Project

General

Profile

Actions

Feature #22739

closed

formain-maintain fails to use hammer if config has host: localhost

Added by Kavita Gaikwad about 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Category:
Procedure
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Description of problem:
hammer in previous versions did not validate SSL certificates and the installer generated the global config with `host: https://localhost`:

  1. cat /etc/hammer/cli.modules.d/foreman.yml
    :foreman: # Enable/disable foreman commands
    :enable_module: true
    1. Your foreman server address
      :host: 'https://localhost/'
    1. Credentials. You'll be asked for them interactively if you leave them blank here
      :username: 'admin'
      #:password: 'example'
    1. Check API documentation cache status on each request
      #:refresh_cache: false
    1. API request timeout. Set to -1 for no timeout
      #:request_timeout: 120 #seconds
    1. Follow API redirects. One of :never, :default, :always
    2. Value :default means RestClient default behaviour - follow only in GET and HEAD requests
      #:follow_redirects: :never

When the user took that file and used it as a template for their ~/.hammer/cli.modules.d/foreman.yml, they'd end up with:

  1. cat ~/.hammer/cli.modules.d/foreman.yml
    :foreman: # Enable/disable foreman commands
    :enable_module: true
    1. Your foreman server address
      :host: 'https://localhost/'
    1. Credentials. You'll be asked for them interactively if you leave them blank here
      :username: 'admin'
      :password: 'changeme'

(or similar)

Now, hammer started to verify the SSL certificate, and the global config is regenerated properly by the installer:

  1. cat /etc/hammer/cli.modules.d/foreman.yml
    :foreman: # Enable/disable foreman commands
    :enable_module: true
    1. Your foreman server address
      :host: 'https://sat-6-2-qa-rhel7.kangae.example.com'

:ssl:
:ssl_ca_file: '/etc/pki/katello/certs/katello-server-ca.crt'

However, due to the fact that the user has `:host: 'https://localhost/'` in their ~/.hammer, this takes precedence and every hammer call fails.

foreman-maintain also generates an own config, based on the one in ~/.hammer:

  1. cat /etc/foreman-maintain/foreman-maintain-hammer.yml
    ---
    :foreman:
    :enable_module: true
    :host: https://localhost/
    :username: admin
    :password: changeme

So to make f-maintain work, both files need to drop the `:host:` entry.

As a user, I think I'd like f-maintain to:
1. check my ~/.hammer/cli.modules.d/foreman.yml and warn me if it has anything else than $(hostname -f) for host
2. only copy username and password to /etc/foreman-maintain/foreman-maintain-hammer.yml (like it is done in the case there is no config in ~/.hammer and the user is asked)

Version-Release number of selected component (if applicable):
rubygem-foreman_maintain-0.1.3-1.el7sat.noarch

How reproducible:
100%

Steps to Reproduce:
1. have ":host: 'https://localhost/'" in ~/.hammer/cli.modules.d/foreman.yml
2. foreman-maintain upgrade run --target-version 6.3

Actual results:
Running Checks after upgrading to Satellite 6.3 ================================================================================
Check for paused tasks: [OK]
--------------------------------------------------------------------------------
Check whether all services are running using hammer ping: [FAIL]
SSL error: hostname "localhost" does not match the server certificate
--------------------------------------------------------------------------------

Expected results:
Upgrade continues because "hammer ping" worked fine.


Related issues 1 (0 open1 closed)

Related to Foreman Maintain - Bug #21740: Reenable sync step fails when hammer is not properly configuredClosedMartin Bacovsky11/22/2017Actions
Actions #1

Updated by Kavita Gaikwad about 6 years ago

  • Bugzilla link set to 1547912
Actions #2

Updated by Martin Bacovsky about 6 years ago

  • Category set to Procedure
  • Status changed from New to Assigned
  • Assignee changed from Kavita Gaikwad to Martin Bacovsky
  • Target version set to 251
Actions #3

Updated by Martin Bacovsky about 6 years ago

  • Related to Bug #21740: Reenable sync step fails when hammer is not properly configured added
Actions #4

Updated by The Foreman Bot almost 6 years ago

  • Pull request https://github.com/theforeman/foreman_maintain/pull/165 added
Actions #5

Updated by Martin Bacovsky almost 6 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF