Bug 1482461

Summary: Satellite does not push updated SCAP content on a policy (Satellite 6.2)
Product: Red Hat Satellite Reporter: Lukas Zapletal <lzap>
Component: SCAP PluginAssignee: Ondřej Pražák <oprazak>
Status: CLOSED NEXTRELEASE QA Contact: Sanket Jagtap <sjagtap>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.2.11CC: ahoness, akarimi, bbuckingham, bkearney, dcaplan, egolov, jcallaha, katello-qa-list, ktordeur, mhulan, omaciel, oprazak, pmoravec, pm-sat, rbobek, ryan.kimbrell, sjagtap, sjr, szadok
Target Milestone: UnspecifiedKeywords: FieldEngineering, PrioBumpPM, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1420439 Environment:
Last Closed: 2018-02-08 14:31:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1420439    
Bug Blocks:    
Attachments:
Description Flags
host YAML before
none
host YAML after none

Description Lukas Zapletal 2017-08-17 10:45:30 UTC 
+++ This bug was initially created as a clone of Bug #1420439 +++

Description of problem: Updating SCAP content on an existing Compliance Policy does not result in synchronization of the new SCAP content on subsequent puppet runs. Content hosts continue to run openscap scans using the previous outdated SCAP content.

TRIAGE NOTES: This is request for 6.2 backport, we have both patches ready for backport.

QA NOTES: See #1420439 for more info about how to reproduce.
Comment 4 Ondřej Pražák 2017-08-17 11:57:56 UTC 
Created attachment 1314648 [details]
host YAML before
Comment 5 Ondřej Pražák 2017-08-17 11:58:27 UTC 
Created attachment 1314649 [details]
host YAML after
Comment 6 Satellite Program 2017-08-17 12:06:17 UTC 
Upstream bug assigned to oprazak
Comment 7 Satellite Program 2017-08-17 12:06:23 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/17464 has been resolved.
Comment 8 Ondřej Pražák 2017-08-17 12:11:12 UTC 
UPGRADE NOTES:

After applying the patch, the YAML output for host with a policy should change (classes -> foreman_scap_client -> policies -> download_path), see the attached screenshots.

It is necessary to run puppet on the openscap clients so that config changes are propagated. The patch will not be active until the config is updated on clients.

Steps to apply the patch:

1) apply patches for Satellite server, capsule(s)
2) restart Satellite, capsule(s)
3) run puppet on openscap clients


Steps to verify the patch works:

1) set up a host with openscap, run foreman_scap_client on host
2) update host's policy with a new scap content
3) apply patches, restart Satellite server and capsule(s)
4) check the YAML output for host, download_path should end with a hash as a screenshots suggest
5) run puppet on a host
6) observe changes made to /etc/foreman_scap_client/config.yaml on host. They should correspond to what is in YAML output.
7) run foreman_scap_client, newly generated report should be based on updated scap content
Comment 12 Bryan Kearney 2018-02-08 14:31:43 UTC 
I am closing this out as next release. The fix for this will be available in satellite 6.3. If you are running 6.3 and still seeing this issue, please feel free to re-open and provide additional information.