Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1696862

Summary: foreman-maintain service restart - should not require foreman-maintain-hammer.yml
Product: Red Hat Satellite Reporter: sthirugn <sthirugn>
Component: Satellite MaintainAssignee: Martin Bacovsky <mbacovsk>
Status: CLOSED ERRATA QA Contact: Jameer Pathan <jpathan>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.4.2CC: apatel, bbuckingham, egolov, inecas, jpathan, kgaikwad, mbacovsk, pcreech
Target Milestone: 6.6.0Keywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rubygem-foreman_maintain-0.4.5 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-22 19:49:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description sthirugn@redhat.com 2019-04-05 19:04:36 UTC 
Description of problem:
foreman-maintain service restart - requires hammer password

Version-Release number of selected component (if applicable):
satellite-6.5.0-11.el7sat.noarch

How reproducible:
Always

Steps to Reproduce:

On satellite 6.4:
*****************
# rpm -q satellite
satellite-6.4.2-2.el7sat.noarch

# rpm -q rubygem-foreman_maintain
rubygem-foreman_maintain-0.2.11-1.el7sat.noarch

# ll /etc/foreman-maintain
total 4
-rw-r-----. 1 root root 880 Sep 26  2018 foreman_maintain.yml

# katello-service restart
Redirecting to 'foreman-maintain service'
Running Restart Services
================================================================================
Check if command is run as root user:                                 [OK]
--------------------------------------------------------------------------------
Restart applicable services: 
Stopping the following service(s):
rh-mongodb34-mongod, postgresql, qdrouterd, qpidd, squid, pulp_celerybeat, pulp_resource_manager, pulp_streamer, pulp_workers, smart_proxy_dynflow_core, tomcat, dynflowd, goferd, httpd, puppetserver, foreman-proxy
\ All services stopped              


Satellite 6.5:
**************
# rpm -q satellite
satellite-6.5.0-11.el7sat.noarch

# rpm -q rubygem-foreman_maintain
rubygem-foreman_maintain-0.3.2-1.el7sat.noarch

# rm /etc/foreman-maintain/foreman-maintain-hammer.yml 
rm: remove regular file ‘/etc/foreman-maintain/foreman-maintain-hammer.yml’? y

# katello-service restart
Redirecting to 'foreman-maintain service'
Running preparation steps required to run the next scenarios
================================================================================
Setup hammer: 
Configuring Hammer CLI...
Hammer admin password: 
<ctrl+c>

# foreman-maintain service restart
Running preparation steps required to run the next scenarios
================================================================================
Setup hammer: 
Configuring Hammer CLI...
Hammer admin password: 

Actual results:
The new behavior of `katello-service restart` and `foreman-maintain service restart` requiring hammer credentials affects clone/upgrade scenarios using satellite-clone which happens in an automated fashion. There may be other scenarios which are affected too.

Expected results:
Traditionally `katello-service restart` and now `foreman-maintain service restart` never needed hammer password. It should continue remaining the same in Satellite 6.5.

Additional info:
Comment 4 Brad Buckingham 2019-04-05 19:28:58 UTC 
Hi Anurag,

Can you or someone on foreman-maintain take a quick look at this bugzilla.  Is this change in behavior intended or required?

This bug originated from investigation in to the following bugzilla created for satellite-clone: bug 1696731.
Comment 6 Martin Bacovsky 2019-05-10 11:19:29 UTC 
Brad, what is probably going on here is that foreman-maintain is trying to obtain the hammer credentials from existing hammer config and if it fails it tries installer answer file. If no valid information is found it prompts for the credentials. The behavior described can typically happen when admin password was changed in UI/DB and hammer config was not updated accordingly. This has not changed recently and is not a regression. If there are any ideas how to improve the procedure let me know.

What can be done and what I'll use this bug to track is that the server ping will be performed by direct call to the API outside of hammer. The call does not require auth so the credentials will not be needed and service restart won't to ask for it. However the described behavior will persist for other operations requiring hammer.
Comment 7 Martin Bacovsky 2019-05-10 11:22:38 UTC 
Created redmine issue https://projects.theforeman.org/issues/26779 from this bug
Comment 8 Nikhil Kathole 2019-06-18 08:55:25 UTC 
similar to https://bugzilla.redhat.com/show_bug.cgi?id=1677872
Comment 9 Bryan Kearney 2019-07-03 08:01:51 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/26779 has been resolved.
Comment 10 Kavita 2019-07-12 09:44:06 UTC 
This issue is fixed in upstream and released in foreman-maintain 0.4.5.
Comment 11 Jameer Pathan 2019-09-10 13:06:27 UTC 
Verified

Verified with:
- Satellite 6.6.0 snap 
- rubygem-foreman_maintain-0.4.8-1.el7sat.noarch

Test steps:
- Have invalid admin password in files .hammer/cli.modules.d/foreman.yml, 
/etc/foreman-maintain/foreman-maintain-hammer.yml, and 
/etc/foreman-installer/scenarios.d/satellite-answers.yaml

- Or remove files .hammer/cli.modules.d/foreman.yml, 
/etc/foreman-maintain/foreman-maintain-hammer.yml

- Run # satellite-maintain service restart
# satellite-maintain service restart
Running Restart Services
================================================================================
Check if command is run as root user:                                 [OK]
--------------------------------------------------------------------------------
Restart applicable services: 
Stopping the following service(s):

rh-mongodb34-mongod, postgresql, qdrouterd, qpidd, squid, pulp_celerybeat, pulp_resource_manager, pulp_streamer, pulp_workers, smart_proxy_dynflow_core, tomcat, dynflowd, httpd, puppetserver, foreman-proxy
/ All services stopped                                                          
Starting the following service(s):

rh-mongodb34-mongod, postgresql, qdrouterd, qpidd, squid, pulp_celerybeat, pulp_resource_manager, pulp_streamer, pulp_workers, smart_proxy_dynflow_core, tomcat, dynflowd, httpd, puppetserver, foreman-proxy
- All services started                                                [OK]      
--------------------------------------------------------------------------------

Observation:
- "satellite-maintain service restart" don't require hammer password to run.
Comment 12 Bryan Kearney 2019-10-22 19:49:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3172