Bug 1454706

Summary: With SSL verification in hammer the installer should set up hostname in foreman.yml
Product: Red Hat Satellite Reporter: Lukas Pramuk <lpramuk>
Component: InstallationAssignee: Eric Helms <ehelms>
Status: CLOSED ERRATA QA Contact: Lukas Pramuk <lpramuk>
Severity: medium Docs Contact:
Priority: medium    
Version: NightlyCC: bbuckingham, ktordeur, stbenjam
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-21 17:00:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lukas Pramuk 2017-05-23 11:22:55 UTC
Description of problem:
With new SSL verification in hammer the default :host: 'https://localhost/' in /etc/hammer/cli.modules.d/foreman.yml no longer works.

The installer should adjust foreman.yml content to point (local!) hammer to the foreman server hostname :host: 'https://<FQDN>/' to match hostname in the server cert

Version-Release number of selected component (if applicable):
Nightly (satellite-6.3.0-11.1.beta.el7sat.noarch)

How reproducible:
100%

Steps to Reproduce:
1. # hammer organization
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_csv
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_foreman
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_foreman_bootdisk
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_foreman_docker
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_foreman_remote_execution
Warning: An error occured while loading module hammer_cli_foreman_tasks
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_katello
Error: No such sub-command 'organization'


Actual results:
local hammer is broken

Expected results:
I would like to have local hammer (that resides on satellite) enabled that by default.


Additional info:

Is user required to enable candlepin, pulp, or qpid ssl certs? Definitely not!
CLI (hammer) is just the same component. 
Hammer setup step(s) should be performed by installer by default as are for all other stuff.

Comment 2 Lukas Pramuk 2017-08-31 13:40:24 UTC
VERIFIED.

@satellite-6.3.0-16.0.beta.el7sat.noarch
foreman-1.15.3-2.el7sat.noarch
katello-3.4.4-2.el7sat.noarch


# grep https: /etc/hammer/cli.modules.d/foreman.yml
  :host: 'https://<SATFQDN>'

>>> config yaml contains FQDN instead of 'localhost'

# hammer organization list
---|----------------------|-------------|----------------------|------------
ID | NAME                 | DESCRIPTION | LABEL                | DESCRIPTION
---|----------------------|-------------|----------------------|------------
1  | Default Organization |             | Default_Organization |            
---|----------------------|-------------|----------------------|------------

>>> hammer works without server certificate errors

Comment 3 Bryan Kearney 2018-02-21 17:00:02 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336