This is because the suppress_netgroup_memberof method of both host and hostgroup classes is broken - it removes values from a list while the list is being iterated, which causes some items of the list to be skipped.
suppress_netgroup_memberof
host
hostgroup
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=918261
How to reproduce:
$ ipa host-add host.example.com $ ipa hostgroup-add hostgroup1 --desc Test $ ipa hostgroup-add hostgroup2 --desc Test $ ipa hostgroup-add-member hostgroup2 --hosts host.example.com $ ipa hostgroup-add-member hostgroup1 --hostgroups hostgroup2 $ ipa host-show host.example.com Host name: host.example.com Principal name: host/host.example.com@EXAMPLE.COM Password: False Member of host-groups: hostgroup2 Roles: Entitlement Compliance Indirect Member of netgroup: hostgroup2 # <-- this line should not be here Indirect Member of host-group: hostgroup1 Keytab: True Managed by: host.example.com
Triaged to March.
master: b194b85[[BR]] ipa-3-1: c275c6a
Metadata Update from @jcholast: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 3.2 - 2013/03
Login to comment on this ticket.