spacewalk-remove-channel exits with ssl.CertificateError

[dfaltum]

Problem description

With SUMA 5.0.3 and imported SSL certificates the spacewalk-remove-channel with the "-u" parameter fails with the following error message:

Unsubscribing:    ######################################## - complete
Deleting package metadata (65665):
                  ________________________________________
Removing:         ##################

###########
########### - complete


ERROR: unhandled exception occurred: (hostname 'uyuni-server.mgr.internal' doesn't match either of 'kpsuma', 'kpsuma').
Traceback (most recent call last):
  File "/usr/bin/spacewalk-remove-channel", line 220, in <module>
    sys.exit(main() or 0)
  File "/usr/bin/spacewalk-remove-channel", line 200, in main
    __applyChannelState(affected_minions, options.username, options.password)
  File "/usr/lib/python3.6/site-packages/spacewalk/satellite_tools/contentRemove.py", line 86, in __applyChannelState
    xmlrpc = RemoteApi("https://" + getfqdn() + "/rpc/api", username, password)
  File "/usr/lib/python3.6/site-packages/spacewalk/satellite_tools/contentRemove.py", line 48, in __init__
    self.__login()
  File "/usr/lib/python3.6/site-packages/spacewalk/satellite_tools/contentRemove.py", line 64, in __login
    self.auth_token = self.client.auth.login(self.username, self.password)
  File "/usr/lib64/python3.6/xmlrpc/client.py", line 1112, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python3.6/xmlrpc/client.py", line 1452, in __request
    verbose=self.__verbose
  File "/usr/lib64/python3.6/xmlrpc/client.py", line 1154, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/lib64/python3.6/xmlrpc/client.py", line 1166, in single_request
    http_conn = self.send_request(host, handler, request_body, verbose)
  File "/usr/lib64/python3.6/xmlrpc/client.py", line 1279, in send_request
    self.send_content(connection, request_body)
  File "/usr/lib64/python3.6/xmlrpc/client.py", line 1309, in send_content
    connection.endheaders(request_body)
  File "/usr/lib64/python3.6/http/client.py", line 1286, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1046, in _send_output
    self.send(msg)
  File "/usr/lib64/python3.6/http/client.py", line 984, in send
    self.connect()
  File "/usr/lib64/python3.6/http/client.py", line 1452, in connect
    server_hostname=server_hostname)
  File "/usr/lib64/python3.6/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
  File "/usr/lib64/python3.6/ssl.py", line 846, in __init__
    self.do_handshake()
  File "/usr/lib64/python3.6/ssl.py", line 1106, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib64/python3.6/ssl.py", line 694, in do_handshake
    match_hostname(self.getpeercert(), self.server_hostname)
  File "/usr/lib64/python3.6/ssl.py", line 327, in match_hostname
    % (hostname, ', '.join(map(repr, dnsnames))))
ssl.CertificateError: hostname 'uyuni-server.mgr.internal' doesn't match either of 'kpsuma', 'kpsuma'

This is caused by the following part:

uyuni/python/spacewalk/satellite_tools/contentRemove.py

Lines 85 to 87 in 31d3fcc

	def __applyChannelState(server_ids, username, password):
	xmlrpc = RemoteApi("https://" + getfqdn() + "/rpc/api", username, password)
	return xmlrpc.apply_channel_state(server_ids)

The getfqdn function returns this hostname: uyuni-server.mgr.internal. It does not match with the SSL hostname of the server.

I think it would be better to read the java.hostname from the /etc/rhn/rhn.conf.

Steps to reproduce

1. Set imported SSL cert for SUMA via this doc: https://documentation.suse.com/suma/5.0/en/suse-manager/administration/ssl-certs-imported.html
2. Mirror a product
3. Assign a server to the recently mirrored product
4. Run spacewalk-remove-channel with the "-u" parameter

Uyuni version

SUMA 5.0.3

Uyuni proxy version (if used)

uyuni-tools version used to deploy/manage the server or proxy (if relevant)

Useful logs

Additional information

No response

[agraul]

Thank you for the report! This is a consequence of the containerization. Should be easy to fix, thanks!