FreeIPA Realm Update Issue on Re-Build

Afternoon all,

Recently, I updated and rebuilt our Foreman infrastructure, going from 1.21.0-RC4 on Ubuntu to 1.24.2 on CentOS 7.

We utilize the FreeIPA Realm plugin for Smart-Proxy and is where my present issue lies.

Previously, on 1.21.0, after a host was successfully built, initiating a ‘Build’ from the GUI would trigger a realm_update query to wipe the existing keytab from FreeIPA and re-issue the OTP.

Currently, on 1.24.2, the initial build functions correctly, but initiating a re-build does not cause a realm_update. The only work-around is to fully delete the host in Foreman and create new.

Is this some functionality that has changed to anyone’s knowledge or indeed a bug?


Not many changes, however the most recent patch changed priority from 50 to 1 so the step should be executed earlier. Could be a bug, try to lower the priority:

Appreciate the suggestion, lzap. Unfortunately that didn’t appear to solve the issue.

Could you point me in the direction as to what function is triggered when the ‘Build’ button is pressed within the gui?

It’s almost appearing that since the realm/hostname is not changing between builds (as it’s simply a re-build of an existing host) the realm_update function is not being called. I’m not seeing any evidence in logs pointing to a failure to update the realm on re-build either.

If you investigate the file I sent you, that’s what’s being actually called. In the “queue” method, there might be something missing so it does not get queued. Enable debug mode to see which actions are in the queue.

Few things:
I enabled debug-level logging on foreman and confirmed that the realm task is not getting queued on host re-build.

Also, digging through some of the code, I saw that there is a method in /app/models/host/managed.rb that sets: set_realm :rebuild => true. However, outside of logging, :rebuild isn’t defined in realm.rb

The “rebuild” flag is passed into the API and processed in smart-proxy:

Share debug logs of the transaction with us, both from foreman and smart proxy. Use request ID to grep relevant lines please.