I'm running the latest version of Foreman, and would like to extend its
capabilities by enabling OpenSCAP. As per the Foreman OpenSCAP Manual,
I've installed foreman_openscap, smart_proxy_openscap, and
puppet-foreman_openscap_client, and can see OpenSCAP-related controls in my
Foreman instance. However, when the foreman_scap_client class is added to
a host that I've added to an OpenScap policy, not only doesn't Foreman
OpenSCap not work on that host, but Puppet on that host stops working
altogether. Here's the relevant output from running "puppet agent --test"
on the host:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
{"message":"Server Error: Evaluation Error: Error while evaluating a
Resource Statement, Evaluation Error: Error while evaluating a Function
Call, Failed to parse inline template: undefined local variable or method
`policies_array' for #<Puppet::Parser::TemplateWrapper:0x3ee3268e> at
/etc/puppetlabs/code/environments/production/modules/foreman_scap_client/manifests/init.pp:42:20
on node agrega2.netatlantic.com","issue_kind":"RUNTIME_ERROR","stacktrace":["Warning:
The 'stacktrace' property is deprecated and will be removed in a future
version of Puppet. For security reasons, stacktraces are not returned with
Puppet HTTP Error responses."]}
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Firstly, can anyone tell me why this error is occurring? Secondly, can
anyone help me with (explicit) steps needed to make Foreman OpenSCAP work?
Sorry, should have added this to my initial post. Here's output from when
I try to do an OpenSCAP scan on a host from Foreman:
Failed to initialize: Dynflow::ExecutionPlan::Steps::Error - Failed
rendering template: error during rendering: ERF47-1439
[TemplateInput::ValueNotReady]: Input 'policies' is not ready for rendering
···
On Wednesday, August 23, 2017 at 3:31:48 PM UTC-4, Diggy wrote:
>
> Hello, all.
>
> I'm running the latest version of Foreman, and would like to extend its
> capabilities by enabling OpenSCAP. As per the Foreman OpenSCAP Manual,
> I've installed foreman_openscap, smart_proxy_openscap, and
> puppet-foreman_openscap_client, and can see OpenSCAP-related controls in my
> Foreman instance. However, when the foreman_scap_client class is added
> to a host that I've added to an OpenScap policy, not only doesn't Foreman
> OpenSCap not work on that host, but Puppet on that host stops working
> altogether. Here's the relevant output from running "puppet agent --test"
> on the host:
>
> Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
> {"message":"Server Error: Evaluation Error: Error while evaluating a
> Resource Statement, Evaluation Error: Error while evaluating a Function
> Call, Failed to parse inline template: undefined local variable or method
> `policies_array' for # at
> /etc/puppetlabs/code/environments/production/modules/foreman_scap_client/manifests/init.pp:42:20
> on node agrega2.netatlantic.com","issue_kind":"RUNTIME_ERROR","stacktrace":["Warning:
> The 'stacktrace' property is deprecated and will be removed in a future
> version of Puppet. For security reasons, stacktraces are not returned with
> Puppet HTTP Error responses."]}
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
>
> Firstly, can anyone tell me why this error is occurring? Secondly, can
> anyone help me with (explicit) steps needed to make Foreman OpenSCAP work?
>
> Your help would be greatly appreciated.
>
> Diggy
>
Thanks for your reply. After doing the basic OpenSCAP setup, I created a
group (e.g. CentOS 6 Servers), and add a host to it. Then, I created an
OpenSCAP policy to use Scap Content=Red Hat centos6 default content (which
does appear on the SCAP Content page in Foreman), and XCCDF
profile=Upstream STIG for Red Hat Enterprise 6 Linux Server. So far, so
good, I think. And, you're probably right, I don't have the parameters set
for the host. But, I'm not sure how to do that. If you, or anyone else on
the list would be kind enough to tell me how, I's appreciate it.
Diggy
···
On Wednesday, August 23, 2017 at 3:31:48 PM UTC-4, Diggy wrote:
>
> Hello, all.
>
> I'm running the latest version of Foreman, and would like to extend its
> capabilities by enabling OpenSCAP. As per the Foreman OpenSCAP Manual,
> I've installed foreman_openscap, smart_proxy_openscap, and
> puppet-foreman_openscap_client, and can see OpenSCAP-related controls in my
> Foreman instance. However, when the foreman_scap_client class is added
> to a host that I've added to an OpenScap policy, not only doesn't Foreman
> OpenSCap not work on that host, but Puppet on that host stops working
> altogether. Here's the relevant output from running "puppet agent --test"
> on the host:
>
> Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
> {"message":"Server Error: Evaluation Error: Error while evaluating a
> Resource Statement, Evaluation Error: Error while evaluating a Function
> Call, Failed to parse inline template: undefined local variable or method
> `policies_array' for # at
> /etc/puppetlabs/code/environments/production/modules/foreman_scap_client/manifests/init.pp:42:20
> on node agrega2.netatlantic.com","issue_kind":"RUNTIME_ERROR","stacktrace":["Warning:
> The 'stacktrace' property is deprecated and will be removed in a future
> version of Puppet. For security reasons, stacktraces are not returned with
> Puppet HTTP Error responses."]}
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
>
> Firstly, can anyone tell me why this error is occurring? Secondly, can
> anyone help me with (explicit) steps needed to make Foreman OpenSCAP work?
>
> Your help would be greatly appreciated.
>
> Diggy
>
Hello, it seems that the parameters for the host were not set. The ENC
output does not contain information about any policy. Did you configure at
least one? Did you assign it to hostgroup that the host is assigned to? The
puppet class is not meant to be assigned manually to the host, it should
happen automatically if you do policy association.
Sorry, should have added this to my initial post. Here’s output from when
I try to do an OpenSCAP scan on a host from Foreman:
Failed to initialize: Dynflow::ExecutionPlan::Steps::Error - Failed
rendering template: error during rendering: ERF47-1439
[TemplateInput::ValueNotReady]: Input ‘policies’ is not ready for rendering
On Wednesday, August 23, 2017 at 3:31:48 PM UTC-4, Diggy wrote:
Hello, all.
I’m running the latest version of Foreman, and would like to extend its
capabilities by enabling OpenSCAP. As per the Foreman OpenSCAP Manual,
I’ve installed foreman_openscap, smart_proxy_openscap, and
puppet-foreman_openscap_client, and can see OpenSCAP-related controls in my
Foreman instance. However, when the foreman_scap_client class is added
to a host that I’ve added to an OpenScap policy, not only doesn’t Foreman
OpenSCap not work on that host, but Puppet on that host stops working
altogether. Here’s the relevant output from running "puppet agent --test"
on the host:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
{“message”:“Server Error: Evaluation Error: Error while evaluating a
Resource Statement, Evaluation Error: Error while evaluating a Function
Call, Failed to parse inline template: undefined local variable or method
`policies_array’ for #Puppet::Parser::TemplateWrapper:0x3ee3268e at
/etc/puppetlabs/code/environments/production/modules/foreman_scap_client/manifests/init.pp:42:20
on node agrega2.netatlantic.com”,“issue_kind”:“RUNTIME_ERROR”,“stacktrace”:[“Warning:
The ‘stacktrace’ property is deprecated and will be removed in a future
version of Puppet. For security reasons, stacktraces are not returned with
Puppet HTTP Error responses.”]}
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Firstly, can anyone tell me why this error is occurring? Secondly, can
anyone help me with (explicit) steps needed to make Foreman OpenSCAP work?
parameters should be automatically set when you in last step of the wizard
assign the policy to the hostgroup. It should override puppet parameters on
it. If you didn't assign any hostgroup to the policy, you'd need to do it
manually.
Hope this helps
···
--
Marek
On čtvrtek 24. srpna 2017 15:51:25 CEST Diggy wrote:
Hi, Marek.
Thanks for your reply. After doing the basic OpenSCAP setup, I created a
group (e.g. CentOS 6 Servers), and add a host to it. Then, I created an
OpenSCAP policy to use Scap Content=Red Hat centos6 default content (which
does appear on the SCAP Content page in Foreman), and XCCDF
profile=Upstream STIG for Red Hat Enterprise 6 Linux Server. So far, so
good, I think. And, you’re probably right, I don’t have the parameters set
for the host. But, I’m not sure how to do that. If you, or anyone else on
the list would be kind enough to tell me how, I’s appreciate it.
Diggy
On Wednesday, August 23, 2017 at 3:31:48 PM UTC-4, Diggy wrote:
Hello, all.
I’m running the latest version of Foreman, and would like to extend its
capabilities by enabling OpenSCAP. As per the Foreman OpenSCAP Manual,
I’ve installed foreman_openscap, smart_proxy_openscap, and
puppet-foreman_openscap_client, and can see OpenSCAP-related controls in
my
Foreman instance. However, when the foreman_scap_client class is added
to a host that I’ve added to an OpenScap policy, not only doesn’t Foreman
OpenSCap not work on that host, but Puppet on that host stops working
altogether. Here’s the relevant output from running "puppet agent --test"
on the host:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
{“message”:“Server Error: Evaluation Error: Error while evaluating a
Resource Statement, Evaluation Error: Error while evaluating a Function
Call, Failed to parse inline template: undefined local variable or method
`policies_array’ for #Puppet::Parser::TemplateWrapper:0x3ee3268e at
/etc/puppetlabs/code/environments/production/modules/foreman_scap_client/m
anifests/init.pp:42:20 on node agrega2.netatlantic.com”,“issue_kind”:“RUNTIME_ERROR”,“stacktrace”:[“Warn
ing: The ‘stacktrace’ property is deprecated and will be removed in a
future version of Puppet. For security reasons, stacktraces are not
returned with Puppet HTTP Error responses.”]}
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Firstly, can anyone tell me why this error is occurring? Secondly, can
anyone help me with (explicit) steps needed to make Foreman OpenSCAP work?
