From fe4d5d35fbbd38358e4fed1fe82f21e7a68ebcf0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Mon, 12 May 2025 15:43:15 +0200
Subject: [PATCH] Use spacewalk-hostname-rename from uyuni-update-config
 service

Watch out for UYUNI_HOSTNAME value change before starting services and
rename the server if needed. (bsc#1229825)

In order to achieve this, the spacewalk-hostname-rename script had to be
cleaned up.
---
 ...ewalk-admin.changes.cbosdo.hostname-rename |   1 +
 spacewalk/admin/uyuni-update-config           |  28 +-
 spacewalk/admin/uyuni-update-config.service   |   3 +-
 utils/spacewalk-hostname-rename               | 588 ++----------------
 utils/spacewalk-hostname-rename.sgml          | 109 ----
 ...ewalk-utils.changes.cbosdo.hostname-rename |   1 +
 utils/spacewalk-utils.spec                    |   9 +-
 7 files changed, 87 insertions(+), 652 deletions(-)
 create mode 100644 spacewalk/admin/spacewalk-admin.changes.cbosdo.hostname-rename
 delete mode 100644 utils/spacewalk-hostname-rename.sgml
 create mode 100644 utils/spacewalk-utils.changes.cbosdo.hostname-rename

diff --git a/spacewalk/admin/spacewalk-admin.changes.cbosdo.hostname-rename b/spacewalk/admin/spacewalk-admin.changes.cbosdo.hostname-rename
new file mode 100644
index 000000000000..c2f4b2638156
--- /dev/null
+++ b/spacewalk/admin/spacewalk-admin.changes.cbosdo.hostname-rename
@@ -0,0 +1 @@
+- Fix spacewalk-hostname-rename with containers (bsc#1229825)
diff --git a/spacewalk/admin/uyuni-update-config b/spacewalk/admin/uyuni-update-config
index b18d5362351f..793daf6cc1ac 100755
--- a/spacewalk/admin/uyuni-update-config
+++ b/spacewalk/admin/uyuni-update-config
@@ -21,8 +21,9 @@ from spacewalk.server import rhnSQL
 
 def run_uyuni_configfiles_sync():
     if not os.path.isfile("/usr/bin/uyuni-configfiles-sync"):
-        return
+        return 0
 
+    exitCode = 0
     result = subprocess.run(
         ["/usr/bin/uyuni-configfiles-sync", "sync"],
         stdout=subprocess.PIPE,
@@ -39,7 +40,8 @@ def run_uyuni_configfiles_sync():
             "Failed to synchronize files to persistent volumes. Aborting!\n"
         )
         sys.stdout.flush()
-        sys.exit(1)
+        exitCode = 1
+    return exitCode
 
 
 def move_config_to_db():
@@ -186,14 +188,32 @@ def change_billing_data_service():
         sys.stdout.write("billing-data-service sysconfig: changed LISTEN address\n")
 
 
+def hostname_check():
+    result = subprocess.run(
+        ["/usr/bin/spacewalk-hostname-rename"],
+        stdout=subprocess.PIPE,
+        stderr=subprocess.STDOUT,
+        encoding="utf-8",
+        check=False,
+    )
+
+    if result.returncode:
+        sys.stdout.write("Failed to rename the server\n")
+    if result.stdout:
+        sys.stdout.write(f"{result.stdout}\n")
+    sys.stdout.flush()
+    return result.returncode
+
+
 def main():
-    run_uyuni_configfiles_sync()
+    exitCode = run_uyuni_configfiles_sync()
     init_scc_login()
     import_suma_gpg_keyring()
     copy_ca()
     move_config_to_db()
     change_billing_data_service()
-
+    exitCode = max(hostname_check(), exitCode)
+    return exitCode
 
 if __name__ == "__main__":
     sys.exit(abs(main() or 0))
diff --git a/spacewalk/admin/uyuni-update-config.service b/spacewalk/admin/uyuni-update-config.service
index 6d8b3f0d5892..93fa0c46f4ad 100644
--- a/spacewalk/admin/uyuni-update-config.service
+++ b/spacewalk/admin/uyuni-update-config.service
@@ -1,8 +1,9 @@
 [Unit]
 Description=Uyuni update config
-Before=uyuni-check-database.service tomcat.service apache2.service rhn-search.service taskomatic.service postfix.service
+Before=uyuni-check-database.service cobblerd.service tomcat.service apache2.service rhn-search.service taskomatic.service postfix.service
 
 [Service]
+PassEnvironment=UYUNI_HOSTNAME
 ExecStart=/usr/sbin/uyuni-update-config
 Type=oneshot
 RemainAfterExit=yes
diff --git a/utils/spacewalk-hostname-rename b/utils/spacewalk-hostname-rename
index 9f60449578b4..56edc86fa1ce 100755
--- a/utils/spacewalk-hostname-rename
+++ b/utils/spacewalk-hostname-rename
@@ -19,106 +19,19 @@ if [ 0$UID -gt 0 ]; then
     exit 1
 fi
 
-LOG=/var/log/rhn/rhn_hostname_rename.log
 RHN_CONF_FILE=/etc/rhn/rhn.conf
 SSL_BUILD_DIR=/root/ssl-build
-HTTP_PUB_DIR=$(spacewalk-cfg-get documentroot)/pub/
-BOOTSTRAP_SH=$(spacewalk-cfg-get documentroot)/pub/bootstrap/bootstrap.sh
-BOOTSTRAP_CCO=$(spacewalk-cfg-get documentroot)/pub/bootstrap/client-config-overrides.txt
-SAT_LOCAL_RULES_CONF=/var/lib/rhn/rhn-satellite-prep/satellite-local-rules.conf
+HTTP_PUB_DIR=/srv/www/htdocs/pub/
+BOOTSTRAP_SH=/srv/www/htdocs/pub/bootstrap/bootstrap.sh
+BOOTSTRAP_CCO=/srv/www/htdocs/pub/bootstrap/client-config-overrides.txt
 MGR_SYNC_CONF=/root/.mgr-sync
 BACKUP_EXT=.rnmbck
-CA_CERT_TRUST_DIR=/etc/pki/ca-trust/source/anchors
-if [ -d /etc/pki/trust/anchors/ ]; then
-    CA_CERT_TRUST_DIR=/etc/pki/trust/anchors/
-fi
-
-DB_BACKEND="$(spacewalk-cfg-get db_backend)"
-if [ "$DB_BACKEND" = "oracle" ]; then
-    DBSHELL_QUIT="QUIT"
-    DBSHELL_QUIET="
-set feed off;
-set pages 0;"
-
-    if [ -x /etc/init.d/oracle ]; then
-        DB_SERVICE="oracle"
-    fi
-
-elif [ "$DB_BACKEND" = "postgresql" ]; then
-    DBSHELL_QUIT="\q"
-    DBSHELL_QUIET="
-\set QUIET on
-\t"
-    if [ -x /etc/init.d/postgresql -o -f /usr/lib/systemd/system/postgresql.service ]; then
-        DB_SERVICE="postgresql"
-    fi
-    if [ -x /etc/init.d/postgresql92-postgresql ]; then
-        DB_SERVICE="postgresql92-postgresql"
-    fi
-fi
-
-ORACLE_XE_LISTENER_ORA_FILE=/usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/admin/listener.ora
-ORACLE_XE_TNSNAMES_ORA_FILE=/usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/admin/tnsnames.ora
-ORACLE_LISTENER_ORA_FILE=/opt/apps/oracle/product/11gR2/dbhome_1/network/admin/listener.ora
-ORACLE_TNSNAMES_ORA_FILE=/opt/apps/oracle/product/11gR2/dbhome_1/network/admin/tnsnames.ora
-
-IPV4ADDR_REGEX="^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$"
-IPV6ADDR_REGEX="^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$"
-IPADDR_REGEX="($IPV4ADDR_REGEX)|($IPV6ADDR_REGEX)"
+CA_CERT_TRUST_DIR=/etc/pki/trust/anchors/
 
 ###############################################################################
 
-function default_or_input() {
-    local MSG="$1"
-    local VARIABLE="$2"
-    local DEFAULT="$3"
-    local SILENT="$4"
-
-    local INPUT
-    local CURRENT_VALUE=${!VARIABLE}
-    #in following code is used not so common expansion
-    #var_a=${var_b:-word}
-    #which is like: var_a = $var_b ? word
-    DEFAULT=${CURRENT_VALUE:-$DEFAULT}
-    local VARIABLE_ISSET=$(set | grep "^$VARIABLE=")
-
-    
-    echo -n "$MSG [$DEFAULT]: "
-
-    if [ -z "$VARIABLE_ISSET" ]; then
-        read -r INPUT
-    fi
-    if [ -z "$INPUT" ]; then
-        if [ "$DEFAULT" = "y/N" ] || [ "$DEFAULT" = "Y/n" ]; then
-            INPUT=$(yes_no "$DEFAULT")
-        else
-            INPUT="$DEFAULT"
-        fi
-    fi
-    eval "$(printf "%q=%q" "$VARIABLE" "$INPUT")"
-}
-
-function yes_no() {
-    case "$1" in
-        Y|y|Y/n|n/Y|1)
-            echo 1
-            ;;
-        *)
-            echo 0
-            ;;
-    esac
-}
-
-function echo_usage {
-    echo "Usage:"
-    echo "   $(basename $0) <IP_ADDRESS> [ --ssl-country=<SSL_COUNTRY> --ssl-state=<SSL_STATE> --ssl-city=<SSL_CITY> --ssl-org=<SSL_ORG> --ssl-orgunit=<SSL_ORGUNIT> --ssl-email=<SSL_EMAIL> --ssl-ca-password=<SSL_CA_PASSWORD> --ssl-ca-cert=<PATH> --ssl-server-key=<PATH> --ssl-server-cert=<PATH> --overwrite_report_db_host=[y/n]]"
-    echo "   $(basename $0) { -h | --help }"
-    exit 1
-}
-
 function echo_err {
     echo "$*" >&2
-    echo "$*" >> $LOG
 }
 
 function bye {
@@ -131,7 +44,7 @@ function print_status {
     STATUS="${1#"${1%%[![:space:]]*}"}"
     if [ "$STATUS" == "0" ]
     then
-        echo "OK" | tee -a $LOG
+        echo "OK"
     else
         echo_err "FAILED"
         shift
@@ -140,70 +53,11 @@ function print_status {
     fi
 }
 
