Project

General

Profile

Bug #11045

Failed to send SCAP results to the Foreman server

Added by Rodrigo Menezes about 6 years ago. Updated almost 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

foreman-proxy is failing to upload the ARF reports to foreman/katello. This is a CentOS 7 box.

foreman-1.8.2-1.el7.noarch
katello-2.2.1-0.el7.noarch
foreman-proxy-1.8.2-2.el7.noarch
ruby193-rubygem-scaptimony-0.3.1-1.el7.noarch
openscap-1.2.4-1.el7.centos.x86_64
rubygem-smart_proxy_openscap-0.4.1-1.el7.noarch
openscap-scanner-1.2.4-1.el7.centos.x86_64
ruby193-rubygem-openscap-0.4.2-2.el7.noarch
rubygem-foreman_scap_client-0.1.0-1.el7.noarch
ruby193-rubygem-foreman_openscap-0.4.0-1.el7.noarch

/var/log/foreman-proxy/openscap-send.log

D, [2015-07-07T18:00:01.621048 #10548] DEBUG -- : Uploading 93edd34f7ed6b78fb4e340b25674ad4f2ec31fed90f70ccb35153b9dce7a5a23 to /api/v2/compliance/arf_reports/7c4832d5-efa0-4932-85ec-515285c66173/1/2015-07-07
D, [2015-07-07T18:00:01.681574 #10548] DEBUG -- : /usr/share/ruby/openssl/buffering.rb:175:in `sysread_nonblock'
        /usr/share/ruby/openssl/buffering.rb:175:in `read_nonblock'
        /usr/share/ruby/net/protocol.rb:153:in `rbuf_fill'
        /usr/share/ruby/net/protocol.rb:134:in `readuntil'
        /usr/share/ruby/net/protocol.rb:144:in `readline'
        /usr/share/ruby/net/http/response.rb:307:in `read_chunked'
        /usr/share/ruby/net/http/response.rb:276:in `block in read_body_0'
        /usr/share/ruby/net/http/response.rb:269:in `inflater'
        /usr/share/ruby/net/http/response.rb:274:in `read_body_0'
        /usr/share/ruby/net/http/response.rb:201:in `read_body'
        /usr/share/ruby/net/http/response.rb:226:in `body'
        /usr/share/ruby/net/http/response.rb:163:in `reading_body'
        /usr/share/ruby/net/http.rb:1412:in `block in transport_request'
        /usr/share/ruby/net/http.rb:1403:in `catch'
        /usr/share/ruby/net/http.rb:1403:in `transport_request'
        /usr/share/ruby/net/http.rb:1376:in `request'
        /usr/share/ruby/net/http.rb:1369:in `block in request'
        /usr/share/ruby/net/http.rb:852:in `start'
        /usr/share/ruby/net/http.rb:1367:in `request'
        /usr/share/gems/gems/smart_proxy_openscap-0.4.1/lib/smart_proxy_openscap/openscap_lib.rb:206:in `send_request'
        /usr/share/gems/gems/smart_proxy_openscap-0.4.1/lib/smart_proxy_openscap/openscap_lib.rb:173:in `forward_arf_file'
        /usr/share/gems/gems/smart_proxy_openscap-0.4.1/lib/smart_proxy_openscap/openscap_lib.rb:160:in `block in forward_date_dir'
        /usr/share/gems/gems/smart_proxy_openscap-0.4.1/lib/smart_proxy_openscap/openscap_lib.rb:156:in `foreach'
        /usr/share/gems/gems/smart_proxy_openscap-0.4.1/lib/smart_proxy_openscap/openscap_lib.rb:156:in `forward_date_dir'
        /usr/share/gems/gems/smart_proxy_openscap-0.4.1/lib/smart_proxy_openscap/openscap_lib.rb:148:in `block in forward_policy_dir'
        /usr/share/gems/gems/smart_proxy_openscap-0.4.1/lib/smart_proxy_openscap/openscap_lib.rb:145:in `foreach'
        /usr/share/gems/gems/smart_proxy_openscap-0.4.1/lib/smart_proxy_openscap/openscap_lib.rb:145:in `forward_policy_dir'
        /usr/share/gems/gems/smart_proxy_openscap-0.4.1/lib/smart_proxy_openscap/openscap_lib.rb:138:in `block in forward_cname_dir'
        /usr/share/gems/gems/smart_proxy_openscap-0.4.1/lib/smart_proxy_openscap/openscap_lib.rb:135:in `foreach'
        /usr/share/gems/gems/smart_proxy_openscap-0.4.1/lib/smart_proxy_openscap/openscap_lib.rb:135:in `forward_cname_dir'
        /usr/share/gems/gems/smart_proxy_openscap-0.4.1/lib/smart_proxy_openscap/openscap_lib.rb:128:in `block in do'
        /usr/share/gems/gems/smart_proxy_openscap-0.4.1/lib/smart_proxy_openscap/openscap_lib.rb:125:in `foreach'
        /usr/share/gems/gems/smart_proxy_openscap-0.4.1/lib/smart_proxy_openscap/openscap_lib.rb:125:in `do'
        /usr/share/gems/gems/smart_proxy_openscap-0.4.1/lib/smart_proxy_openscap/openscap_lib.rb:77:in `send_spool_to_foreman'
        /usr/bin/smart-proxy-openscap-send:38:in `<main>'
E, [2015-07-07T18:00:01.681658 #10548] ERROR -- : Failed to send SCAP results to the Foreman server: end of file reached

