Bug 1411785
Summary: | OPENSCAP scan is not correctly working | ||||||
---|---|---|---|---|---|---|---|
Product: | [Community] Spacewalk | Reporter: | Stepan Rogov <stepan.rogov> | ||||
Component: | Server | Assignee: | Michael Mráka <mmraka> | ||||
Status: | CLOSED EOL | QA Contact: | Red Hat Satellite QA List <satqe-list> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 2.6 | CC: | matonb, risantam | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2019-10-21 13:26:13 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
I'm experiencing the same problem Command: /usr/bin/oscap xccdf eval Command-line Arguments: --profile common Path to XCCDF document: /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml new row for relation "rhnxccdfident" violates check constraint "vn_rhnxccdfident_identifier" DETAIL: Failing row contains (4, 2, ). I see the same constraint violation with various combinations of Command-line Arguments: --profile common Command-line Arguments: --profile server Path to XCCDF document: /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml Path to XCCDF document: /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml Spacewalk Client/Server 2.6 OS CentOS 7.3 OpenScap RPM's openscap-scanner-1.2.10-2.el7.x86_64 openscap-1.2.10-2.el7.x86_64 spacewalk-oscap-2.6.1-1.el7.noarch scap-security-guide-0.1.30-3.el7.centos.0.3.noarch Tested against a CentOS 6 server, result as expected report returned to Spacewalk. @Stepan Rogov The latest SCAP security guide works with EL7 and Spacewalk 2.6: https://copr-be.cloud.fedoraproject.org/results/openscapmaint/openscap-latest/epel-7-x86_64/00482175-scap-security-guide/ An official release would be nice though. (In reply to Brett Maton from comment #4) > @Stepan Rogov > > The latest SCAP security guide works with EL7 and Spacewalk 2.6: > > https://copr-be.cloud.fedoraproject.org/results/openscapmaint/openscap- > latest/epel-7-x86_64/00482175-scap-security-guide/ > > An official release would be nice though. Works for me too. Thank you Brett! Spacewalk 2.8 (and older) has already reached it's End Of Life. Thank you for reporting this issue and we are sorry that we were not able to fix it before end of life. If you would still like to see this bug fixed and are able to reproduce it against current version of Spacewalk 2.9, you are encouraged change the 'version' and re-open it. |
Created attachment 1239108 [details] Full trace Description of problem: When I try to scedule OPENSCAP scan , the next error has been accured: xception Handler Information Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/spacewalk/server/apacheRequest.py", line 135, in call_function response = func(*params) File "/usr/share/rhn/server/handlers/xmlrpc/queue.py", line 509, in submit action_type=action_type) File "/usr/share/rhn/server/handlers/xmlrpc/queue.py", line 554, in process_extra_data result = method(self.server_id, action_id, data=data) File "/usr/lib/python2.7/site-packages/spacewalk/server/action_extra_data/scap.py", line 47, in xccdf_eval profiles[0], data['errors']) File "/usr/lib/python2.7/site-packages/spacewalk/server/action_extra_data/scap.py", line 70, in _process_testresult if not _process_ruleresults(testresult_id, tr): File "/usr/lib/python2.7/site-packages/spacewalk/server/action_extra_data/scap.py", line 94, in _process_ruleresults _store_idents(inserts) File "/usr/lib/python2.7/site-packages/spacewalk/server/action_extra_data/scap.py", line 116, in _store_idents rowcount = h.execute_bulk(data) File "/usr/lib/python2.7/site-packages/spacewalk/server/rhnSQL/sql_base.py", line 185, in execute_bulk ret = ret + self.executemany(**subdict) File "/usr/lib/python2.7/site-packages/spacewalk/server/rhnSQL/sql_base.py", line 160, in executemany return self._execute_wrapper(self._executemany, *p, **kw) File "/usr/lib/python2.7/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", line 296, in _execute_wrapper retval = function(*p, **kw) File "/usr/lib/python2.7/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", line 341, in _executemany self._real_cursor.executemany(self.sql, all_kwargs) IntegrityError: new row for relation "rhnxccdfident" violates check constraint "vn_rhnxccdfident_identifier" DETAIL: Failing row contains (7, 2, ). CONTEXT: Error occurred on dblink connection named "at_conn": could not execute command. SQL statement "SELECT dblink_exec('at_conn', in_sql, true)" PL/pgSQL function pg_dblink_exec(character varying) line 8 at PERFORM SQL statement "SELECT pg_dblink_exec( 'insert into rhnXccdfIdent (id, identsystem_id, identifier) values (' || xccdf_ident_id || ', ' || ident_sys_id || ', ' || coalesce(quote_literal( identifier_in)) || ')')" PL/pgSQL function lookup_xccdf_ident(character varying,character varying) line 31 at PERFORM Version-Release number of selected component (if applicable): client: # rpm -qa |grep scap openscap-scanner-1.2.10-2.el7.x86_64 scap-security-guide-0.1.30-3.el7.centos.0.3.noarch perl-Pod-Escapes-1.04-291.el7.noarch openscap-1.2.10-2.el7.x86_64 spacewalk-oscap-2.6.1-1.el7.noarch openscap-utils-1.2.10-2.el7.x86_64 scap-workbench-1.1.2-1.el7.x86_64 server: # rpm -qa |grep spacewalk spacewalk-taskomatic-2.6.48-1.el7.noarch spacewalk-schema-2.6.16-1.el7.noarch spacewalk-postgresql-2.6.1-1.el7.noarch spacewalk-utils-2.6.16-1.el7.noarch spacewalk-backend-sql-postgresql-2.6.74-1.el7.noarch spacewalk-backend-config-files-tool-2.6.74-1.el7.noarch spacewalk-repo-2.6-0.el7.noarch spacewalk-backend-libs-2.6.74-1.el7.noarch spacewalk-search-2.6.1-1.el7.noarch spacewalk-html-2.6.6-1.el7.noarch spacewalk-setup-2.6.2-1.el7.noarch spacewalk-admin-2.6.1-1.el7.noarch spacewalk-selinux-2.3.2-1.el7.noarch spacewalk-backend-2.6.74-1.el7.noarch spacewalk-backend-config-files-common-2.6.74-1.el7.noarch spacewalk-backend-iss-export-2.6.74-1.el7.noarch spacewalk-backend-applet-2.6.74-1.el7.noarch spacewalk-doc-indexes-2.5.2-1.el7.noarch spacewalk-setup-jabberd-2.3.2-1.el7.noarch spacewalk-certs-tools-2.5.3-1.el7.noarch spacewalk-base-2.6.6-1.el7.noarch spacewalk-base-minimal-config-2.6.6-1.el7.noarch spacewalk-backend-server-2.6.74-1.el7.noarch spacewalk-backend-app-2.6.74-1.el7.noarch spacewalk-backend-iss-2.6.74-1.el7.noarch spacewalk-setup-postgresql-2.6.2-1.el7.noarch spacewalk-config-2.6.5-1.el7.noarch spacewalk-branding-2.5.3-1.el7.noarch rhn-org-httpd-ssl-key-pair-spacewalk.hosts-1.0-1.noarch spacewalk-java-2.6.48-1.el7.noarch spacewalk-backend-tools-2.6.74-1.el7.noarch spacewalk-common-2.6.1-1.el7.noarch spacewalk-base-minimal-2.6.6-1.el7.noarch spacewalk-reports-2.6.3-1.el7.noarch spacewalk-backend-sql-2.6.74-1.el7.noarch spacewalk-backend-xmlrpc-2.6.74-1.el7.noarch spacewalk-backend-config-files-2.6.74-1.el7.noarch spacewalk-java-lib-2.6.48-1.el7.noarch spacewalk-java-config-2.6.48-1.el7.noarch spacewalk-jpp-workaround-2.3.5-1.el7.noarch spacewalk-java-postgresql-2.6.48-1.el7.noarch spacewalk-backend-xml-export-libs-2.6.74-1.el7.noarch spacewalk-backend-package-push-server-2.6.74-1.el7.noarch spacewalk-backend-usix-2.6.74-1.el7.noarch How reproducible: Scedule New XCCDF Scan for a host and run rhn_check on a client. Path to XCCDF document: /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml Parameters: --fetch-remote-resources --profile ospp-rhel7-server Actual results: Traceback Expected results: Scan info in the UI Additional info: