I’m trying to run openscap from my Satellite server using Ansible to scan a remote host. Running the role “theforeman.foreman_scap_client” works flawlessly. Everything is configured on the remote host automatically after the role is run so that I can execute “foreman_openscap_client 1” on the remote host and it starts the scan without error.
I just found out that there is a bug in foreman_openscap for versions older than 2.0.0. that prevents running the scan via Ansible from the Satellite via the “Run OpenSCAP Scans” job template. I need to upgrade just that plugin to get passed this error. In the About page on the Foreman UI, my version says,
if you have Satellite server from packages provided by Red Hat via your subscription, then getting packages from upstream and installing them on your Satellite is not a good idea and I would not recommend it.
If you have upstream Foreman installation - which I think is your case when looking at the installer command you provided - then you need a newer RPM package. You can take a look at yum.theforeman.org to see what packages are available. The ‘plugins’ repo is already configured for your server, but the reason you did not get the newer plugin version with the fix is that foreman_openscap 2.0 has been released for foreman 1.24 and will not run with 1.23. My recommendation is to upgrade to 1.24 when it is released and you will get the newer plugin version as well.
Thanks. I didn’t know that the plugins were packaged with the releases of foreman. It would be nice to be able to upgrade individual plugins if there is a bug. Currently, I’m unable to run any scans via Ansible until a new version of foreman is released. Any idea when the new version will be released? Or, is there a qucik workaround like creating an ansible role manually? Or if someone has code that I can tweak myself for the fix? That would be great.
The plugins have greater flexibility in the releases as they are not strictly tied to the foreman core release schedule, it just happens that no compatible version of foreman_openscap was released with a fix for this bug, which got me wondering why that happened but I did not find any specific reason. The fix is not really big, so I decided to release a new version for 1.23. After the packaging PR is merged, the 1.0.9 should propagate to the rpm repos and you should be able to upgrade, I hope this will resolve the issue.