| Summary: | Importing of foreman_scap_client puppet class changed for sat62 | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Kedar Bidarkar <kbidarka> |
| Component: | Docs User Guide | Assignee: | Russell Dickenson <rdickens> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Stephen Wadeley <swadeley> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.2.0 | CC: | adahms, inecas, kbidarka, mhulan, ohadlevy, rdickens, szadok |
| Target Milestone: | Unspecified | ||
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-06-16 04:20:46 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Kedar Bidarkar
2016-03-23 11:04:41 UTC
@Kedar, I understand all the introductory information provided with this BZ ticket, so thank you. What I don't understand is just what a user must now do when enabling OpenSCAP. From reading your notes, I thought the steps were to be as follows, but I've tried this and it's failing. 1. On the Satellite Server, "mkdir -p /etc/puppet/environments/production/modules" 2. In the Satellite web UI, navigate to Configure > Environments and create a new environment titled "Production". 3. In the "Actions" column, click on the drop-down item next to "Classes" and select "Import from sat...". When I select "Import from sat..." I get some activity from the web browser, but nothing further happens. Can you provide further guidance? @Kedar, Apologies. I expect the failure I reported in comment 1 is due to the fact that on my test Satellite host I have not installed the following RPMs: * puppet-foreman_scap_client * rubygem-smart_proxy_openscap On the UI, "production" environment already exists, we just need create the directory structure on every capsule being setup. Required on every Capsule : "mkdir -p /etc/puppet/environments/production/modules" 1. On every Capsule Server, "mkdir -p /etc/puppet/environments/production/modules" [ Needed only if no puppet-module associated to CV being used for the Host ] 2. Assign the Org ad Location context to "product environment". 3. Then from the WebUI , "Configure" --> "Classes" --> "Import a Capsule" and select the environment to associate "foreman_scap_client" to "production" puppet environment. 4. Use the "production" puppet environment when creating a "host-group" or "host" and the puppet environment is not auto-suggested or of the type KT_<ENV-ORG> available. Russell, As shlomi mentioned, there is no need for 2 separate Procedure 5.1 and 5.2, we can have just one. ------------------------------------------------------------------------------- From Procedure 5.1, I feel for more clarity the below step 4) should be moved to 5.2.1 (SCAP Content) , something under it's own section called "populating default OSCAP content". 4) Load the Default OpenSCAP content on the Satellite Server. # foreman-rake foreman_openscap:bulk_upload:default ------------------------------------------------------------------------------- Also the below step 5) from Procedure 5.1 should read as below ( Can we please have a separate section/procedure for this? ) 5) Import the puppet-class "foreman_scap_client" into desired Puppet environments. Each host which is to be audited using the OpenSCAP functionality must be associated with a Puppet environment. ------------------------------------------------------------------------------ Also between step 4) and Step 5) for Procedure 5.1, let's introduce the below step. (I believe we need to expand this section a bit more, something like.) Procedure 5.2 Step 4) : Puppet environment is created automatically only for those content-views that contain a puppet-module. So, If there is no existing Puppet environment, create a directory for the production environment, so that puppet-class "foreman_scap_client" can be associated with it. # mkdir -p /etc/puppet/environments/production/modules ------------------------------------------------------------------------------ If we plan to unify both 5.1 and 5.2, let's change it as below: Refresh the Capsule Server so that the added OpenSCAP features are detected. # hammer capsule refresh-features --id <capsule-id> @Russell, I said so because they are two different topics. Just the Step1) is right under, 5.2.1.1 "Loading Default OpenSCAP Content" So a separate section for this would be needed as it does not fall under "Loading Default OpenSCAP content" and is about importing puppet modules. 5.2.1.1 is about "OSCAP content" <new section> will be about "importing OSCAP puppet module" So, Step 2) and Step 3) are related to --: "<new section> will be about 'importing OSCAP puppet module' " I think the puppet-foreman_scap_client is needed just on the proxy side, right @shlomi? Also, do we need to do some extra steps at clients or everything is handled by the puppet module there? puppet-foreman_scap_client is needed on the puppet master (usually coupled with the capsule, right?) The clients are configured on the Satellite side (e.g., when assigning policy to hosts) *** Bug 1334698 has been marked as a duplicate of this bug. *** This content is now live on the Customer Portal. Closing. |