Description of problem: At the moment there is no (comfortable) way to make use of the SCAP reporting of hosts without the usage of puppet. There should be a different way provided to configure the scap client for foreman Version-Release number of selected component (if applicable): 6.3 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created redmine issue http://projects.theforeman.org/issues/23950 from this bug
Workaround: # On Satellite satellite-installer --enable-foreman-plugin-openscap foreman-rake foreman_openscap:bulk_upload:default # On Clients yum install rubygem-foreman_scap_client openscap-utils scap-security-guide # Configure /etc/foreman_scap_client/config.yaml # Configuring the foreman_scap_client config.yaml :server: sat6.example.com # or capsule.example.com :port: 9090 :ca_file: '/etc/rhsm/ca/katello-server-ca.pem' :host_certificate: '/etc/pki/consumer/cert.pem' :host_private_key: '/etc/pki/consumer/key.pem' # Profile number as stated in Foreman/Satellite 6 1: :profile: pci-dss # profile id as per oscap info /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml :content_path: '/usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml' # Run the client manually to check the functionality foreman_scap_client 1 # Cronjob echo "00 15 * * * /usr/bin/foreman_scap_client 1 /dev/null 2>&1"
Hello, Happy new year ! Thank you for the work arround. The need would be about to allow the apply of an official red hat satellite ansible role. On the other hand, the need is about Red Hat Satellite 6.4 and over/next versions and futur versions. Regards, Aymeric
Upstream bug assigned to oprazak
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/23950 has been resolved.
*** Bug 1625752 has been marked as a duplicate of this bug. ***
Build : Satellite 6.6 snap 11 1. Import the theforeman.foreman_scap_client Ansible role into Satellite 2. Import the Ansible Variables. Configure -> Ansible -> Variable -> Import from capsule where role installed 3. Create a Scap policy, with method as "Ansible", associate with all other options content, profile and hostgroup 4. Create a host, associate the ansible role with host. 5. Host is created, Go to host details -> Play Ansible roles on host 6. REX is used to deploy ansible host The role is run on host and foreman_scap_client is installed and configured Job invocation log: PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* ok: [ansible-scap.domain.zz] TASK [Display all parameters known for the Foreman host] *********************** ok: [ansible-scap.domain.zz] => foreman_params: VARIABLE IS NOT DEFINED! TASK [theforeman.foreman_scap_client : Configure plugins repository] *********** ok: [ansible-scap.domain.zz] TASK [theforeman.foreman_scap_client : Install the foreman_scap_client package] *** changed: [ansible-scap.domain.zz] TASK [theforeman.foreman_scap_client : Get certificate paths] ****************** ok: [ansible-scap.domain.zz] TASK [theforeman.foreman_scap_client : Set facts for rh certs] ***************** ok: [ansible-scap.domain.zz] TASK [theforeman.foreman_scap_client : Create cron in /etc/cron.d/] ************ changed: [ansible-scap.domain.zz] TASK [theforeman.foreman_scap_client : Create config.yaml in /etc/foreman_scap_client] *** changed: [ansible-scap.domain.zz] TASK [theforeman.foreman_scap_client : Ensure cron and config are present] ***** ok: [ansible-scap.domain.zz] => (item=/etc/cron.d/foreman_scap_client_cron) ok: [ansible-scap.domain.zz] => (item=/etc/foreman_scap_client/config.yaml) PLAY RECAP ********************************************************************* ansible-scap.domain.zz : ok=9 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Exit status: 0
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:3172