Failure when renaming a foreman host

Hi there,

We are using foreman 1.15.6.

I created a new host called test.example.com
Foreman proxies did their job and dns recors as well as dhcp entry and
puppet certificate were created.
In the foreman db i can see

MariaDB [foreman]> select name,certname,lookup_value_matcher,type from
hosts where name like 'test%' order by name \G;
*************************** 1. row ***************************
name: test.example.com
certname: NULL
lookup_value_matcher: fqdn=test.example.com
type: Host::Managed

Once i run puppet for the first time, i see

MariaDB [foreman]> select name,certname,lookup_value_matcher,type from
hosts where name like 'test%' order by name \G;
*************************** 1. row ***************************
name: test.example.com
certname: test.example.com
lookup_value_matcher: fqdn=test.example.com
type: Host::Managed

Until here all works as expected.

Then i renamed the host via foreman UI to test-renamed.example.com

In the db, fields are also updated, except for the certificate, see below

MariaDB [foreman]> select name,certname,lookup_value_matcher,type from
hosts where name like 'test%' order by name \G;
*************************** 1. row ***************************
name: test-renamed.example.com
certname: test.example.com
lookup_value_matcher: fqdn=test-renamed.example.com
type: Host::Managed

Then I ran puppet again after having changed the puppet host config
(test.example.com) to match certificate with new name

Here the weird behavior happen, foreman creates a new host (named after the
original host name test.example.com), but with the certificate matching
the renamed one

MariaDB [foreman]> select name,certname,lookup_value_matcher,type from
hosts where name like 'test-%' order by name \G;
*************************** 1. row ***************************
name: test-renamed.example.com
certname: test.example.com
lookup_value_matcher: fqdn=test-renamed.example.com
type: Host::Managed
*************************** 2. row ***************************
name: test.example.com
certname: test-renamed.example.com
lookup_value_matcher: fqdn=test.example.com
type: Host::Managed

So now, both are mixed and confusion happens, does anyone encountered this
before ? is this a bug ?

thank you

So it sort of is, and sort of isn't.

Host renaming is mainly aimed at cloud environments which can bring up
your new host with all sorts of weird names. In this scenario, you
probably don't want to recreate the Puppet cert (because you're
automating 100s of these servers, and cert re-creation is manual). So,
the name is correctly changed, but the cert is not - that's deliberate
based on this scenario.

The second part of what you're seeing is to do with how Foreman
creates new hosts - it's matching on the certname. So when you change
the cert, it thinks this is a new host. That doesn't explain why the
hostname is wrong, though - I'd expect both to be test-renamed. What
does 'facter' show for the hostname just before the import?

There was a lot of discussion about how to handle renames and
identifying hosts in the past, and the general consensus (as I recall,
but I can't find the ticket right now …) was that for changing the
cert, you'd probably just delete the host and rebuild. I think
setting the build flag might clear the certname, so you could rename
and rebuild if you don't want to delete entirely. Would either of those
options work for you?

Greg