Fixes #17292 - take otp for freeipa before save @host object in db

[pronix]

https://bugzilla.redhat.com/show_bug.cgi?id=1392620

For render user data with otp for freeipa registrytion, host object should have otp before created job for render userdata.

[theforeman-bot]

Do not merge! This patch has not been tested yet.

Can an existing organization member please verify this patch?

[theforeman-bot]

Do not merge! This patch has not been tested yet.

Can an existing organization member please verify this patch?

[theforeman-bot]

Do not merge! This patch has not been tested yet.

Can an existing organization member please verify this patch?

[theforeman-bot]

Issues: #17292

[theforeman-bot]

There were the following issues with the commit message:

• length of the first commit message line for 5896e41 exceeds 65 characters

If you don't have a ticket number, please create an issue in Redmine.

More guidelines are available in Coding Standards or on the Foreman wiki.

---

This message was auto-generated by Foreman's prprocessor

[mmoll]

ok to test

[timogoebel]

@pronix: Thanks. I left some comments. Do you mind adding a test for this as well? Thanks.

[timogoebel]

Why is this needed? Just as a gard, because the realm would be set twice otherwise (once from handle_realm_without_save and once from queue_realm_create)?

[pronix]

it is also big difference when you have record in ipa and trying to update it, and when you trying to recreate token for existed record.

[timogoebel]

Isn't it enough to change the priority in queue_realm_create so that this runs earlier than the user data template rendering?

[pronix]

you suggest set priority for queue_realm_create less then 1 ? because setUserData has priority 1

[timogoebel]

Well, I'd set the priority for the realm update to something lower then setUserdata but try to avoid negative numbers.

[pronix]

so i should shift all tasks priority to +1 and insert on first place queue_realm_create.
correct ?

[timogoebel]

I think it should be enough to just increase the compute relates tasks, but in general: Yes.

[pronix]

ok. thanks. today will update.

[theforeman-bot]

There were the following issues with the commit message:

• 9e5236a must be in the format fixes #redmine_number - brief description

If you don't have a ticket number, please create an issue in Redmine.

More guidelines are available in Coding Standards or on the Foreman wiki.

---

This message was auto-generated by Foreman's prprocessor

[timogoebel]

Looks good to me, but I haven't tested this.

[timogoebel]

[test foreman]
[test katello]

[pronix]

@timogoebel looks like jenkins error. can you please retrigger it.

[mmoll]

test failure unrelated 💚

[timogoebel]

Code looks good to me, could somebody please jump in and help with testing this?

[eugen-natucci]

@timogoebel help with testing meaning writing tests? I want to participate.

[timogoebel]

@jewgeni-prokhorenko: More like taking this patch and verifying it does not break provisioning and fixes the issue by manually testing this.

[pronix]

can i help with tests ?

[timogoebel]

can i help with tests ?

Sure!

[alejojo]

Hi @timogoebel and @pronix,
I just tested with foreman 1.19.0-rc1 katello 3.8 and it fails with the following message:

Render user data template for donna-rosch.minet.net task failed with the following error: undefined method `handle_ca' for # Did you mean? handle_realm

[pronix]

hello
i not checked yet with 1.19
during weekend i will recheck it

[alejojo]

Hi @pronix,
I've removed the line 99:

 self.handle_ca

in compute.rb and it's working fine :D

[mmoll]

@pronix What's the status here? Could you please rebase onto current develop?

[pronix]

hello @mmoll
it is in my plan during vacation after 2 weeks :)

[schlitzered]

i just tried the patch with my foreman 1.20 installation and it worked, would be great if this could be merged to foreman 1.20.1

[mmoll]

a rebase and added tests are still needed.

[theforeman-bot]

There were the following issues with the commit message:

• e4e69e1 must be in the format fixes #redmine_number - brief description

If you don't have a ticket number, please create an issue in Redmine.

More guidelines are available in Coding Standards or on the Foreman wiki.

---

This message was auto-generated by Foreman's prprocessor

[tinsjourney]

any update on this PR ?
tried the fix on 1.18.0.39 and it worked

[timogoebel]

@theforeman/core: Could somebody review this? I would do it, but I don't have a testing environment for realm things.

[lzap]

Sorry it took so long. Now, I don't have realm setup as well, but I don't think it's super important to test if the patch fixes the realm issue. What's more important IMHO is test for regressions in compute resource, as you can see this patch changes priority numbers of these and this can have huge impact. I can do that.

Here is an idea - how about to clear priorities for once but forever? The problem is that we have them spread over the codebase and most of them are 1, 2, 3 numbers which makes everything pretty much "random". If you grep queue.create | grep priority you get most of these.

I suggest to create a new file app/services/orchestration/priority.rb with an explicit list of priority numbers as constants:

module Priority
  PRIORITY_CORE_DHCP_CREATE = 10
  PRIORITY_CORE_DHCP_DELETE = 9
  # etc for all orchestration "queue.create" calls

  # Katello
  PRIORITY_KATELLO_CV_CREATE = 30

This could be mixed in everywhere needed and then we would benefit from a single place with all priorities. We could do a breaking change and setup all orchestration order for once and forever so at least in core we have it in expected order and with some reasonable numbers like 100, 200, 300, 310, 320 so plugins could take advantage of that. I would file such a patch if folks are interested - @timogoebel and @tbrisker

Edit: I think it's worth to actually allow plugin authors to commit changes to the file so even plugins cant take advantage of seeing everything in one place. This is not tight coupling, this is just a list of numbers on a single place.

[lzap]

A simple example with libvirt VM works just fine:

[app|D|dc6|fe5] Scheduling new DHCP reservations for leigh-canupp.home.lan
[app|D|dc6|fe5] Enqueued task 'dhcp_create_192.168.99.194' to 'Host::Managed Main' queue
[app|D|dc6|fe5] Current organization set to MyOrg
[app|D|dc6|fe5] Current location set to MyLoc
[app|D|dc6|fe5] Current location set to none
[app|D|dc6|fe5] Current organization set to none
[app|D|dc6|fe5] Enqueued task 'Deploy TFTP PXELinux config for leigh-canupp.home.lan' to 'Host::Managed Main' queue
[app|D|dc6|fe5] Enqueued task 'Deploy TFTP PXEGrub2 config for leigh-canupp.home.lan' to 'Host::Managed Main' queue
[app|D|dc6|fe5] Enqueued task 'Deploy TFTP PXEGrub config for leigh-canupp.home.lan' to 'Host::Managed Main' queue
[app|D|dc6|fe5] Enqueued task 'Deploy TFTP iPXE config for leigh-canupp.home.lan' to 'Host::Managed Main' queue
[app|D|dc6|fe5] Enqueued task 'Fetch TFTP boot files for leigh-canupp.home.lan' to 'Host::Managed Main' queue
[app|D|dc6|fe5] Enqueued task 'Set up compute instance leigh-canupp.home.lan' to 'Host::Managed Main' queue
[app|D|dc6|fe5] Enqueued task 'Query instance details for leigh-canupp.home.lan' to 'Host::Managed Main' queue
[app|D|dc6|fe5] Observed create hook on leigh-canupp.home.lan
[app|D|dc6|fe5] Observed postcreate hook on leigh-canupp.home.lan
[app|D|dc6|fe5] Queuing 1 hooks for Host::Managed#postcreate

I am giving this a go, we are unlikely able to test all the plugins.

[lzap]

Thanks.

[lzap]

https://community.theforeman.org/t/idea-one-place-for-orchestration-priorities/13168