After upgrading to Red Hat Satellite 6.3 hammer failing with error "SSL error: hostname "localhost" does not match the server certificate"

Solution Verified - Updated -

Environment

*Red Hat Satellite 6.3

Issue

  • After upgrading Red Hat Satellite from 6.2.x to 6.3, hammer command always failing.
  • Hammer failing with error:

    # hammer ping
      Could not load the API description from the server: 
      hostname "localhost" does not match the server certificate
    

Resolution

  • Verify that the Satellite FQDN is provided in the following YAML files:

    # grep https: /etc/hammer/cli.modules.d/foreman.yml
    # grep https: /root/.hammer/cli_config.yml
    # grep https:  /root/.hammer/cli.modules.d/foreman.yml
    

Root Cause

  • This issue may occur if previously hammer is configured to run without prompting for username and password from the article and use :host: localhost instead of actual satellite FQDN.

Diagnostic Steps

  • Hammer debug output:

    # hammer -d ping
    [ INFO 2018-02-26 10:09:26 Init] Initialization of Hammer CLI (0.11.0.1) has started...
    [DEBUG 2018-02-26 10:09:26 Init] Running at ruby 2.3.1-p112
    [ INFO 2018-02-26 10:09:26 Init] Configuration from the file /etc/hammer/cli_config.yml has been loaded
    [ INFO 2018-02-26 10:09:26 Init] Configuration from the file /etc/hammer/cli.modules.d/csv.yml has been loaded
    [ INFO 2018-02-26 10:09:26 Init] Configuration from the file /etc/hammer/cli.modules.d/foreman.yml has been loaded
    [ INFO 2018-02-26 10:09:26 Init] Configuration from the file /etc/hammer/cli.modules.d/foreman_admin.yml has been loaded
    [ INFO 2018-02-26 10:09:26 Init] Configuration from the file /etc/hammer/cli.modules.d/foreman_admin_logging_core.yml has been loaded
    [ INFO 2018-02-26 10:09:26 Init] Configuration from the file /etc/hammer/cli.modules.d/foreman_admin_logging_katello.yml has been loaded
    [ INFO 2018-02-26 10:09:26 Init] Configuration from the file /etc/hammer/cli.modules.d/foreman_bootdisk.yml has been loaded
    [ INFO 2018-02-26 10:09:26 Init] Configuration from the file /etc/hammer/cli.modules.d/foreman_discovery.yml has been loaded
    [ INFO 2018-02-26 10:09:26 Init] Configuration from the file /etc/hammer/cli.modules.d/foreman_docker.yml has been loaded
    [ INFO 2018-02-26 10:09:26 Init] Configuration from the file /etc/hammer/cli.modules.d/foreman_openscap.yml has been loaded
    [ INFO 2018-02-26 10:09:26 Init] Configuration from the file /etc/hammer/cli.modules.d/foreman_remote_execution.yml has been loaded
    [ INFO 2018-02-26 10:09:26 Init] Configuration from the file /etc/hammer/cli.modules.d/foreman_tasks.yml has been loaded
    [ INFO 2018-02-26 10:09:26 Init] Configuration from the file /etc/hammer/cli.modules.d/foreman_virt_who_configure.yml has been loaded
    [ INFO 2018-02-26 10:09:26 Init] Configuration from the file /etc/hammer/cli.modules.d/katello.yml has been loaded
    [ INFO 2018-02-26 10:09:26 Init] Configuration from the file /root/.hammer/cli_config.yml has been loaded
    [ INFO 2018-02-26 10:09:26 Init] Configuration from the file /root/.hammer/cli.modules.d/foreman.yml has been loaded
    [DEBUG 2018-02-26 10:09:27 SSLoptions] SSL options: {
       :ssl_ca_file => "/etc/pki/katello/certs/katello-server-ca.crt",
        :verify_ssl => true
    }
    [DEBUG 2018-02-26 10:09:27 API] Global headers: {
           :content_type => "application/json",
                 :accept => "application/json;version=2",
       "Accept-Language" => "en"
    }
    [DEBUG 2018-02-26 10:09:27 API] Follow redirects: never
    [DEBUG 2018-02-26 10:09:27 Connection] Registered: foreman
    [ INFO 2018-02-26 10:09:27 Modules] Extension module hammer_cli_foreman (0.11.0.5) loaded
    [ INFO 2018-02-26 10:09:36 Modules] Extension module hammer_cli_foreman_admin (0.0.8) loaded
    [ INFO 2018-02-26 10:09:36 Modules] Extension module hammer_cli_foreman_bootdisk (0.1.3.3) loaded
    [ INFO 2018-02-26 10:09:36 Modules] Extension module hammer_cli_foreman_discovery (1.0.0) loaded
    [ INFO 2018-02-26 10:09:37 HammerCLI::MainCommand] subcommand organization (HammerCLIForeman::Organization) was removed.
    [ INFO 2018-02-26 10:09:37 HammerCLI::MainCommand] subcommand organization (HammerCLIKatello::Organization) was created.
    [ INFO 2018-02-26 10:09:37 Modules] Extension module hammer_cli_katello (0.11.3.5) loaded
    [DEBUG 2018-02-26 10:09:37 Init] Using locale 'en'
    [DEBUG 2018-02-26 10:09:37 Init] 'mo' files for locale domain 'hammer-cli' loaded from '/opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli-0.11.0.1/locale'
    [DEBUG 2018-02-26 10:09:37 Init] 'mo' files for locale domain 'hammer-cli-foreman' loaded from '/opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli_foreman-0.11.0.5/locale'
    [DEBUG 2018-02-26 10:09:37 Init] 'mo' files for locale domain 'hammer-cli-csv' loaded from '/opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli_csv-2.3.0/locale'
    [DEBUG 2018-02-26 10:09:37 Init] 'mo' files for locale domain 'hammer_cli_foreman_docker' loaded from '/opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli_foreman_docker-0.0.6/locale'
    [DEBUG 2018-02-26 10:09:37 Init] 'mo' files for locale domain 'hammer-cli-foreman-virt-who-configure' loaded from '/opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli_foreman_virt_who_configure-0.0.3/locale'
    [DEBUG 2018-02-26 10:09:37 Init] 'mo' files for locale domain 'hammer-cli-katello' loaded from '/opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli_katello-0.11.3.5/locale'
    [ INFO 2018-02-26 10:09:37 HammerCLI::MainCommand] Called with options: {"option_debug"=>true}
    [ INFO 2018-02-26 10:09:37 HammerCLIKatello::PingCommand] Called with options: {}
    [ INFO 2018-02-26 10:09:37 API] Server: https://localhost
    [ INFO 2018-02-26 10:09:37 API] GET /katello/api/ping
    [DEBUG 2018-02-26 10:09:37 API] Params: {}
    [DEBUG 2018-02-26 10:09:37 API] Headers: {
       :params => {}
    }
    [ERROR 2018-02-26 10:09:37 API] hostname "localhost" does not match the server certificate
    [DEBUG 2018-02-26 10:09:37 API] #<OpenSSL::SSL::SSLError: hostname "localhost" does not match the server certificate>
    [DEBUG 2018-02-26 10:09:37 Exception] Using exception handler HammerCLIKatello::ExceptionHandler#handle_ssl_error
    [ERROR 2018-02-26 10:09:37 Exception] SSL error: hostname "localhost" does not match the server certificate
    SSL error: hostname "localhost" does not match the server certificate
    [ERROR 2018-02-26 10:09:37 Exception]
    
