Problem:
CentOS 7 Foreman standalone install (no failures during install), after installing OpenSCAP plugin the OpenScap Puppet classes don’t appear in Configure>Puppet>Classes and “import environments from…” button returns "no changes.
Foreman with Katello install (no failures during install), OpenSCAP all seems to work correctly after install, can import puppet classes and move on to configure OpenSCAP policies.
Grateful if anybody can suggest what I am doing wrong or missing?
Expected outcome:
Following installation of standalone foreman and OpenSCAP plugin I am hoping to see the foreman_scap classes available in order to move on and assign a policy after uploading content. As classes don’t appear, cannot create a policy.
Confused as to why foreman/katello install works but foreman on its own does not.
Foreman and Proxy versions:
Occurs on 2.0.1 stable, also 2.0 release candidates, Also occurs on 2.1 release candidates. Version info below from 2.0.1 release.
Per above, classes seem to show up correctly if using foreman/katello install but not on standalone. Grateful for any pointers and/or extra log files to inspect.
Hoping someone can shed some light. No matter what version, 2.0rc, 2.0.1, 2.1 it always works when installing foreman/katello but not foreman on its own:
Am I making some kind of schoolboy error when deploying? Both installations return no error yet its only the katello-based install that shows the puppet modules for import.
So, installing from RPM does not work in the “standalone” scenario as detailed above.
HOWEVER, after removing the rpm (yum erase puppet-foreman_scap_client) and its stdlib dependency, it would appear to work correctly from a command-line install
puppet module install theforeman-foreman_scap_client
Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules …
Notice: Downloading from https://forgeapi.puppet.com …
Notice: Installing – do not interrupt …
/etc/puppetlabs/code/environments/production/modules
└─┬ theforeman-foreman_scap_client (v0.4.0)
└── puppetlabs-stdlib (v5.2.0)
Now when I visit Configure > Puppet > Classes I see the foreman_scap_client and depedency stdlib classes showing correctly and can configure openscap properly.
Hi,
apologies for a late response, the puppet classes are packaged and should be available via puppet-foreman_scap_client rpm. I’ll need to take a closer look why they fail to show for import without katello, seems like this might be a bug.
Hello,
No need to apologise at all, this is after all a community, thank you for looking and I hope my description provides info. If I can provide any log files at all to assist, or test any updated rpm, please let me know!
As described, server-side now working from puppet module install. My clients pick up “a” configuration on a puppet run and now trying to understand provisioning of missing scap data to clients - again without katello - I’m sure its my current lack of understanding on this.
Per above, happy to help in testing/log files etc.
Thanks!
The puppet module picks up configuration from foreman to determine how to deploy foreman_scap_client to the target host - the docs section on foreman_openscap plugin should contain the details on how to get everything working properly.
I’d suggest looking at the paths Puppetserver is configured to look at. puppet config print | grep module shows them and modulepath is the most important one. The RPM should install to /usr/share/puppet/modules (but can be checked with rpm -ql puppet-foreman_scap_client) so that should be in the modulepath. If it isn’t, that’s the most likely cause.
Thank you both - I’ve had head in docs all morning since I got the server module working with puppet module install. its my learning to discover how to deploy content to clients without katello - I can do it with katello fine with a TLS client connecting to port 9090… researching all the bits to do it without katello for myself.
Regarding paths, output from both test machines with and without katello appears to be identical:-
One thing I did notice is that the puppet module install seems to have deployed a later version than contained within the rpm package, if I am interpreting the filenames correctly;
Additional info today, built a test foreman server on CentOS 8, using version 2.1 of foreman, “standalone”/puppet as above, ie no Katello.
foreman-installer --enable-foreman-plugin-openscap --enable-foreman-proxy-plugin-openscap completed successfully with no errors.
Same symptoms encountered when installing RPM version of puppet-foreman_scap_client, classes do not show up. If I remove RPM and install using “puppet module install puppet-foreman_scap_client” then the classes show up correctly.
versions of (broken?) RPMs for EL8 the server pulled from plugins repo follow:
=====================================================================================================================================================
Package Architecture Version Repository Size
=====================================================================================================================================================
Installing:
puppet-foreman_scap_client noarch 0.4.0-1.el8 foreman-plugins 22 k
Installing dependencies:
puppetlabs-stdlib noarch 5.2.0-1.el8 foreman-plugins 126 k
Workaround identified but I’d love to know in due course whats up with the rpm(s),
Hello,
Didnt happen this end. I have just built another CentOS 8.2.2004 machine and again, same symptoms. Please do tell me if I’m missing anything out the installer, I don’t believe so.
