Hello,
Is there any possibility to allow clients access to foreman-proxy urls?
When running foreman_scap_client there is this error on the proxt:
E, [2015-09-21T13:43:57.244321 #30911] ERROR – : No permission to create
directory openscap/content/4
E, [2015-09-21T13:43:57.244506 #30911] ERROR – : Error occurred:
Permission denied - openscap
10.220.50.190 - - [21/Sep/2015 13:43:57] "GET
/compliance/policies/4/content HTTP/1.1" 500 44 0.0010
In the documentation it says that currently it's not possible to
automatically download openscap policies, but I was wondering if maybe I
can open the proxy security or something for this? Something like the
puppet master allows for accessing it's own urls from clients.
Thank you,
Cristian Falcas
> Hello,
>
> Is there any possibility to allow clients access to foreman-proxy urls?
>
> When running foreman_scap_client there is this error on the proxt:
>
> E, [2015-09-21T13:43:57.244321 #30911] ERROR – : No permission to create
> directory openscap/content/4
> E, [2015-09-21T13:43:57.244506 #30911] ERROR – : Error occurred:
> Permission denied - openscap
> 10.220.50.190 - - [21/Sep/2015 13:43:57] "GET
> /compliance/policies/4/content HTTP/1.1" 500 44 0.0010
>
> In the documentation it says that currently it's not possible to
> automatically download openscap policies, but I was wondering if maybe I
> can open the proxy security or something for this? Something like the
> puppet master allows for accessing it's own urls from clients.
>
> it sounds to me like wrong file system permissions (or wrong settings
yielding to wrong path)?
Ohad
···
On Mon, Sep 21, 2015 at 8:48 PM, Cristian Falcas wrote:
Thank you,
Cristian Falcas
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
Seems you're correct:
[pid 14096] stat("/usr/share/foreman-proxy/public/policies/4/content",
0x7f059ab0b5f0) = -1 ENOENT (No such file or directory)
[pid 14096] mkdir("openscap/content/4", 0777) = -1 ENOENT (No such file or
directory)
[pid 14096] stat("openscap/content/4", 0x7f059ab09730) = -1 ENOENT (No such
file or directory)
[pid 14096] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 14096] stat(".", {st_mode=S_IFDIR|0755, st_size=4096, …}) = 0
[pid 14096] mkdir("openscap", 0777) = -1 EACCES (Permission denied)
[pid 14096] stat("openscap", 0x7f059ab09250) = -1 ENOENT (No such file or
directory)
But I don't know where it tries to create openscap/content/4
···
On Mon, Sep 21, 2015 at 8:54 PM, Ohad Levy wrote:
On Mon, Sep 21, 2015 at 8:48 PM, Cristian Falcas cristi.falcas@gmail.com > wrote:
Hello,
Is there any possibility to allow clients access to foreman-proxy urls?
When running foreman_scap_client there is this error on the proxt:
E, [2015-09-21T13:43:57.244321 #30911] ERROR – : No permission to create
directory openscap/content/4
E, [2015-09-21T13:43:57.244506 #30911] ERROR – : Error occurred:
Permission denied - openscap
10.220.50.190 - - [21/Sep/2015 13:43:57] “GET
/compliance/policies/4/content HTTP/1.1” 500 44 0.0010
In the documentation it says that currently it’s not possible to
automatically download openscap policies, but I was wondering if maybe I
can open the proxy security or something for this? Something like the
puppet master allows for accessing it’s own urls from clients.
it sounds to me like wrong file system permissions (or wrong settings
yielding to wrong path)?
