[Spacewalk-list] Unable to fully domain join server during bootstrap
DiOrio, Max
Max.DiOrio at ieeeglobalspec.com
Wed Mar 7 20:08:05 UTC 2018
Hi,
I have a slightly convoluted setup. We use OpenNebula to deploy VM's, which has a customization piece. The customization file used to run:
kinit svc_sc_user at DOMAIN -k -t /tmp/svc_sc_user.keytab
realm join domain.com --os-name='RedHat Enterprise Linux' --os-version='7.4' --computer-ou=OU=Linux,OU=DevPortal,OU=Servers,OU=Devices
Download and extract nsswich.conf and sssd.conf to the appropriate directories
Service sssd restart
This has worked flawlessly for months. Now we decided to implement SpaceWalk for better control over patching and config file management. So I moved the domain join script over to a configuration channel, and now instead of running the join directly, OpenNebula customization pulls down and runs my Spacewalk bootstrap.
I have my bootstrap script pulling down a managed configuration file which is a script to /usr/opt/bin/domainjoin (root:root 755). At the end of the bootstrap script, I run the script it downloaded.
The script is quite simple.
#!/bin/bash
rhncfg-client get /tmp/svc_sc_user.keytab
kinit svc_sc_user at DOMAIN -k -t /tmp/svc_sc_user.keytab
realm join domain.com --os-name='RedHat Enterprise Linux' --os-version='7.4' --computer-ou=OU=Linux,OU=DevPortal,OU=Servers,OU=Devices
rm /tmp/svc_sc_user.keytab
rhncfg-client get /etc/sssd/sssd.conf
rhncfg-client get /etc/nsswitch.conf
service sssd restart
When running the script manually logged in as root, everything works perfectly.
When running through the OpenNebula customization and running bootstrap, it claims it joins the domain, but fails to create the /etc/krb5.keytab file, never actually joins the domain and sssd fails to start.
I'm completely baffled by this. How does the same essential script work fine from OpenNebula config, but not from the script downloaded via boostrap?
Max DiOrio
Global Systems Administrator
[cid:image002.jpg at 01D26A5C.D5C0BF00]
201 Fuller Road, Suite 202
Albany, NY 12203-3621
Phone: +518-238-6516 | Mobile: +518-944-5289
max.diorio at ieeeglobalspec.com<mailto:max.diorio at ieeeglobalspec.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20180307/c93f28a3/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2276 bytes
Desc: image001.jpg
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20180307/c93f28a3/attachment.jpg>
More information about the Spacewalk-list
mailing list