Chapter 3. Hammer authentication
A Satellite user must prove their identity to Red Hat Satellite when entering hammer commands. Hammer commands can be run manually or automatically. In either case, hammer requires Satellite credentials for authentication. There are three methods of hammer authentication:
- Hammer authentication session
- Storing credentials in the hammer configuration file
- Providing credentials with each hammer command
The hammer configuration file method is recommended when running commands automatically. For example, running Satellite maintenance commands from a cron job. When running commands manually, Red Hat recommends using the hammer authentication session and providing credentials with each command.
3.1. Authenticating Hammer using a configuration file
If you ran the Satellite installation with --foreman-initial-admin-username and --foreman-initial-admin-password options, credentials you entered are stored in the ~/.hammer/cli.modules.d/foreman.yml configuration file, and hammer does not prompt for your credentials.
You can also add your credentials to the ~/.hammer/cli.modules.d/foreman.yml configuration file manually:
:foreman: :username: 'username' :password: 'password'
Use only spaces for indentation in hammer configuration files, do not use tabs.
If you change your credentials on Satellite Server, you must update the configuration file manually. The installer does not overwrite the configuration file.
3.2. Authenticating Hammer using CLI options
If you do not have your Satellite credentials saved in the ~/.hammer/cli.modules.d/foreman.yml configuration file, hammer prompts you for them each time you enter a command. You can specify your credentials when executing a command as follows:
$ hammer -u username -p password subcommands
Examples in this guide assume that you have saved credentials in the configuration file, or are using a hammer authentication session.
3.3. Authenticating Hammer using sessions
The hammer authentication session is a cache that stores your credentials, and you have to provide them only once, at the beginning of the session. This method is suited to running several hammer commands in succession, for example a script containing hammer commands. In this scenario, you enter your Satellite credentials once, and the script runs as expected. By using the hammer authentication session, you avoid storing your credentials in the script itself and in the ~/.hammer/cli.modules.d/foreman.yml hammer configuration file.
See the instructions on how to use the sessions:
To enable sessions, add
:use_sessions: trueto the~/.hammer/cli.modules.d/foreman.ymlfile::foreman: :use_sessions: true
Note that if you enable sessions, credentials stored in the configuration file will be ignored.
To start a session, enter the following command:
# hammer auth login
You are prompted for your Satellite credentials, and logged in. You will not be prompted for the credentials again until your session expires.
The default length of a session is 60 minutes. You can change the time to suit your preference. For example, to change it to 30 minutes, enter the following command:
# hammer settings set --name idle_timeout --value 30 Setting [idle_timeout] updated to [30]
To see the current status of the session, enter the following command:
# hammer auth status
To end the session, enter the following command:
# hammer auth logout