-function check_input_ip {
-   IPS=`echo $(/sbin/ip a | awk  'BEGIN {FS=" ";RS="/"}; /inet|inet6 / && ! /127.0.|::1/ {print $NF}')`
-   for ip in $IPS
-   do
-       if [ "$1" == "$ip" ]
-       then
-          return 0
-       fi
-   done
-   return 1
-}
-
 function initial_system_hostname_check {
-    # only reliable hostname is in /proc/sys/kernel/hostname
-    SYSCTL_HOSTNAME=`cat /proc/sys/kernel/hostname`
-    if [ "$HOSTNAME" != "$SYSCTL_HOSTNAME" ]
-    then
-        echo_err "Wrong HOSTNAME variable: \"$HOSTNAME\""
-        return 1
-    fi
-
-    # check hostname command
-    if [ "$HOSTNAME" != "$(hostname)" ]
-    then
-        echo_err "Wrong hostname command output: \"$(hostname)\""
-        return 1
-    fi
-
-    if [ "$(hostname).$(hostname -d)" != "$(hostname -f)" ]
-    then
-        echo_err "Wrong hostname command output: \"$(hostname -f)\""
-        return 1
-    fi
-
-    # set HOSTNAME to long hostname
-    HOSTNAME=`hostname -f`
-    SHORT_HN=`hostname -s`
-
     # check for uppercase chars in hostname
-    if [ "$HOSTNAME" != "$(echo $HOSTNAME | tr '[:upper:]' '[:lower:]')" ]
+    if [ "$UYUNI_HOSTNAME" != "$(echo $UYUNI_HOSTNAME | tr '[:upper:]' '[:lower:]')" ]
     then
-        echo_err "Uppercase characters are not allowed for satellite hostname."
-        return 1
-    fi
-
-    # check /etc/sysconfig/network or /etc/hostname
-    HN_ETC_FILE="/etc/hostname"
-    if [ -f "$HN_ETC_FILE" ]
-    then
-        HN_ETC=`cat $HN_ETC_FILE`
-    elif [ -f /etc/HOSTNAME ]
-    then
-        HN_ETC_FILE="/etc/HOSTNAME"
-        HN_ETC=`cat $HN_ETC_FILE`
-    elif [ -f /etc/sysconfig/network ]
-    then
-        HN_ETC_FILE="/etc/sysconfig/network"
-        HN_ETC=`awk -F= '/HOSTNAME/ {print $2}' $HN_ETC_FILE`
-    fi
-
-    # either short or long hostname would be ok
-    if [ "$SHORT_HN" != "$HN_ETC" -a "$HOSTNAME" != "$HN_ETC" ]
-    then
-        echo_err "Wrong hostname in $HN_ETC_FILE: \"$HN_ETC\""
+        echo_err "Uppercase characters are not allowed for the hostname."
         return 1
     fi
 
@@ -215,402 +69,86 @@ function backup_file {
     then
         cp ${1} ${1}${BACKUP_EXT}
     else
-        echo "Backup of ${1} failed. File not found." >> $LOG
+        echo_err "Backup of ${1} failed. File not found."
     fi
 }
 
 function update_rhn_conf {
-    backup_file ${SAT_LOCAL_RULES_CONF}
-    # store config to satellite-local-rules.conf
-    /usr/bin/rhn-config-satellite.pl \
-       --target=${SAT_LOCAL_RULES_CONF} \
-       --option=javaDOThostname=$HOSTNAME \
-       --option=cobblerDOThost=localhost \
-       >> $LOG 2>&1
-    /usr/bin/rhn-config-satellite.pl \
-        --target=${RHN_CONF_FILE} \
-        --option=java.hostname=$HOSTNAME \
-        --option=cobbler.host=localhost >> $LOG 2>&1
+    sed "s/^cobbler\.host[[:space:]]*=[[:space:]]*.*$/cobbler.host = localhost/" -i /etc/rhn/rhn.conf
+    sed "s/^java\.hostname[[:space:]]*=[[:space:]]*.*$/java.hostname = ${UYUNI_HOSTNAME}/" -i /etc/rhn/rhn.conf
 }
 
