Bug 1520476

Summary: During upgrade /etc/hammer/cli.modules.d/foreman.yml is not overwritten
Product: Red Hat Satellite Reporter: Lukas Zapletal <lzap>
Component: UpgradesAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED DUPLICATE QA Contact: Katello QA List <katello-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.3.0CC: bbuckingham, brubisch, inecas, lzap, mbacovsk
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-11 12:54:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1122832    

Description Lukas Zapletal 2017-12-04 14:39:08 UTC 
During 6.3 upgrade, hammer certificate is not updated, the configuration file is saved as "rpmnew". I think better fit would be to replace config and do "rpmsave" of the old one, since hammer is mostly used on Satellite Server itself.

[root@zzzap ~]# rpm -qc tfm-rubygem-hammer_cli_foreman
/etc/hammer/cli.modules.d/foreman.yml

[root@zzzap ~]# cat /etc/hammer/cli.modules.d/foreman.yml
:foreman:
  # Enable/disable foreman commands
  :enable_module: true

  # Your foreman server address
  :host: 'https://zzzap.lab.eng.brq.redhat.com'

:ssl:
  :ssl_ca_file: '/etc/pki/katello/certs/katello-default-ca.crt'


If you agree, please triage and move this into 6.3 GA under hammer component. If you don't agree, please make this a DOCO BZ - we need to tell the user to modify this file - to copy rpmnew over to the existing config.

SYMPTOMS: Hammer is unable to do any action on satellite due to bad cert as we renamed the cert in 6.3:

-------
 :ssl:
-  :ssl_ca_file: '/etc/pki/katello/certs/katello-default-ca.crt'
+  :ssl_ca_file: '/etc/pki/katello/certs/katello-server-ca.crt'
--------
Comment 1 Brad Buckingham 2017-12-11 12:32:40 UTC 
Thanks for creating the bugzilla.

Could this be a duplicate of bug 1501980?  Comment 4 mentions the same workaround for altering ssl_ca_file.
Comment 2 Lukas Zapletal 2017-12-11 12:54:50 UTC 
Indeed a dupe of bug 1501980, can you please give it blocker there? It was asked already, I think it's major upgrade issue for those with custom certs.

*** This bug has been marked as a duplicate of bug 1501980 ***