Quick edit to add SELINUX is permissive, /tmp and /var/tmp (bind mount) are NOT mounted noexec.
As before, an installation from RPM does not seem to permit the puppet classes to show up when importing environment from host. Whether its the RPM at fault or some other dependency I simply do not know. I can fail this consistently.
The workaround of performing a “puppet module install” does however continue to make the modules show up. I can make this work consistently.
Heres the entire install transcript from a minimal fully patched CentOS 8.2.2004 install using rpm only, to the point where logging in and pressing “import environments from” does not work.
End of banner message from server
admin@foreman-centos8's password:
[admin@foreman-centos8 ~]$ su -
Password:
Last login: Mon Jul 20 11:22:17 UTC 2020 on tty1
[root@foreman-centos8 ~]# dnf update
Last metadata expiration check: 0:32:37 ago on Mon 20 Jul 2020 10:52:14 UTC.
Dependencies resolved.
Nothing to do.
Complete!
[root@foreman-centos8 ~]# firewall-cmd --zone=public --permanent --add-service=https
success
[root@foreman-centos8 ~]# firewall-cmd --zone=public --permanent --add-service=http
success
[root@foreman-centos8 ~]# firewall-cmd --zone=public --permanent --add-port=8140/tcp
success
[root@foreman-centos8 ~]# firewall-cmd --zone=public --permanent --add-port=8443/tcp
success
[root@foreman-centos8 ~]# systemctl restart firewalld
[root@foreman-centos8 ~]# yum install https://yum.puppet.com/puppet6-release-el-8.noarch.rpm
Last metadata expiration check: 0:34:18 ago on Mon 20 Jul 2020 10:52:14 UTC.
puppet6-release-el-8.noarch.rpm 100 kB/s | 14 kB 00:00
Dependencies resolved.
=====================================================================================================================================================
Package Architecture Version Repository Size
=====================================================================================================================================================
Installing:
puppet6-release noarch 6.0.0-10.el8 @commandline 14 k
Transaction Summary
=====================================================================================================================================================
Install 1 Package
Total size: 14 k
Installed size: 5.1 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: puppet6-release-6.0.0-10.el8.noarch 1/1
Installing : puppet6-release-6.0.0-10.el8.noarch 1/1
Running scriptlet: puppet6-release-6.0.0-10.el8.noarch 1/1
Verifying : puppet6-release-6.0.0-10.el8.noarch 1/1
Installed:
puppet6-release-6.0.0-10.el8.noarch
Complete!
[root@foreman-centos8 ~]# yum install https://yum.theforeman.org/releases/2.1/el8/x86_64/foreman-release.rpm
Puppet 6 Repository el 8 - x86_64 12 MB/s | 18 MB 00:01
Last metadata expiration check: 0:00:05 ago on Mon 20 Jul 2020 11:26:51 UTC.
foreman-release.rpm 51 kB/s | 12 kB 00:00
Dependencies resolved.
=====================================================================================================================================================
Package Architecture Version Repository Size
=====================================================================================================================================================
Installing:
foreman-release noarch 2.1.0-1.el8 @commandline 12 k
Transaction Summary
=====================================================================================================================================================
Install 1 Package
Total size: 12 k
Installed size: 2.8 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : foreman-release-2.1.0-1.el8.noarch 1/1
Verifying : foreman-release-2.1.0-1.el8.noarch 1/1
Installed:
foreman-release-2.1.0-1.el8.noarch
Complete!
[root@foreman-centos8 ~]# yum install foreman-installer
Foreman plugins 2.1 3.3 MB/s | 1.2 MB 00:00
Foreman 2.1 7.3 MB/s | 2.0 MB 00:00
Dependencies resolved.