-function re-generate_report_db_host {
-  REPORTDBNAME=$(sed  -n '/#/!s/\(report_db_host[[:space:]]*=[[:space:]]*\)\(.*\)/\2/p' $RHN_CONF_FILE)
-  echo "Currently Report DB Host is: $REPORTDBNAME" | tee -a $LOG
-  
-  if [ "$REPORTDBNAME" == "$HOSTNAME" ]; then
-    echo "$REPORTDBNAME is already correct. Nothing to do." | tee -a $LOG
-  fi 
-
-  if [ -z "$OVERWRITE_REPORT_DB_HOST"  ] ; then
-    default_or_input "Do you want to change it to $HOSTNAME ?" CONFIRM "y/N" "N"
-    RET=$(yes_no $CONFIRM)
-  else
-    RET=$(yes_no $OVERWRITE_REPORT_DB_HOST)
-  fi
-  
-  if [ "$RET"  == 1 ]; then
-    echo "Overwrite Report DB Host with hostname: $HOSTNAME"
-    sed -i "/#/!s/\(report_db_host[[:space:]]*=[[:space:]]*\)\(.*\)/\1${HOSTNAME}/" $RHN_CONF_FILE
-  else
-    echo "Report DB Host will remain: $REPORTDBNAME"
-  fi
-}
-
-function re-generate_server_ssl_certificate {
-    # default is to generate new SSL certificate
-
-    if [ -n "$CML_NEW_SSL_CERT_REQUEST" -o -n "$CML_THIRD_PARTY_CERT" ]
-    then
-
-        # is there a need to re-generate SSL certificate?
-        if [ -z "$CML_THIRD_PARTY_CERT" ]
-        then
-            if [ -n "$SUBJECT" ]
-            then
-                SUBJECT_PATTERN='[[:space:]]*Subject: C=\(..*\), ST=\(..*\), O=\(..*\), OU=\(..*\), CN=\(..*\)\/emailAddress=\(..*\)'
-                SSL_COUNTRY_OLD=`echo $SUBJECT | sed "s/$SUBJECT_PATTERN/\1/"`
-                SSL_STATE_OLD=`echo $SUBJECT | sed "s/$SUBJECT_PATTERN/\2/"`
-                SSL_CITY_OLD=`echo $SUBJECT | sed "s/$SUBJECT_PATTERN/\2/"`
-                SSL_ORG_OLD=`echo $SUBJECT | sed "s/$SUBJECT_PATTERN/\3/"`
-                SSL_ORGUNIT_OLD=`echo $SUBJECT | sed "s/$SUBJECT_PATTERN/\4/"`
-                SSL_EMAIL_OLD=`echo $SUBJECT | sed "s/$SUBJECT_PATTERN/\6/"`
-            fi
-
-            echo "Starting generation of new SSL certificate:"
-            # COUNTRY
-            if [ -n "${CML_SSL_COUNTRY+x}" ]
-            then
-                SSL_COUNTRY=${CML_SSL_COUNTRY}
-            else
-                read -e -p " Enter Country [$SSL_COUNTRY_OLD] : "
-                SSL_COUNTRY=${REPLY:-$SSL_COUNTRY_OLD}
-            fi
-            # STATE
-            if [ -n "${CML_SSL_STATE+x}" ]
-            then
-                SSL_STATE=${CML_SSL_STATE}
-            else
-                read -e -p " Enter State [$SSL_STATE_OLD] : "
-                SSL_STATE=${REPLY:-$SSL_STATE_OLD}
-            fi
-            # CITY
-            if [ -n "${CML_SSL_CITY+x}" ]
-            then
-                SSL_CITY=${CML_SSL_CITY}
-            else
-                read -e -p " Enter City [$SSL_CITY_OLD] : "
-                SSL_CITY=${REPLY:-$SSL_CITY_OLD}
-            fi
-            # ORGANIZATION
-            if [ -n "${CML_SSL_ORG+x}" ]
-            then
-                SSL_ORG=${CML_SSL_ORG}
-            else
-                read -e -p " Enter Organization [$SSL_ORG_OLD] : "
-                SSL_ORG=${REPLY:-$SSL_ORG_OLD}
-            fi
-            # ORGANIZATION UNIT
-            if [ -n "${CML_SSL_ORGUNIT+x}" ]
-            then
-                SSL_ORGUNIT=${CML_SSL_ORGUNIT}
-            else
-                # offer hostname as ORG UNIT everytime
-                read -e -p " Enter Organization Unit [$HOSTNAME] : "
-                SSL_ORGUNIT=${REPLY:-$HOSTNAME}
-            fi
-            # EMAIL ADDRESS
-            if [ -n "${CML_SSL_EMAIL+x}" ]
-            then
-                SSL_EMAIL=${CML_SSL_EMAIL}
-            else
-                read -e -p " Enter Email Address [$SSL_EMAIL_OLD] : "
-                SSL_EMAIL=${REPLY:-$SSL_EMAIL_OLD}
-            fi
-            # CA PASSWORD
-            # ask explicitelly (different behaviour on sat and spw)
-            if [ -n "${CML_SSL_CA_PASSWORD+x}" ]
-            then
-                SSL_CA_PASSWORD=${CML_SSL_CA_PASSWORD}
-            else
-                read -e -p " Enter CA password : " -s
-                echo
-                SSL_CA_PASSWORD=${REPLY}
-            fi
-
-            echo " Generating SSL certificates:" | tee -a $LOG
-            GEN_NEW_CA="n"
-            if [ -f $SSL_BUILD_DIR/RHN-ORG-TRUSTED-SSL-CERT ]; then
-                GEN_NEW_CA="y"
-                # We don't have the CA in SSL build dir: generate a new one
-                echo " Generating SSL CA Certificate:" | tee -a $LOG
-                # just log the SSL info ...
-                echo "rhn-ssl-tool --gen-ca --no-rpm --force \
-                    --dir="$SSL_BUILD_DIR" \
-                    --set-country="$SSL_COUNTRY" \
-                    --set-state="$SSL_STATE" \
-                    --set-city="$SSL_CITY" \
-                    --set-org="$SSL_ORG" \
-                    --set-org-unit="$SSL_ORGUNIT" \
-                    --set-common-name="${HOSTNAME}" \
-                " >> $LOG
-                rhn-ssl-tool --gen-ca --no-rpm --force \
-                    --dir="$SSL_BUILD_DIR" \
-                    --set-country="$SSL_COUNTRY" \
-                    --set-state="$SSL_STATE" \
-                    --set-city="$SSL_CITY" \
-                    --set-org="$SSL_ORG" \
-                    --set-org-unit="$SSL_ORGUNIT" \
-                    --set-common-name="${HOSTNAME}" \
-                    --password="$SSL_CA_PASSWORD" \
-                    2>>$LOG
-		CML_SSL_CA_CERT=$SSL_BUILD_DIR/RHN-ORG-TRUSTED-SSL-CERT
-            else
-                echo " No need to generate a new SSL CA Certificate" | tee -a $LOG
-            fi
-            echo "rhn-ssl-tool --gen-server \
-                --dir="$SSL_BUILD_DIR" \
-                --set-country="$SSL_COUNTRY" \
-                --set-state="$SSL_STATE" \
-                --set-city="$SSL_CITY" \
-                --set-org="$SSL_ORG" \
-                --set-org-unit="$SSL_ORGUNIT" \
-                --set-email="$SSL_EMAIL" \
-                --set-hostname="${HOSTNAME}" \
-            " >> $LOG
-            rhn-ssl-tool --gen-server \
-                --dir="$SSL_BUILD_DIR" \
-                --set-country="$SSL_COUNTRY" \
-                --set-state="$SSL_STATE" \
-                --set-city="$SSL_CITY" \
-                --set-org="$SSL_ORG" \
-                --set-org-unit="$SSL_ORGUNIT" \
-                --set-email="$SSL_EMAIL" \
-                --set-hostname="${HOSTNAME}" \
-                --password="$SSL_CA_PASSWORD" \
-                2>>$LOG
-            SERVER_NAME=$(echo "${HOSTNAME}" | perl -e '
-	    my @hostname_parts = split(/\./, <STDIN>);
-            my $system_name;
-            if (scalar @hostname_parts > 2) {
-              $system_name = join(".", splice(@hostname_parts, 0, -2));
-            }
-            else {
-              $system_name = join(".", @hostname_parts);
-            };
-	    printf($system_name."\n");')
-	    CML_SSL_SERVER_KEY=$SSL_BUILD_DIR/$SERVER_NAME/server.key
-	    CML_SSL_SERVER_CERT=$SSL_BUILD_DIR/$SERVER_NAME/server.crt
-        fi
-
-        if [ ! -f $CML_SSL_SERVER_KEY -o ! -f $CML_SSL_SERVER_CERT ];
-        then
-            echo_err "Wrong SSL information provided. Check $LOG for more information." | tee -a $LOG
-            bye
-        fi
-        if [ ! -f $CML_SSL_CA_CERT ];
-	then
-            echo_err "CA Certificate file not found. Check $LOG for more information." | tee -a $LOG
-            bye
-        fi
-        echo -n "Making new SSL certificate publicly available ... " | tee -a $LOG
-	/usr/bin/mgr-ssl-cert-setup \
-                --root-ca-file=$CML_SSL_CA_CERT \
-                --server-cert-file=$CML_SSL_SERVER_CERT \
-                --server-key-file=$CML_SSL_SERVER_KEY
-        print_status $?
-    fi
+function update_server_ssl_certificate {
+    /usr/sbin/update-ca-certificates
+    /usr/bin/rhn-ssl-dbstore --ca-cert /etc/pki/trust/anchors/LOCAL-RHN-ORG-TRUSTED-SSL-CERT
+    /usr/sbin/mgr-package-rpm-certificate-osimage
 }
 
