Bug 1956210 - Health check should use hostname -f
Summary: Health check should use hostname -f
Status: NEW
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Foreman Maintain
Version: 6.8.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: Unspecified
Assignee: Anurag Patel
QA Contact: Gaurav Talreja
Depends On:
TreeView+ depends on / blocked
Reported: 2021-05-03 08:24 UTC by Barbora Vassova
Modified: 2021-05-03 14:03 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:
Target Upstream Version:

Attachments (Terms of Use)

Description Barbora Vassova 2021-05-03 08:24:35 UTC
Description of problem:
When running satellite-maintain health check (on Capsule), in one step it runs the following command

D, [2021-03-21 23:59:25+0100 #6755] DEBUG -- : Running command curl -w '
%{http_code}' -s  --cert '/etc/foreman-proxy/foreman_ssl_cert.pem' --key '/etc/foreman-proxy/foreman_ssl_key.pem' --cacert '/etc/foreman-proxy/foreman_ssl_ca.pem' https://$(hostname):9090/features with stdin nil

This command uses "hostname" instead of "hostname -f" which causes logging of errors in /var/log/foreman-proxy/proxy.log

2021-03-29T13:08:43  [E] <OpenSSL::SSL::SSLError> SSL_accept returned=1 errno=0 state=error: sslv3 alert bad certificate

when the system has shortname defined (together with proper fqdn - there is no issue there) and is using custom certs. Running the curl command manually produces this error:

Unable to communicate securely with peer: requested domain name does not match the server's certificate.

while, when using "hostname -f" it passes ok. 
From my understanding, Satellite primarily uses "hostname -f" so it should be unified here too. 

Version-Release number of selected component (if applicable):
Satellite 6.8

How reproducible:

Steps to Reproduce:
1. Set up Capsule with shortname along the fqdn and custom certs
2. Run satellite-maintain health check 
3. Observe /var/log/foreman-proxy/proxy.log

Actual results:
An error message is logged.

Expected results:
No errors

Additional info:

Note You need to log in before you can comment on or make changes to this bug.