Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-28085

[Bug] Running OpenSCAP scan on Satellite 6.16 failed as :server: entry not updated by running Ansible Roles

XMLWordPrintable

    • 3
    • False
    • Hide

      None

      Show
      None
    • False
    • 0
    • Moderate
    • None

      Description of problem:

      Deploying policies on hosts by running the Ansible role does not appear as failed when the hosts do not have OpenSCAP capsule assigned, but the subsequent OpenSCAP reports cannot be uploaded from hosts.

      Steps to Reproduce:

      1. Install fresh Red Hat Satellite 6.16 and configure OpenSCAP 
      2. Register a RHEL 9 host and assign "theforeman.foreman_scap_client" ansible role to it. Make sure to not assign an OpenSCAP capsule to the host.
      3. Assign a compliance policy and execute Ansible roles on the host.

      Actual behavior:
      Ansible role completes successfully and creates the '/etc/foreman_scap_client/config.yaml' file on the host.
      The file does not have an entry for the field `:server:`. The host is unable to upload the OpenSCAP report until provided with the OpenSCAP capsule URL in the `:server:` field .

      Expected behavior:
      The Ansible role should fail with an error message saying that an OpenSCAP capsule must be selected for the host/host group.

      Archived description

      Description of problem:

      OpenSCAP scan for a RHEL 9 client system on Red Hat Satellite 6.16 failed with the following error:

      ~~~

      1. /usr/bin/foreman_scap_client ds 1
        DEBUG: running: oscap xccdf eval  --local-files /root   --results-arf /tmp/d20240918-166588-7k847d/results.xml /var/lib/openscap/content/9a2fa9a93d52f9b904df7e3b186ae8984c52c60b3ca2cce1eddc78173f114b40.xml

      DEBUG: running: /usr/bin/env bzip2 /tmp/d20240918-166588-7k847d/results.xml
      Uploading results to https::9090/compliance/arf/1
      Upload failed: Failed to open TCP connection to :9090 (Connection refused - connect(2) for nil port 9090)

      ~~~

      Noticed that a field is blank for the Satellite server entry:

      ~~~
      Uploading results to https::9090/compliance/arf/1

                                                   ^^
      ~~~

      How reproducible:

      100%

      Is this issue a regression from an earlier version:

      Steps to Reproduce:

      1. Install fresh Red Hat Satellite 6.16 and configure OpenSCAP 
      2. Registered one RHEL 9 client system and assigned "theforeman.foreman_scap_client" ansible role to the client system.
      3. Assigned compliance policy and executed Ansible role.
      4. Ansible role successfully created file '/etc/foreman_scap_client/config.yaml'
      5. The file '/etc/foreman_scap_client/config.yaml' does not have an entry for the field :server: .
      6. Tried updating the file '/etc/foreman_scap_client/config.yaml' manually and it worked :

             From blank:

              grep -i ":server:" /etc/foreman_scap_client/config.yaml 
              :server:

             To:

             # grep -i ":server:" /etc/foreman_scap_client/config.yaml 
             :server: satellite.example.com

      Actual behavior:
      OpenSCAP scan fails everytime and never success.

      Expected behavior:
      The field  :server:  in file '/etc/foreman_scap_client/config.yaml' should automatically updated with OpenSCAP configuration and the scan should work successfully.

      Business Impact / Additional info:

       

              Unassigned Unassigned
              rhn-support-mkushwah Mohit Kushwah
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: