Bug #25763
open
Removing a content host should purge away SCAP config from the host
Description
Description of problem:
Assume a Content Host with some OpenSCAP policy applied. That config (what policy to check against) is puppet based. Removing the policy means puppet will remove the config from the system, such that it wont further report any compliance to Foreman. So far so good.
Unregistering a Content Host (from the host side) or removing the Content Host (from Katello side) currently makes no change to the SCAP config on the client. Which means, the system - after its removal from Katello - is still reporting to Foreman. Such reports are denied with 404 Host unknown error, causing the reports are buffered in foreman-proxy spool for re-send (they sit there forever). This behaviour is unwanted and redundant.
It should be possible to decommision a system and remove the policies, purge the config on a system and do a cleanup in Foreman.
How reproducible:
100%
Steps to Reproduce:
1. Assign some OpenSCAP policy to a Content Host
2. Wait for some OpenSCAP reports from the Content Host
3. Unregister the Content Host by either way (sub-man unregister or via Katello). Let the system running.
4. Monitor if the system will send some more SCAP reports.
Actual results:
SCAP reports are still being sent.
Expected results:
None or at most one SCAP report is sent from the system.
Updated by Ondřej Pražák over 5 years ago
- Subject changed from Removing a content host should purge away SCAP config from the host to Removing a content host should purge away SCAP config from the host
- Status changed from New to Needs design
Updated by Ondřej Pražák over 5 years ago
- Related to Feature #25671: Allow openscap plugin to be uninstalled added