=====================================================================================================================================================
Package Architecture Version Repository Size
=====================================================================================================================================================
Installing:
foreman-installer noarch 1:2.1.0-1.el8 foreman 1.7 M
Installing dependencies:
foreman-selinux noarch 2.1.0-1.el8 foreman 54 k
puppet-agent x86_64 6.17.0-1.el8 puppet6 26 M
ruby x86_64 2.5.5-105.module_el8.1.0+214+9be47fd7 AppStream 86 k
ruby-irb noarch 2.5.5-105.module_el8.1.0+214+9be47fd7 AppStream 102 k
ruby-libs x86_64 2.5.5-105.module_el8.1.0+214+9be47fd7 AppStream 2.9 M
rubygem-ansi noarch 1.5.0-2.el8 foreman 32 k
rubygem-clamp noarch 1.1.2-6.el8 foreman 33 k
rubygem-foreman_maintain noarch 1:0.6.6-1.el8 foreman 155 k
rubygem-hashie noarch 3.6.0-2.el8 foreman 36 k
rubygem-highline noarch 1.7.8-5.el8 foreman 42 k
rubygem-io-console x86_64 0.4.6-105.module_el8.1.0+214+9be47fd7 AppStream 66 k
rubygem-json x86_64 2.1.0-105.module_el8.1.0+214+9be47fd7 AppStream 90 k
rubygem-kafo noarch 4.1.0-3.el8 foreman 75 k
rubygem-kafo_parsers noarch 1.1.0-3.el8 foreman 15 k
rubygem-kafo_wizards noarch 0.0.1-4.el8 foreman 16 k
rubygem-little-plugger noarch 1.1.4-2.el8 foreman 16 k
rubygem-logging noarch 2.2.2-5.el8 foreman 63 k
rubygem-multi_json noarch 1.14.1-1.el8 foreman 23 k
rubygem-openssl x86_64 2.1.2-105.module_el8.1.0+214+9be47fd7 AppStream 190 k
rubygem-powerbar noarch 2.0.1-2.el8 foreman 14 k
rubygem-psych x86_64 3.0.2-105.module_el8.1.0+214+9be47fd7 AppStream 95 k
rubygem-rdoc noarch 6.0.1-105.module_el8.1.0+214+9be47fd7 AppStream 486 k
rubygems noarch 2.7.6.2-105.module_el8.1.0+214+9be47fd7 AppStream 308 k
Installing weak dependencies:
rubygem-bigdecimal x86_64 1.3.4-105.module_el8.1.0+214+9be47fd7 AppStream 97 k
rubygem-did_you_mean noarch 1.2.0-105.module_el8.1.0+214+9be47fd7 AppStream 90 k
Enabling module streams:
ruby 2.5
Transaction Summary
=====================================================================================================================================================
Install 26 Packages
Total download size: 33 M
Installed size: 49 M
Is this ok [y/N]: y
Downloading Packages:
determining the fastest mirror (1 hosts).. done. [ === ] --- B/s | 0 B --:-- ETA
(1/26): ruby-2.5.5-105.module_el8.1.0+214+9be47fd7.x86_64.rpm 1.1 MB/s | 86 kB 00:00
(2/26): ruby-irb-2.5.5-105.module_el8.1.0+214+9be47fd7.noarch.rpm 1.2 MB/s | 102 kB 00:00
(3/26): rubygem-bigdecimal-1.3.4-105.module_el8.1.0+214+9be47fd7.x86_64.rpm 3.2 MB/s | 97 kB 00:00
(4/26): rubygem-did_you_mean-1.2.0-105.module_el8.1.0+214+9be47fd7.noarch.rpm 2.8 MB/s | 90 kB 00:00
(5/26): rubygem-io-console-0.4.6-105.module_el8.1.0+214+9be47fd7.x86_64.rpm 3.5 MB/s | 66 kB 00:00
(6/26): rubygem-json-2.1.0-105.module_el8.1.0+214+9be47fd7.x86_64.rpm 3.8 MB/s | 90 kB 00:00
(7/26): ruby-libs-2.5.5-105.module_el8.1.0+214+9be47fd7.x86_64.rpm 19 MB/s | 2.9 MB 00:00
(8/26): rubygem-openssl-2.1.2-105.module_el8.1.0+214+9be47fd7.x86_64.rpm 5.1 MB/s | 190 kB 00:00
(9/26): rubygem-psych-3.0.2-105.module_el8.1.0+214+9be47fd7.x86_64.rpm 3.1 MB/s | 95 kB 00:00