/var/log/foreman/production.log

2015-07-07 18:00:01 [I] Processing by Api::V2::Compliance::ArfReportsController#create as */*
2015-07-07 18:00:01 [I]   Parameters: {"apiv"=>"v2", "cname"=>"7c4832d5-efa0-4932-85ec-515285c66173", "policy_id"=>"1", "date"=>"2015-07-07"}
2015-07-07 18:00:01 [I] Couldn't find Host::Managed with name = 7c4832d5-efa0-4932-85ec-515285c66173 (ActiveRecord::RecordNotFound)
2015-07-07 18:00:01 [I]   Rendered api/v2/errors/not_found.json.rabl within api/v2/layouts/error_layout (0.5ms)
2015-07-07 18:00:01 [I] Completed 404 Not Found in 9ms (Views: 1.2ms | ActiveRecord: 1.2ms)

/etc/foreman/settings.yaml

### File managed with puppet ###
## Module:           'foreman'

:unattended: true
:login: true
:require_ssl: true
:locations_enabled: true
:organizations_enabled: true

# The following values are used for providing default settings during db migrate
:oauth_active: true
:oauth_map_users: false
:oauth_consumer_key: yVzk9qEysR5L7z98TkAyu8gmp43NKaFS
:oauth_consumer_secret: qoNzjuGJYEaeGABfZPHvoprRrYfZKpZi

# Websockets
:websockets_encrypt: on
:websockets_ssl_key: /etc/pki/katello/private/katello-apache.key
:websockets_ssl_cert: /etc/pki/katello/certs/katello-apache.crt

# Log settings for the current environment can be adjusted by adding them
# here. For example, if you want to increase the log level.
:logging:
  :level: debug

# Individual logging types can be toggled on/off here
:loggers:

cat /etc/foreman-proxy/settings.yml

### File managed with puppet ###
## Module:           'foreman_proxy'

:settings_directory: /etc/foreman-proxy/settings.d

# SSL Setup

# if enabled, all communication would be verfied via SSL
# NOTE that both certificates need to be signed by the same CA in order for this to work
# see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information
:ssl_ca_file: /etc/foreman-proxy/ssl_ca.pem
:ssl_certificate: /etc/foreman-proxy/ssl_cert.pem
:ssl_private_key: /etc/foreman-proxy/ssl_key.pem

