Foreman OpenSCAP reports are not displayed on the GUI (ERF12-1831 [ProxyAPI::ProxyException]: Unable to get HTML version of requested report from Smart Proxy)

timoheld · February 9, 2023, 9:09am

Problem:
When i try to display the details from a openscap raport on the Foreman GUI, i get this error:

As I understand it, the full HTML and an XML raport is stored in the reports directory on the smart proxy (not the same server as the foreman server).
but in the reports directory is only see the file:

/usr/share/foreman-proxy/openscap/reports/arf/28d40127-59c6-4682-9a36-e3eca89e9af9/528885/1675927797/ 
[root@srvproxy01 1675927797]# ls -ltr 
-rw-r--r-- 1 foreman-proxy foreman-proxy 1181274  9. Feb 08:29 8c381c2a21eeb7ab6d1a84c3cfc2fca9bf845422848052e3c1df55d30dd02d40

[root@srvproxy01 1675927797]# oscap info 8c381c2a21eeb7ab6d1a84c3cfc2fca9bf845422848052e3c1df55d30dd02d40
Document type: Result Data Stream
Imported: 2023-02-09T08:29:58

Asset: asset0
	ARF report: xccdf1
		Report request: collection1
		Result ID: xccdf_org.open-scap_testresult_xccdf_org.ssgproject.content_profile_cis_server_l1
		Source benchmark: #scap_org.open-scap_comp_ssg-rhel8-xccdf-1.2.xml
		Source profile: xccdf_org.ssgproject.content_profile_cis_server_l1
		Evaluation started: 2023-02-09T08:29:49+01:00
		Evaluation finished: 2023-02-09T08:29:49+01:00
		Platform CPEs:
			(none)

That would explain, why the foreman GUI cant show the report. But i dont know how i can solve this Problem.

Expected outcome:
ARF report Details in the GUI.

Foreman and Proxy versions:
Foreman:
foreman.noarch 3.5.1-1.el8
ansible [core 2.14.0]

External Smart Proxy:
foreman-proxy.noarch 3.5.1-1.el8
ansible [core 2.13.3]

Other relevant data:
Openscap config on Smart Proxy:

[root@srvproxy01 settings.d]# cat openscap.yml
---
:enabled: https

# Log file for the forwarding script.
:openscap_send_log_file: /var/log/foreman-proxy/openscap-send.log

# Directory where OpenSCAP audits are stored
# before they are forwarded to Foreman
:spooldir: /var/spool/foreman-proxy/openscap

# Directory where OpenSCAP content XML are stored
# So we will not request the XML from Foreman each time
:contentdir: /var/lib/openscap/content

# Directory where OpenSCAP tailoring XML files are stored
#:tailoring_dir: /var/lib/openscap/tailoring

# Directory where OpenSCAP report XML are stored
# So Foreman can request arf xml reports
:reportsdir: /usr/share/foreman-proxy/openscap/reports

# Directory where OpenSCAP report XML are stored
# In case sending to Foreman succeeded, yet failed to save to reportsdir
:failed_dir: /usr/share/foreman-proxy/openscap/failed

# Directory where corrupted OpenSCAP report XML are stored
# When proxy cannot parse the report sent by client
:corrupted_dir: /var/lib/foreman-proxy/openscap/corrupted

# The time we wait for response after the upload request connection was established, in seconds.
# Affects sending reports to Foreman (directly and from spool) and fetching scap content or tailoring file
# for distribution to clients
:timeout: 60

# Directory where OpenSCAP OVAL content bzipped XML are stored
#:oval_content_dir: /var/lib/openscap/oval_content

timoheld · February 9, 2023, 1:36pm

Supplement:

When i execute the openscap scan on the client i get following log entries:


smart-proxy:
2023-02-09T14:27:16 c8199eb0 [I] Started POST /compliance/arf/4 
2023-02-09T14:27:18 c8199eb0 [I] Finished POST /compliance/arf/4 with 200 (1675.93 ms)

Foreman:
2023-02-09T14:27:18 [I|app|23a1f8da]   Parameters: {"logs"=>"[FILTERED]", "digest"=>"d695157e5577136662d9bdad53bdbfce906f067ef618071506bc7f8cc554b0d0", "metrics"=>{"passed"=>0, "failed"=>0, "othered"=>0}, "score"=>0.0, "openscap_proxy_name"=>nil, "openscap_proxy_url"=>nil, "apiv"=>"v2", "cname"=>"28d40127-59c6-4682-9a36-e3eca89e9af9", "policy_id"=>"4", "date"=>"1675949236", "arf_report"=>{"logs"=>"[FILTERED]", "digest"=>"d695157e5577136662d9bdad53bdbfce906f067ef618071506bc7f8cc554b0d0", "metrics"=>{"passed"=>0, "failed"=>0, "othered"=>0}, "score"=>0.0, "openscap_proxy_name"=>nil, "openscap_proxy_url"=>nil}}

And this one when i try to show the full report on the web:

2023-02-09T14:28:58 [I|app|22ad86f4] Started GET "/compliance/arf_reports/529166/show_html" for 10.60.172.35 at 2023-02-09 14:28:58 +0100
2023-02-09T14:28:58 [I|app|22ad86f4] Processing by ArfReportsController#show_html as HTML
2023-02-09T14:28:58 [I|app|22ad86f4]   Parameters: {"id"=>"529166"}
2023-02-09T14:28:58 [I|app|22ad86f4]   Rendered /usr/share/gems/gems/foreman_openscap-5.2.2/app/views/arf_reports/show_html.html.erb within layouts/application (Duration: 6.1ms | Allocations: 1790)
2023-02-09T14:28:58 [I|app|22ad86f4]   Rendered layouts/base.html.erb (Duration: 26.6ms | Allocations: 26474)
2023-02-09T14:28:58 [I|app|22ad86f4]   Rendered layout layouts/application.html.erb (Duration: 43.0ms | Allocations: 40737)
2023-02-09T14:28:58 [I|app|22ad86f4] Completed 200 OK in 60ms (Views: 42.4ms | ActiveRecord: 4.6ms | Allocations: 45839)

Foreman Openscap Client Version
rubygem-foreman_scap_client.noarch 0.5.0-1.el9

Marek_Hulan · February 9, 2023, 2:15pm

Hi, can you check you have the data stored at /usr/share/foreman-proxy/openscap/reports on your smart proxy? I also see your proxy is contacted on port 8000 (using http) but many modules by default listen on https only. Check whether your openscap is exposed over http by grep enabled /etc/foreman-proxy/settings.d/openscap.yml. If not it would explain the 404 response. Your proxy should probably use https instead and port 8443 or 9090 (based on whether it also hosts content)

timoheld · February 9, 2023, 3:22pm

Ohh yes, now i see my mistake,on the proxy i used https.

:enabled: https

But i have configuerd my foreman to connect the proxy on http. I changed it now to https and i worked. many thanks!