(10/26): rubygem-rdoc-6.0.1-105.module_el8.1.0+214+9be47fd7.noarch.rpm 16 MB/s | 486 kB 00:00
(11/26): rubygems-2.7.6.2-105.module_el8.1.0+214+9be47fd7.noarch.rpm 11 MB/s | 308 kB 00:00
(12/26): foreman-selinux-2.1.0-1.el8.noarch.rpm 1.2 MB/s | 54 kB 00:00
(13/26): rubygem-ansi-1.5.0-2.el8.noarch.rpm 977 kB/s | 32 kB 00:00
(14/26): rubygem-clamp-1.1.2-6.el8.noarch.rpm 3.7 MB/s | 33 kB 00:00
(15/26): rubygem-hashie-3.6.0-2.el8.noarch.rpm 3.5 MB/s | 36 kB 00:00
(16/26): rubygem-foreman_maintain-0.6.6-1.el8.noarch.rpm 6.8 MB/s | 155 kB 00:00
(17/26): rubygem-highline-1.7.8-5.el8.noarch.rpm 3.9 MB/s | 42 kB 00:00
(18/26): rubygem-kafo-4.1.0-3.el8.noarch.rpm 5.1 MB/s | 75 kB 00:00
(19/26): rubygem-kafo_parsers-1.1.0-3.el8.noarch.rpm 1.5 MB/s | 15 kB 00:00
(20/26): rubygem-kafo_wizards-0.0.1-4.el8.noarch.rpm 2.3 MB/s | 16 kB 00:00
(21/26): rubygem-little-plugger-1.1.4-2.el8.noarch.rpm 1.9 MB/s | 16 kB 00:00
(22/26): rubygem-multi_json-1.14.1-1.el8.noarch.rpm 2.7 MB/s | 23 kB 00:00
(23/26): rubygem-logging-2.2.2-5.el8.noarch.rpm 5.2 MB/s | 63 kB 00:00
(24/26): rubygem-powerbar-2.0.1-2.el8.noarch.rpm 2.3 MB/s | 14 kB 00:00
(25/26): foreman-installer-2.1.0-1.el8.noarch.rpm 9.7 MB/s | 1.7 MB 00:00
(26/26): puppet-agent-6.17.0-1.el8.x86_64.rpm 53 MB/s | 26 MB 00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------
Total 27 MB/s | 33 MB 00:01
warning: /var/cache/dnf/AppStream-a520ed22b0a8a736/packages/ruby-2.5.5-105.module_el8.1.0+214+9be47fd7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
CentOS-8 - AppStream 1.6 MB/s | 1.6 kB 00:00
Importing GPG key 0x8483C65D:
Userid : "CentOS (CentOS Official Signing Key) <security@centos.org>"
Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Is this ok [y/N]: y
Key imported successfully
warning: /var/cache/dnf/foreman-6ee06fb3410a3bdd/packages/foreman-installer-2.1.0-1.el8.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID b6f08ccf: NOKEY
Foreman 2.1 2.0 MB/s | 2.1 kB 00:00
Importing GPG key 0xB6F08CCF:
Userid : "Foreman Automatic Signing Key (2.1) <packages@theforeman.org>"
Fingerprint: 0F71 D9EA C889 A0F2 C2CD 8190 6280 05A4 B6F0 8CCF
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-foreman
Is this ok [y/N]: y
Key imported successfully
warning: /var/cache/dnf/puppet6-61278a3d8cb73bd9/packages/puppet-agent-6.17.0-1.el8.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID ef8d349f: NOKEY
Puppet 6 Repository el 8 - x86_64 1.6 MB/s | 1.6 kB 00:00
Importing GPG key 0xEF8D349F:
Userid : "Puppet, Inc. Release Key (Puppet, Inc. Release Key) <release@puppet.com>"
Fingerprint: 6F6B 1550 9CF8 E59E 6E46 9F32 7F43 8280 EF8D 349F
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-puppet6-release
Is this ok [y/N]: y
Key imported successfully
Puppet 6 Repository el 8 - x86_64 3.1 MB/s | 3.1 kB 00:00
Importing GPG key 0x9E61EF26:
Userid : "Puppet, Inc. Release Key (Puppet, Inc. Release Key) <release@puppet.com>"
Fingerprint: D681 1ED3 ADEE B844 1AF5 AA8F 4528 B6CD 9E61 EF26
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-2025-04-06-puppet6-release
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : ruby-libs-2.5.5-105.module_el8.1.0+214+9be47fd7.x86_64 1/26
