Bug 1196240
Summary: | [RFE] Improve providing oscap content to hosts | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Kedar Bidarkar <kbidarka> |
Component: | Other | Assignee: | Shlomi Zadok <szadok> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Kedar Bidarkar <kbidarka> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.1.0 | CC: | bbuckingham, bkearney, cwelton, mmccune, slukasik, sthirugn, szadok |
Target Milestone: | Unspecified | Keywords: | FutureFeature, Triaged |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-08-12 16:03:24 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1231933, 1232194 | ||
Bug Blocks: | 1047797 |
Description
Kedar Bidarkar
2015-02-25 14:42:32 UTC
First thought was to add this directly to the provisioning template, but mmccune suggested that not everyone may want to enable SCAP by default. My recommendation is to add it to a snippet, then, or something, with an associated docs note. In the forthcoming SCAP documentation, something like, "Note: SCAP is not enabled by default on newly provisioned systems. To add this functionality, enable snippet $foobar in your provisioning template(s)" Or deploy it via puppet? *** Bug 1207304 has been marked as a duplicate of this bug. *** [root@rhel66d ~]# foreman_scap_client 1 File /var/lib/openscap/content/6298742afc45309f86ac467c0c9a3e433ff505dd3d237dd8cbf72be1a02937bb.xml is missing. Downloading it from proxy Download scap content xml from: https://xyz.redhat.com:9090/compliance/policies/1/content DEBUG: running: oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_usgcb-rhel6-server --results-arf /tmp/d20150611-1732-1jqcoek/results.xml /var/lib/openscap/content/6298742afc45309f86ac467c0c9a3e433ff505dd3d237dd8cbf72be1a02937bb.xml DEBUG: running: /usr/bin/bzip2 /tmp/d20150611-1732-1jqcoek/results.xml Uploading results to https://xyz.redhat.com:9090/compliance/arf/1 As we can see running "foreman_scap_client <policy_id>" fetches the scap content xml file from proxy. VERIFIED With sat61-GA-SNAP8 Currently fails for sat61-GA-snap8-compose2 for rhel6. I will be reopening this bug. *** Bug 1231933 has been marked as a duplicate of this bug. *** should show oscap content on rhel6 automatically like it does show when installed on rhel7. Not sure why this is re-opened - If there is SCAP content (any SCAP content) it will be delivered (provided) to the client hosts, which is the scope of this issue. As for RHEL6 default SCAP content, let's handle it with https://bugzilla.redhat.com/show_bug.cgi?id=1231933 ? if we want to move this back to VERIFIED and re-open https://bugzilla.redhat.com/show_bug.cgi?id=1231933 , that is fine with me. I'll move this back to ON_QA and Kedar, feel free to move back to verified and re-open 1231933 Will moved this to VERIFIED state when all issues related to it are solved. VERIFIED With sat6.1.1-snap13-c1 Now there is no need to manually provide contents to the clients, the clients can automatically pull in the relevant ds-stream.xml using the API from the capsule/smart-proxy. This bug was fixed in Satellite 6.1.1 which was delivered on 12 August, 2015. |