Project

General

Profile

Actions
Copy link

Bug #15222

open

Smart Proxy fails with obtuse error when spooldir and openscap_send_log_file are not set

Added by Peter Souter almost 8 years ago. Updated over 7 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

When trying to upload a report with `/usr/bin/foreman_scap_client` I get a weird exception:

```
E, [2016-05-22T15:09:42.258114 #12681] ERROR -- : undefined method `join' for #<String:0x007f43643fcb00> (NoMethodError)
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/showexceptions.rb:37:in `rescue in call'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/showexceptions.rb:21:in `call'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:124:in `call'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:1417:in `block in call'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:1499:in `synchronize'
/usr/share/gems/gems/sinatra-1.3.5/lib/sinatra/base.rb:1417:in `call'
/usr/share/gems/gems/rack-1.6.4/lib/rack/urlmap.rb:66:in `block in call'
/usr/share/gems/gems/rack-1.6.4/lib/rack/urlmap.rb:50:in `each'
/usr/share/gems/gems/rack-1.6.4/lib/rack/urlmap.rb:50:in `call'
/usr/share/gems/gems/rack-1.6.4/lib/rack/builder.rb:153:in `call'
/usr/share/gems/gems/rack-1.6.4/lib/rack/handler/webrick.rb:88:in `service'
/usr/share/ruby/webrick/httpserver.rb:138:in `service'
/usr/share/ruby/webrick/httpserver.rb:94:in `run'
/usr/share/ruby/webrick/server.rb:295:in `block in start_thread'
```

This is actually a redherring error from Sinatra (https://github.com/sinatra/sinatra/issues/951), upgrading the smart proxy sinatra to newer gives me the actual error:

```
Proxy::OpenSCAP::StoreFailedError at /compliance/arf/5
Could not fulfill request: undefined local variable or method `dir' for #<Proxy::OpenSCAP::StorageFS:0x00000002ac1b40>
file: storage_fs.rb location: rescue in store line: 59
```

Ok, after some investigation, was missing config settings from `/etc/foreman-proxy/settings.d/openscap.yml`

Adding the following fixes it:
```
:contentdir: /var/lib/openscap/content
:reportsdir: /usr/share/foreman-proxy/openscap/content
```

Would be good to:

1. Catch and throw error when these are not set, as the actual error is pretty hard to see
2. Make sure the foreman-installer actually sets these settings, as it seems to not, and resets them when the installer is run again:

```
[root@foremantesting ~]# cat /etc/foreman-proxy/settings.d/openscap.yml
---
:enabled: https

  1. Log file for the forwarding script.
    :openscap_send_log_file: /var/log/foreman-proxy/openscap-send.log
  1. Directory where OpenSCAP audits are stored
  2. before they are forwarded to Foreman
    :spooldir: /var/spool/foreman-proxy/openscap
  1. Directory where OpenSCAP content XML are stored
  2. So we will not request the XML from Foreman each time
    :contentdir: /var/lib/openscap/content
  3. Directory where OpenSCAP report XML are stored
  4. So Foreman can request arf xml reports
    :reportsdir: /usr/share/foreman-proxy/openscap/content
    [root@foremantesting ~]# foreman-installer --enable-foreman-proxy-plugin-openscap --enable-foreman-plugin-openscap
    Installing Done [100%] [..............................................]
    [...]
    [root@foremantesting ~]# cat /etc/foreman-proxy/settings.d/openscap.yml
    ---
    :enabled: https
  1. Log file for the forwarding script.
    :openscap_send_log_file: /var/log/foreman-proxy/openscap-send.log
  1. Directory where OpenSCAP audits are stored
  2. before they are forwarded to Foreman
    :spooldir: /var/spool/foreman-proxy/openscap
    ```
Actions
Copy link
 #1

Updated by Peter Souter almost 8 years ago

Make sure the foreman-installer actually sets these settings, as it seems to not, and resets them when the installer is run again:

This seems to be fixed in https://github.com/theforeman/puppet-foreman_proxy/pull/222, so that'll be fixed when the installer gets released.

Putting guards in place in the code would appear to be unnecessary because the code defaults to a setting if nothing is set from a cursory glance at the code, but I'm not sure of the foreman internals here.

 default_settings :spooldir => '/var/spool/foreman-proxy/openscap',
                     :openscap_send_log_file => File.join(APP_ROOT, 'logs/openscap-send.log'),
                     :contentdir => File.join(APP_ROOT, 'openscap/content'),
                     :reportsdir => File.join(APP_ROOT, 'openscap/reports'),
                     :failed_dir => File.join(APP_ROOT, 'openscap/failed')
Actions
Copy link
 #2

Updated by Marek Hulán over 7 years ago

  • Project changed from 45 to OpenSCAP
  • Triaged set to No
Actions
Copy link

Also available in: Atom PDF