Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
DescriptionGanesh Payelkar
2020-08-05 11:08:08 UTC
Description of problem:
All the policies of OpenScap getting assigned through Ansible to all the clients.
Version-Release number of selected component (if applicable):
satellite-6.8.0-0.7.beta
How reproducible:
New installation of 6.8 Beta
Steps to Reproduce:
1. Create 2 polices RHEL7 and RHEL8
2. WebUI --> Hosts --> Compliance --> Policies --> New Compliance policy -->
RHEL7 / RHEL8
3. Select "SCAP Content" according to your requirement
Both policies have same HostGroup added
Assigned "RHEL7" policy to all RHEL 7 systems and "RHEL8" to RHEL 8 systems, by using All Host --> selected systems --> Select Action --> Assign compliance policy
* Here when I ran "Run All Ansible roles" it added both the policies in all the hosts
Actual results:
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.6 (Maipo)
# cat /etc/cron.d/foreman_scap_client_cron
# DO NOT EDIT THIS FILE MANUALLY
# IT IS MANAGED BY ANSIBLE
# ANY MANUAL CHANGES WILL BE LOST ON THE NEXT ANSIBLE EXECUTION
#
# Executing foreman_scap_client from command line may be useful for debugging purposes.
# foreman_scap_client cron job
0 1 * * 5 root /bin/sleep 482; /usr/bin/foreman_scap_client 1 2>&1 | logger -t foreman_scap_client
0 1 * * 5 root /bin/sleep 2; /usr/bin/foreman_scap_client 2 2>&1 | logger -t foreman_scap_client
=======================================================================
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.1 (Ootpa)
# cat /etc/cron.d/foreman_scap_client_cron
# DO NOT EDIT THIS FILE MANUALLY
# IT IS MANAGED BY ANSIBLE
# ANY MANUAL CHANGES WILL BE LOST ON THE NEXT ANSIBLE EXECUTION
#
# Executing foreman_scap_client from command line may be useful for debugging purposes.
# foreman_scap_client cron job
0 1 * * 5 root /bin/sleep 345; /usr/bin/foreman_scap_client 1 2>&1 | logger -t foreman_scap_client
0 1 * * 5 root /bin/sleep 108; /usr/bin/foreman_scap_client 2 2>&1 | logger -t foreman_scap_client
Expected results:
Policy should be assigned to a client which we selected.
Additional info:
TASK [Apply roles] *************************************************************
TASK [RedHatInsights.insights-client : Install 'insights-client'] **************
ok: [rhel.example.net]
TASK [RedHatInsights.insights-client : Set Insights Configuration Values] ******
ok: [rhel.example.net]
TASK [RedHatInsights.insights-client : Register Insights Client] ***************
ok: [rhel.example.net]
TASK [RedHatInsights.insights-client : Change permissions of Insights Config directory so that Insights System ID can be read] ***
ok: [rhel.example.net]
TASK [RedHatInsights.insights-client : Change permissions of machine_id file so that Insights System ID can be read] ***
ok: [rhel.example.net]
TASK [RedHatInsights.insights-client : Create directory for ansible custom facts] ***
ok: [rhel.example.net]
TASK [RedHatInsights.insights-client : Install custom insights fact] ***********
ok: [rhel.example.net]
TASK [theforeman.foreman_scap_client : Configure plugins repository] ***********
ok: [rhel.example.net]
TASK [theforeman.foreman_scap_client : Install the foreman_scap_client package] ***
ok: [rhel.example.net]
TASK [theforeman.foreman_scap_client : Get certificate paths] ******************
ok: [rhel.example.net]
TASK [theforeman.foreman_scap_client : Set facts for rh certs] *****************
ok: [rhel.example.net]
TASK [theforeman.foreman_scap_client : Create cron in /etc/cron.d/] ************
changed: [rhel.example.net]
TASK [theforeman.foreman_scap_client : Create config.yaml in /etc/foreman_scap_client] ***
ok: [rhel.example.net]
TASK [theforeman.foreman_scap_client : Ensure cron and config are present] *****
ok: [rhel.example.net] => (item=/etc/cron.d/foreman_scap_client_cron)
ok: [rhel.example.net] => (item=/etc/foreman_scap_client/config.yaml)
PLAY RECAP *********************************************************************
rhel.example.net : ok=16 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Exit status: 0
If both policies have the same hostgroup as described in step 3 then all hosts in that hostgroup will inherit both policies. If policies are assigned to hostgroups there is also no need to assign those policies to individual hosts - all hosts in hostgroup will inherit policies from hostgroup.
The desired configuration can be achieved by assigning 'RHEL7 policy' only to 'RHEL7 hostgroup' or to each host with RHEL7 individually, same for RHEL8.
Closing as this is not a bug, feel free to reopen if I misunderstood.
Description of problem: All the policies of OpenScap getting assigned through Ansible to all the clients. Version-Release number of selected component (if applicable): satellite-6.8.0-0.7.beta How reproducible: New installation of 6.8 Beta Steps to Reproduce: 1. Create 2 polices RHEL7 and RHEL8 2. WebUI --> Hosts --> Compliance --> Policies --> New Compliance policy --> RHEL7 / RHEL8 3. Select "SCAP Content" according to your requirement Both policies have same HostGroup added Assigned "RHEL7" policy to all RHEL 7 systems and "RHEL8" to RHEL 8 systems, by using All Host --> selected systems --> Select Action --> Assign compliance policy * Here when I ran "Run All Ansible roles" it added both the policies in all the hosts Actual results: # cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.6 (Maipo) # cat /etc/cron.d/foreman_scap_client_cron # DO NOT EDIT THIS FILE MANUALLY # IT IS MANAGED BY ANSIBLE # ANY MANUAL CHANGES WILL BE LOST ON THE NEXT ANSIBLE EXECUTION # # Executing foreman_scap_client from command line may be useful for debugging purposes. # foreman_scap_client cron job 0 1 * * 5 root /bin/sleep 482; /usr/bin/foreman_scap_client 1 2>&1 | logger -t foreman_scap_client 0 1 * * 5 root /bin/sleep 2; /usr/bin/foreman_scap_client 2 2>&1 | logger -t foreman_scap_client ======================================================================= # cat /etc/redhat-release Red Hat Enterprise Linux release 8.1 (Ootpa) # cat /etc/cron.d/foreman_scap_client_cron # DO NOT EDIT THIS FILE MANUALLY # IT IS MANAGED BY ANSIBLE # ANY MANUAL CHANGES WILL BE LOST ON THE NEXT ANSIBLE EXECUTION # # Executing foreman_scap_client from command line may be useful for debugging purposes. # foreman_scap_client cron job 0 1 * * 5 root /bin/sleep 345; /usr/bin/foreman_scap_client 1 2>&1 | logger -t foreman_scap_client 0 1 * * 5 root /bin/sleep 108; /usr/bin/foreman_scap_client 2 2>&1 | logger -t foreman_scap_client Expected results: Policy should be assigned to a client which we selected. Additional info: TASK [Apply roles] ************************************************************* TASK [RedHatInsights.insights-client : Install 'insights-client'] ************** ok: [rhel.example.net] TASK [RedHatInsights.insights-client : Set Insights Configuration Values] ****** ok: [rhel.example.net] TASK [RedHatInsights.insights-client : Register Insights Client] *************** ok: [rhel.example.net] TASK [RedHatInsights.insights-client : Change permissions of Insights Config directory so that Insights System ID can be read] *** ok: [rhel.example.net] TASK [RedHatInsights.insights-client : Change permissions of machine_id file so that Insights System ID can be read] *** ok: [rhel.example.net] TASK [RedHatInsights.insights-client : Create directory for ansible custom facts] *** ok: [rhel.example.net] TASK [RedHatInsights.insights-client : Install custom insights fact] *********** ok: [rhel.example.net] TASK [theforeman.foreman_scap_client : Configure plugins repository] *********** ok: [rhel.example.net] TASK [theforeman.foreman_scap_client : Install the foreman_scap_client package] *** ok: [rhel.example.net] TASK [theforeman.foreman_scap_client : Get certificate paths] ****************** ok: [rhel.example.net] TASK [theforeman.foreman_scap_client : Set facts for rh certs] ***************** ok: [rhel.example.net] TASK [theforeman.foreman_scap_client : Create cron in /etc/cron.d/] ************ changed: [rhel.example.net] TASK [theforeman.foreman_scap_client : Create config.yaml in /etc/foreman_scap_client] *** ok: [rhel.example.net] TASK [theforeman.foreman_scap_client : Ensure cron and config are present] ***** ok: [rhel.example.net] => (item=/etc/cron.d/foreman_scap_client_cron) ok: [rhel.example.net] => (item=/etc/foreman_scap_client/config.yaml) PLAY RECAP ********************************************************************* rhel.example.net : ok=16 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Exit status: 0