Description of problem: hammer in 6.2 and older did not validate SSL certificates and the installer generated the global config with `host: https://localhost`: # cat /etc/hammer/cli.modules.d/foreman.yml :foreman: # Enable/disable foreman commands :enable_module: true # Your foreman server address :host: 'https://localhost/' # Credentials. You'll be asked for them interactively if you leave them blank here :username: 'admin' #:password: 'example' # Check API documentation cache status on each request #:refresh_cache: false # API request timeout. Set to -1 for no timeout #:request_timeout: 120 #seconds # Follow API redirects. One of :never, :default, :always # Value :default means RestClient default behaviour - follow only in GET and HEAD requests #:follow_redirects: :never When the user took that file and used it as a template for their ~/.hammer/cli.modules.d/foreman.yml, they'd end up with: # cat ~/.hammer/cli.modules.d/foreman.yml :foreman: # Enable/disable foreman commands :enable_module: true # Your foreman server address :host: 'https://localhost/' # Credentials. You'll be asked for them interactively if you leave them blank here :username: 'admin' :password: 'changeme' (or similar) Now in 6.3, hammer started to verify the SSL certificate, and the global config is regenerated properly by the installer: # cat /etc/hammer/cli.modules.d/foreman.yml :foreman: # Enable/disable foreman commands :enable_module: true # Your foreman server address :host: 'https://sat-6-2-qa-rhel7.kangae.example.com' :ssl: :ssl_ca_file: '/etc/pki/katello/certs/katello-server-ca.crt' However, due to the fact that the user has `:host: 'https://localhost/'` in their ~/.hammer, this takes precedence and every hammer call fails. foreman-maintain also generates an own config, based on the one in ~/.hammer: # cat /etc/foreman-maintain/foreman-maintain-hammer.yml --- :foreman: :enable_module: true :host: https://localhost/ :username: admin :password: changeme So to make f-maintain work, both files need to drop the `:host:` entry. As a user, I think I'd like f-maintain to: 1. check my ~/.hammer/cli.modules.d/foreman.yml and warn me if it has anything else than $(hostname -f) for host 2. only copy username and password to /etc/foreman-maintain/foreman-maintain-hammer.yml (like it is done in the case there is no config in ~/.hammer and the user is asked) Version-Release number of selected component (if applicable): rubygem-foreman_maintain-0.1.3-1.el7sat.noarch How reproducible: 100% Steps to Reproduce: 1. have ":host: 'https://localhost/'" in ~/.hammer/cli.modules.d/foreman.yml 2. foreman-maintain upgrade run --target-version 6.3 Actual results: Running Checks after upgrading to Satellite 6.3 ================================================================================ Check for paused tasks: [OK] -------------------------------------------------------------------------------- Check whether all services are running using hammer ping: [FAIL] SSL error: hostname "localhost" does not match the server certificate -------------------------------------------------------------------------------- Expected results: Upgrade continues because "hammer ping" worked fine. Additional info:
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/22739 has been resolved.
This change is already there in foreman_maintain-0.2.z
verified @satellite 6.5.0 snap 14 @rubygem-foreman_maintain-0.3.1-1.el7sat.noarch steps: 1.- have ":host: 'https://localhost/'" in ~/.hammer/cli.modules.d/foreman.yml - run foreman-maintain health check --label hammer-ping - message in foreman-maintain.log saying "Matching hostname was not found in hammer configs. Using https://hostname.example.com/" - "foreman-maintain health check --label hammer-ping" run successfully. 2.- remove admin password from ~/.hammer/cli.modules.d/foreman.yml and /etc/foreman-maintain/foreman-maintain-hammer.yml - run foreman-maintain health check --label hammer-ping - message in foreman-maintain.log saying "Admin password was not found in hammer configs. Looking into installer answers" - "foreman-maintain health check --label hammer-ping" run successfully. 3.- have invalid Admin password in ~/.hammer/cli.modules.d/foreman.yml and /etc/foreman-maintain/foreman-maintain-hammer.yml - run foreman-maintain health check --label hammer-ping - message in foreman-maintain.log saying "Invalid admin password was found in hammer configs. Looking into installer answers" - "foreman-maintain health check --label hammer-ping" run successfully.
The current version of foreman_maintain includes this fix.