-
Bug
-
Resolution: Done-Errata
-
Normal
-
6.15.0
-
Endeavour
-
1
-
False
-
rubygem-foreman_scap_client-0.5.3
-
Moderate
-
None
-
None
-
None
-
None
-
Yes
Description of problem:
Unable to generate openscap reports on RHEL 7 Satellite Clients
Version-Release number of selected component (if applicable):
rubygem-foreman_scap_client.noarch 0:0.5.2-1.el7sat
How reproducible:
Consistent in my lab, but I believe this is consistent on any RHEL 7 server
Steps to Reproduce:
1. Update to rubygem-foreman_scap_client.noarch 0:0.5.2-1.el7sat
2. Attempt to gather a scap report
3. Capture error
Actual results:
DEBUG: running: oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results-arf /tmp/d20240506-22734-54t72y/results.xml /var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml
/usr/share/gems/gems/foreman_scap_client-0.5.2/lib/foreman_scap_client/base_client.rb:84:in `run_scan': undefined method `scrub' for #<String:0x00000001d1dfe8> (NoMethodError)
from /usr/share/gems/gems/foreman_scap_client-0.5.2/lib/foreman_scap_client/base_client.rb:77:in `scan'
from /usr/share/gems/gems/foreman_scap_client-0.5.2/lib/foreman_scap_client/base_client.rb:50:in `block in run_in_tmpdir'
from /usr/share/ruby/tmpdir.rb:88:in `mktmpdir'
from /usr/share/gems/gems/foreman_scap_client-0.5.2/lib/foreman_scap_client/base_client.rb:48:in `run_in_tmpdir'
from /usr/share/gems/gems/foreman_scap_client-0.5.2/lib/foreman_scap_client/base_client.rb:21:in `run'
from /usr/share/gems/gems/foreman_scap_client-0.5.2/bin/foreman_scap_client:14:in `<top (required)>'
from /usr/bin/foreman_scap_client:23:in `load'
from /usr/bin/foreman_scap_client:23:in `<main>'
Expected results:
DEBUG: running: oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results-arf /tmp/d20240506-23809-15upgj5/results.xml /var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml
WARNING: This content points out to the remote resources. Use `--fetch-remote-resources' option to download them.
WARNING: Skipping https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2 file which is referenced from XCCDF content
DEBUG: running: /usr/bin/env bzip2 /tmp/d20240506-23809-15upgj5/results.xml
Uploading results to https://sat6.example.com:9090/compliance/arf/1
Report uploaded, report id: 11461
Additional info:
Workaround: '# yum downgrade rubygem-foreman_scap_client`
- is cloned by
-
-
- Closed
-
- external trackers
- links to
-
RHBA-2024:140284
Important: Satellite 6.16.0 release
[SAT-24988] rubygem-foreman_scap_client.noarch 0:0.5.2-1.el7sat is not functional due to ruby string.scrub method not available in Ruby 2.0
Verified on Stream 68 using qe automation, https://github.com/SatelliteQE/robottelo/pull/15531
Eric Helms
added a comment - This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there.
Due to differences in account names between systems, some fields were not replicated. Be sure to add yourself to Jira issue's "Watchers" field to continue receiving updates and add others to the "Need Info From" field to continue requesting information.
To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "SAT-" followed by an integer. You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like:
"Bugzilla Bug" = 1234567
In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues@redhat.com. You can also visit https://access.redhat.com/articles/7032570 for general account information.
Eric Helms
added a comment - This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there.
Due to differences in account names between systems, some fields were not replicated. Be sure to add yourself to Jira issue's "Watchers" field to continue receiving updates and add others to the "Need Info From" field to continue requesting information.
To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "SAT-" followed by an integer. You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like:
"Bugzilla Bug" = 1234567
In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues@redhat.com. You can also visit https://access.redhat.com/articles/7032570 for general account information. Here is my complete configuration and output:
[root@client105 ~]# cat /etc/foreman_scap_client/config.yaml
- DO NOT EDIT THIS FILE MANUALLY
- IT IS MANAGED BY ANSIBLE
- ANY MANUAL CHANGES WILL BE LOST ON THE NEXT ANSIBLE EXECUTION
- Foreman proxy to which reports should be uploaded
:server: sat6.example.com
:port: 9090
- Timeout for sending reports to proxy
:timeout: 60
- Should --fetch-remote-resources be added to `oscap xccdf eval` command
:fetch_remote_resources: false
- HTTP proxy server for downloading remote resources
:http_proxy_server:
:http_proxy_port:
-
- SSL specific options ##
- Client CA file.
- It could be any valid certificate that is accepted by foreman-proxy, such as Puppet CA certificate (e.g., '/var/lib/puppet/ssl/certs/ca.pem')
- Or (recommended for client reporting to Katello) subscription manager CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem')
:ca_file: /etc/rhsm/ca/katello-server-ca.pem - Client host certificate.
- It could be Puppet agent host certificate (e.g., '/var/lib/puppet/ssl/certs/myhost.example.com.pem')
- Or (recommended for client reporting to Katello) consumer certificate (e.g., '/etc/pki/consumer/cert.pem')
:host_certificate: /etc/pki/consumer/cert.pem - Client private key
- It could be Puppet agent private key (e.g., '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem')
- Or (recommended for client reporting to Katello) consumer private key (e.g., '/etc/pki/consumer/key.pem')
:host_private_key: /etc/pki/consumer/key.pem
- policy (key is id as in Foreman)
1:
:profile: xccdf_org.ssgproject.content_profile_standard
:content_path: /var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml - Download path
- A path to download SCAP content from proxy
:download_path: /compliance/policies/1/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d
:tailoring_path:
:tailoring_download_path:
- OVAL policies
:oval:
[root@client105 ~]# foreman_scap_client 1
DEBUG: running: oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results-arf /tmp/d20240506-22734-54t72y/results.xml /var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml
/usr/share/gems/gems/foreman_scap_client-0.5.2/lib/foreman_scap_client/base_client.rb:84:in `run_scan': undefined method `scrub' for #<String:0x00000001d1dfe8> (NoMethodError)
from /usr/share/gems/gems/foreman_scap_client-0.5.2/lib/foreman_scap_client/base_client.rb:77:in `scan'
from /usr/share/gems/gems/foreman_scap_client-0.5.2/lib/foreman_scap_client/base_client.rb:50:in `block in run_in_tmpdir'
from /usr/share/ruby/tmpdir.rb:88:in `mktmpdir'
from /usr/share/gems/gems/foreman_scap_client-0.5.2/lib/foreman_scap_client/base_client.rb:48:in `run_in_tmpdir'
from /usr/share/gems/gems/foreman_scap_client-0.5.2/lib/foreman_scap_client/base_client.rb:21:in `run'
from /usr/share/gems/gems/foreman_scap_client-0.5.2/bin/foreman_scap_client:14:in `<top (required)>'
from /usr/bin/foreman_scap_client:23:in `load'
from /usr/bin/foreman_scap_client:23:in `<main>'
[root@client105 ~]# yum downgrade rubygem-foreman_scap_client
Loaded plugins: priorities, product-id, search-disabled-repos, subscription-manager, tracer_upload, versionlock
Default_Organization_EPEL_7_epel-7 | 2.3 kB 00:00:00
rhel-7-server-extras-rpms | 3.4 kB 00:00:00
rhel-7-server-optional-rpms | 3.2 kB 00:00:00
rhel-7-server-rpms | 3.5 kB 00:00:00
rhel-7-server-satellite-client-6-rpms | 3.8 kB 00:00:00
rhel-7-server-supplementary-rpms | 3.4 kB 00:00:00
rhel-server-rhscl-7-rpms | 3.5 kB 00:00:00
93 packages excluded due to repository priority protections
Resolving Dependencies
--> Running transaction check
---> Package rubygem-foreman_scap_client.noarch 0:0.5.1-1.1.el7sat will be a downgrade
---> Package rubygem-foreman_scap_client.noarch 0:0.5.2-1.el7sat will be erased
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================================================================================================================================================================================
Package Arch Version Repository Size
==============================================================================================================================================================================================================================================
Downgrading:
rubygem-foreman_scap_client noarch 0.5.1-1.1.el7sat rhel-7-server-satellite-client-6-rpms 23 k
Transaction Summary
==============================================================================================================================================================================================================================================
Downgrade 1 Package
Total download size: 23 k
Is this ok [y/d/N]: y
Downloading packages:
rubygem-foreman_scap_client-0.5.1-1.1.el7sat.noarch.rpm | 23 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : rubygem-foreman_scap_client-0.5.1-1.1.el7sat.noarch 1/2
Cleanup : rubygem-foreman_scap_client-0.5.2-1.el7sat.noarch 2/2
Loaded plugins: priorities, product-id, subscription-manager, versionlock
Uploading Tracer Profile
Verifying : rubygem-foreman_scap_client-0.5.1-1.1.el7sat.noarch 1/2
Verifying : rubygem-foreman_scap_client-0.5.2-1.el7sat.noarch 2/2
Removed:
rubygem-foreman_scap_client.noarch 0:0.5.2-1.el7sat
Installed:
rubygem-foreman_scap_client.noarch 0:0.5.1-1.1.el7sat
Complete!
[root@client105 ~]# foreman_scap_client 1
DEBUG: running: oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results-arf /tmp/d20240506-23809-15upgj5/results.xml /var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml
WARNING: This content points out to the remote resources. Use `--fetch-remote-resources' option to download them.
WARNING: Skipping https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2 file which is referenced from XCCDF content
DEBUG: running: /usr/bin/env bzip2 /tmp/d20240506-23809-15upgj5/results.xml
Uploading results to https://sat6.example.com:9090/compliance/arf/1
Report uploaded, report id: 11461
[root@client105 ~]#
Jason Dickerson (Inactive)
added a comment - - edited Here is my complete configuration and output:
[root@client105 ~] # cat /etc/foreman_scap_client/config.yaml
DO NOT EDIT THIS FILE MANUALLY
IT IS MANAGED BY ANSIBLE
ANY MANUAL CHANGES WILL BE LOST ON THE NEXT ANSIBLE EXECUTION
Foreman proxy to which reports should be uploaded
:server: sat6.example.com
:port: 9090
Timeout for sending reports to proxy
:timeout: 60
Should --fetch-remote-resources be added to `oscap xccdf eval` command
:fetch_remote_resources: false
HTTP proxy server for downloading remote resources
:http_proxy_server:
:http_proxy_port:
SSL specific options ##
Client CA file.
It could be any valid certificate that is accepted by foreman-proxy, such as Puppet CA certificate (e.g., '/var/lib/puppet/ssl/certs/ca.pem')
Or (recommended for client reporting to Katello) subscription manager CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem')
:ca_file: /etc/rhsm/ca/katello-server-ca.pem
Client host certificate.
It could be Puppet agent host certificate (e.g., '/var/lib/puppet/ssl/certs/myhost.example.com.pem')
Or (recommended for client reporting to Katello) consumer certificate (e.g., '/etc/pki/consumer/cert.pem')
:host_certificate: /etc/pki/consumer/cert.pem
Client private key
It could be Puppet agent private key (e.g., '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem')
Or (recommended for client reporting to Katello) consumer private key (e.g., '/etc/pki/consumer/key.pem')
:host_private_key: /etc/pki/consumer/key.pem
policy (key is id as in Foreman)
1:
:profile: xccdf_org.ssgproject.content_profile_standard
:content_path: /var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml
Download path
A path to download SCAP content from proxy
:download_path: /compliance/policies/1/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d
:tailoring_path:
:tailoring_download_path:
OVAL policies
:oval:
[root@client105 ~] # foreman_scap_client 1
DEBUG: running: oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results-arf /tmp/d20240506-22734-54t72y/results.xml /var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml
/usr/share/gems/gems/foreman_scap_client-0.5.2/lib/foreman_scap_client/base_client.rb:84:in `run_scan': undefined method `scrub' for #<String:0x00000001d1dfe8> (NoMethodError)
from /usr/share/gems/gems/foreman_scap_client-0.5.2/lib/foreman_scap_client/base_client.rb:77:in `scan'
from /usr/share/gems/gems/foreman_scap_client-0.5.2/lib/foreman_scap_client/base_client.rb:50:in `block in run_in_tmpdir'
from /usr/share/ruby/tmpdir.rb:88:in `mktmpdir'
from /usr/share/gems/gems/foreman_scap_client-0.5.2/lib/foreman_scap_client/base_client.rb:48:in `run_in_tmpdir'
from /usr/share/gems/gems/foreman_scap_client-0.5.2/lib/foreman_scap_client/base_client.rb:21:in `run'
from /usr/share/gems/gems/foreman_scap_client-0.5.2/bin/foreman_scap_client:14:in `<top (required)>'
from /usr/bin/foreman_scap_client:23:in `load'
from /usr/bin/foreman_scap_client:23:in `<main>'
[root@client105 ~] # yum downgrade rubygem-foreman_scap_client
Loaded plugins: priorities, product-id, search-disabled-repos, subscription-manager, tracer_upload, versionlock
Default_Organization_EPEL_7_epel-7 | 2.3 kB 00:00:00
rhel-7-server-extras-rpms | 3.4 kB 00:00:00
rhel-7-server-optional-rpms | 3.2 kB 00:00:00
rhel-7-server-rpms | 3.5 kB 00:00:00
rhel-7-server-satellite-client-6-rpms | 3.8 kB 00:00:00
rhel-7-server-supplementary-rpms | 3.4 kB 00:00:00
rhel-server-rhscl-7-rpms | 3.5 kB 00:00:00
93 packages excluded due to repository priority protections
Resolving Dependencies
--> Running transaction check
---> Package rubygem-foreman_scap_client.noarch 0:0.5.1-1.1.el7sat will be a downgrade
---> Package rubygem-foreman_scap_client.noarch 0:0.5.2-1.el7sat will be erased
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================================================================================================================================================================================
Package Arch Version Repository Size
==============================================================================================================================================================================================================================================
Downgrading:
rubygem-foreman_scap_client noarch 0.5.1-1.1.el7sat rhel-7-server-satellite-client-6-rpms 23 k
Transaction Summary
==============================================================================================================================================================================================================================================
Downgrade 1 Package
Total download size: 23 k
Is this ok [y/d/N] : y
Downloading packages:
rubygem-foreman_scap_client-0.5.1-1.1.el7sat.noarch.rpm | 23 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : rubygem-foreman_scap_client-0.5.1-1.1.el7sat.noarch 1/2
Cleanup : rubygem-foreman_scap_client-0.5.2-1.el7sat.noarch 2/2
Loaded plugins: priorities, product-id, subscription-manager, versionlock
Uploading Tracer Profile
Verifying : rubygem-foreman_scap_client-0.5.1-1.1.el7sat.noarch 1/2
Verifying : rubygem-foreman_scap_client-0.5.2-1.el7sat.noarch 2/2
Removed:
rubygem-foreman_scap_client.noarch 0:0.5.2-1.el7sat
Installed:
rubygem-foreman_scap_client.noarch 0:0.5.1-1.1.el7sat
Complete!
[root@client105 ~] # foreman_scap_client 1
DEBUG: running: oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results-arf /tmp/d20240506-23809-15upgj5/results.xml /var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml
WARNING: This content points out to the remote resources. Use `--fetch-remote-resources' option to download them.
WARNING: Skipping https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2 file which is referenced from XCCDF content
DEBUG: running: /usr/bin/env bzip2 /tmp/d20240506-23809-15upgj5/results.xml
Uploading results to https://sat6.example.com:9090/compliance/arf/1
Report uploaded, report id: 11461
[root@client105 ~] # 
Since the problem described in this issue should be resolved in a recent advisory, it has been closed.
For information on the advisory (Critical: Satellite 6.16.0 release), and where to find the updated files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2024:8906