Foreman install without Katello on CentOS 7 together with OpenSCAP plugin/proxy. Running a scan completes successfully, report makes it from client to proxy but error received on report upload "Report not uploaded from proxy to Foreman server, cause: Failed to upload to Foreman, saving in spool. Failed with: 500 “Internal Server Error”.
Could use some pointers on what log files might assist tracking this down, nothing of note seen in /var/log/foreman/production.log or /var/log/foreman-proxy. Maybe I dont have the right debug values.
Policies configured correctly with SCAP content. Data accessible and downloaded correctly by client during puppet run together with configuration files.
Previous class configuration issues from here OpenSCAP plugin / puppet classes, what am I doing wrong or missing? overcome by “puppet module install” instead of rpm as described. Docs scrutinised accordingly and I belive all configured OK, classes show up correctly, can allocate to host group with settings etc and config files are propagated correctly to clients.
Report makes it from remote client to Foreman server but not ingested, kicked out to /var/spool/foreman-proxy/arf//… instead.
Seen previous issue on “Error 500” with a workaround of creating a second organisation and location, this does not appear to work in this instance.
For me, a little confused from OpenSCAP document but I feel I have the correct configuration. Most of the documentation refers to using the Katello proxy and port (9090) which utilises the Katello consumer certs not puppet certs. As Katello isnt in use I believe the cert chains utilised would be from the Puppet CA which I think are configured correctly. I understand the correct proxy port to use without Katello would be 8443 (tried the puppet proxy port 8140, didnt work)
Example version is 2.1, this behaviour seems to display on 2.0 as well.
I believe that the Foreman server should successfully process the report, ingest accordingly and present for viewing in the console.
Foreman and Proxy versions:
rpm -qa | grep foreman | sort
rpm -qa | grep scap | sort
Distribution and version:
Other relevant data:
foreman_scap_client classes overrides applied as follows:
fetch remote resources = true
port = 8443
server = <myforemanserver.fqdn>
Generated /etc/foreman_scap_client/config.yml on example client.
DO NOT EDIT THIS FILE MANUALLY
IT IS MANAGED BY PUPPET
Foreman proxy to which reports should be uploaded
Timeout for sending reports to proxy
Should --fetch-remote-resources be added to
oscap xccdf eval command
HTTP proxy server for downloading remote resources
SSL specific options
Client CA file.
It could be Puppet CA certificate (e.g., ‘/var/lib/puppet/ssl/certs/ca.pem’)
Or (recommended for client reporting to Katello) subscription manager CA file, (e.g., ‘/etc/rhsm/ca/katello-server-ca.pem’)
Client host certificate.
It could be Puppet agent host certificate (e.g., ‘/var/lib/puppet/ssl/certs/myhost.example.com.pem’)
Or (recommended for client reporting to Katello) consumer certificate (e.g., ‘/etc/pki/consumer/cert.pem’)
Client private key
It could be Puppet agent private key (e.g., ‘/var/lib/puppet/ssl/private_keys/myhost.example.com.pem’)
Or (recommended for client reporting to Katello) consumer private key (e.g., ‘/etc/pki/consumer/key.pem’)
policy (key is id as in Foreman)
A path to download SCAP content from proxy