Project

General

Profile

Actions

Bug #18626

closed

scap cron schedule change is not getting updated to client

Added by Ondřej Pražák over 7 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Target version:
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

Description of problem:

User tried to change the scap custom cron schedule to run on every Friday 5PM but policy has been removed from all the client machines cu had to remap scap policy to all client manually again.

How reproducible:

create a scap policy to run “weekly” and change it to “custom” cron schedule

Steps to Reproduce:
- Go To UI - > Hosts - > Policys
- create scap policy and schedule to run on weekly on any day
- make sure its update on client machines using puppet
- one it successfully reports to satellite
- change it to run on customer cron timing ie 5AM on every Friday
- try to apply it to client
- now observe this will remove policy from client and configuration removal from client when running “puppet agent -tv”

Steps:-
1] On a working scap client

[root@localhost ~]# foreman_scap_client 1
DEBUG: running: oscap xccdf eval --results-arf /tmp/d20170122-3998-8j1cie/results.xml /var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml
DEBUG: running: /usr/bin/bzip2 /tmp/d20170122-3998-8j1cie/results.xml
Uploading results to https://foreman.example.com:9090/compliance/arf/1

2] when changing cron timing to run weekly

[root@localhost ~]# puppet agent -tv
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for localhost
Info: Applying configuration version '1485986663'
Notice: /Stage[main]/Foreman_scap_client/Cron[foreman_scap_client_1]/weekday: weekday changed '2' to '1'
Notice: Finished catalog run in 0.12 seconds

3] scap works fine
[root@localhost ~]# foreman_scap_client 1
DEBUG: running: oscap xccdf eval --results-arf /tmp/d20170122-4181-jgzpd5/results.xml /var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml
DEBUG: running: /usr/bin/bzip2 /tmp/d20170122-4181-jgzpd5/results.xml
Uploading results to https://foreman.example.com:9090/compliance/arf/1

4] when changing cron to run on custom cron schedule ie 5AM on Friday, this removed config file,

[root@localhost ~]# puppet agent tv
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for localhost
Info: Applying configuration version '1485986942'
Notice: /Stage[main]/Foreman_scap_client/File[foreman_scap_client]/content:
--
/etc/foreman_scap_client/config.yaml 2017-01-22 12:59:28.615000000 0000
++ /tmp/puppet-file20170122-4190-1b99goi 2017-01-22 13:14:50.828000000 +0000
@ -21,10 +21,3 @

  1. policy (key is id as in Foreman)

1:
:profile: ''
- :content_path: '/var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml'
- # Download path
- # A path to download SCAP content from proxy
- :download_path: '/compliance/policies/1/content'
-

Info: Computing checksum on file /etc/foreman_scap_client/config.yaml
Info: /Stage[main]/Foreman_scap_client/File[foreman_scap_client]: Filebucketed /etc/foreman_scap_client/config.yaml to puppet with sum 02f2b4783b0cb1ee7c4ff319fdcbd47d
Notice: /Stage[main]/Foreman_scap_client/File[foreman_scap_client]/content: content changed '{md5}02f2b4783b0cb1ee7c4ff319fdcbd47d' to '{md5}5648dd905265885ded1b2659f14cca78'
Notice: Finished catalog run in 0.21 seconds

5] Error on scap client,

[root@localhost ~]# foreman_scap_client 1
/usr/share/gems/gems/foreman_scap_client-0.1.2/lib/foreman_scap_client/client.rb:121:in `ensure_scan_file': undefined method `[]' for nil:NilClass (NoMethodError)
from /usr/share/gems/gems/foreman_scap_client-0.1.2/lib/foreman_scap_client/client.rb:14:in `run'
from /usr/share/gems/gems/foreman_scap_client-0.1.2/bin/foreman_scap_client:10:in `<top (required)>'
from /usr/bin/foreman_scap_client:23:in `load'
from /usr/bin/foreman_scap_client:23:in `<main>'

Actual results:

scap policy removed when changing schedule timing for existing scap clients.

Expected results:

once client added under policy even when changing cron schedule need to apply to all associated clients.

Actions #1

Updated by Ondřej Pražák over 7 years ago

  • Subject changed from scap cron schedule change is not getting updated to client to scap cron schedule change is not getting updated to client
  • Target version set to 115
Actions #2

Updated by Marek Hulán over 7 years ago

This is very likely fixed by #16149

Actions #3

Updated by Marek Hulán over 7 years ago

  • Target version changed from 115 to 1.17.0-RC2
Actions #4

Updated by Marek Hulán over 7 years ago

  • Target version changed from 1.17.0-RC2 to 1.18.0-RC2
Actions #5

Updated by Marek Hulán about 7 years ago

  • Target version changed from 1.18.0-RC2 to 214
Actions #6

Updated by Marek Hulán about 7 years ago

  • Target version changed from 214 to 1.16.0-RC2
Actions #7

Updated by Marek Hulán about 7 years ago

  • Target version changed from 1.16.0-RC2 to 1.16.0-RC1
Actions #8

Updated by Marek Hulán about 7 years ago

  • Target version changed from 1.16.0-RC1 to 1.16.2
Actions #9

Updated by Marek Hulán almost 7 years ago

  • Target version changed from 1.16.2 to 1.16.1
Actions #10

Updated by Marek Hulán almost 7 years ago

  • Status changed from New to Resolved

verified it has been already fixed

Actions

Also available in: Atom PDF