Problem:
When I issue any hammer commands, I get SSL certificate issues.
[wings@fm-master3 ~]$ hammer host --help
Could not load the API description from the server: SSL certificate verification failed
Make sure you configured the correct URL and have the server's CA certificate installed on your system.
The following configuration option were used for the SSL connection:
ssl_ca_file = /etc/puppetlabs/puppet/ssl/certs/ca.pem
Make sure the location contains an unexpired and valid CA certificate for https://localhost/.
Warning: An error occured while loading module hammer_cli_foreman.
Error: No such sub-command 'host'.
See: 'hammer --help'.
Expected outcome:
Should allow me to use Hammer
Foreman and Proxy versions:
1.22.0
Foreman and Proxy plugin versions:
N/A
Other relevant data:
[e.g. logs from Foreman and/or the Proxy, modified templates, commands issued, etc]
(for logs, surround with three back-ticks to get proper formatting, e.g.)
N/A
[wings@fm-master3 ~]$ hammer organization list
SSL certificate verification failed
Make sure you configured the correct URL and have the server's CA certificate installed on your system.
The following configuration option were used for the SSL connection:
ssl_ca_file = /etc/puppetlabs/puppet/ssl/certs/ca.pem
Make sure the location contains an unexpired and valid CA certificate for https://localhost/
I was setting the “host” option in ~/.hammer/cli_config.yml to “https://localhost/”, which doesn’t work as the SSL certificate doesn’t have that hostname in it.
Changing that option to the FQDN of my server (“https://fm-master3.riff.cc/”) fixed the issue, and now I don’t need to disable SSL verification any more.
Yeah, our installer should set this up for you on Foreman host itself, but if you are installing hammer on different hosts, you need to do this correctly.
In that case it looks like I was overriding the default “host” option in the hammer config for my user, and it would have worked if I didn’t specify it