Feature #23563
closedProactively check and correct the host setting under cli_config.yml to use fqdn instead of localhost
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1563857
Description of problem:
When cli_config.yml was previously configured by the user to use localhost to resolves the Satellite url, hammer will fails after the initial upgrade step, for the same cause then this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1454706
Version-Release number of selected component (if applicable):
6.3.0
How reproducible:
100%
Steps to Reproduce:
1. Configure the following file /root/.hammer/cli_config.yml to use localhost:
:foreman:
:host: 'https://localhost/'
:username: 'admin'
:password: 'changeme'
:request_timeout: 300
2. Run hammer ping,
# hammer ping
SSL error: hostname "localhost" does not match the server certificate
Or run foreman-maintain, the following error will be thrown:
Check whether all services are running using hammer ping: [FAIL]
SSL error: hostname "localhost" does not match the server certificate
Actual results:
Upgrading Satellite from 6.2 to 6.3 will causes some hammer configuration to be broken and will prevent some upgrade steps to complete with success since any step using hammer commands will fails with an SSL errror.
Expected results:
We may have foreman-maintain to check the syntax of cli_config.yml, then throws a Warning and ask the user if foreman-maintain can update the configuration right away to use the fqdn, and thus prevent further issue in the installation process and with the usage of hammer cli.
Additional info:
See the following bug https://bugzilla.redhat.com/show_bug.cgi?id=1454706
See the following KCS: https://access.redhat.com/solutions/3364391
Note: We may also consider to bypass any cli_config.yml configured by the user since any syntax error may cause issue with any hammer commands.
Updated by Amit Upadhye over 5 years ago
- Assignee changed from Anurag Patel to Amit Upadhye
Updated by Amit Upadhye over 5 years ago
Kavita Gaikwad wrote:
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1563857
Description of problem:
When cli_config.yml was previously configured by the user to use localhost to resolves the Satellite url, hammer will fails after the initial upgrade step, for the same cause then this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1454706Version-Release number of selected component (if applicable):
6.3.0How reproducible:
100%Steps to Reproduce:
2. Run hammer ping,
1. Configure the following file /root/.hammer/cli_config.yml to use localhost:
:foreman:
:host: 'https://localhost/'
:username: 'admin'
:password: 'changeme'
:request_timeout: 300
- hammer ping
SSL error: hostname "localhost" does not match the server certificateOr run foreman-maintain, the following error will be thrown:
Check whether all services are running using hammer ping: [FAIL]
SSL error: hostname "localhost" does not match the server certificateActual results:
Upgrading Satellite from 6.2 to 6.3 will causes some hammer configuration to be broken and will prevent some upgrade steps to complete with success since any step using hammer commands will fails with an SSL errror.Expected results:
We may have foreman-maintain to check the syntax of cli_config.yml, then throws a Warning and ask the user if foreman-maintain can update the configuration right away to use the fqdn, and thus prevent further issue in the installation process and with the usage of hammer cli.Additional info:
See the following bug https://bugzilla.redhat.com/show_bug.cgi?id=1454706
See the following KCS: https://access.redhat.com/solutions/3364391Note: We may also consider to bypass any cli_config.yml configured by the user since any syntax error may cause issue with any hammer commands.
Kavita Gaikwad wrote:
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1563857
Description of problem:
When cli_config.yml was previously configured by the user to use localhost to resolves the Satellite url, hammer will fails after the initial upgrade step, for the same cause then this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1454706Version-Release number of selected component (if applicable):
6.3.0How reproducible:
100%Steps to Reproduce:
2. Run hammer ping,
1. Configure the following file /root/.hammer/cli_config.yml to use localhost:
:foreman:
:host: 'https://localhost/'
:username: 'admin'
:password: 'changeme'
:request_timeout: 300
- hammer ping
SSL error: hostname "localhost" does not match the server certificateOr run foreman-maintain, the following error will be thrown:
Check whether all services are running using hammer ping: [FAIL]
SSL error: hostname "localhost" does not match the server certificateActual results:
Upgrading Satellite from 6.2 to 6.3 will causes some hammer configuration to be broken and will prevent some upgrade steps to complete with success since any step using hammer commands will fails with an SSL errror.Expected results:
We may have foreman-maintain to check the syntax of cli_config.yml, then throws a Warning and ask the user if foreman-maintain can update the configuration right away to use the fqdn, and thus prevent further issue in the installation process and with the usage of hammer cli.Additional info:
See the following bug https://bugzilla.redhat.com/show_bug.cgi?id=1454706
See the following KCS: https://access.redhat.com/solutions/3364391Note: We may also consider to bypass any cli_config.yml configured by the user since any syntax error may cause issue with any hammer commands.
Kavita Gaikwad wrote:
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1563857
Description of problem:
When cli_config.yml was previously configured by the user to use localhost to resolves the Satellite url, hammer will fails after the initial upgrade step, for the same cause then this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1454706Version-Release number of selected component (if applicable):
6.3.0How reproducible:
100%Steps to Reproduce:
2. Run hammer ping,
1. Configure the following file /root/.hammer/cli_config.yml to use localhost:
:foreman:
:host: 'https://localhost/'
:username: 'admin'
:password: 'changeme'
:request_timeout: 300
- hammer ping
SSL error: hostname "localhost" does not match the server certificateOr run foreman-maintain, the following error will be thrown:
Check whether all services are running using hammer ping: [FAIL]
SSL error: hostname "localhost" does not match the server certificateActual results:
Upgrading Satellite from 6.2 to 6.3 will causes some hammer configuration to be broken and will prevent some upgrade steps to complete with success since any step using hammer commands will fails with an SSL errror.Expected results:
We may have foreman-maintain to check the syntax of cli_config.yml, then throws a Warning and ask the user if foreman-maintain can update the configuration right away to use the fqdn, and thus prevent further issue in the installation process and with the usage of hammer cli.Additional info:
See the following bug https://bugzilla.redhat.com/show_bug.cgi?id=1454706
See the following KCS: https://access.redhat.com/solutions/3364391Note: We may also consider to bypass any cli_config.yml configured by the user since any syntax error may cause issue with any hammer commands.
Few queries on this one,
1. We are already having hammer as feature where we are actually checking if hostname is valid using method on_invalid_host, which then actually uses hostname of system with hammer configuration.
2. The on_invalid_host method does not modify exiting hammer configuration, so is it good idea to ask user in on_invalid_host method itself about overwritting hammer configuration and if answer is yes then change it ?
_
Amit Upadhye.
Updated by Martin Bacovsky over 5 years ago
I'd recommend to not touch Hammer setup during Hammer configuration in f-m. The configuration can be highly customized and ~/.hammer/cli-modules.d/foreman.yaml does not have to be the only location where the password is stored. It may be good to add a separate check perhaps with remediation procedure, but not to bundle it with the hammer setup.
Updated by The Foreman Bot over 5 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman_maintain/pull/228 added
Updated by Eric Helms 2 months ago
- Status changed from Ready For Testing to Rejected