Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1195713 - [RFE] Add associating OSCAP policy support to content-host
Summary: [RFE] Add associating OSCAP policy support to content-host
Keywords:
Status: CLOSED DUPLICATE of bug 1266483
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: SCAP Plugin
Version: 6.1.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: Unspecified
Assignee: Ohad Levy
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks: 1047797
TreeView+ depends on / blocked
 
Reported: 2015-02-24 13:10 UTC by Kedar Bidarkar
Modified: 2015-12-03 16:27 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-18 17:14:44 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Kedar Bidarkar 2015-02-24 13:10:32 UTC
Description of problem:

current oscap workflow: 'openscap policy' configures the 'foreman_scap_client' puppet-module, which in turn configures the oscap_client on the hosts.


Currently looking at the OSCAP functionality via the WebUI it looks like OSCAP policy can only be added to the hosts being provisioned by foreman. 

That is the policy can be assigned to Hosts only by these 2 methods:

a) while creating the policy associate it to Host-group
b) After creating an "Host" associate it via the "select Actions" button on the "All Hosts" page

So what about the Hosts/systems which already exist or not provisioned by foreman? I mean how can we assign policy to these hosts/systems. ?



Some say puppet-module will configure the hosts, but as said above puppet-module itself will be configured by OSCAP policy.



Version-Release number of selected component (if applicable):
sat6.1 beta snap3

How reproducible:


Steps to Reproduce:
1. unable to assign oscap policy to non foreman provisioned hosts.
2.
3.

Actual results:
Should be able to assign oscap policy  to non foreman provisioned hosts.

Expected results:
unable to assign oscap policy to non foreman provisioned hosts.

should be able to assign OSCAP policy to content-hosts.

Additional info:

Comment 1 Kedar Bidarkar 2015-02-24 13:16:21 UTC
I say content-hosts, meaning to say "all the hosts/systems" associated with satellite6.1

Comment 3 Kedar Bidarkar 2015-02-25 13:29:20 UTC
To assign OSCAP policy to non-foreman provisioned hosts we need to first register the hosts configured for puppet with satellite6.1.

Only then the hosts will be visible under the "ALL hosts" page and oscap policy can be assigned via the "select Actions" button.

Comment 4 Shlomi Zadok 2015-05-05 07:12:09 UTC
We currently relay on Puppet to configure foreman_scap_client on the client hosts. This should be a future feature and should not block OpenSCAP on 6.1 GA 
(note: this will happen automatically when single host feature will come to Satellite)

Comment 5 Bryan Kearney 2015-11-18 17:14:44 UTC

*** This bug has been marked as a duplicate of bug 1266483 ***


Note You need to log in before you can comment on or make changes to this bug.