Bug 1195713

Summary: [RFE] Add associating OSCAP policy support to content-host
Product: Red Hat Satellite Reporter: Kedar Bidarkar <kbidarka>
Component: SCAP PluginAssignee: Ohad Levy <ohadlevy>
Status: CLOSED DUPLICATE QA Contact: Katello QA List <katello-qa-list>
Severity: high Docs Contact:
Priority: high    
Version: 6.1.0CC: ahumbe, bbuckingham, bkearney, riehecky, slukasik, szadok
Target Milestone: UnspecifiedKeywords: FutureFeature
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-18 17:14:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1047797    

Description Kedar Bidarkar 2015-02-24 13:10:32 UTC 
Description of problem:

current oscap workflow: 'openscap policy' configures the 'foreman_scap_client' puppet-module, which in turn configures the oscap_client on the hosts.


Currently looking at the OSCAP functionality via the WebUI it looks like OSCAP policy can only be added to the hosts being provisioned by foreman. 

That is the policy can be assigned to Hosts only by these 2 methods:

a) while creating the policy associate it to Host-group
b) After creating an "Host" associate it via the "select Actions" button on the "All Hosts" page

So what about the Hosts/systems which already exist or not provisioned by foreman? I mean how can we assign policy to these hosts/systems. ?



Some say puppet-module will configure the hosts, but as said above puppet-module itself will be configured by OSCAP policy.



Version-Release number of selected component (if applicable):
sat6.1 beta snap3

How reproducible:


Steps to Reproduce:
1. unable to assign oscap policy to non foreman provisioned hosts.
2.
3.

Actual results:
Should be able to assign oscap policy  to non foreman provisioned hosts.

Expected results:
unable to assign oscap policy to non foreman provisioned hosts.

should be able to assign OSCAP policy to content-hosts.

Additional info:
Comment 1 Kedar Bidarkar 2015-02-24 13:16:21 UTC 
I say content-hosts, meaning to say "all the hosts/systems" associated with satellite6.1
Comment 3 Kedar Bidarkar 2015-02-25 13:29:20 UTC 
To assign OSCAP policy to non-foreman provisioned hosts we need to first register the hosts configured for puppet with satellite6.1.

Only then the hosts will be visible under the "ALL hosts" page and oscap policy can be assigned via the "select Actions" button.
Comment 4 Shlomi Zadok 2015-05-05 07:12:09 UTC 
We currently relay on Puppet to configure foreman_scap_client on the client hosts. This should be a future feature and should not block OpenSCAP on 6.1 GA 
(note: this will happen automatically when single host feature will come to Satellite)
Comment 5 Bryan Kearney 2015-11-18 17:14:44 UTC 

*** This bug has been marked as a duplicate of bug 1266483 ***