# the hosts which the proxy accepts connections from
# commenting the following lines would mean every verified SSL connection allowed
:trusted_hosts:
  - puppet100.[Redacted domain]

# Endpoint for reverse communication
:foreman_url: https://puppet100.[Redacted domain]

# SSL settings for client authentication against Foreman. If undefined, the values
# from general SSL options are used instead. Mainly useful when Foreman uses
# different certificates for its web UI and for smart-proxy requests.
:foreman_ssl_ca: /etc/foreman-proxy/foreman_ssl_ca.pem
:foreman_ssl_cert: /etc/foreman-proxy/foreman_ssl_cert.pem
:foreman_ssl_key: /etc/foreman-proxy/foreman_ssl_key.pem

# by default smart_proxy runs in the foreground. To enable running as a daemon, uncomment 'daemon' setting
:daemon: true
# Only used when 'daemon' is set to true.
# Uncomment and modify if you want to change the default pid file '/var/run/foreman-proxy/foreman-proxy.pid'
#:daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid

# host and ports configuration
# Host or IPs to bind on (e.g. *, localhost, 0.0.0.0, ::, 192.168.1.20)
:bind_host: '*'
# http is disabled by default. To enable, uncomment 'http_port' setting
# https is enabled if certificate, CA certificate, and private key are present in locations specifed by
# ssl_certificate, ssl_ca_file, and ssl_private_key correspondingly
# default values for https_port is 8443
:https_port: 9090
:http_port: 8000

# shared options for virsh DNS/DHCP provider
:virsh_network: default

# Where our proxy log files are stored
# filename or STDOUT
:log_file: /var/log/foreman-proxy/proxy.log
# valid options are
# WARN, DEBUG, Error, Fatal, INFO, UNKNOWN
:log_level: DEBUG

/etc/foreman-proxy/settings.d/openscap.yml

:enabled: true

# Log file for the forwarding script.
:openscap_send_log_file: /var/log/foreman-proxy/openscap-send.log

# Directory where OpenSCAP audits are stored
# before they are forwarded to Foreman
:spooldir: /var/spool/foreman-proxy/openscap

/etc/foreman_scap_client/config.yaml

# DO NOT EDIT THIS FILE MANUALLY
# IT IS MANAGED BY PUPPET

# Foreman proxy to which reports should be uploaded
:server: 'puppet100.[Redacted domain]'
:port: 9090

## SSL specific options ##
# Client CA file.
# It could be Puppet CA certificate (e.g., '/var/lib/puppet/ssl/certs/ca.pem')
# Or (recommended for client reporting to Katello) subscription manager CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem')
:ca_file: '/etc/rhsm/ca/katello-server-ca.pem'
# Client host certificate.
# It could be Puppet agent host certificate (e.g., '/var/lib/puppet/ssl/certs/myhost.example.com.pem')
# Or (recommended for client reporting to Katello) consumer certificate (e.g., '/etc/pki/consumer/cert.pem')
:host_certificate: '/etc/pki/consumer/cert.pem'
# Client private key
# It could be Puppet agent private key (e.g., '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem')
# Or (recommended for client reporting to Katello) consumer private key (e.g., '/etc/pki/consumer/cert.pem')
:host_private_key: '/etc/pki/consumer/key.pem'

# policy (key is id as in Foreman)

1:
  :profile: 'xccdf_org.ssgproject.content_profile_rht-ccp'
  :content_path: '/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml'
  # Download path
  # A path to download SCAP content from proxy
  :download_path: '/compliance/policies/1/content'

History

#1 Updated by Rodrigo Menezes about 6 years ago

Looks like this change https://github.com/theforeman/foreman_openscap/pull/96 fixes the above.

#2 Updated by Marek Hulán almost 5 years ago

  • Project changed from OpenSCAP (top-level) to OpenSCAP
  • Triaged set to No

#3 Updated by Ondřej Pražák almost 5 years ago

  • Status changed from New to Resolved

Seems like this is already fixes as pre comment 1, closing.

Also available in: Atom PDF