Installing : ruby-irb-2.5.5-105.module_el8.1.0+214+9be47fd7.noarch 2/26
Installing : rubygem-bigdecimal-1.3.4-105.module_el8.1.0+214+9be47fd7.x86_64 3/26
Installing : rubygem-did_you_mean-1.2.0-105.module_el8.1.0+214+9be47fd7.noarch 4/26
Installing : rubygem-io-console-0.4.6-105.module_el8.1.0+214+9be47fd7.x86_64 5/26
Installing : rubygem-json-2.1.0-105.module_el8.1.0+214+9be47fd7.x86_64 6/26
Installing : rubygem-openssl-2.1.2-105.module_el8.1.0+214+9be47fd7.x86_64 7/26
Installing : rubygem-psych-3.0.2-105.module_el8.1.0+214+9be47fd7.x86_64 8/26
Installing : rubygem-rdoc-6.0.1-105.module_el8.1.0+214+9be47fd7.noarch 9/26
Installing : rubygems-2.7.6.2-105.module_el8.1.0+214+9be47fd7.noarch 10/26
Installing : ruby-2.5.5-105.module_el8.1.0+214+9be47fd7.x86_64 11/26
Installing : rubygem-highline-1.7.8-5.el8.noarch 12/26
Installing : rubygem-clamp-1.1.2-6.el8.noarch 13/26
Installing : rubygem-foreman_maintain-1:0.6.6-1.el8.noarch 14/26
Installing : rubygem-kafo_wizards-0.0.1-4.el8.noarch 15/26
Installing : rubygem-ansi-1.5.0-2.el8.noarch 16/26
Installing : rubygem-hashie-3.6.0-2.el8.noarch 17/26
Installing : rubygem-powerbar-2.0.1-2.el8.noarch 18/26
Installing : rubygem-kafo_parsers-1.1.0-3.el8.noarch 19/26
Installing : rubygem-little-plugger-1.1.4-2.el8.noarch 20/26
Installing : rubygem-multi_json-1.14.1-1.el8.noarch 21/26
Installing : rubygem-logging-2.2.2-5.el8.noarch 22/26
Installing : rubygem-kafo-4.1.0-3.el8.noarch 23/26
Running scriptlet: puppet-agent-6.17.0-1.el8.x86_64 24/26
Installing : puppet-agent-6.17.0-1.el8.x86_64 24/26
Running scriptlet: puppet-agent-6.17.0-1.el8.x86_64 24/26
Installing : foreman-selinux-2.1.0-1.el8.noarch 25/26
Running scriptlet: foreman-selinux-2.1.0-1.el8.noarch 25/26
Installing : foreman-installer-1:2.1.0-1.el8.noarch 26/26
Running scriptlet: foreman-installer-1:2.1.0-1.el8.noarch 26/26
Running scriptlet: puppet-agent-6.17.0-1.el8.x86_64 26/26
Running scriptlet: foreman-selinux-2.1.0-1.el8.noarch 26/26
/sbin/restorecon: SELinux: Could not get canonical path for /etc/puppet/node.rb restorecon: No such file or directory.
/sbin/restorecon: SELinux: Could not get canonical path for /usr/lib64/ruby/gems/1.8/gems/passenger-* restorecon: No such file or directory.
/sbin/restorecon: SELinux: Could not get canonical path for /usr/lib/ruby/gems/1.8/gems/passenger-* restorecon: No such file or directory.
/sbin/restorecon: SELinux: Could not get canonical path for /usr/lib64/gems/ruby/passenger-*/agents restorecon: No such file or directory.
/sbin/restorecon: SELinux: Could not get canonical path for /usr/lib/gems/ruby/passenger-*/agents restorecon: No such file or directory.
/sbin/restorecon: SELinux: Could not get canonical path for /usr/lib64/ruby/site_ruby/1.8/x86_64-linux/agents restorecon: No such file or directory.
/sbin/restorecon: SELinux: Could not get canonical path for /usr/lib/ruby/site_ruby/1.8/x86_64-linux/agents restorecon: No such file or directory.
/sbin/restorecon: SELinux: Could not get canonical path for /usr/share/passenger/helper-scripts restorecon: No such file or directory.
/sbin/restorecon: SELinux: Could not get canonical path for /usr/lib64/passenger/support-binaries restorecon: No such file or directory.
