Bug 1676663 - service command can't connect to remote mongodb
Summary: service command can't connect to remote mongodb
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Satellite Maintain
Version: 6.4.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: 6.5.0
Assignee: Martin Bacovsky
QA Contact: Lucie Vrtelova
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-02-12 19:56 UTC by Martin Bacovsky
Modified: 2022-03-13 16:58 UTC (History)
8 users (show)

Fixed In Version: rubygem-foreman_maintain-0.3.2
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-05-14 12:40:09 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 26043 0 Normal Closed service command can't connect to remote mongodb 2020-07-01 08:01:56 UTC
Red Hat Product Errata RHSA-2019:1222 0 None None None 2019-05-14 12:40:16 UTC

Description Martin Bacovsky 2019-02-12 19:56:52 UTC 
Description of problem:
foreman-maintain service can not connect to remote mongodb when pulp configuration contain empty path to a ssl cert.

/etc/pulp/server.conf
...
[database]
name: pulpdb
seeds: <host>:27017
username: pulpuser
password: +FILTERED+
ssl: true
ssl_certfile: 
verify_ssl: false
ca_path: /etc/pki/tls/certs/ca-bundle.crt
unsafe_autoretry: false
...

After 'foreman-maintain service status' /var/log/foreman-maintain/foreman-maintain.log contains:

D, [2019-02-07 23:58:37+0000 #5681] DEBUG -- : Running command scl enable rh-mongodb34 -- mongo -u pulpuser -p [FILTERED] --host <host> --port 27017 --ssl --sslCAFile /etc/pki/tls/certs/ca-bundle.crt 
--sslPEMKeyFile  --eval 'db.version()' pulpdb with stdin nil
D, [2019-02-07 23:58:37+0000 #5681] DEBUG -- : output of the command:
 2019-02-07T23:58:37.429+0000 E NETWORK  [main] cannot read certificate file: --eval error:02001002:system library:fopen:No such file or directory
Failed global initialization: InvalidSSLConfiguration Can not set up PEM key file.
D, [2019-02-07 23:58:37+0000 #5681] DEBUG -- : Mongo version detection failed, choosing from installed versions


Version-Release number of selected component (if applicable):
foreman_maintain (0.2.11)


How reproducible:
always

Steps to Reproduce:
1. Configure Satellite to use remote MongoDB
2. Have ssl_certfile: <empty> in /etc/pulp/server.conf
3. Make sure the remote DB is running

Actual results:
$ foreman-maintain service status
...
rh-mongodb34-mongod is remote and is DOWN.
...

Expected results:
$ foreman-maintain service status
...
rh-mongodb34-mongod is remote and is UP.
...

Additional info:
foreman-maintain also ignores the following parameters that were present in the config: 

verify_ssl: false
unsafe_autoretry: false
Comment 3 Martin Bacovsky 2019-02-12 20:02:24 UTC 
Created redmine issue https://projects.theforeman.org/issues/26043 from this bug
Comment 4 Bryan Kearney 2019-02-12 21:01:31 UTC 
Upstream bug assigned to mbacovsk
Comment 5 Bryan Kearney 2019-02-12 21:01:32 UTC 
Upstream bug assigned to mbacovsk
Comment 8 Bryan Kearney 2019-02-27 11:00:31 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/26043 has been resolved.
Comment 13 errata-xmlrpc 2019-05-14 12:40:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222
Note You need to log in before you can comment on or make changes to this bug.