Plugins » OpenSCAP

Description of problem:

User tried to change the scap custom cron schedule to run on every Friday 5PM but policy has been removed from all the client machines cu had to remap scap policy to all client manually again.

How reproducible:

create a scap policy to run “weekly” and change it to “custom” cron schedule

Steps to Reproduce:
- Go To UI - > Hosts - > Policys
- create scap policy and schedule to run on weekly on any day
- make sure its update on client machines using puppet
- one it successfully reports to satellite
- change it to run on customer cron timing ie 5AM on every Friday
- try to apply it to client
- now observe this will remove policy from client and configuration removal from client when running “puppet agent -tv”

Steps:-
1] On a working scap client

[root@localhost ~]# foreman_scap_client 1
DEBUG: running: oscap xccdf eval --results-arf /tmp/d20170122-3998-8j1cie/results.xml /var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml
DEBUG: running: /usr/bin/bzip2 /tmp/d20170122-3998-8j1cie/results.xml
Uploading results to https://foreman.example.com:9090/compliance/arf/1

2] when changing cron timing to run weekly

[root@localhost ~]# puppet agent -tv
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for localhost
Info: Applying configuration version '1485986663'
Notice: /Stage[main]/Foreman_scap_client/Cron[foreman_scap_client_1]/weekday: weekday changed '2' to '1'
Notice: Finished catalog run in 0.12 seconds

3] scap works fine
[root@localhost ~]# foreman_scap_client 1
DEBUG: running: oscap xccdf eval --results-arf /tmp/d20170122-4181-jgzpd5/results.xml /var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml
DEBUG: running: /usr/bin/bzip2 /tmp/d20170122-4181-jgzpd5/results.xml
Uploading results to https://foreman.example.com:9090/compliance/arf/1

4] when changing cron to run on custom cron schedule ie 5AM on Friday, this removed config file,

[root@localhost ~]# puppet agent tv
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for localhost
Info: Applying configuration version '1485986942'
Notice: /Stage[main]/Foreman_scap_client/File[foreman_scap_client]/content:
-- /etc/foreman_scap_client/config.yaml 2017-01-22 12:59:28.615000000 0000
++ /tmp/puppet-file20170122-4190-1b99goi 2017-01-22 13:14:50.828000000 +0000
@ -21,10 +21,3 @

1. policy (key is id as in Foreman)

1:
:profile: ''
- :content_path: '/var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml'
- # Download path
- # A path to download SCAP content from proxy
- :download_path: '/compliance/policies/1/content'
-

Info: Computing checksum on file /etc/foreman_scap_client/config.yaml
Info: /Stage[main]/Foreman_scap_client/File[foreman_scap_client]: Filebucketed /etc/foreman_scap_client/config.yaml to puppet with sum 02f2b4783b0cb1ee7c4ff319fdcbd47d
Notice: /Stage[main]/Foreman_scap_client/File[foreman_scap_client]/content: content changed '{md5}02f2b4783b0cb1ee7c4ff319fdcbd47d' to '{md5}5648dd905265885ded1b2659f14cca78'
Notice: Finished catalog run in 0.21 seconds

5] Error on scap client,

[root@localhost ~]# foreman_scap_client 1
/usr/share/gems/gems/foreman_scap_client-0.1.2/lib/foreman_scap_client/client.rb:121:in `ensure_scan_file': undefined method `[]' for nil:NilClass (NoMethodError)
from /usr/share/gems/gems/foreman_scap_client-0.1.2/lib/foreman_scap_client/client.rb:14:in `run'
from /usr/share/gems/gems/foreman_scap_client-0.1.2/bin/foreman_scap_client:10:in `<top (required)>'
from /usr/bin/foreman_scap_client:23:in `load'
from /usr/bin/foreman_scap_client:23:in `<main>'

Actual results:

scap policy removed when changing schedule timing for existing scap clients.

Expected results:

once client added under policy even when changing cron schedule need to apply to all associated clients.