1482461 – Satellite does not push updated SCAP content on a policy (Satellite 6.2)

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1482461 - Satellite does not push updated SCAP content on a policy (Satellite 6.2)

Summary: Satellite does not push updated SCAP content on a policy (Satellite 6.2)

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	SCAP Plugin
Sub Component:
Version:	6.2.11
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	Unspecified
Assignee:	Ondřej Pražák
QA Contact:	Sanket Jagtap
Docs Contact:
URL:
Whiteboard:
Depends On:	1420439
Blocks:
TreeView+	depends on / blocked

Reported:	2017-08-17 10:45 UTC by Lukas Zapletal
Modified:	2021-09-09 12:31 UTC (History)
CC List:	19 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1420439
Environment:
Last Closed:	2018-02-08 14:31:43 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
host YAML before (60.38 KB, image/png) 2017-08-17 11:57 UTC, Ondřej Pražák	no flags	Details
host YAML after (70.28 KB, image/png) 2017-08-17 11:58 UTC, Ondřej Pražák	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	17464	0	None	None	None	2017-08-17 10:45:29 UTC
Red Hat Knowledge Base (Article)	3420651	0	None	None	None	2018-04-22 21:23:57 UTC

Description Lukas Zapletal 2017-08-17 10:45:30 UTC

+++ This bug was initially created as a clone of Bug #1420439 +++

Description of problem: Updating SCAP content on an existing Compliance Policy does not result in synchronization of the new SCAP content on subsequent puppet runs. Content hosts continue to run openscap scans using the previous outdated SCAP content.

TRIAGE NOTES: This is request for 6.2 backport, we have both patches ready for backport.

QA NOTES: See #1420439 for more info about how to reproduce.

Comment 4 Ondřej Pražák 2017-08-17 11:57:56 UTC

Created attachment 1314648 [details]
host YAML before

Comment 5 Ondřej Pražák 2017-08-17 11:58:27 UTC

Created attachment 1314649 [details]
host YAML after

Comment 6 Satellite Program 2017-08-17 12:06:17 UTC

Upstream bug assigned to oprazak

Comment 7 Satellite Program 2017-08-17 12:06:23 UTC

Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/17464 has been resolved.

Comment 8 Ondřej Pražák 2017-08-17 12:11:12 UTC

UPGRADE NOTES:

After applying the patch, the YAML output for host with a policy should change (classes -> foreman_scap_client -> policies -> download_path), see the attached screenshots.

It is necessary to run puppet on the openscap clients so that config changes are propagated. The patch will not be active until the config is updated on clients.

Steps to apply the patch:

1) apply patches for Satellite server, capsule(s)
2) restart Satellite, capsule(s)
3) run puppet on openscap clients


Steps to verify the patch works:

1) set up a host with openscap, run foreman_scap_client on host
2) update host's policy with a new scap content
3) apply patches, restart Satellite server and capsule(s)
4) check the YAML output for host, download_path should end with a hash as a screenshots suggest
5) run puppet on a host
6) observe changes made to /etc/foreman_scap_client/config.yaml on host. They should correspond to what is in YAML output.
7) run foreman_scap_client, newly generated report should be based on updated scap content

Comment 12 Bryan Kearney 2018-02-08 14:31:43 UTC

I am closing this out as next release. The fix for this will be available in satellite 6.3. If you are running 6.3 and still seeing this issue, please feel free to re-open and provide additional information.

Note You need to log in before you can comment on or make changes to this bug.