1454706 – With SSL verification in hammer the installer should set up hostname in foreman.yml

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1454706 - With SSL verification in hammer the installer should set up hostname in foreman.yml

Summary: With SSL verification in hammer the installer should set up hostname in forem...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Installation
Sub Component:
Version:	Nightly
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	Unspecified
Assignee:	Eric Helms
QA Contact:	Lukas Pramuk
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-05-23 11:22 UTC by Lukas Pramuk
Modified:	2019-09-26 14:48 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-02-21 17:00:02 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	19118	0	Normal	Closed	Add foreman CLI deployment through installer	2021-02-15 17:00:36 UTC

Description Lukas Pramuk 2017-05-23 11:22:55 UTC

Description of problem:
With new SSL verification in hammer the default :host: 'https://localhost/' in /etc/hammer/cli.modules.d/foreman.yml no longer works.

The installer should adjust foreman.yml content to point (local!) hammer to the foreman server hostname :host: 'https://<FQDN>/' to match hostname in the server cert

Version-Release number of selected component (if applicable):
Nightly (satellite-6.3.0-11.1.beta.el7sat.noarch)

How reproducible:
100%

Steps to Reproduce:
1. # hammer organization
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_csv
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_foreman
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_foreman_bootdisk
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_foreman_docker
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_foreman_remote_execution
Warning: An error occured while loading module hammer_cli_foreman_tasks
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_katello
Error: No such sub-command 'organization'


Actual results:
local hammer is broken

Expected results:
I would like to have local hammer (that resides on satellite) enabled that by default.


Additional info:

Is user required to enable candlepin, pulp, or qpid ssl certs? Definitely not!
CLI (hammer) is just the same component. 
Hammer setup step(s) should be performed by installer by default as are for all other stuff.

Comment 2 Lukas Pramuk 2017-08-31 13:40:24 UTC

VERIFIED.

@satellite-6.3.0-16.0.beta.el7sat.noarch
foreman-1.15.3-2.el7sat.noarch
katello-3.4.4-2.el7sat.noarch


# grep https: /etc/hammer/cli.modules.d/foreman.yml
  :host: 'https://<SATFQDN>'

>>> config yaml contains FQDN instead of 'localhost'

# hammer organization list
---|----------------------|-------------|----------------------|------------
ID | NAME                 | DESCRIPTION | LABEL                | DESCRIPTION
---|----------------------|-------------|----------------------|------------
1  | Default Organization |             | Default_Organization |            
---|----------------------|-------------|----------------------|------------

>>> hammer works without server certificate errors

Comment 3 Bryan Kearney 2018-02-21 17:00:02 UTC

Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.