Openscap and remote execution?


Old hand at *nix but new to foreman.

Attempting to use foreman openscap to scan the local RHEL7 server. Foreman_scap_client works fine from the command line, downloads policy and uploads report as expected. But going host -> schedule remote job -> run openscap scan fails with very little information given.

Expected outcome:

host -> schedule remote job -> run openscap scan should run a scan correctly.

Foreman and Proxy versions:


Foreman and Proxy plugin versions:


Other relevant data:

Using SSH for remote execution. I changed the remote execution user to scap-svc in admin -> settings; by policy root is not allowed to directly SSH into servers.

Looking in the foreman logs it doesn’t look like it’s hitting the proxy?

2018-06-14 09:31:05 023349ec [app] [I] Current user: admin (administrator)
2018-06-14 09:31:05 [background] [E] Could not use any proxy. Consider configuring remote_execution_global_proxy, remote_execution_fallback_proxy or remote_execution_no_proxy in settings (RuntimeError)

[e.g. logs from Foreman and/or the Proxy, modified templates, commands issued, etc]

This is probably irrelevant to openscap, but rather a remote execution configuration problem. This in particular means, Foreman does not know, which proxy should be used to initiate SSH connection. Make sure, your host has an interface with remote execution flag enabled and its subnet has a remote execution smart proxy assigned. You could use suggested settings to enable various fallbacks if this setup does not work in your case. See for more details.