="-U -w $otp"
-                if [ $hostname != $fqdn ]; then
-                    OPTS="$OPTS --hostname $fqdn"
-                fi
+                OPTS="-U -w $otp --hostname $fqdn"
+
                 if [ -n "$realm" ]; then
                     OPTS="$OPTS --realm=$realm"
                 fi