Bug 2029830

Summary: [RFE] Hosted engine should accept OpenSCAP profile name instead of bool
Product: Red Hat Enterprise Virtualization Manager Reporter: Ales Musil <amusil>
Component: ovirt-hosted-engine-setupAssignee: Asaf Rachmani <arachman>
Status: CLOSED ERRATA QA Contact: Petr Kubica <pkubica>
Severity: high Docs Contact:
Priority: high    
Version: 4.5.0CC: cnagarka, emarcus, lleistne, lsurette, mperina
Target Milestone: ovirt-4.5.0Keywords: FutureFeature, ZStream
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-hosted-engine-setup-2.6.1-1 ovirt-ansible-collection-2.0.0-0.6.BETA.el8 Doc Type: Enhancement
Doc Text:
With this release, the self-hosted engine installation supports selecting either DISA STIG or PCI-DSS security profiles for the self-hosted engine VM.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-26 17:22:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2015802, 2030226, 2030596    

Description Ales Musil 2021-12-07 12:04:55 UTC 
Description of problem:
Currently the OpenSCAP profile is activated by 
OVEHOSTED_VM/applyOpenScapProfile=bool:True. This does not allow
to specify which profile will be used. 

It would be beneficial if the profile variable accepted profile name e.g. xccdf_org.ssgproject.content_profile_stig.
Comment 1 Martin Perina 2021-12-08 08:30:29 UTC 
We should also be able to support PCI-DSS security profile: xccdf_org.ssgproject.content_profile_pci-dss
Comment 4 Sandro Bonazzola 2022-03-25 06:33:47 UTC 
*** Bug 2068318 has been marked as a duplicate of this bug. ***
Comment 5 Petr Kubica 2022-05-05 13:55:54 UTC 
Verified in
ovirt-ansible-collection-2.0.3-1.el8ev.noarch
ovirt-hosted-engine-setup-2.6.3-1.el8ev.noarch

Deploy questions were changed and now it is possible to choose from two profiles:

          Do you want to apply an OpenSCAP security profile? (Yes, No) [No]: yes
          Please provide the security profile you would like to use (stig, pci-dss) [stig]: stig
Comment 12 errata-xmlrpc 2022-05-26 17:22:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: RHV RHEL Host (ovirt-host) [ovirt-4.5.0] security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:4764