Ohad
Thank you,
Cristian Falcas
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
ls /proc/$PID_FP/cwd/
The above shows /
mkdir /openscap/
chown -R foreman-proxy:foreman-proxy /openscap/
And all is good now
···
On Mon, Sep 21, 2015 at 9:06 PM, Cristian Falcas wrote:
Seems you’re correct:
[pid 14096] stat("/usr/share/foreman-proxy/public/policies/4/content",
0x7f059ab0b5f0) = -1 ENOENT (No such file or directory)
[pid 14096] mkdir(“openscap/content/4”, 0777) = -1 ENOENT (No such file or
directory)
[pid 14096] stat(“openscap/content/4”, 0x7f059ab09730) = -1 ENOENT (No
such file or directory)
[pid 14096] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 14096] stat(".", {st_mode=S_IFDIR|0755, st_size=4096, …}) = 0
[pid 14096] mkdir(“openscap”, 0777) = -1 EACCES (Permission denied)
[pid 14096] stat(“openscap”, 0x7f059ab09250) = -1 ENOENT (No such file or
directory)
But I don’t know where it tries to create openscap/content/4
On Mon, Sep 21, 2015 at 8:54 PM, Ohad Levy ohadlevy@gmail.com wrote:
On Mon, Sep 21, 2015 at 8:48 PM, Cristian Falcas <cristi.falcas@gmail.com >> > wrote:
Hello,
Is there any possibility to allow clients access to foreman-proxy urls?
When running foreman_scap_client there is this error on the proxt:
E, [2015-09-21T13:43:57.244321 #30911] ERROR – : No permission to
create directory openscap/content/4
E, [2015-09-21T13:43:57.244506 #30911] ERROR – : Error occurred:
Permission denied - openscap
10.220.50.190 - - [21/Sep/2015 13:43:57] “GET
/compliance/policies/4/content HTTP/1.1” 500 44 0.0010
In the documentation it says that currently it’s not possible to
automatically download openscap policies, but I was wondering if maybe I
can open the proxy security or something for this? Something like the
puppet master allows for accessing it’s own urls from clients.
it sounds to me like wrong file system permissions (or wrong settings
yielding to wrong path)?
Ohad
Thank you,
Cristian Falcas
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
>
> ls /proc/$PID_FP/cwd/
>
> The above shows /
>
> mkdir /openscap/
> chown -R foreman-proxy:foreman-proxy /openscap/
>
> And all is good now
I would guess its a bug or a wrong setting if you double check open a bug
please.
Thanks!
>
>
>>
>> Seems you're correct:
>>
>> [pid 14096] stat("/usr/share/foreman-proxy/public/policies/4/content",
0x7f059ab0b5f0) = -1 ENOENT (No such file or directory)
>> [pid 14096] mkdir("openscap/content/4", 0777) = -1 ENOENT (No such file
or directory)
>> [pid 14096] stat("openscap/content/4", 0x7f059ab09730) = -1 ENOENT (No
such file or directory)
>> [pid 14096] mkdir(".", 0777) = -1 EEXIST (File exists)
>> [pid 14096] stat(".", {st_mode=S_IFDIR|0755, st_size=4096, …}) = 0
>> [pid 14096] mkdir("openscap", 0777) = -1 EACCES (Permission denied)
>> [pid 14096] stat("openscap", 0x7f059ab09250) = -1 ENOENT (No such file
or directory)
>>
>>
>> But I don't know where it tries to create openscap/content/4
>>
>>
>>
>>>
>>>
>>>
>>>>
>>>> Hello,
>>>>
>>>> Is there any possibility to allow clients access to foreman-proxy urls?
>>>>
>>>> When running foreman_scap_client there is this error on the proxt:
>>>>
>>>> E, [2015-09-21T13:43:57.244321 #30911] ERROR – : No permission to
create directory openscap/content/4
>>>> E, [2015-09-21T13:43:57.244506 #30911] ERROR – : Error occurred:
Permission denied - openscap
>>>> 10.220.50.190 - - [21/Sep/2015 13:43:57] "GET
/compliance/policies/4/content HTTP/1.1" 500 44 0.0010
>>>>
>>>> In the documentation it says that currently it's not possible to
automatically download openscap policies, but I was wondering if maybe I
can open the proxy security or something for this? Something like the
puppet master allows for accessing it's own urls from clients.
