Problem:
Unable to upload foreman-client.example.com compliance reports to foreman.example.com proxy server by executing:
[root@foreman-client ~]# /usr/bin/foreman_scap_client 1
DEBUG: running: oscap xccdf eval --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_standard --results-arf /tmp/d20220516-32439-1iwq10c/results.xml /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml
The above will successfully generate the reports and upload the reports to Foreman UI, but the compliance reports for the foreman.example.com host
Expected outcome:
Compliance reports for foreman-client.example.com to be successfully uploaded to foreman UI
Foreman and Proxy versions:
Foreman version: 3.2.0 (for both foreman-client and foreman proxy server)
Foreman and Proxy plugin versions:
Ansible v3.3.1
Dynflow v0.7.0
Openscap v0.9.1
SSH v0.5.3
Puppet v3.2.0
Distribution and version:
foreman-client.example.com: CentOS Linux release 7.9.2009 (Core)
foreman.example.com: CentOS Linux release 7.9.2009 (Core)
Other relevant data:
foreman-client: /etc/foreman_scap_client/config.yaml file:
# DO NOT EDIT THIS FILE MANUALLY
# IT IS MANAGED BY PUPPET
# Foreman proxy to which reports should be uploaded
:server: 'foreman.example.com'
:port: 8443
# Timeout for sending reports to proxy
:timeout: 60
# Should --fetch-remote-resources be added to `oscap xccdf eval` command
:fetch_remote_resources: true
# HTTP proxy server for downloading remote resources
:http_proxy_server:
:http_proxy_port:
## SSL specific options ##
# Client CA file.
# It could be Puppet CA certificate (e.g., '/var/lib/puppet/ssl/certs/ca.pem')
# Or (recommended for client reporting to Katello) subscription manager CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem')
:ca_file: '/etc/puppetlabs/puppet/ssl/certs/foreman_ca.pem'
# Client host certificate.
# It could be Puppet agent host certificate (e.g., '/var/lib/puppet/ssl/certs/myhost.example.com.pem')
# Or (recommended for client reporting to Katello) consumer certificate (e.g., '/etc/pki/consumer/cert.pem')
:host_certificate: '/etc/puppetlabs/puppet/ssl/certs/foreman.example.com.pem'
# Client private key
# It could be Puppet agent private key (e.g., '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem')
# Or (recommended for client reporting to Katello) consumer private key (e.g., '/etc/pki/consumer/key.pem')
:host_private_key: '/etc/puppetlabs/puppet/ssl/private_keys/foreman.example.com_key.pem'
# policy (key is id as in Foreman)
1:
:profile: 'xccdf_org.ssgproject.content_profile_standard'
:content_path: '/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml'
# Download path
# A path to download SCAP content from proxy
:download_path: '/compliance/policies/1/content'
:tailoring_path: ''
:tailoring_download_path: '/compliance/policies/1/tailoring'
2:
:profile: 'xccdf_org.ssgproject.content_profile_standard_customized'
:content_path: '/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml'
# Download path
# A path to download SCAP content from proxy
:download_path: '/compliance/policies/1/content'
:tailoring_path: '/home/shadebe/ssg-centos7-ds-tailoring.xml'
:tailoring_download_path: '/compliance/policies/1/tailoring'
Please help. I have been changing and breaking things for two weeks now and not winning