-function refresh_pillar {
-    echo -n "Refreshing Salt minion pillar data, may take a while ... " | tee -a $LOG
-    for ID in `spacecmd -q api system.listSystemsWithEntitlement -- -A "salt_entitled" -F "%(id)s"`
-    do
-        if [ -n "$SIDS" ]
-        then
-            SIDS="$SIDS,$ID"
-        else
-            SIDS="$ID"
-        fi
-    done
-    SKIPPED=`spacecmd -q api system.refreshPillar -- -A "[\\\\\"general\\\\\",[$SIDS]]"`
-    if [ "$SKIPPED" != "[]" ]
-    then
-        echo "Some minions pillar have not been refreshed: $SKIPPED" | tee -a $LOG
-        print_status 1
-    fi
-    print_status 0
-}
 ###############################################################################
 
-echo "[$(date)]: $0 $*" >> $LOG
-
-while [ $# -ge 1 ]; do
-    if [[ "$1" =~ $IPADDR_REGEX ]]; then
-        IP=$1
-        shift
-        continue
-    fi
-
-    case $1 in
-            --help | -h)  echo_usage;;
-
-            --ssl-country=*) CML_SSL_COUNTRY=$(echo $1 | cut -d= -f2-);;
-            --ssl-state=*) CML_SSL_STATE=$(echo $1 | cut -d= -f2-);;
-            --ssl-city=*) CML_SSL_CITY=$(echo $1 | cut -d= -f2-);;
-            --ssl-org=*) CML_SSL_ORG=$(echo $1 | cut -d= -f2-);;
-            --ssl-orgunit=*) CML_SSL_ORGUNIT=$(echo $1 | cut -d= -f2-);;
-            --ssl-email=*) CML_SSL_EMAIL=$(echo $1 | cut -d= -f2-);;
-
-            --ssl-ca-password=*) CML_SSL_CA_PASSWORD=$(echo $1 | cut -d= -f2-);;
-
-            --ssl-ca-cert=*) CML_SSL_CA_CERT=$(echo $1 | cut -d= -f2-);;
-            --ssl-server-cert=*) CML_SSL_SERVER_CERT=$(echo $1 | cut -d= -f2-);;
-            --ssl-server-key=*) CML_SSL_SERVER_KEY=$(echo $1 | cut -d= -f2-);;
-            --overwrite_report_db_host=*) OVERWRITE_REPORT_DB_HOST=$(echo $1 | cut -d= -f2-);;
-            *) echo_err "Error: Invalid option $1"
-               echo_usage;;
-    esac
-    shift
-done
-
-if [ -n "${IP}" ]
-then
-    echo -n "Validating IP ... " | tee -a $LOG
-    check_input_ip $IP
-    print_status $? "IP $IP is not your valid IP address."
-else
-    echo_err "Missing <ip_address> argument."
-    echo_usage
-fi
-
-# if the user has set one of these params,
-# he wants to re-generate SSL certificate
-for ssl_var in ${CML_SSL_COUNTRY} ${CML_SSL_STATE} ${CML_SSL_CITY} ${CML_SSL_ORG} ${CML_SSL_ORGUNIT} ${CML_SSL_EMAIL} ${CML_SSL_CA_PASSWORD}
-do
-    [ -n "${ssl_var}" ] && CML_NEW_SSL_CERT_REQUEST=1
-done
+# This awk command can read a single line yaml value which may optionally be double or single quoted.
+OLD_HOSTNAME=$(awk -F ':' '/redhat_management_server/{sub(/^[[:blank:]]+/,"", $2); gsub(/["'\'']/, "", $2); print $2}' "/etc/cobbler/settings.yaml")
 
-if [ -n "${CML_SSL_CA_CERT}" -a -n "${CML_SSL_SERVER_KEY}" -a -n "${CML_SSL_SERVER_CERT}" ]
+if [ -z "$UYUNI_HOSTNAME" -o "z$UYUNI_HOSTNAME" == "z$OLD_HOSTNAME" ]
 then
-    CML_THIRD_PARTY_CERT=1
-else
-    if [ -n "${CML_SSL_CA_CERT}" -o -n "${CML_SSL_SERVER_CERT}" -o -n "${CML_SSL_SERVER_KEY}" ]
-    then
-        echo_err "Either all or none of --ssl-ca-cert, --ssl-server-key and --ssl-server-cert must be provided"
-        echo_usage
-    fi
-fi
-
-# This awk command can read a single line yaml value which may optionally be double or single quoted.
-COBBLER_CONF="/etc/cobbler/settings.yaml"
-if [ ! -f "$COBBLER_CONF" ]; then
-    COBBLER_CONF="/etc/cobbler/settings"
+    echo_err "Unchanged hostname or unset UYUNI_HOSTNAME"
+    exit 0
 fi
-OLD_HOSTNAME=$(awk -F ':' '/redhat_management_server/{sub(/^[[:blank:]]+/,"", $2); gsub(/["'\'']/, "", $2); print $2}' "$COBBLER_CONF")
 
