Project

General

Profile

Actions
Copy link

Bug #24472

closed

oscap reports not being created when using LB proxy setup

Added by Ondřej Pražák over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ondřej Pražák
Target version:
foreman_openscap 0.10.3
Difficulty:
Triaged:
No
Bugzilla link:
1609009
Pull request:
https://github.com/theforeman/foreman_openscap/pull/345
Fixed in Releases:
foreman_openscap 0.10.3
Found in Releases:
Red Hat JIRA:

Description

Description of problem:
oscap reports not showing in UI when using LB proxy setup

How reproducible:
Always

Steps to Reproduce:
1. Setup Foreman and 2 proxies which are load balanced with load-balanced FQDN like `proxy.example.test`
2. Override the oscap puppet classes as shown below:
Go to Configure -> Classes -> foreman_scap_client -> Smart Class Parameter

server -> Default behavior:
check `Override` checkbox
Key type: string
Default value: `proxy.example.test`

port -> Default behavior:
check `Override` checkbox
Key type: integer
Default value: 9090
3. Create a hostgroup without setting values for Puppet Master, Puppet CA, OpenSCAP proxy.
3. Register and configure a client to use oscap with the LB capsule FQDN
4. Manually trigger a oscap report like `foreman_scap_client 1`

Actual results:
oscap reports are not visible in UI

Expected results:
The oscap report should be visible in UI.

Additional info:
1. The oscap reports are working fine when the hostgroup is associated with one of the proxies and the puppet class override is removed.
2. The oscap reports also work when changing the proxy name from a regular capsule FQDN to a load balanced FQDN in /etc/foreman_scap_client/config.yaml after doing the step 1 above.
3. The issue happens only when the puppet classes are override with a LB capsule FQDN and port number and then the client is registered.

The error is gone and the report started showing up when I associated a random proxy by editing the Host -> OpenSCAP Capsule.

So, perhaps for the LB capsules setup:
- The hostgroup (or the host) must be associated to one of the random proxy although the clients don't know about specific smart proxy they are attached to because they register using Load Balanced proxy FQDN.
- foreman_scap_client overridden as shown in the description of this bug.

If I do the above, the puppet class parameters of foreman_scap_client is modified automatically by Foreman as follows:

For server: a new `Specify matcher` item is created in Smart Class Parameter with the following rule:
fqdn = client01.foreman.example.com
value = capsule01.foreman.example.com (random smart proxy specified by me in the Hostgroup)

Due to the above automatically created rule, the LB proxy name which I overrode in the puppet class as mentioned in the bug description is not taken into account.

workaround to get the reports created:
- Register the client with no OpenSCAP proxy specified in Hostgroup.
- Then edit the host to select a random capsule in OpenSCAP proxy dropdown.

Related issues 2 (0 open2 closed)

Related to OpenSCAP - Feature #24504: Include information about proxy when uploading arf report to foremanClosedOndřej PražákActions
Related to Installer - Feature #24505: Add proxy name and url into scap settingsClosedOndřej PražákActions
Actions
Copy link

Also available in: Atom PDF