Plugins » OpenSCAP

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1349082
Description of problem:

When an old OpenSCAP policy is removed and added a policy to the Host, puppet makes the entry for the new policy on the crontab file but it doesn't remove the entry for the old policy.

Version-Release number of selected component (if applicable):

- Red Hat Satellite 6.1.9

How reproducible:

- Always

Steps to Reproduce:

1. Configure a host and run OpenSCAP on it.

2. Assign a policy and generate the reports for that policy.

3. Remove the previously assigned policy and assign a new policy with different schedule time.

4. Now run the puppet agent to pull the new policy details.

5. "/etc/foreman_scap_client/config.yaml" file is deployed with the changes and crontab file has the entries for the new policy as well as the old policy.

Actual results:

- Old policy entries are not removed from the crontab file.

Expected results:

- Crontab file should have the entries for only the assigned policies.

Additional info:

From the affected client,

---> crontab entry <---

1. crontab -l
2. HEADER: This file was autogenerated at 2016-06-21 21:31:39 -0400 by puppet.
3. HEADER: While it can still be managed manually, it is definitely not recommended.
4. HEADER: Note particularly that the comments starting with 'Puppet Name' should
5. HEADER: not be deleted, as doing so could cause duplicate cron jobs.
6. Puppet Name: foreman_scap_client_1
   0 1 * * 3 /usr/bin/foreman_scap_client 1 ### This policy was removed from the WebUI
7. Puppet Name: foreman_scap_client_2
   0 1 * * 5 /usr/bin/foreman_scap_client 2

---> config.yaml file <---

1. tail /etc/foreman_scap_client/config.yaml

1. policy (key is id as in Foreman)

2:
:profile: 'xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream'
:content_path: '/var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml' # Download path # A path to download SCAP content from proxy
:download_path: '/compliance/policies/2/content'