/sbin/restorecon: SELinux: Could not get canonical path for /usr/lib/passenger/support-binaries restorecon: No such file or directory.
/sbin/restorecon: SELinux: Could not get canonical path for /usr/lib64exec/passenger restorecon: No such file or directory.
Running scriptlet: foreman-installer-1:2.1.0-1.el8.noarch 26/26
Verifying : ruby-2.5.5-105.module_el8.1.0+214+9be47fd7.x86_64 1/26
Verifying : ruby-irb-2.5.5-105.module_el8.1.0+214+9be47fd7.noarch 2/26
Verifying : ruby-libs-2.5.5-105.module_el8.1.0+214+9be47fd7.x86_64 3/26
Verifying : rubygem-bigdecimal-1.3.4-105.module_el8.1.0+214+9be47fd7.x86_64 4/26
Verifying : rubygem-did_you_mean-1.2.0-105.module_el8.1.0+214+9be47fd7.noarch 5/26
Verifying : rubygem-io-console-0.4.6-105.module_el8.1.0+214+9be47fd7.x86_64 6/26
Verifying : rubygem-json-2.1.0-105.module_el8.1.0+214+9be47fd7.x86_64 7/26
Verifying : rubygem-openssl-2.1.2-105.module_el8.1.0+214+9be47fd7.x86_64 8/26
Verifying : rubygem-psych-3.0.2-105.module_el8.1.0+214+9be47fd7.x86_64 9/26
Verifying : rubygem-rdoc-6.0.1-105.module_el8.1.0+214+9be47fd7.noarch 10/26
Verifying : rubygems-2.7.6.2-105.module_el8.1.0+214+9be47fd7.noarch 11/26
Verifying : foreman-installer-1:2.1.0-1.el8.noarch 12/26
Verifying : foreman-selinux-2.1.0-1.el8.noarch 13/26
Verifying : rubygem-ansi-1.5.0-2.el8.noarch 14/26
Verifying : rubygem-clamp-1.1.2-6.el8.noarch 15/26
Verifying : rubygem-foreman_maintain-1:0.6.6-1.el8.noarch 16/26
Verifying : rubygem-hashie-3.6.0-2.el8.noarch 17/26
Verifying : rubygem-highline-1.7.8-5.el8.noarch 18/26
Verifying : rubygem-kafo-4.1.0-3.el8.noarch 19/26
Verifying : rubygem-kafo_parsers-1.1.0-3.el8.noarch 20/26
Verifying : rubygem-kafo_wizards-0.0.1-4.el8.noarch 21/26
Verifying : rubygem-little-plugger-1.1.4-2.el8.noarch 22/26
Verifying : rubygem-logging-2.2.2-5.el8.noarch 23/26
Verifying : rubygem-multi_json-1.14.1-1.el8.noarch 24/26
Verifying : rubygem-powerbar-2.0.1-2.el8.noarch 25/26
Verifying : puppet-agent-6.17.0-1.el8.x86_64 26/26
Installed:
foreman-installer-1:2.1.0-1.el8.noarch foreman-selinux-2.1.0-1.el8.noarch
puppet-agent-6.17.0-1.el8.x86_64 ruby-2.5.5-105.module_el8.1.0+214+9be47fd7.x86_64
ruby-irb-2.5.5-105.module_el8.1.0+214+9be47fd7.noarch ruby-libs-2.5.5-105.module_el8.1.0+214+9be47fd7.x86_64
rubygem-ansi-1.5.0-2.el8.noarch rubygem-bigdecimal-1.3.4-105.module_el8.1.0+214+9be47fd7.x86_64
rubygem-clamp-1.1.2-6.el8.noarch rubygem-did_you_mean-1.2.0-105.module_el8.1.0+214+9be47fd7.noarch
rubygem-foreman_maintain-1:0.6.6-1.el8.noarch rubygem-hashie-3.6.0-2.el8.noarch
rubygem-highline-1.7.8-5.el8.noarch rubygem-io-console-0.4.6-105.module_el8.1.0+214+9be47fd7.x86_64
rubygem-json-2.1.0-105.module_el8.1.0+214+9be47fd7.x86_64 rubygem-kafo-4.1.0-3.el8.noarch
rubygem-kafo_parsers-1.1.0-3.el8.noarch rubygem-kafo_wizards-0.0.1-4.el8.noarch
rubygem-little-plugger-1.1.4-2.el8.noarch rubygem-logging-2.2.2-5.el8.noarch
rubygem-multi_json-1.14.1-1.el8.noarch rubygem-openssl-2.1.2-105.module_el8.1.0+214+9be47fd7.x86_64
rubygem-powerbar-2.0.1-2.el8.noarch rubygem-psych-3.0.2-105.module_el8.1.0+214+9be47fd7.x86_64
rubygem-rdoc-6.0.1-105.module_el8.1.0+214+9be47fd7.noarch rubygems-2.7.6.2-105.module_el8.1.0+214+9be47fd7.noarch
Complete!