>>>>
>>> it sounds to me like wrong file system permissions (or wrong settings
yielding to wrong path)?
>>>
>>> Ohad
>>>>
>>>> Thank you,
>>>> Cristian Falcas
>>>>
>>>> –
>>>> You received this message because you are subscribed to the Google
Groups "Foreman users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.
>>>> To post to this group, send email to foreman-users@googlegroups.com.
>>>> Visit this group at http://groups.google.com/group/foreman-users.
>>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>>
>>> –
>>> You received this message because you are subscribed to the Google
Groups "Foreman users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.
>>> To post to this group, send email to foreman-users@googlegroups.com.
>>> Visit this group at http://groups.google.com/group/foreman-users.
>>> For more options, visit https://groups.google.com/d/optout.
>>
>>
>
> –
> You received this message because you are subscribed to the Google Groups
"Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
···
On Sep 21, 2015 21:12, "Cristian Falcas" wrote:
> On Mon, Sep 21, 2015 at 9:06 PM, Cristian Falcas wrote:
>> On Mon, Sep 21, 2015 at 8:54 PM, Ohad Levy wrote:
>>> On Mon, Sep 21, 2015 at 8:48 PM, Cristian Falcas < cristi.falcas@gmail.com> wrote:
> To post to this group, send email to foreman-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.
I opened Bug #11905: foreman_openscap needs /openscap dir in order to serve scap policies - OpenSCAP - Foreman
···
On Mon, Sep 21, 2015 at 9:15 PM, Ohad Levy wrote:
On Sep 21, 2015 21:12, “Cristian Falcas” cristi.falcas@gmail.com wrote:
ls /proc/$PID_FP/cwd/
The above shows /
mkdir /openscap/
chown -R foreman-proxy:foreman-proxy /openscap/
And all is good now
I would guess its a bug or a wrong setting if you double check open a bug
please.
Thanks!
On Mon, Sep 21, 2015 at 9:06 PM, Cristian Falcas < > cristi.falcas@gmail.com> wrote:
Seems you’re correct:
[pid 14096] stat("/usr/share/foreman-proxy/public/policies/4/content",
0x7f059ab0b5f0) = -1 ENOENT (No such file or directory)
[pid 14096] mkdir(“openscap/content/4”, 0777) = -1 ENOENT (No such file
or directory)
[pid 14096] stat(“openscap/content/4”, 0x7f059ab09730) = -1 ENOENT (No
such file or directory)
[pid 14096] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 14096] stat(".", {st_mode=S_IFDIR|0755, st_size=4096, …}) = 0
[pid 14096] mkdir(“openscap”, 0777) = -1 EACCES (Permission denied)
[pid 14096] stat(“openscap”, 0x7f059ab09250) = -1 ENOENT (No such file
or directory)
But I don’t know where it tries to create openscap/content/4
On Mon, Sep 21, 2015 at 8:54 PM, Ohad Levy ohadlevy@gmail.com wrote:
On Mon, Sep 21, 2015 at 8:48 PM, Cristian Falcas < > cristi.falcas@gmail.com> wrote:
Hello,
Is there any possibility to allow clients access to foreman-proxy
urls?
When running foreman_scap_client there is this error on the proxt:
E, [2015-09-21T13:43:57.244321 #30911] ERROR – : No permission to
create directory openscap/content/4
E, [2015-09-21T13:43:57.244506 #30911] ERROR – : Error occurred:
Permission denied - openscap
10.220.50.190 - - [21/Sep/2015 13:43:57] “GET
/compliance/policies/4/content HTTP/1.1” 500 44 0.0010
In the documentation it says that currently it’s not possible to
automatically download openscap policies, but I was wondering if maybe I
can open the proxy security or something for this? Something like the
puppet master allows for accessing it’s own urls from clients.
it sounds to me like wrong file system permissions (or wrong settings
yielding to wrong path)?
Ohad
Thank you,
Cristian Falcas
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it,
send an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