-echo "=============================================" | tee -a $LOG
-echo "hostname: $HOSTNAME" | tee -a $LOG
-echo "old hostname: $OLD_HOSTNAME"  | tee -a $LOG
-echo "ip: $IP" | tee -a $LOG
-echo "=============================================" | tee -a $LOG
+echo "============================================="
+echo "hostname: $UYUNI_HOSTNAME"
+echo "old hostname: $OLD_HOSTNAME"
+echo "============================================="
 
 initial_system_hostname_check || bye
 
-echo "=============================================" | tee -a $LOG
-echo "hostname: $HOSTNAME" | tee -a $LOG
-echo "=============================================" | tee -a $LOG
-
 backup_file $RHN_CONF_FILE
-re-generate_report_db_host
-
-# stop services
-echo -n "Stopping spacewalk services ... " | tee -a $LOG
-/usr/sbin/spacewalk-service stop >> $LOG 2>&1
-if [ "$DB_SERVICE" != "" ]
-then
-    /sbin/service $DB_SERVICE start >> $LOG 2>&1
-fi
-print_status 0  # just simulate end
-
-echo -n "Testing DB connection ... " | tee -a $LOG
-# for spacewalk only:
-if [ -e "$ORACLE_XE_LISTENER_ORA_FILE" ]
-then
-    sed -i$BACKUP_EXT "s/\(.*(HOST[[:space:]]*=[[:space:]]*\)[^)]*\().*$\)/\1$HOSTNAME\2/" $ORACLE_XE_LISTENER_ORA_FILE
-fi
-if [ -e $ORACLE_XE_TNSNAMES_ORA_FILE ]
-then
-    sed -i$BACKUP_EXT 's/\(.*(HOST[[:space:]]*=[[:space:]]*\)[^)]*\().*$\)/\1$HOSTNAME\2/' $ORACLE_XE_TNSNAMES_ORA_FILE
-    if [ -e /etc/tnsnames.ora ]; then
-        cp $ORACLE_TNSNAMES_ORA_FILE /etc/tnsnames.ora
-    fi
-    if [ -x /etc/init.d/oracle-xe ]; then
-        /sbin/service oracle-xe restart >> $LOG 2>&1
-    fi
-fi
-if [ -e "$ORACLE_LISTENER_ORA_FILE" ]
-then
-    sed -i$BACKUP_EXT "s/\(.*(HOST[[:space:]]*=[[:space:]]*\)[^)]*\().*$\)/\1$HOSTNAME\2/" $ORACLE_LISTENER_ORA_FILE
-fi
-if [ -e $ORACLE_TNSNAMES_ORA_FILE ]
-then
-    sed -i$BACKUP_EXT "s/\(.*(HOST[[:space:]]*=[[:space:]]*\)[^)]*\().*$\)/\1$HOSTNAME\2/" $ORACLE_TNSNAMES_ORA_FILE
-    if [ -e /etc/tnsnames.ora ]; then
-        cp $ORACLE_TNSNAMES_ORA_FILE /etc/tnsnames.ora
-    fi
-    if [ -x /etc/init.d/oracle ]; then
-        /sbin/service oracle restart >> $LOG 2>&1
-    fi
-fi
 
+echo -n "Testing DB connection ... "
 /usr/sbin/spacewalk-startup-helper wait-for-database
-print_status "${?}" "Your database isn't running."
+print_status "${?}" "The database isn't running."
 
-echo -n "Updating /etc/rhn/rhn.conf ... " | tee -a $LOG
+echo -n "Updating /etc/rhn/rhn.conf ... "
 update_rhn_conf
 print_status 0  # just simulate end
 
-re-generate_server_ssl_certificate
+# Make sure the SSL certificate change has been reflected
+update_server_ssl_certificate
 
-echo -n "Regenerating new bootstrap client-config-overrides.txt ... " | tee -a $LOG
+echo -n "Regenerating new bootstrap client-config-overrides.txt ... "
 # it's easier to subst HOSTNAME with sed
 # than to re-generate and keep current configuration
-# rhn-bootstrap >> /dev/null 2>&1
 if [ -e "$BOOTSTRAP_SH" ]
 then
     backup_file ${BOOTSTRAP_SH}
-    sed -i "s/\(HOSTNAME=\).*/\1$HOSTNAME/" ${BOOTSTRAP_SH}
+    sed -i "s/\(HOSTNAME=\).*/\1$UYUNI_HOSTNAME/" ${BOOTSTRAP_SH}
 fi
 if [ -e "$BOOTSTRAP_CCO" ]
 then
     backup_file ${BOOTSTRAP_CCO}
-    sed -i "s/\(serverURL=https\?:\/\/\).*\(\/XMLRPC\)/\1$HOSTNAME\2/" ${BOOTSTRAP_CCO}
+    sed -i "s/\(serverURL=https\?:\/\/\).*\(\/XMLRPC\)/\1$UYUNI_HOSTNAME\2/" ${BOOTSTRAP_CCO}
 fi
 print_status 0  # just simulate end
 
-echo -n "Updating other DB entries ... " | tee -a $LOG
-spacewalk-sql --select-mode - >>$LOG <<EOS
-UPDATE rhntemplatestring SET value='$HOSTNAME' WHERE label='hostname';
+echo -n "Updating other DB entries ... "
+spacewalk-sql --select-mode - <<EOS
+UPDATE rhntemplatestring SET value='$UYUNI_HOSTNAME' WHERE label='hostname';
 COMMIT;
-$DBSHELL_QUIT
+\q
 EOS
 print_status 0  # just simulate end
 
-echo -n "Changing cobbler settings ... " | tee -a $LOG
-APACHE2_CONF_DIR_DEFAULT_CONF=$(awk -F '=' '/httpd_config_dir/{sub(/^[[:blank:]]+/,"", $2); print $2}' /usr/share/rhn/config-defaults/rhn.conf)
-if [ -z "$APACHE2_CONF_DIR_DEFAULT_CONF" ]; then
-  print_status 1 'Apache 2 config directory could not be found. Please add it to "/usr/share/rhn/config-defaults/rhn.conf"!'
-fi
-/usr/bin/spacewalk-setup-cobbler --apache2-config-directory "$APACHE2_CONF_DIR_DEFAULT_CONF" >> $LOG 2>&1
+echo -n "Changing cobbler settings ... "
+/usr/bin/spacewalk-setup-cobbler --apache2-config-directory "/etc/apache2/conf.d" 2>&1
 print_status $?
 