[root@foreman-centos8 ~]#
[root@foreman-centos8 ~]# foreman-installer --enable-foreman-cli-openscap --enable-foreman-plugin-openscap --enable-foreman-proxy-plugin-openscap
Preparing installation Done
Executing: foreman-rake upgrade:run
foreman-rake upgrade:run finished successfully!
Success!
* Foreman is running at https://foreman-centos8.r01.tuffdata.com
Initial credentials are admin / SPnTrmT3ohiYbYwh
* Foreman Proxy is running at https://foreman-centos8.r01.tuffdata.com:8443
The full log is at /var/log/foreman-installer/foreman.log
[root@foreman-centos8 ~]#
[root@foreman-centos8 ~]# yum install puppet-foreman_scap_client
Last metadata expiration check: 0:14:07 ago on Mon 20 Jul 2020 11:37:02 UTC.
Dependencies resolved.
=====================================================================================================================================================
Package Architecture Version Repository Size
=====================================================================================================================================================
Installing:
puppet-foreman_scap_client noarch 0.4.0-1.el8 foreman-plugins 22 k
Installing dependencies:
puppetlabs-stdlib noarch 5.2.0-1.el8 foreman-plugins 126 k
Transaction Summary
=====================================================================================================================================================
Install 2 Packages
Total download size: 148 k
Installed size: 465 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): puppet-foreman_scap_client-0.4.0-1.el8.noarch.rpm 78 kB/s | 22 kB 00:00
(2/2): puppetlabs-stdlib-5.2.0-1.el8.noarch.rpm 434 kB/s | 126 kB 00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------
Total 502 kB/s | 148 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : puppetlabs-stdlib-5.2.0-1.el8.noarch 1/2
Installing : puppet-foreman_scap_client-0.4.0-1.el8.noarch 2/2
Verifying : puppet-foreman_scap_client-0.4.0-1.el8.noarch 1/2
Verifying : puppetlabs-stdlib-5.2.0-1.el8.noarch 2/2
Installed:
puppet-foreman_scap_client-0.4.0-1.el8.noarch puppetlabs-stdlib-5.2.0-1.el8.noarch
Complete!
I do not think you are missing anything in installer. I just gave it another go on CentOS 8.2.2004, everything still works for me. I can import using both UI and CLI:
Hey Ondrej
Thanks for that. I tried command line operations for reference, I hadnt tested that before, from rpm is still same.
# hammer proxy import-classes --id 1
Result:
No changes to your environments detected
from puppet module install
# puppet module install theforeman-foreman_scap_client
Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules ...
Notice: Downloading from https://forgeapi.puppet.com ...
Notice: Installing -- do not interrupt ...
/etc/puppetlabs/code/environments/production/modules
└─┬ theforeman-foreman_scap_client (v0.4.0)
└── puppetlabs-stdlib (v5.2.0)
# hammer proxy import-classes --id 1
Result:
Successfully updated environment and puppetclasses from the on-disk puppet installation
Changed environments:
1) production
New classes:
foreman_scap_client
foreman_scap_client::params
stdlib
stdlib::stages
I’m noticing that the puppet module install command is deploying to /etc/puppetlabs… and the rpm deploys to /usr/share/…
That seems to be the only difference. Still, one works, one doesnt.
I’ve already stripped out any hardening from the build, going to repeat it from a totally manuall install. maybe there’s some deep-down setting that affect this but perhaps I would have expected correct operation either way even some hardening were applied; eg. industry-standard CIS benchmark or similar.
On a different note and more problematic I still seem to see issues with ingestion of reports per other scap thread. Working on that as well my end to diagnose further.
