Project

General

Profile

Feature #23563

Proactively check and correct the host setting under cli_config.yml to use fqdn instead of localhost

Added by Kavita Gaikwad over 2 years ago. Updated almost 2 years ago.

Status:
Ready For Testing
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1563857

Description of problem:
When cli_config.yml was previously configured by the user to use localhost to resolves the Satellite url, hammer will fails after the initial upgrade step, for the same cause then this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1454706

Version-Release number of selected component (if applicable):
6.3.0

How reproducible:
100%

Steps to Reproduce:
1. Configure the following file /root/.hammer/cli_config.yml to use localhost:
:foreman:
:host: 'https://localhost/'
:username: 'admin'
:password: 'changeme'
:request_timeout: 300

2. Run hammer ping, # hammer ping
SSL error: hostname "localhost" does not match the server certificate

Or run foreman-maintain, the following error will be thrown:
Check whether all services are running using hammer ping: [FAIL]
SSL error: hostname "localhost" does not match the server certificate

Actual results:
Upgrading Satellite from 6.2 to 6.3 will causes some hammer configuration to be broken and will prevent some upgrade steps to complete with success since any step using hammer commands will fails with an SSL errror.

Expected results:
We may have foreman-maintain to check the syntax of cli_config.yml, then throws a Warning and ask the user if foreman-maintain can update the configuration right away to use the fqdn, and thus prevent further issue in the installation process and with the usage of hammer cli.

Additional info:
See the following bug https://bugzilla.redhat.com/show_bug.cgi?id=1454706
See the following KCS: https://access.redhat.com/solutions/3364391

Note: We may also consider to bypass any cli_config.yml configured by the user since any syntax error may cause issue with any hammer commands.

History

#1 Updated by Amit Upadhye about 2 years ago

  • Assignee changed from Anurag Patel to Amit Upadhye

#2 Updated by Amit Upadhye about 2 years ago

Kavita Gaikwad wrote:

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1563857

Description of problem:
When cli_config.yml was previously configured by the user to use localhost to resolves the Satellite url, hammer will fails after the initial upgrade step, for the same cause then this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1454706

Version-Release number of selected component (if applicable):
6.3.0

How reproducible:
100%

Steps to Reproduce:
1. Configure the following file /root/.hammer/cli_config.yml to use localhost:
:foreman:
:host: 'https://localhost/'
:username: 'admin'
:password: 'changeme'
:request_timeout: 300

2. Run hammer ping,
  1. hammer ping
    SSL error: hostname "localhost" does not match the server certificate

Or run foreman-maintain, the following error will be thrown:
Check whether all services are running using hammer ping: [FAIL]
SSL error: hostname "localhost" does not match the server certificate

Actual results:
Upgrading Satellite from 6.2 to 6.3 will causes some hammer configuration to be broken and will prevent some upgrade steps to complete with success since any step using hammer commands will fails with an SSL errror.

Expected results:
We may have foreman-maintain to check the syntax of cli_config.yml, then throws a Warning and ask the user if foreman-maintain can update the configuration right away to use the fqdn, and thus prevent further issue in the installation process and with the usage of hammer cli.

Additional info:
See the following bug https://bugzilla.redhat.com/show_bug.cgi?id=1454706
See the following KCS: https://access.redhat.com/solutions/3364391

Note: We may also consider to bypass any cli_config.yml configured by the user since any syntax error may cause issue with any hammer commands.

Kavita Gaikwad wrote:

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1563857

Description of problem:
When cli_config.yml was previously configured by the user to use localhost to resolves the Satellite url, hammer will fails after the initial upgrade step, for the same cause then this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1454706

Version-Release number of selected component (if applicable):
6.3.0

How reproducible:
100%

Steps to Reproduce:
1. Configure the following file /root/.hammer/cli_config.yml to use localhost:
:foreman:
:host: 'https://localhost/'
:username: 'admin'
:password: 'changeme'
:request_timeout: 300

2. Run hammer ping,
  1. hammer ping
    SSL error: hostname "localhost" does not match the server certificate

Or run foreman-maintain, the following error will be thrown:
Check whether all services are running using hammer ping: [FAIL]
SSL error: hostname "localhost" does not match the server certificate

Actual results:
Upgrading Satellite from 6.2 to 6.3 will causes some hammer configuration to be broken and will prevent some upgrade steps to complete with success since any step using hammer commands will fails with an SSL errror.

Expected results:
We may have foreman-maintain to check the syntax of cli_config.yml, then throws a Warning and ask the user if foreman-maintain can update the configuration right away to use the fqdn, and thus prevent further issue in the installation process and with the usage of hammer cli.

Additional info:
See the following bug https://bugzilla.redhat.com/show_bug.cgi?id=1454706
See the following KCS: https://access.redhat.com/solutions/3364391

Note: We may also consider to bypass any cli_config.yml configured by the user since any syntax error may cause issue with any hammer commands.

Kavita Gaikwad wrote:

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1563857

Description of problem:
When cli_config.yml was previously configured by the user to use localhost to resolves the Satellite url, hammer will fails after the initial upgrade step, for the same cause then this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1454706

Version-Release number of selected component (if applicable):
6.3.0

How reproducible:
100%

Steps to Reproduce:
1. Configure the following file /root/.hammer/cli_config.yml to use localhost:
:foreman:
:host: 'https://localhost/'
:username: 'admin'
:password: 'changeme'
:request_timeout: 300

2. Run hammer ping,
  1. hammer ping
    SSL error: hostname "localhost" does not match the server certificate

Or run foreman-maintain, the following error will be thrown:
Check whether all services are running using hammer ping: [FAIL]
SSL error: hostname "localhost" does not match the server certificate

Actual results:
Upgrading Satellite from 6.2 to 6.3 will causes some hammer configuration to be broken and will prevent some upgrade steps to complete with success since any step using hammer commands will fails with an SSL errror.

Expected results:
We may have foreman-maintain to check the syntax of cli_config.yml, then throws a Warning and ask the user if foreman-maintain can update the configuration right away to use the fqdn, and thus prevent further issue in the installation process and with the usage of hammer cli.

Additional info:
See the following bug https://bugzilla.redhat.com/show_bug.cgi?id=1454706
See the following KCS: https://access.redhat.com/solutions/3364391

Note: We may also consider to bypass any cli_config.yml configured by the user since any syntax error may cause issue with any hammer commands.

Few queries on this one,

1. We are already having hammer as feature where we are actually checking if hostname is valid using method on_invalid_host, which then actually uses hostname of system with hammer configuration.
2. The on_invalid_host method does not modify exiting hammer configuration, so is it good idea to ask user in on_invalid_host method itself about overwritting hammer configuration and if answer is yes then change it ?
_
Amit Upadhye.

#3 Updated by Martin Bacovsky about 2 years ago

I'd recommend to not touch Hammer setup during Hammer configuration in f-m. The configuration can be highly customized and ~/.hammer/cli-modules.d/foreman.yaml does not have to be the only location where the password is stored. It may be good to add a separate check perhaps with remediation procedure, but not to bundle it with the hammer setup.

#4 Updated by The Foreman Bot almost 2 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman_maintain/pull/228 added

Also available in: Atom PDF