Description of problem: foreman-maintain service can not connect to remote mongodb when pulp configuration contain empty path to a ssl cert. /etc/pulp/server.conf ... [database] name: pulpdb seeds: <host>:27017 username: pulpuser password: +FILTERED+ ssl: true ssl_certfile: verify_ssl: false ca_path: /etc/pki/tls/certs/ca-bundle.crt unsafe_autoretry: false ... After 'foreman-maintain service status' /var/log/foreman-maintain/foreman-maintain.log contains: D, [2019-02-07 23:58:37+0000 #5681] DEBUG -- : Running command scl enable rh-mongodb34 -- mongo -u pulpuser -p [FILTERED] --host <host> --port 27017 --ssl --sslCAFile /etc/pki/tls/certs/ca-bundle.crt --sslPEMKeyFile --eval 'db.version()' pulpdb with stdin nil D, [2019-02-07 23:58:37+0000 #5681] DEBUG -- : output of the command: 2019-02-07T23:58:37.429+0000 E NETWORK [main] cannot read certificate file: --eval error:02001002:system library:fopen:No such file or directory Failed global initialization: InvalidSSLConfiguration Can not set up PEM key file. D, [2019-02-07 23:58:37+0000 #5681] DEBUG -- : Mongo version detection failed, choosing from installed versions Version-Release number of selected component (if applicable): foreman_maintain (0.2.11) How reproducible: always Steps to Reproduce: 1. Configure Satellite to use remote MongoDB 2. Have ssl_certfile: <empty> in /etc/pulp/server.conf 3. Make sure the remote DB is running Actual results: $ foreman-maintain service status ... rh-mongodb34-mongod is remote and is DOWN. ... Expected results: $ foreman-maintain service status ... rh-mongodb34-mongod is remote and is UP. ... Additional info: foreman-maintain also ignores the following parameters that were present in the config: verify_ssl: false unsafe_autoretry: false
Created redmine issue https://projects.theforeman.org/issues/26043 from this bug
Upstream bug assigned to mbacovsk
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/26043 has been resolved.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:1222