    OpenSSL::SSL::SSLError (hostname "localhost" does not match the server certificate):
    /opt/rh/rh-ruby23/root/usr/share/ruby/openssl/ssl.rb:315:in `post_connection_check'
    /opt/rh/rh-ruby23/root/usr/share/ruby/net/http.rb:944:in `connect'
    /opt/rh/rh-ruby23/root/usr/share/ruby/net/http.rb:863:in `do_start'
    /opt/rh/rh-ruby23/root/usr/share/ruby/net/http.rb:852:in `start'
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/request.rb:413:in `transmit'
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/request.rb:176:in `execute'
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/request.rb:41:in `execute'
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/resource.rb:51:in `get'
    /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-bindings-0.2.0/lib/apipie_bindings/api.rb:324:in `call_client'
    /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-bindings-0.2.0/lib/apipie_bindings/api.rb:240:in `http_call'
    /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-bindings-0.2.0/lib/apipie_bindings/api.rb:190:in `call_action'
    /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-bindings-0.2.0/lib/apipie_bindings/api.rb:185:in `call'
    /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-bindings-0.2.0/lib/apipie_bindings/resource.rb:21:in `call'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli-0.11.0.1/lib/hammer_cli/apipie/command.rb:43:in `send_request'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli_foreman-0.11.0.5/lib/hammer_cli_foreman/commands.rb:166:in `send_request'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli_katello-0.11.3.5/lib/hammer_cli_katello/ping.rb:56:in `send_request'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli_katello-0.11.3.5/lib/hammer_cli_katello/ping.rb:45:in `execute'
    /opt/theforeman/tfm/root/usr/share/gems/gems/clamp-1.0.0/lib/clamp/command.rb:68:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli-0.11.0.1/lib/hammer_cli/abstract.rb:29:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/clamp-1.0.0/lib/clamp/subcommand/execution.rb:11:in `execute'
    /opt/theforeman/tfm/root/usr/share/gems/gems/clamp-1.0.0/lib/clamp/command.rb:68:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli-0.11.0.1/lib/hammer_cli/abstract.rb:29:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/clamp-1.0.0/lib/clamp/command.rb:133:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli-0.11.0.1/bin/hammer:147:in `<top (required)>'
    /usr/bin/hammer:23:in `load'
    /usr/bin/hammer:23:in `<main>'
    

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.