Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1195713 - [RFE] Add associating OSCAP policy support to content-host
Summary: [RFE] Add associating OSCAP policy support to content-host
Keywords:
Status: CLOSED DUPLICATE of bug 1266483
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: SCAP Plugin
Version: 6.1.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: Unspecified
Assignee: Ohad Levy
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks: 1047797
TreeView+ depends on / blocked
 
Reported: 2015-02-24 13:10 UTC by Kedar Bidarkar
Modified: 2015-12-03 16:27 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-18 17:14:44 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Kedar Bidarkar 2015-02-24 13:10:32 UTC 
Description of problem:

current oscap workflow: 'openscap policy' configures the 'foreman_scap_client' puppet-module, which in turn configures the oscap_client on the hosts.


Currently looking at the OSCAP functionality via the WebUI it looks like OSCAP policy can only be added to the hosts being provisioned by foreman. 

That is the policy can be assigned to Hosts only by these 2 methods:

a) while creating the policy associate it to Host-group
b) After creating an "Host" associate it via the "select Actions" button on the "All Hosts" page

So what about the Hosts/systems which already exist or not provisioned by foreman? I mean how can we assign policy to these hosts/systems. ?



Some say puppet-module will configure the hosts, but as said above puppet-module itself will be configured by OSCAP policy.



Version-Release number of selected component (if applicable):
sat6.1 beta snap3

How reproducible:


Steps to Reproduce:
1. unable to assign oscap policy to non foreman provisioned hosts.
2.
3.

Actual results:
Should be able to assign oscap policy  to non foreman provisioned hosts.

Expected results:
unable to assign oscap policy to non foreman provisioned hosts.

should be able to assign OSCAP policy to content-hosts.

Additional info:
Comment 1 Kedar Bidarkar 2015-02-24 13:16:21 UTC 
I say content-hosts, meaning to say "all the hosts/systems" associated with satellite6.1
Comment 3 Kedar Bidarkar 2015-02-25 13:29:20 UTC 
To assign OSCAP policy to non-foreman provisioned hosts we need to first register the hosts configured for puppet with satellite6.1.

Only then the hosts will be visible under the "ALL hosts" page and oscap policy can be assigned via the "select Actions" button.
Comment 4 Shlomi Zadok 2015-05-05 07:12:09 UTC 
We currently relay on Puppet to configure foreman_scap_client on the client hosts. This should be a future feature and should not block OpenSCAP on 6.1 GA 
(note: this will happen automatically when single host feature will come to Satellite)
Comment 5 Bryan Kearney 2015-11-18 17:14:44 UTC 

*** This bug has been marked as a duplicate of bug 1266483 ***
Note You need to log in before you can comment on or make changes to this bug.