Bug #29475
closed
Replace script for gathering facts fom subscription-manager with python implemntation in ansible-foreman_scap_client
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1814988
Description of problem:
After applying the Ansible Role for the DISA Stig for RHEL of OpenScap 0.1.48 (https://github.com/ComplianceAsCode/content/releases/download/v0.1.48/scap-security-guide-0.1.48.zip) to the client system locally when 'theforeman.foreman_scap_client' role is applied from Foreman server getting the following error:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TASK [theforeman.foreman_scap_client : Set facts for rh certs] *********
fatal: [test.example.com]: FAILED! =>
msg: |-
the field 'args' has an invalid value ({u'rh_consumer_private_key_path': u"{{ (rh_certs.stdout | from_json).get('rh_consumer_private_key_path') }}", u'rh_consumer_cert_path': u"{{ (rh_certs.stdout | from_json).get('rh_consumer_cert_path') }}", u'rh_ca_cert_path': u"{{ (rh_certs.stdout | from_json).get('rh_ca_cert_path') }}"}), and could not be converted to an dict.The error was: No JSON object could be decoded
The error appears to be in '/usr/share/ansible/roles/theforeman.foreman_scap_client/tasks/main.yml': line 21, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: 'Set facts for rh certs'
^ here
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~The cause of this error is that fapolicyd blacklists ruby, so the scipt for gathering facts fails and crashes the whole ansible run. We should switch to python-based implementation of the script.
Version-Release number of selected component (if applicable):
How reproducible:
Always
Steps to Reproduce:
1. Applied the ansible role DISA Stig for RHEL of OpenScap 0.1.48 (https://github.com/ComplianceAsCode/content/releases/download/v0.1.48/scap-security-guide-0.1.48.zip) to the client.
2. Executed theforeman.foreman_scap_client ansible role on the client
Actual results:
Role is failing with error.
Expected results:
it should get executed successfully.
Additional info:
It seems that the 'fapolicyd' service is causing the issue and not allowing the script to execute. After stopping the service, everything started working fine.
Updated by Nagoor Shaik about 4 years ago
- Subject changed from Replace script for gathering facts fom subscription-manager with python implemntation in ansible-foreman_scap_client to Replace script for gathering facts fom subscription-manager with python implemntation in ansible-foreman_scap_client
- Pull request https://github.com/theforeman/ansible-foreman_scap_client/pull/19 added
Updated by Ondřej Pražák almost 4 years ago
- Status changed from New to Closed
- Fixed in Releases ansible-foreman_scap_client 0.1.0 added