Bug #24472
closed
oscap reports not being created when using LB proxy setup
Description
Description of problem:
oscap reports not showing in UI when using LB proxy setup
How reproducible:
Always
Steps to Reproduce:
1. Setup Foreman and 2 proxies which are load balanced with load-balanced FQDN like `proxy.example.test`
2. Override the oscap puppet classes as shown below:
Go to Configure -> Classes -> foreman_scap_client -> Smart Class Parameter
server -> Default behavior:
check `Override` checkbox
Key type: string
Default value: `proxy.example.test`
port -> Default behavior:
check `Override` checkbox
Key type: integer
Default value: 9090
3. Create a hostgroup without setting values for Puppet Master, Puppet CA, OpenSCAP proxy.
3. Register and configure a client to use oscap with the LB capsule FQDN
4. Manually trigger a oscap report like `foreman_scap_client 1`
Actual results:
oscap reports are not visible in UI
Expected results:
The oscap report should be visible in UI.
Additional info:
1. The oscap reports are working fine when the hostgroup is associated with one of the proxies and the puppet class override is removed.
2. The oscap reports also work when changing the proxy name from a regular capsule FQDN to a load balanced FQDN in /etc/foreman_scap_client/config.yaml after doing the step 1 above.
3. The issue happens only when the puppet classes are override with a LB capsule FQDN and port number and then the client is registered.
The error is gone and the report started showing up when I associated a random proxy by editing the Host -> OpenSCAP Capsule.
So, perhaps for the LB capsules setup:
- The hostgroup (or the host) must be associated to one of the random proxy although the clients don't know about specific smart proxy they are attached to because they register using Load Balanced proxy FQDN.
- foreman_scap_client overridden as shown in the description of this bug.
If I do the above, the puppet class parameters of foreman_scap_client is modified automatically by Foreman as follows:
For server: a new `Specify matcher` item is created in Smart Class Parameter with the following rule:
fqdn = client01.foreman.example.com
value = capsule01.foreman.example.com (random smart proxy specified by me in the Hostgroup)
Due to the above automatically created rule, the LB proxy name which I overrode in the puppet class as mentioned in the bug description is not taken into account.
workaround to get the reports created:
- Register the client with no OpenSCAP proxy specified in Hostgroup.
- Then edit the host to select a random capsule in OpenSCAP proxy dropdown.
Updated by Ondřej Pražák about 6 years ago
- Related to Feature #24504: Include information about proxy when uploading arf report to foreman added
Updated by Ondřej Pražák about 6 years ago
- Related to Feature #24505: Add proxy name and url into scap settings added
Updated by The Foreman Bot about 6 years ago
- Status changed from New to Ready For Testing
- Assignee set to Ondřej Pražák
- Pull request https://github.com/theforeman/foreman_openscap/pull/345 added
Updated by Marek Hulán about 6 years ago
- Subject changed from oscap reports not being created when using LB proxy setup to oscap reports not being created when using LB proxy setup
- Target version set to foreman_openscap 0.10.3
- Fixed in Releases foreman_openscap 0.10.3 added
Updated by Ondřej Pražák about 6 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman_openscap|2c376356dddd3d9bb2fa3f62ef503ffb4cc5d33e.