DescriptionBarbora Vassova
2021-05-03 08:24:35 UTC
Description of problem:
When running satellite-maintain health check (on Capsule), in one step it runs the following command
D, [2021-03-21 23:59:25+0100 #6755] DEBUG -- : Running command curl -w '
%{http_code}' -s --cert '/etc/foreman-proxy/foreman_ssl_cert.pem' --key '/etc/foreman-proxy/foreman_ssl_key.pem' --cacert '/etc/foreman-proxy/foreman_ssl_ca.pem' https://$(hostname):9090/features with stdin nil
This command uses "hostname" instead of "hostname -f" which causes logging of errors in /var/log/foreman-proxy/proxy.log
2021-03-29T13:08:43 [E] <OpenSSL::SSL::SSLError> SSL_accept returned=1 errno=0 state=error: sslv3 alert bad certificate
when the system has shortname defined (together with proper fqdn - there is no issue there) and is using custom certs. Running the curl command manually produces this error:
Unable to communicate securely with peer: requested domain name does not match the server's certificate.
while, when using "hostname -f" it passes ok.
From my understanding, Satellite primarily uses "hostname -f" so it should be unified here too.
Version-Release number of selected component (if applicable):
Satellite 6.8
How reproducible:
Always
Steps to Reproduce:
1. Set up Capsule with shortname along the fqdn and custom certs
2. Run satellite-maintain health check
3. Observe /var/log/foreman-proxy/proxy.log
Actual results:
An error message is logged.
Expected results:
No errors
Additional info:
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Important: Satellite 6.13 Release), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2023:2097
Description of problem: When running satellite-maintain health check (on Capsule), in one step it runs the following command D, [2021-03-21 23:59:25+0100 #6755] DEBUG -- : Running command curl -w ' %{http_code}' -s --cert '/etc/foreman-proxy/foreman_ssl_cert.pem' --key '/etc/foreman-proxy/foreman_ssl_key.pem' --cacert '/etc/foreman-proxy/foreman_ssl_ca.pem' https://$(hostname):9090/features with stdin nil This command uses "hostname" instead of "hostname -f" which causes logging of errors in /var/log/foreman-proxy/proxy.log 2021-03-29T13:08:43 [E] <OpenSSL::SSL::SSLError> SSL_accept returned=1 errno=0 state=error: sslv3 alert bad certificate when the system has shortname defined (together with proper fqdn - there is no issue there) and is using custom certs. Running the curl command manually produces this error: Unable to communicate securely with peer: requested domain name does not match the server's certificate. while, when using "hostname -f" it passes ok. From my understanding, Satellite primarily uses "hostname -f" so it should be unified here too. Version-Release number of selected component (if applicable): Satellite 6.8 How reproducible: Always Steps to Reproduce: 1. Set up Capsule with shortname along the fqdn and custom certs 2. Run satellite-maintain health check 3. Observe /var/log/foreman-proxy/proxy.log Actual results: An error message is logged. Expected results: No errors Additional info: