Overview

Some customers have been facing high memory consumption while scanning the systems and generate massive reports. To prevent this issues, it is required to pass some environment variables to the scanner.

For example, to stop the Openscap scanner to scan unneeded directories which caused large report size, the following environment variable needs to be set.

OSCAP_PROBE_IGNORE_PATHS 

Other environment variable like below may be needed to control memory usage.

OSCAP_PROBE_MEMORY_USAGE_RATIO 

The massive report also causes high memory usage in Foreman-proxy while processing it and eventually reaches the application memory limit . This is because Foreman-proxy extract the report to stdout and store in Ruby memory. The number of size stored in the memory is a few times larger then the file size.

Therefore, it will be great if the foreman scap client plugin allows the Openscap environment variables to somehow  pass to the cron job.

One possible way, is to allow the Openscap environment variables to be set in the config file `/etc/foreman_scap_client/config.yaml`.

The change might need to be done in 2 places.

1. The Foreman scap client Ansible role.
2. and the foreman_scap_client plugin.