-echo -n "Changing kernel_options ... " | tee -a $LOG
-spacewalk-sql --select-mode - >>$LOG <<EOS
+echo -n "Changing kernel_options ... "
+spacewalk-sql --select-mode - <<EOS
 UPDATE rhnKickstartableTree
-SET kernel_options = REPLACE(kernel_options, '$OLD_HOSTNAME', '$HOSTNAME'),
-    kernel_options_post = REPLACE(kernel_options_post, '$OLD_HOSTNAME', '$HOSTNAME');
+SET kernel_options = REPLACE(kernel_options, '$OLD_HOSTNAME', '$UYUNI_HOSTNAME'),
+    kernel_options_post = REPLACE(kernel_options_post, '$OLD_HOSTNAME', '$UYUNI_HOSTNAME');
 COMMIT;
-$DBSHELL_QUIT
+\q
 EOS
 for COBBLERDIR in /var/lib/cobbler/collections/*
 do
@@ -618,7 +156,7 @@ do
         for FILE in $COBBLERDIR/*
         do
             backup_file $FILE
-            sed -i "s/$OLD_HOSTNAME/$HOSTNAME/g" $FILE
+            sed -i "s/$OLD_HOSTNAME/$UYUNI_HOSTNAME/g" $FILE
         done
     fi
 done
@@ -627,36 +165,22 @@ print_status 0  # just simulate end
 # change /root/.mgr-sync
 if [ -e $MGR_SYNC_CONF ]; then
     backup_file $MGR_SYNC_CONF
-    sed -i "s/^mgrsync.host\s\{0,1\}=\s\{0,1\}.*/mgrsync.host = $HOSTNAME/g" $MGR_SYNC_CONF
+    sed -i "s/^mgrsync.host\s\{0,1\}=\s\{0,1\}.*/mgrsync.host = $UYUNI_HOSTNAME/g" $MGR_SYNC_CONF
     sed -i "s/^mgrsync.session.token\s\{0,1\}=\s\{0,1\}.*/mgrsync.session.token = \"\"/g" $MGR_SYNC_CONF
 fi
 print_status 0  # just simulate end
 
-echo -n "Changing postfix settings ... " | tee -a $LOG
-postconf -e myhostname=$HOSTNAME
-systemctl restart postfix
-
-echo -n "Starting spacewalk services ... " | tee -a $LOG
-if [ "$DB_SERVICE" != "" ]
-then
-/sbin/service $DB_SERVICE stop >> $LOG 2>&1
-fi
-if [ "$DB_SERVICE" == "postgresql" ]
-then
-/sbin/service $DB_SERVICE start >> $LOG 2>&1
-fi
-/usr/sbin/spacewalk-service start >> $LOG 2>&1
-print_status 0  # just simulate end
-
-echo "Performing spacecmd authentication ... "
-if spacecmd -q login; then
-    echo "You must provide valid credentials!"
-    bye
-else
-    echo "OK"
-fi
+# Schedule a pillar refresh of all the minions since they container the repos URLs with the old hostname
+spacewalk-sql --select-mode - <<EOS
+INSERT INTO rhnTaskQueue (id, org_id, task_name, task_data)
+SELECT nextval('rhn_task_queue_id_seq'), id, 'upgrade_satellite_all_systems_pillar_refresh', 0
+FROM web_customer
+WHERE id = 1;
+COMMIT;
+\q
+EOS
 
-# Refresh the minion pillar data since they contain the repos URLs with the old hostname
-refresh_pillar
+echo -n "Changing postfix settings ... "
+postconf -e myhostname=$UYUNI_HOSTNAME
 
-echo "[$(date)]: $(basename $0) finished successfully." >> $LOG
+echo "[$(date)]: $(basename $0) finished successfully."
diff --git a/utils/spacewalk-hostname-rename.sgml b/utils/spacewalk-hostname-rename.sgml
deleted file mode 100644
index c5ff9c3f523b..000000000000
--- a/utils/spacewalk-hostname-rename.sgml
+++ /dev/null
@@ -1,109 +0,0 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V3.1//EN" [
-<!ENTITY SCRIPTCOMMAND "spacewalk-hostname-rename">
-<!ENTITY PRODUCT "Red Hat Satellite or Spacewalk server">
-
-]>
-<RefEntry>
-
-<RefMeta>
-    <RefEntryTitle>&SCRIPTCOMMAND;</RefEntryTitle>
-    <ManVolNum>8</ManVolNum>
-    <RefMiscInfo>Version 0.1</RefMiscInfo>
-</RefMeta>
-
-<RefNameDiv>
-    <RefName><command>&SCRIPTCOMMAND;</command></RefName>
-    <RefPurpose>
-    Reconfigures &PRODUCT; to use a different hostname/ip address.
-    </RefPurpose>
-</RefNameDiv>
-
-<RefSynopsisDiv>
-    <Synopsis>
-        <cmdsynopsis>
-            <command>&SCRIPTCOMMAND;</command>
-            <arg choice='plain'><replaceable>IP_ADDRESS</replaceable></arg>
-            <arg>--ssl-country=<replaceable>SSL_COUNTRY</replaceable></arg>
-            <arg>--ssl-state=<replaceable>SSL_STATE</replaceable></arg>
-            <arg>--ssl-org=<replaceable>SSL_ORG</replaceable></arg>
-            <arg>--ssl-orgunit=<replaceable>SSL_ORGUNIT</replaceable></arg>
-            <arg>--ssl-email=<replaceable>SSL_EMAIL</replaceable></arg>
-            <arg>--ssl-ca-password=<replaceable>SSL_CA_PASSWORD</replaceable></arg>
-        </cmdsynopsis>
-        <cmdsynopsis>
-            <arg>-h</arg> <arg>--help</arg>
-        </cmdsynopsis>
-    </Synopsis>
-</RefSynopsisDiv>
-
-<RefSect1>
-    <Title>Description</Title>
-    <para> After a system hostname or default IP gets changed on a &PRODUCT;, it is necessary to run &SCRIPTCOMMAND; to reconfigure to the new settings. Afterwards it may be necessary to reconfigure RHN Proxies and clients registered to the server.</para>
-    <para>&SCRIPTCOMMAND; takes one mandatory argument - <replaceable>IP_ADDRESS</replaceable> regardless of whether the IP address has changed or not. If there is a need to generate a new SSL certificate, all necessary information will be asked interactively, unless it is specified by the options.
-When the system hostname has not changed, the re-generation of a new SSL server certificate is not necessary. However, if at least one <option>--ssl-*</option> option is specified, certificate generation is forced.</para>
-</RefSect1>
-
-<RefSect1>
-    <Title>Options</Title>
-    <variablelist>
-        <varlistentry>
-            <term><replaceable>IP_ADDRESS</replaceable></term>
-            <listitem>
-                <para>Default IP address used for the &PRODUCT;.  Mandatory even if the IP address has not changed</para>
-            </listitem>
-        </varlistentry>
-        <varlistentry>
-            <term>-h, --help</term>
-            <listitem>
-                <para>Display the help screen with a list of options.</para>
-            </listitem>
-        </varlistentry>
-    </variablelist>
-    <para>Setting one of the following options will force re-generation of the SSL certificate:</para>
-    <variablelist>
-        <varlistentry>
-            <term>--ssl-country=<replaceable>SSL_COUNTRY</replaceable></term>
-            <listitem>
-                <para>Two letter country code to be used in the new SSL certificate.</para>
-            </listitem>
-        </varlistentry>
-        <varlistentry>
-            <term>--ssl-state=<replaceable>SSL_STATE</replaceable></term>
-            <listitem>
-                <para>State to be used in the new SSL certificate.</para>
-            </listitem>
-        </varlistentry>
-        <varlistentry>
-            <term>--ssl-org=<replaceable>SSL_ORG</replaceable></term>
-            <listitem>
-                <para>Organization name to be used in the new SSL certificate.</para>
-            </listitem>
-        </varlistentry>
-        <varlistentry>
-            <term>--ssl-orgunit=<replaceable>SSL_ORGUNIT</replaceable></term>
-            <listitem>
-                <para>Organization unit name to be used in the new SSL certificate.</para>
-            </listitem>
-        </varlistentry>
-        <varlistentry>
-            <term>--ssl-email=<replaceable>SSL_EMAIL</replaceable></term>
-            <listitem>
-                <para>Email to be used in the new SSL certificate.</para>
-            </listitem>
-        </varlistentry>
-        <varlistentry>
-            <term>--ssl-ca-password=<replaceable>SSL_CA_PASSWORD</replaceable></term>
-            <listitem>
-                <para>Password of the SSL CA to sign the new SSL certificate.</para>
-            </listitem>
-        </varlistentry>
-    </variablelist>
-</RefSect1>
-
-<RefSect1>
-    <Title>Authors</Title>
-    <simplelist>
-        <member>Tomáš Leštách<email>tlestach@redhat.com</email></member>
-    </simplelist>
-</RefSect1>
-</RefEntry>
diff --git a/utils/spacewalk-utils.changes.cbosdo.hostname-rename b/utils/spacewalk-utils.changes.cbosdo.hostname-rename
new file mode 100644
index 000000000000..c2f4b2638156
--- /dev/null
+++ b/utils/spacewalk-utils.changes.cbosdo.hostname-rename
@@ -0,0 +1 @@
+- Fix spacewalk-hostname-rename with containers (bsc#1229825)
diff --git a/utils/spacewalk-utils.spec b/utils/spacewalk-utils.spec
index 32237758f2fe..ee59429af38b 100644
--- a/utils/spacewalk-utils.spec
+++ b/utils/spacewalk-utils.spec
@@ -38,9 +38,7 @@ Requires:       bash
 # Required by spacewalk-hostname-rename
 Requires:       cobbler
 # Required by spacewalk-hostname-rename
-Requires:       iproute
-# Required by spacewalk-hostname-rename
-Requires:       perl-Satcon
+Requires:       postfix
 # Required by depsolver.py
 Requires:       python3-solv
 # Required by depsolver.py, cloneByDate.py, spacewalk-common-channels
@@ -53,7 +51,7 @@ Requires:       spacewalk-admin
 Requires:       spacewalk-backend
 # Required by cloneByDate.py
 Requires:       spacewalk-backend-sql
-# Required by cloneByDate.py, depsolver.py
+# Required by cloneByDate.py, depsolver.py, spacewalk-hostname-rename
 Requires:       spacewalk-backend-tools >= 2.2.27
 # Required by spacewalk-hostname-rename
 Requires:       spacewalk-certs-tools
@@ -62,7 +60,7 @@ Requires:       spacewalk-config
 # Required by spacewalk-hostname-rename
 Requires:       spacewalk-setup
 # Required by spacewalk-hostname-rename (provides /usr/bin/spacewalk-sql)
-Requires:       susemanager-schema
+Requires:       susemanager-schema-utility
 # Required by cloneByDate.py, depsolver.py,spacewalk-clone-by-date
 Requires(pre):  uyuni-base-common
 # Required by taskotop
@@ -119,7 +117,6 @@ popd
 %{python3_sitelib}/utils/__pycache__/cloneByDate.*
 %{python3_sitelib}/utils/__pycache__/depsolver.*
 %{_mandir}/man8/spacewalk-clone-by-date.8%{?ext_man}
-%{_mandir}/man8/spacewalk-hostname-rename.8%{?ext_man}
 %{_mandir}/man8/taskotop.8%{?ext_man}