We are trying to evaluate how to best create OpenSCAP reports (aka ARF
reports) on Foreman.
The desired reports should be searchable, scalable, and be part of Foreman
reports mechanism.
We've got some questions we are not sure about and we would love your
answers <snip>Dmitri, Dominic, Ohad</snit>
Current status:
A report is generated on the client which runs ‘foreman_scap_client’
- The report format is an xml file.
- The xml file is bzipped and sent to the smart proxy, which in its turn
is sending the bzipped xml file to Foreman. - In Foreman, upon receiving the bzipped file:
- Foreman bunzips the file
- Creates an ArfReport
<https://github.com/OpenSCAP/scaptimony/blob/master/app/models/scaptimony/arf_report.rb>
and store the xml in the DB (as ArfReportRaw
<https://github.com/OpenSCAP/scaptimony/blob/master/app/models/scaptimony/arf_report_raw.rb>
) - Create a Breakdown
<https://github.com/OpenSCAP/scaptimony/blob/master/app/models/scaptimony/arf_report_breakdown.rb>
of some of the results from the ArfReport (SQL view, works only with
postgresql and sqlite) - To view a report: the XML file parses HTML with the report’s content
- Creates an ArfReport
···
-(ArfReport is embedded as iframe and we have no control over the HTML, or
the content.)
Desired reports
Searchable
Scalable (not big xml file saved to db)
Part of Foreman’s report mechanism
Shows remediation (happens today, too)
New design proposal
XML file is parsed on the proxy, which tearsdown all the results as
arf_report
proxy posts arf_report (json?) to Foreman
arf_report is hooked to Foreman report
arf_report is part of Foreman report (*new*) mechanism
<https://docs.google.com/document/d/1ViMaJg4VS2DzN_XBEPYjkp5MaWYY4OcdCQUWPE4kFsE/edit#heading=h.cjlc6yuoecd1>
Hooking into Foreman Report: User stories
- As a developer I want to have global host state with developer API
allowing me to change it easily. - As a developer I want to register new host status type and define
mapping between it and host global state. - As a plugin developer I want to register new report type.
- As a plugin developer I want to register new report importer for a
given specific. - As a user I want to search hosts based on report type and its specific
status. - As a user I want to have be able to set different report permissions
per report types. (implies report STI) - As a user I want to see the overall host status derived from all
report types statuses.
As a user I want to be able to search based on host global status.
Mapping of ARF report to Foreman report
Report
Arf Report
Log
Rule Result
Source
Rule
Host
Asset
Message
Message
- Remediation
Metrics
Breakdown view
?
Policy
Questions:
How do we parse reports on the smart proxy? Do we save reports on the
proxy and ship to foreman?
How do we store reports on smart proxy? persistent storage / File system?
Will smart proxy have some background processing support so it’s not
blocking on long running tasks (parsing and uploading reports)
Scaptimony on Smart proxy as parser?
Is there a benefit of keeping openscap generated html report or can we
move to Foreman built-in reports