Feature #22739
closedformain-maintain fails to use hammer if config has host: localhost
Description
Description of problem:
hammer in previous versions did not validate SSL certificates and the installer generated the global config with `host: https://localhost`:
- cat /etc/hammer/cli.modules.d/foreman.yml
:foreman: # Enable/disable foreman commands
:enable_module: true- Your foreman server address
:host: 'https://localhost/'
- Credentials. You'll be asked for them interactively if you leave them blank here
:username: 'admin'
#:password: 'example'
- Check API documentation cache status on each request
#:refresh_cache: false
- API request timeout. Set to -1 for no timeout
#:request_timeout: 120 #seconds
- Follow API redirects. One of :never, :default, :always
- Value :default means RestClient default behaviour - follow only in GET and HEAD requests
#:follow_redirects: :never
- Your foreman server address
When the user took that file and used it as a template for their ~/.hammer/cli.modules.d/foreman.yml, they'd end up with:
- cat ~/.hammer/cli.modules.d/foreman.yml
:foreman: # Enable/disable foreman commands
:enable_module: true- Your foreman server address
:host: 'https://localhost/'
- Credentials. You'll be asked for them interactively if you leave them blank here
:username: 'admin'
:password: 'changeme'
- Your foreman server address
(or similar)
Now, hammer started to verify the SSL certificate, and the global config is regenerated properly by the installer:
- cat /etc/hammer/cli.modules.d/foreman.yml
:foreman: # Enable/disable foreman commands
:enable_module: true- Your foreman server address
:host: 'https://sat-6-2-qa-rhel7.kangae.example.com'
- Your foreman server address
:ssl:
:ssl_ca_file: '/etc/pki/katello/certs/katello-server-ca.crt'
However, due to the fact that the user has `:host: 'https://localhost/'` in their ~/.hammer, this takes precedence and every hammer call fails.
foreman-maintain also generates an own config, based on the one in ~/.hammer:
- cat /etc/foreman-maintain/foreman-maintain-hammer.yml
---
:foreman:
:enable_module: true
:host: https://localhost/
:username: admin
:password: changeme
So to make f-maintain work, both files need to drop the `:host:` entry.
As a user, I think I'd like f-maintain to:
1. check my ~/.hammer/cli.modules.d/foreman.yml and warn me if it has anything else than $(hostname -f) for host
2. only copy username and password to /etc/foreman-maintain/foreman-maintain-hammer.yml (like it is done in the case there is no config in ~/.hammer and the user is asked)
Version-Release number of selected component (if applicable):
rubygem-foreman_maintain-0.1.3-1.el7sat.noarch
How reproducible:
100%
Steps to Reproduce:
1. have ":host: 'https://localhost/'" in ~/.hammer/cli.modules.d/foreman.yml
2. foreman-maintain upgrade run --target-version 6.3
Actual results:
Running Checks after upgrading to Satellite 6.3
================================================================================
Check for paused tasks: [OK]
--------------------------------------------------------------------------------
Check whether all services are running using hammer ping: [FAIL]
SSL error: hostname "localhost" does not match the server certificate
--------------------------------------------------------------------------------
Expected results:
Upgrade continues because "hammer ping" worked fine.
Updated by Martin Bacovsky about 6 years ago
- Category set to Procedure
- Status changed from New to Assigned
- Assignee changed from Kavita Gaikwad to Martin Bacovsky
- Target version set to 251
Updated by Martin Bacovsky about 6 years ago
- Related to Bug #21740: Reenable sync step fails when hammer is not properly configured added
Updated by The Foreman Bot almost 6 years ago
- Pull request https://github.com/theforeman/foreman_maintain/pull/165 added
Updated by Martin Bacovsky almost 6 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
Applied in changeset foreman_maintain|8b3e44a28019f5eb780a6c8d1319031d51ea680f.