Foreman » Installer

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1501980

Description of problem:
When deploying Satellite 6.3 snap 19 with a custom certificate hammer errors out with every command until :ssl_ca_file: is configured to point to the ca bundle.

Version-Release number of selected component (if applicable):
6.3 snap19

How reproducible:
Easy

Steps to Reproduce:
1. Install Satellite with custom certificates
2. run hammer with out arguments
3.

Actual results:

1. hammer
   Could not load the API description from the server: SSL certificate verification failed
   Make sure you configured the correct URL and have the server's CA certificate installed on your system.

The following configuration option were used for the SSL connection:
ssl_ca_file = /etc/pki/katello/certs/katello-default-ca.crt

Make sure the location contains an unexpired and valid CA certificate for https://sat63-snap19.example.com

Warning: An error occured while loading module hammer_cli_csv
Could not load the API description from the server: SSL certificate verification failed
Make sure you configured the correct URL and have the server's CA certificate installed on your system.

The following configuration option were used for the SSL connection:
ssl_ca_file = /etc/pki/katello/certs/katello-default-ca.crt

Make sure the location contains an unexpired and valid CA certificate for https://sat63-snap19.example.com

Warning: An error occured while loading module hammer_cli_foreman
Could not load the API description from the server: SSL certificate verification failed
Make sure you configured the correct URL and have the server's CA certificate installed on your system.

The following configuration option were used for the SSL connection:
ssl_ca_file = /etc/pki/katello/certs/katello-default-ca.crt

Make sure the location contains an unexpired and valid CA certificate for https://sat63-snap19.example.com

Warning: An error occured while loading module hammer_cli_foreman_bootdisk
Could not load the API description from the server: SSL certificate verification failed
Make sure you configured the correct URL and have the server's CA certificate installed on your system.

The following configuration option were used for the SSL connection:
ssl_ca_file = /etc/pki/katello/certs/katello-default-ca.crt

Make sure the location contains an unexpired and valid CA certificate for https://sat63-snap19.example.com

Warning: An error occured while loading module hammer_cli_foreman_docker
Could not load the API description from the server: SSL certificate verification failed
Make sure you configured the correct URL and have the server's CA certificate installed on your system.

The following configuration option were used for the SSL connection:
ssl_ca_file = /etc/pki/katello/certs/katello-default-ca.crt

Make sure the location contains an unexpired and valid CA certificate for https://sat63-snap19.example.com

Warning: An error occured while loading module hammer_cli_foreman_openscap
Could not load the API description from the server: SSL certificate verification failed
Make sure you configured the correct URL and have the server's CA certificate installed on your system.

The following configuration option were used for the SSL connection:
ssl_ca_file = /etc/pki/katello/certs/katello-default-ca.crt

Make sure the location contains an unexpired and valid CA certificate for https://sat63-snap19.example.com

Warning: An error occured while loading module hammer_cli_foreman_remote_execution
Warning: An error occured while loading module hammer_cli_foreman_tasks
Could not load the API description from the server: SSL certificate verification failed
Make sure you configured the correct URL and have the server's CA certificate installed on your system.

The following configuration option were used for the SSL connection:
ssl_ca_file = /etc/pki/katello/certs/katello-default-ca.crt

Make sure the location contains an unexpired and valid CA certificate for https://sat63-snap19.example.com

Warning: An error occured while loading module hammer_cli_foreman_virt_who_configure
Could not load the API description from the server: SSL certificate verification failed
Make sure you configured the correct URL and have the server's CA certificate installed on your system.

The following configuration option were used for the SSL connection:
ssl_ca_file = /etc/pki/katello/certs/katello-default-ca.crt

Make sure the location contains an unexpired and valid CA certificate for https://sat63-snap19.example.com

Warning: An error occured while loading module hammer_cli_katello

Expected results:
Hammer should work out of the box even when using custom certificates.

Additional info:
This was not needed in 6.2, so I'm not sure if this is something the installer does differently or what's going on but when creating a ~/.hammer/cli_config.yml with the following content it works:

:ssl:
:ssl_ca_file: '/root/ca-chain.pem'

Satellite was installed with the following: satellite-installer --scenario satellite --certs-server-cert "/root/sat63-snap19.example.com.crt" --certs-server-cert-req "/root/fake.csr" --certs-server-key "/root/sat63-snap19.example.com.key" --certs-server-ca-cert "/root/ca-chain.pem" --foreman-admin-password redhat123 --foreman-initial-organization "testday" --foreman-proxy-tftp true

And output of katello-certs-check:
Checking expiration of certificate: [OK]
Checking expiration of CA bundle: [OK]
Validating the certificate subject= /C=SE/ST=Stockholm/O=opuk lab/OU=opuk lab intermediate/CN=sat63-snap19.example.com/emailAddress=root@example.com
Checking to see if the private key matches the certificate: [OK]
Checking ca bundle against the cert file: [OK]
Checking for non ascii characters[OK]