1195713 – [RFE] Add associating OSCAP policy support to content-host

Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.

Bug 1195713 - [RFE] Add associating OSCAP policy support to content-host

Summary: [RFE] Add associating OSCAP policy support to content-host

Keywords:
Status:	CLOSED DUPLICATE of bug 1266483
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	SCAP Plugin
Sub Component:
Version:	6.1.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	Unspecified
Assignee:	Ohad Levy
QA Contact:	Katello QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1047797
TreeView+	depends on / blocked

Reported:	2015-02-24 13:10 UTC by Kedar Bidarkar
Modified:	2015-12-03 16:27 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-11-18 17:14:44 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Kedar Bidarkar 2015-02-24 13:10:32 UTC

Description of problem:

current oscap workflow: 'openscap policy' configures the 'foreman_scap_client' puppet-module, which in turn configures the oscap_client on the hosts.


Currently looking at the OSCAP functionality via the WebUI it looks like OSCAP policy can only be added to the hosts being provisioned by foreman. 

That is the policy can be assigned to Hosts only by these 2 methods:

a) while creating the policy associate it to Host-group
b) After creating an "Host" associate it via the "select Actions" button on the "All Hosts" page

So what about the Hosts/systems which already exist or not provisioned by foreman? I mean how can we assign policy to these hosts/systems. ?



Some say puppet-module will configure the hosts, but as said above puppet-module itself will be configured by OSCAP policy.



Version-Release number of selected component (if applicable):
sat6.1 beta snap3

How reproducible:


Steps to Reproduce:
1. unable to assign oscap policy to non foreman provisioned hosts.
2.
3.

Actual results:
Should be able to assign oscap policy  to non foreman provisioned hosts.

Expected results:
unable to assign oscap policy to non foreman provisioned hosts.

should be able to assign OSCAP policy to content-hosts.

Additional info:

Comment 1 Kedar Bidarkar 2015-02-24 13:16:21 UTC

I say content-hosts, meaning to say "all the hosts/systems" associated with satellite6.1

Comment 3 Kedar Bidarkar 2015-02-25 13:29:20 UTC

To assign OSCAP policy to non-foreman provisioned hosts we need to first register the hosts configured for puppet with satellite6.1.

Only then the hosts will be visible under the "ALL hosts" page and oscap policy can be assigned via the "select Actions" button.

Comment 4 Shlomi Zadok 2015-05-05 07:12:09 UTC

We currently relay on Puppet to configure foreman_scap_client on the client hosts. This should be a future feature and should not block OpenSCAP on 6.1 GA 
(note: this will happen automatically when single host feature will come to Satellite)

Comment 5 Bryan Kearney 2015-11-18 17:14:44 UTC


*** This bug has been marked as a duplicate of bug 1266483 ***

Note You need to log in before you can comment on or make changes to this bug.