In deployment/nova/novajoin-container-puppet.yaml we call the following to enroll in freeipa:
- name: Enroll to FreeIPA
command: ipa-client-install -U --password={{ ipa_otp }}
args:
creates: /etc/ipa/default.conf
when: ipa_otp != ''
Now in our documentation for the undercloud https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/deployment/install_undercloud.html we state that we need to add the following line to /etc/hosts:
127.0.0.1 myhost.mydomain myhost
This will break enrollment in case /etc/hosts has a line like '127.0.0.1 localhost.localdomain localhost' *before* the myhost.. one. That is because ipa-client-install by default will call python's socket fqdn() to determine the hostname to send to freeipa and that can potentially send localhost.localdomain to the freeipa server and the enrollment will fail with:
Invalid hostname, 'localhost.localdomain' must not be used.
The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
Since it seems to me that we tried to work around this at least in infrared (see https://review.gerrithub.io/c/redhat-openstack/infrared/+/480005) which shuffled around the lines in /etc/hosts, I think we can make this more robust by enrolling with the proper fqdn which we know about.
Fix proposed to branch: master
Review: https:/