1956210 – Health check should use hostname -f

Bug 1956210 - Health check should use hostname -f

Summary: Health check should use hostname -f

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Satellite Maintain
Sub Component:
Version:	6.8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high with 1 vote
Target Milestone:	6.13.0
Assignee:	Sayan Das
QA Contact:	Radek Mynar
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-05-03 08:24 UTC by Barbora Vassova
Modified:	2023-09-26 16:25 UTC (History)
CC List:	15 users (show)
Fixed In Version:	rubygem-foreman_maintain-1.2.4
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	2174995 (view as bug list)
Environment:
Last Closed:	2023-05-03 13:20:33 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	35856	Normal	Closed	Use "hostname -f" instead of "hostname" while checking smart-proxy features.	2023-01-19 11:58:24 UTC
Red Hat Issue Tracker	SAT-16276	None	None	None	2023-03-02 19:54:58 UTC
Red Hat Product Errata	RHSA-2023:2097	None	None	None	2023-05-03 13:20:50 UTC

Description Barbora Vassova 2021-05-03 08:24:35 UTC

Description of problem:
When running satellite-maintain health check (on Capsule), in one step it runs the following command

D, [2021-03-21 23:59:25+0100 #6755] DEBUG -- : Running command curl -w '
%{http_code}' -s  --cert '/etc/foreman-proxy/foreman_ssl_cert.pem' --key '/etc/foreman-proxy/foreman_ssl_key.pem' --cacert '/etc/foreman-proxy/foreman_ssl_ca.pem' https://$(hostname):9090/features with stdin nil

This command uses "hostname" instead of "hostname -f" which causes logging of errors in /var/log/foreman-proxy/proxy.log

2021-03-29T13:08:43  [E] <OpenSSL::SSL::SSLError> SSL_accept returned=1 errno=0 state=error: sslv3 alert bad certificate

when the system has shortname defined (together with proper fqdn - there is no issue there) and is using custom certs. Running the curl command manually produces this error:

Unable to communicate securely with peer: requested domain name does not match the server's certificate.

while, when using "hostname -f" it passes ok. 
From my understanding, Satellite primarily uses "hostname -f" so it should be unified here too. 


Version-Release number of selected component (if applicable):
Satellite 6.8

How reproducible:
Always

Steps to Reproduce:
1. Set up Capsule with shortname along the fqdn and custom certs
2. Run satellite-maintain health check 
3. Observe /var/log/foreman-proxy/proxy.log

Actual results:
An error message is logged.

Expected results:
No errors

Additional info:

Comment 12 Sayan Das 2022-12-12 14:07:24 UTC


Redmine and PR

Bug #35856: Use "hostname -f" instead of "hostname" while checking smart-proxy features. - Foreman Maintain - Foreman
https://projects.theforeman.org/issues/35856

Fixes #35856 - Use the FQDN while checking the smart-proxy features by sayan3296 · Pull Request #665 · theforeman/foreman_maintain
https://github.com/theforeman/foreman_maintain/pull/665

Comment 15 Bryan Kearney 2023-01-24 15:07:40 UTC

Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/35856 has been resolved.

Comment 16 Radek Mynar 2023-03-17 17:08:15 UTC

'satellite-maintain health check' uses fqdn when executing curl.

VERIFIED with Satellite & Capsule 6.13 SNAP15 @ RHEL8.7

Comment 19 errata-xmlrpc 2023-05-03 13:20:33 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.13 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:2097

Note You need to log in before you can comment on or make changes to this bug.