1619555 – [regression] Could not generate SCAP report for host

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1619555 - [regression] Could not generate SCAP report for host

Summary: [regression] Could not generate SCAP report for host

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	SCAP Plugin
Sub Component:
Version:	6.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	6.4.0
Assignee:	Ondřej Pražák
QA Contact:	Jameer Pathan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-08-21 07:54 UTC by Jameer Pathan
Modified:	2023-09-07 19:18 UTC (History)
CC List:	6 users (show)
Fixed In Version:	tfm-rubygem-foreman_openscap-0.10.3-1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-10-16 19:05:16 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	24719	0	Normal	Closed	Overrides for policies, port and host params are not created	2021-02-16 08:13:12 UTC

Description Jameer Pathan 2018-08-21 07:54:45 UTC

Description of problem:
while trying to generate SCAP report for client puppet agent errors with 
# puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman_scap_client]:
  expects a value for parameter 'server'
  expects a value for parameter 'port' on node essie-briston.<domain>

Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run


Version-Release number of selected component (if applicable):
@satellite 6.4.0 snap 18


How reproducible:
always

Steps to Reproduce:
1.provision a client with foreman_scap_client
2.Run command " # puppet agent -t " on client

Actual results:
No error in production.log and puppet agent -t shows

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman_scap_client]:
  expects a value for parameter 'server'
  expects a value for parameter 'port' on node essie-briston.<domain>

Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

Expected results:

Reports should generate

Additional info:

no config file generated for policies under /etc/foreman_scap_client/config.yaml

Comment 3 Sanket Jagtap 2018-08-21 08:19:31 UTC

Issue looks to be with Foreman_scap_client parameters are not overridden.

Workaround:
Go to Foreman_scap_client Puppet class, In Smart class parameter tab
Click Override for server and port Parameter

Comment 4 Nikhil Kathole 2018-08-21 08:21:32 UTC

/var/log/puppetlabs/puppetserver/puppetserver.log

2018-08-21 04:17:19,107 ERROR [qtp797168426-5886] [puppetserver] Puppet Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman_scap_client]:
  expects a value for parameter 'server'
  expects a value for parameter 'port' on node 
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/types/type_mismatch_describer.rb:539:in `validate_parameters'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/types/type_mismatch_describer.rb:499:in `validate_parameters'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/type.rb:377:in `validate_resource_hash'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/type.rb:335:in `set_resource_parameters'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/type.rb:123:in `evaluate_code'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/resource.rb:79:in `evaluate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:58:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:51:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/resource.rb:71:in `evaluate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:540:in `evaluate_definitions'
org/jruby/RubyArray.java:1613:in `each'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:538:in `evaluate_definitions'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:58:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:51:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:537:in `evaluate_definitions'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/errors.rb:115:in `exceptwrap'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:536:in `evaluate_definitions'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:569:in `evaluate_generators'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:58:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:51:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:566:in `evaluate_generators'
org/jruby/RubyKernel.java:1479:in `loop'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:563:in `evaluate_generators'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:179:in `compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:58:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:51:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:179:in `compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:260:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:155:in `compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:35:in `compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/catalog/compiler.rb:305:in `compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:58:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:51:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/catalog/compiler.rb:303:in `compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:232:in `benchmark'
/opt/puppetlabs/server/apps/puppetserver/jruby-1_7.jar!/META-INF/jruby.home/lib/ruby/1.9/benchmark.rb:295:in `realtime'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:231:in `benchmark'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/catalog/compiler.rb:301:in `compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/catalog/compiler.rb:54:in `find'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/indirection.rb:198:in `find'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/api/indirected_routes.rb:121:in `do_find'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/api/indirected_routes.rb:48:in `call'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:260:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/api/indirected_routes.rb:47:in `call'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/route.rb:82:in `process'
org/jruby/RubyArray.java:1613:in `each'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/route.rb:81:in `process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/route.rb:87:in `process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/route.rb:87:in `process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/handler.rb:64:in `process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:58:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:51:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/handler.rb:62:in `process'
file:/opt/puppetlabs/server/apps/puppetserver/puppet-server-release.jar!/puppetserver-lib/puppet/server/master.rb:42:in `handleRequest'
Puppet$$Server$$Master_2016912472.gen:13:in `handleRequest'
request_handler_core.clj:273:in `invoke'
jruby_request.clj:48:in `invoke'
jruby_request.clj:33:in `invoke'
request_handler_service.clj:47:in `handle_request'
request_handler.clj:3:in `invoke'
request_handler.clj:3:in `invoke'
core.clj:2515:in `invoke'
ring_middleware.clj:284:in `invoke'
core.clj:168:in `invoke'
core.clj:211:in `invoke'
core.clj:45:in `invoke'
core.clj:357:in `invoke'
core.clj:51:in `invoke'
ringutils.clj:83:in `invoke'
master_core.clj:738:in `invoke'
ring.cljc:25:in `invoke'
ring.cljc:16:in `invoke'
comidi.clj:245:in `invoke'
http.clj:152:in `invoke'
http.clj:152:in `invoke'
http.clj:148:in `invoke'
comidi.clj:332:in `invoke'
jetty9_core.clj:433:in `invoke'
normalized_uri_helpers.clj:74:in `invoke'

