Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1286928

Summary: Errors found switching from openscap policy causing satellite to hang
Product: Red Hat Satellite Reporter: jnikolak
Component: SCAP PluginAssignee: Shlomi Zadok <szadok>
Status: CLOSED ERRATA QA Contact: Kedar Bidarkar <kbidarka>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.1.4CC: bbuckingham, jnikolak, kbidarka, mklika, ohadlevy, shughes, slukasik, sthirugn, szadok, zmoravec
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-27 09:21:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description jnikolak 2015-12-01 06:21:19 UTC 
The issue was caused by adjusting the openscap policy from:
XCCDF Profile: Example Server Profile

To: SCAP Content: Red Hat rhel6 default content


From the strace, during switching to openscap profiles we can see the following errors.

[pid  4009] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  4009] munmap(0x7efdba67c000, 145896) = 0
[pid  4009] close(16)                   = -1 EBADF (Bad file descriptor)



This also causes the satellite gui to become hung.
During time of issue, it was observed that the passenger limits were reached.

passenger-status
Version : 4.0.18
Date    : Mon Nov 30 17:15:12 -0700 2015
Instance: 14071
----------- General information -----------
Max pool size : 6
Processes     : 6
Requests in top-level queue : 0

----------- Application groups -----------
/usr/share/foreman#default:
  App root: /usr/share/foreman
  Requests in queue: 100
Comment 3 Zbynek Moravec 2015-12-01 09:18:43 UTC 
How do I reproduce it?
Comment 8 Shlomi Zadok 2015-12-21 15:49:14 UTC 
In current implementation, sometime (randomly) arf report arrives corrupted (not in bz2 format).
(See also https://bugzilla.redhat.com/show_bug.cgi?id=1250065)
The problem is that it happens randomly
Comment 13 Kedar Bidarkar 2016-04-04 21:17:05 UTC 
The issue was caused by adjusting the openscap policy from:
XCCDF Profile: Example Server Profile

To: SCAP Content: Red Hat rhel6 default content

-----------------------------------------------------------
Can you please mention what exactly was changed from and to.

Currently From appears to be XCCDF profile  and TO appears to be OSCAP content.
Comment 15 Kedar Bidarkar 2016-04-05 22:18:30 UTC 
I want to know what exactly is being switched here , which is not clear to me.

As per initial bug description, 


FROM --> appears to be "profile" (XCCDF Profile: Example Server Profile)
TO --> appears to be "Content"  (SCAP Content: Red Hat rhel6 default content)


Both ( FROM and TO ) should be referring to "profile" or "content".
Comment 16 Kedar Bidarkar 2016-04-05 22:21:23 UTC 
I Wonder if I am missing something here.
Comment 17 Kedar Bidarkar 2016-04-06 16:36:42 UTC 
Ok, my best guess is, that we are switching the OSCAP profiles here.

Will try switching OSCAP profiles and run 2 seperate reports on the host and then verify this bug.
Comment 18 Kedar Bidarkar 2016-04-12 10:57:14 UTC 
rhel6_policy was created first with,

XCCDF profile: Common Profile for General-Purpose Systems
OSCAP content: default rhel6 content

A scan was run on the host and uploaded to capsule which was visible under the compliance reports.

Afterwards,

XCCDF profile: Example Server Profile
OSCAP content: default rhel6 content

A scan was run on the host and uploaded to capsule which was visible under the compliance reports.

No Errors were found or did the sat6 went in a hung state.

---------------------------------------------------

Logs from /v/l/foreman/production.log

2016-04-12 06:21:28 [app] [I] Started PATCH "/compliance/policies/2" for 10.10.63.50 at 2016-04-12 06:21:28 -0400
2016-04-12 06:21:28 [app] [I] Processing by PoliciesController#update as HTML
2016-04-12 06:21:28 [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"B1qpKe7IUw/zVNOLdjnryiVM4jc3FZlfFqSSkMmVvb8=", "policy"=>{"name"=>"rhel6_policy", "description"=>"", "scap_content_id"=>"3", "scap_content_profile_id"=>"3", "period"=>"weekly", "weekday"=>"tuesday", "day_of_month"=>"1", "cron_line"=>"", "location_ids"=>["2", ""], "organization_ids"=>["1", ""], "hostgroup_ids"=>["", "4", "2"]}, "commit"=>"Submit", "id"=>"2"}
2016-04-12 06:21:29 [app] [I] Redirected to https://katello1.katello-latest.satellite.lab.eng.rdu2.redhat.com/compliance/policies
2016-04-12 06:21:29 [app] [I] Completed 302 Found in 332ms (ActiveRecord: 60.4ms)
2016-04-12 06:21:29 [app] [I] Started GET "/compliance/policies" for 10.10.63.50 at 2016-04-12 06:21:29 -0400
2016-04-12 06:21:29 [app] [I] Processing by PoliciesController#index as HTML
2016-04-12 06:21:29 [app] [I]   Rendered /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_openscap-0.5.3.3/app/views/policies/_list.html.erb (269.8ms)
2016-04-12 06:21:29 [app] [I]   Rendered /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_openscap-0.5.3.3/app/views/policies/index.html.erb within layouts/application (279.3ms)
2016-04-12 06:21:29 [app] [I]   Rendered common/_searchbar.html.erb (13.0ms)
2016-04-12 06:21:29 [app] [I]   Rendered layouts/_application_content.html.erb (16.1ms)
2016-04-12 06:21:29 [app] [I]   Rendered home/_submenu.html.erb (5.8ms)
2016-04-12 06:21:29 [app] [I]   Rendered home/_user_dropdown.html.erb (7.0ms)
2016-04-12 06:21:29 [app] [I] Read fragment views/tabs_and_title_records-3 (0.7ms)
2016-04-12 06:21:29 [app] [I]   Rendered home/_topbar.html.erb (18.5ms)
2016-04-12 06:21:29 [app] [I]   Rendered layouts/base.html.erb (23.7ms)
2016-04-12 06:21:29 [app] [I] Completed 200 OK in 365ms (Views: 198.0ms | ActiveRecord: 133.7ms)




VERIFIED with sat62-snap7.1
Comment 20 errata-xmlrpc 2016-07-27 09:21:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1501