Bug 1598318

Summary: Require SCAP in ovirt-host
Product: [oVirt] ovirt-distribution Reporter: Sandro Bonazzola <sbonazzo>
Component: ovirt-hostAssignee: Sandro Bonazzola <sbonazzo>
Status: CLOSED CURRENTRELEASE QA Contact: Pavol Brilla <pbrilla>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: ---CC: cshao, didi, huzhao, jiaczhan, lsvaty, mperina, pbrilla, qiyuan, sbonazzo, sgoodman, sradco, weiwang, yaniwang, ycui
Target Milestone: ovirt-4.3.0Keywords: FutureFeature
Target Release: 4.3.0Flags: sbonazzo: ovirt-4.3?
rule-engine: planning_ack?
rule-engine: devel_ack+
lsvaty: testing_ack+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-host-4.3.0-0.1.beta, ovirt-release43-4.3.0_rc1 Doc Type: Enhancement
Doc Text:
The openscap, openscap-utils and scap-security-guide packages have been added to RHVH in order to increase security hardening in RHVH deployments.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-02-13 07:44:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sandro Bonazzola 2018-07-05 06:27:25 UTC 
We are requiring SCAP in oVirt Node, we want to make it available on hosts for hardening purpose.
Comment 1 Sandro Bonazzola 2018-08-14 16:15:00 UTC 
Can be tested on master snapshot
Comment 2 Pavol Brilla 2018-08-27 08:24:23 UTC 
# yum deplist ovirt-host | grep scap; yum list ovirt-host openscap* scap-security-guide

  dependency: openscap
   provider: openscap-1.2.17-1.fc28.i686
   provider: openscap-1.2.17-1.fc28.x86_64
  dependency: openscap-utils
   provider: openscap-utils-1.2.17-1.fc28.x86_64
  dependency: scap-security-guide
   provider: scap-security-guide-0.1.40-1.fc28.noarch
  dependency: openscap
   provider: openscap-1.2.17-1.fc28.i686
   provider: openscap-1.2.17-1.fc28.x86_64
  dependency: openscap-utils
   provider: openscap-utils-1.2.17-1.fc28.x86_64
  dependency: scap-security-guide
   provider: scap-security-guide-0.1.40-1.fc28.noarch

Installed Packages
openscap.x86_64                      1.2.17-1.fc28                                        @updates     
openscap-scanner.x86_64              1.2.17-1.fc28                                        @updates     
openscap-utils.x86_64                1.2.17-1.fc28                                        @updates     
ovirt-host.x86_64                    4.3.0-0.0.master.20180705071013.git7d4f97d.fc28      @ovirt-master
scap-security-guide.noarch           0.1.40-1.fc28                                        @updates
Comment 3 Sandro Bonazzola 2018-11-02 14:29:54 UTC 
This bugzilla is included in oVirt 4.2.7 release, published on November 2nd 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.2.7 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.
Comment 4 Sandro Bonazzola 2018-11-02 15:05:19 UTC 
Closed by mistake, moving back to qa -> verified
Comment 5 Sandro Bonazzola 2019-02-13 07:44:57 UTC 
This bugzilla is included in oVirt 4.3.0 release, published on February 4th 2019.

Since the problem described in this bug report should be
resolved in oVirt 4.3.0 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.
Comment 6 Steve Goodman 2019-02-20 15:07:39 UTC 
Hey Pavol, Please review the doc text just to make sure I got it right. I wasn't sure what exactly was meant by "in order to help hardening" in the previous doc text.

OLD: The openscap, openscap-utils and scap-security-guide packages have been added to oVirt Node in order to help hardening the oVirt Node deployments.

NOW: The openscap, openscap-utils and scap-security-guide packages have been added to oVirt Node in order to increase security hardening in oVirt Node deployments.
Comment 7 Steve Goodman 2019-02-24 14:17:21 UTC 
Actually, are we talking about RHVH here? It looks to me like oVirt Node is the upstream version of RHVH. So is this about oVirt Node or RHVH?
Comment 8 Sandro Bonazzola 2019-02-25 07:04:20 UTC 
(In reply to Steve Goodman from comment #7)
> Actually, are we talking about RHVH here? It looks to me like oVirt Node is
> the upstream version of RHVH. So is this about oVirt Node or RHVH?

This applies to both oVirt Node and RHV-H being exactly RHV-H downstream of oVirt Node.
Comment 9 Steve Goodman 2019-02-25 12:15:30 UTC 
Thanks, Sandro. doc_text updated to replace oVirt Node with RHVH. Since this is the release notes for RHV, I don't think it makes sense to mention oVirt Node here.