Today, I upgraded to Foreman 3.5, and also updated my expired SSL certs. Everything appears to be working properly, but foreman-maintain complains that there is a self-signed certificate in the chain while running hammer ping, though running hammer ping manually shows no issue.
The upgrade command I ran was:
foreman-installer --certs-server-cert "/etc/pki/tls/certs/wildcard.crt" --certs-server-key "/etc/pki/tls/private/wildcard.key" --certs-server-ca-cert "/etc/pki/ca-trust/source/anchors/wildcard_root.crt" --certs-update-all
These are not self-signed, and opensssl verifies the cert with the CA. There were no errors during the install, and everything came up after a reboot. However:
# foreman-maintain health check
Running ForemanMaintain::Scenario::FilteredScenario
================================================================================
Check number of fact names in database: [OK]
--------------------------------------------------------------------------------
Check whether all services are running: [OK]
--------------------------------------------------------------------------------
Check whether all services are running using the ping call: [FAIL]
Couldn't connect to the server: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
--------------------------------------------------------------------------------
Continue with step [Restart applicable services]?, [y(yes), n(no)] n
Check for paused tasks: [OK]
--------------------------------------------------------------------------------
Check to verify no empty CA cert requests exist: [OK]
--------------------------------------------------------------------------------
Scenario [ForemanMaintain::Scenario::FilteredScenario] failed.
The following steps ended up in failing state:
[server-ping]
Resolve the failed steps and rerun the command.
In case the failures are false positives, use
--whitelist="server-ping"
But manually:
# hammer ping
database:
Status: ok
Server Response: Duration: 1ms
candlepin:
Status: ok
Server Response: Duration: 54ms
candlepin_auth:
Status: ok
Server Response: Duration: 53ms
candlepin_events:
Status: ok
message: 0 Processed, 0 Failed
Server Response: Duration: 0ms
katello_events:
Status: ok
message: 0 Processed, 0 Failed
Server Response: Duration: 0ms
pulp3:
Status: ok
Server Response: Duration: 128ms
pulp3_content:
Status: ok
Server Response: Duration: 187ms
foreman_tasks:
Status: ok
Server Response: Duration: 19ms
Is this an issue with my new certs, or an issue with hammer and/or foreman-maintain?