Comment 6 Ondřej Pražák 2018-08-22 09:05:37 UTC

Have you created a policy? The proper overrides for parameters get created together with the first policy for some reason. If you do not have a policy, could you try to create one? I was able to reproduce and fix with the following steps:

1) On a clean Sat6 installation, import the foreman_scap_client puppet class
2) assign it to host
3) run puppet, observe the error
4) import the scap contents, create policy
5) run puppet, error is gone

Comment 7 Sanket Jagtap 2018-08-23 12:03:25 UTC

Yes, policy is created.

The workflow that I followed was, 

Workflow 1, Managed Host provisioned on RHV

1. On clean sat6, import foreman_scap_client to production
2. Create a Policy
3. Create a hostgroup, assign policy and foreman_scap_client to it
4. Provision a Host with the same host group
5. Navigate to host, Click Yaml dump

classes:
  foreman_scap_client:
    policies:
    - id: 1
      profile_id: xccdf_org.ssgproject.content_profile_common
      content_path: "/var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml"
      tailoring_path: ''
      download_path: "/compliance/policies/1/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d"
      tailoring_download_path: ''
      minute: '0'
      hour: '1'
      monthday: "*"
      month: "*"
      weekday: '2'
environment: production

No, Port and Server parameter.

Workflow 2:
1. Register a Content Host
2. Install/ Configure puppet onto it.
3. Edit the host, Add the foreman_scap_client to puppet class of the host submit the host.
4. Assign the Compliance policy from bulk actions (All hosts page)
5. Navigate to host, Click Yaml dump
No port and server parameter in dump, error on the box when running puppet agent -t

Comment 9 Ondřej Pražák 2018-08-23 14:36:57 UTC

Clearly reproducible with the latest snap, the cause is that the 'policies', 'port' and 'server' are not marked to use override.

Workaround is to go into the details of foreman_scap_client Puppet class once it is created and in the 'Smart Class Parameter' set manually that they should use the override.

I'll need to search for what has changed, this worked flawlessly last week.

Comment 10 Ondřej Pražák 2018-08-27 08:05:33 UTC

Created redmine issue http://projects.theforeman.org/issues/24719 from this bug

Comment 11 Satellite Program 2018-08-27 10:05:30 UTC

Upstream bug assigned to oprazak

Comment 12 Satellite Program 2018-08-27 10:05:33 UTC

Upstream bug assigned to oprazak

Comment 13 Jameer Pathan 2018-09-14 11:36:08 UTC

Verified

@satellite 6.4.0 snap 21

steps:
Workflow 1, Managed Host provisioned on internal Libvirt

1. On clean sat6, import foreman_scap_client to production
2. Create a Policy
3. Create a hostgroup, assign policy and foreman_scap_client to it
4. Provision a Host with the same host group
5. Run command " #puppet agent -t " on that host
6. run "#foreman_scap_client" on host to generate/download reports

Workflow 2:
1. Register a Content Host
2. Install/ Configure puppet onto it.
3. Edit the host, Add the foreman_scap_client to puppet class of the host submit the host.
4. Assign the Compliance policy from bulk actions (All hosts page)
5. Run command " #puppet agent -t " on that host
6. sign the certificate on satellite
7. run "#foreman_scap_client" on host to generate/download reports

observation:
Reports generated

Comment 14 Bryan Kearney 2018-10-16 19:05:16 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2927

Note You need to log in before you can comment on or make changes to this bug.