Foreman-installer --enable-foreman-plugin-openscap FAILS to load one or more features (Openscap)

jr71 · January 20, 2025, 1:59pm

Problem:

Trying to follow the documentation to enable and install OpenSCAN in Foreman, however, I keep getting a failure:

foreman-installer --enable-foreman-plugin-openscap FAILS to load one or more features (Openscap)

2025-01-20 13:50:08 [ERROR ] [configure] Proxy foreman01.foremanpoc.igob01.westeurope.tst.az.net has failed to load one or more features (Openscap), check /var/log/foreman-proxy/proxy.log for configuration errors
2025-01-20 13:50:08 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman01.foremanpoc.igob01.westeurope.tst.az.net]/features: change from [“Logs”, “Pulpcore”] to [“Logs”, “Openscap”, “Pulpcore”] failed: Proxy foreman01.foremanpoc.igob01.westeurope.tst.az.net has failed to load one or more features (Openscap), check /var/log/foreman-proxy/proxy.log for configuration errors
2025-01-20 13:50:11 [NOTICE] [configure] System configuration has finished.

LOG does not provide me any hint either:

cat /var/log/foreman-proxy/proxy.log
2025-01-20T13:08:35 [I] Logging file reopened via USR1 signal
2025-01-20T13:08:35 a8c144ff [I] Started GET /version
2025-01-20T13:08:35 a8c144ff [I] Finished GET /version with 200 (4.02 ms)
2025-01-20T13:22:13 9954708f [I] Started GET /v2/features
2025-01-20T13:22:13 9954708f [I] Finished GET /v2/features with 200 (60.1 ms)
2025-01-20T13:22:13 9954708f [I] Started GET /v2/features
2025-01-20T13:22:13 9954708f [I] Finished GET /v2/features with 200 (59.17 ms)
2025-01-20T13:42:43 25ba0caf [I] Started GET /v2/features
2025-01-20T13:42:43 25ba0caf [I] Finished GET /v2/features with 200 (58.69 ms)
2025-01-20T13:42:43 25ba0caf [I] Started GET /v2/features
2025-01-20T13:42:43 25ba0caf [I] Finished GET /v2/features with 200 (62.23 ms)
2025-01-20T13:47:46 837afa41 [I] Started GET /version
2025-01-20T13:47:46 837afa41 [I] Finished GET /version with 200 (0.5 ms)
2025-01-20T13:48:28 37fe0b83 [I] Started GET /v2/features
2025-01-20T13:48:28 37fe0b83 [I] Finished GET /v2/features with 200 (61.71 ms)
2025-01-20T13:48:28 37fe0b83 [I] Started GET /v2/features
2025-01-20T13:48:28 37fe0b83 [I] Finished GET /v2/features with 200 (59.04 ms)
2025-01-20T13:50:08 291d58f1 [I] Started GET /v2/features
2025-01-20T13:50:08 291d58f1 [I] Finished GET /v2/features with 200 (60.84 ms)
2025-01-20T13:50:08 291d58f1 [I] Started GET /v2/features
2025-01-20T13:50:08 291d58f1 [I] Finished GET /v2/features with 200 (60.02 ms)

neither /var/log/foreman-installer/katello.log helps

Expected outcome:

OpenSCAP available via CLI and/or GUI

Foreman and Proxy versions:

Foreman and Proxy plugin versions:

versions installed:

rpm -qa | grep -Ei “^foreman|^katello|^openscap”
katello-repos-4.15.0-1.el9.noarch
katello-certs-tools-2.10.0-1.el9.noarch
katello-selinux-5.0.2-1.el9.noarch
foreman-postgresql-3.13.0-1.el9.noarch
katello-common-4.15.0-1.el9.noarch
katello-4.15.0-1.el9.noarch
foreman-dynflow-sidekiq-3.13.0-1.el9.noarch
foreman-redis-3.13.0-1.el9.noarch
foreman-service-3.13.0-1.el9.noarch
katello-client-bootstrap-1.7.9-2.el9.noarch
foreman-3.13.0-1.el9.noarch
foreman-installer-3.13.0-1.el9.noarch
foreman-installer-katello-3.13.0-1.el9.noarch
foreman-release-3.13.0-1.el9.noarch
foreman-proxy-3.13.0-1.el9.noarch
foreman-cli-3.13.0-1.el9.noarch
foreman-selinux-3.13.0-0.1.rc1.el9.noarch
openscap-1.3.10-2.el9_3.x86_64
openscap-scanner-1.3.10-2.el9_3.x86_64

