Bug 1454706 - With SSL verification in hammer the installer should set up hostname in foreman.yml
Summary: With SSL verification in hammer the installer should set up hostname in forem...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Installer
Version: Nightly
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: Unspecified
Assignee: Eric Helms
QA Contact: Lukas Pramuk
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-05-23 11:22 UTC by Lukas Pramuk
Modified: 2019-09-26 14:48 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-02-21 17:00:02 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 19118 Normal Closed Add foreman CLI deployment through installer 2020-10-28 18:56:14 UTC

Description Lukas Pramuk 2017-05-23 11:22:55 UTC
Description of problem:
With new SSL verification in hammer the default :host: 'https://localhost/' in /etc/hammer/cli.modules.d/foreman.yml no longer works.

The installer should adjust foreman.yml content to point (local!) hammer to the foreman server hostname :host: 'https://<FQDN>/' to match hostname in the server cert

Version-Release number of selected component (if applicable):
Nightly (satellite-6.3.0-11.1.beta.el7sat.noarch)

How reproducible:
100%

Steps to Reproduce:
1. # hammer organization
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_csv
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_foreman
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_foreman_bootdisk
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_foreman_docker
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_foreman_remote_execution
Warning: An error occured while loading module hammer_cli_foreman_tasks
Could not load the API description from the server: 
hostname "localhost" does not match the server certificate
  - is the server down?
  - was 'foreman-rake apipie:cache' run on the server when using apipie cache? (typical production settings)
Warning: An error occured while loading module hammer_cli_katello
Error: No such sub-command 'organization'


Actual results:
local hammer is broken

Expected results:
I would like to have local hammer (that resides on satellite) enabled that by default.


Additional info:

Is user required to enable candlepin, pulp, or qpid ssl certs? Definitely not!
CLI (hammer) is just the same component. 
Hammer setup step(s) should be performed by installer by default as are for all other stuff.

Comment 2 Lukas Pramuk 2017-08-31 13:40:24 UTC
VERIFIED.

@satellite-6.3.0-16.0.beta.el7sat.noarch
foreman-1.15.3-2.el7sat.noarch
katello-3.4.4-2.el7sat.noarch


# grep https: /etc/hammer/cli.modules.d/foreman.yml
  :host: 'https://<SATFQDN>'

>>> config yaml contains FQDN instead of 'localhost'

# hammer organization list
---|----------------------|-------------|----------------------|------------
ID | NAME                 | DESCRIPTION | LABEL                | DESCRIPTION
---|----------------------|-------------|----------------------|------------
1  | Default Organization |             | Default_Organization |            
---|----------------------|-------------|----------------------|------------

>>> hammer works without server certificate errors

Comment 3 Bryan Kearney 2018-02-21 17:00:02 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336


Note You need to log in before you can comment on or make changes to this bug.