OpenSCAP 422 "Unprocessable Entity"

skerr · November 16, 2020, 8:19pm

Problem:
When running a scan either remotely executed from foreman to host or running on the content host itself, the job ends with error "Report not uploaded from proxy to Foreman server, cause: 422 “Unprocessable Entity”

Expected outcome:
After the scan is run I generate a compliance report .
Foreman and Proxy versions:

Foreman and Proxy plugin versions:
foreman-2.1.3-1
katello-3.16.1
tfm-rubygem-openscap-0.4.9-3.el7.noarch
tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7.noarch
Distribution and version:
CentOS 7
When performing a remote OpenSCAP job from foreman, the job completes successfully. However , the job details inidicate the report was not uploaded. Here are the details:

 1:
DEBUG: running: oscap xccdf eval  --profile xccdf_org.ssgproject.content_profile_standard  --results-arf /tmp/d20201113-28270-ayshac/results.xml /var/lib/openscap/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e.xml
   2:
WARNING: Datastream component 'scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL7.xml' points out to the remote 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml'. Use '--fetch-remote-resources' option to download it.
   3:
WARNING: Skipping 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml' file which is referenced from datastream
   4:
WARNING: Skipping ./security-data-oval-com.redhat.rhsa-RHEL7.xml file which is referenced from XCCDF content
   5:
DEBUG: running: /usr/bin/env bzip2 /tmp/d20201113-28270-ayshac/results.xml
   6:
Uploading results to https://katelloserver316.localdomain:9090/compliance/arf/1
   7:
Report not uploaded from proxy to Foreman server, cause: 422 "Unprocessable Entity"
   8:
Exit status: 0

When i run foreman_scap_client 2 from the host, I get similar output:

foreman_scap_client 2
DEBUG: running: oscap xccdf eval  --profile xccdf_org.ssgproject.content_profile_pci-dss  --results-arf /tmp/d20201116-28355-yq5ico/results.xml /var/lib/openscap/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e.xml
WARNING: Datastream component 'scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL7.xml' points out to the remote 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml'. Use '--fetch-remote-resources' option to download it.
WARNING: Skipping 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml' file which is referenced from datastream
WARNING: Skipping ./security-data-oval-com.redhat.rhsa-RHEL7.xml file which is referenced from XCCDF content
DEBUG: running: /usr/bin/env bzip2 /tmp/d20201116-28355-yq5ico/results.xml
Uploading results to https://katelloserver316.localdomain:9090/compliance/arf/2
Report not uploaded from proxy to Foreman server, cause: 422 "Unprocessable Entity"

i reconfigged config.yaml to :fetch_remote_resources: true to get rid of the warnings.

foreman_scp_client 1 from the command line i see a number of rules being evaluated. It ends with :
OpenSCAP Error: Probe with PID=12416 has been killed with signal 9 [sch_pipe.c:178]
Unable to close probe sd [oval_probe_ext.c:424]
Unable to receive a message from probe [oval_probe_ext.c:579]
Invalid oval result type: -1. [oval_resultTest.c:179]

Does anyone have any ideas what might be causing this ?

skerr · November 16, 2020, 9:28pm

So , I found the OpenSCAP error at the bottom was caused by an out of memory issue on the client. So, I shut it down and changed memory from 2G to 8G on the Cent 7 vm. Unfortunately after rebooting I still get an error running forman_scap_client 1 from the command line:

foreman_scap_client 1
DEBUG: running: oscap xccdf eval --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_standard  --results-arf /tmp/d20201116-9603-uymzor/results.xml /var/lib/openscap/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e.xml
Downloading: https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml ... ok
DEBUG: running: /usr/bin/env bzip2 /tmp/d20201116-9603-uymzor/results.xml
Uploading results to https://katelloserver316.localdomain:9090/compliance/arf/1
Report not uploaded from proxy to Foreman server, cause: 422 "Unprocessable Entity"

Also, I do not see the /tmp/d20201116-9603-uymzor/results.xml results file mentioned in the cli output

skerr · November 17, 2020, 6:47pm

i can run a local scan successfully on the client if I specify the policy and profile:

oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --fetch-remote-resources --results-arf results.xml /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml

I created a new compliance policy on foreman using the 2nd profile in the centos7 policy. I still receive the same error running foreman_scap_client 2
Report not uploaded from proxy to Foreman server, cause: 422 “Unprocessable Entity”

Ondrej_Prazak · November 18, 2020, 7:32am

Hi,
the temporary xml file with results is deleted when foreman scap client finishes, which is expected. Foreman refuses to create a report from the upload for some reason, could you check Foreman and smart proxy logs? There should be more information about why this is happening.

skerr · November 18, 2020, 7:11pm

Hello ,
Thank you for responding.
So, I took your advicand starting looking for several regexes thru the log dir, as im not overly familiar with all the specific foreman log files, looking for arf and openscap. I thought I may have found some useful information. I decided to run another scan so I could be sure I was looking at pertinent information … and it started working.

I had run at least 6 - 8 failed scans from foreman. And probably and equal number from the client, all failing with the same type of message.

I have now run 6 successful scans in a row. I didnt change anything I recall. Ill just take it as a win.

Thanks again.