Distribution and version:

RHEL 9.4 - 5.14.0-427.42.1.el9_4.x86_64

Many Thanks!

evgeni · January 20, 2025, 4:06pm

For the proxy to have OpenSCAP, you need to add --enable-foreman-proxy-plugin-openscap

maximilian · January 21, 2025, 7:01am

docs: Installing the OpenSCAP plugin

jr71 · January 21, 2025, 10:44am

Thanks Evgeni, Maximilian,
I indeed tried to follow the documentation, and I tried yet again today following that URL from you Maximilian, however, I still running into the same problem:

Command:

foreman-installer --enable-foreman-plugin-openscap --enable-foreman-cli-openscap --enable-foreman-proxy-plugin-openscap --foreman-proxy-plugin-openscap-ansible-module true --foreman-proxy-plugin-openscap-puppet-module true

Error:

2025-01-21 10:38:01 [NOTICE] [root] Loading installer configuration. This will take some time.
2025-01-21 10:38:05 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2025-01-21 10:38:05 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2025-01-21 10:38:07 [NOTICE] [checks] System checks passed
2025-01-21 10:38:12 [NOTICE] [configure] Starting system configuration.
2025-01-21 10:38:21 [NOTICE] [configure] 250 configuration steps out of 1361 steps complete.
2025-01-21 10:38:25 [NOTICE] [configure] 500 configuration steps out of 1363 steps complete.
2025-01-21 10:38:28 [NOTICE] [configure] 750 configuration steps out of 1368 steps complete.
2025-01-21 10:38:29 [NOTICE] [configure] 1000 configuration steps out of 1371 steps complete.
2025-01-21 10:39:23 [ERROR ] [configure] /Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]: Failed to call refresh: ‘/usr/sbin/foreman-rake db:seed’ returned 1 instead of one of [0]
2025-01-21 10:39:23 [ERROR ] [configure] /Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]: ‘/usr/sbin/foreman-rake db:seed’ returned 1 instead of one of [0]
2025-01-21 10:39:33 [NOTICE] [configure] 1250 configuration steps out of 1371 steps complete.
2025-01-21 10:39:37 [NOTICE] [configure] System configuration has finished.

Error 1: Puppet Exec resource ‘foreman-rake-db:seed’ failed. Logs:
/Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]
Adding autorequire relationship with User[foreman]
Starting to evaluate the resource (1119 of 1371)
‘/usr/sbin/foreman-rake db:seed’ won’t be executed because of failed check ‘refreshonly’
Failed to call refresh: ‘/usr/sbin/foreman-rake db:seed’ returned 1 instead of one of [0]
‘/usr/sbin/foreman-rake db:seed’ returned 1 instead of one of [0]
Evaluated in 17.28 seconds
Execforeman-rake-db:seed
Executing ‘/usr/sbin/foreman-rake db:seed’
/Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]/returns
rake aborted!
ActiveRecord::RecordInvalid: Validation failed: Provider type Translation missing. Options considered were:
- en.activerecord.errors.models.job_template.attributes.provider_type.uniq
- en.activerecord.errors.models.job_template.uniq
- en.activerecord.errors.messages.uniq
- en.errors.attributes.provider_type.uniq
- en.errors.messages.uniq

I am happy to provide full log if that’s needed.

Appreciate your help!

Regards, Jan

aruzicka · January 21, 2025, 10:56am

That sounds like you’re hitting Bug #37961: f-openscap tries to seed ansible job template even if ansible is not installed - OpenSCAP - Foreman . The immediate workaround would be to also enable the ansible plugin. Alternatively I could try bringing the fixed version of openscap (and rex) to 3.13, but I can’t promise you when that would be.

jr71 · January 21, 2025, 12:34pm

Many thanks! I took the “immediate” workaround way and enabled ansible plugin. I executed commands as follows:

foreman-installer --enable-foreman-plugin-ansible --enable-foreman-proxy-plugin-ansible

foreman-installer --enable-foreman-plugin-openscap --enable-foreman-cli-openscap --enable-foreman-proxy-plugin-openscap --foreman-proxy-plugin-openscap-ansible-module true --foreman-proxy-plugin-openscap-puppet-module true

Plugins now installed successfully!

Appreciate your help!

Regards, Jan