Description of problem: When running satellite-maintain health check (on Capsule), in one step it runs the following command D, [2021-03-21 23:59:25+0100 #6755] DEBUG -- : Running command curl -w ' %{http_code}' -s --cert '/etc/foreman-proxy/foreman_ssl_cert.pem' --key '/etc/foreman-proxy/foreman_ssl_key.pem' --cacert '/etc/foreman-proxy/foreman_ssl_ca.pem' https://$(hostname):9090/features with stdin nil This command uses "hostname" instead of "hostname -f" which causes logging of errors in /var/log/foreman-proxy/proxy.log 2021-03-29T13:08:43 [E] <OpenSSL::SSL::SSLError> SSL_accept returned=1 errno=0 state=error: sslv3 alert bad certificate when the system has shortname defined (together with proper fqdn - there is no issue there) and is using custom certs. Running the curl command manually produces this error: Unable to communicate securely with peer: requested domain name does not match the server's certificate. while, when using "hostname -f" it passes ok. From my understanding, Satellite primarily uses "hostname -f" so it should be unified here too. Version-Release number of selected component (if applicable): Satellite 6.8 How reproducible: Always Steps to Reproduce: 1. Set up Capsule with shortname along the fqdn and custom certs 2. Run satellite-maintain health check 3. Observe /var/log/foreman-proxy/proxy.log Actual results: An error message is logged. Expected results: No errors Additional info:
Redmine and PR Bug #35856: Use "hostname -f" instead of "hostname" while checking smart-proxy features. - Foreman Maintain - Foreman https://projects.theforeman.org/issues/35856 Fixes #35856 - Use the FQDN while checking the smart-proxy features by sayan3296 · Pull Request #665 · theforeman/foreman_maintain https://github.com/theforeman/foreman_maintain/pull/665
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/35856 has been resolved.
'satellite-maintain health check' uses fqdn when executing curl. VERIFIED with Satellite & Capsule 6.13 SNAP15 @ RHEL8.7
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Satellite 6.13 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:2097