Openscap proxy plugin fails to install

Problem:
I’m trying to install the openscap proxy plugin using the following:

foreman-installer --enable-foreman-proxy-plugin-openscap

But it fails with the following:

2022-12-06 10:13:06 [ERROR ] [configure] Proxy ukwdr-foremanp-01.iongroup.net has failed to load one or more features (Openscap), check /var/log/foreman-proxy/proxy.log for configuration errors
2022-12-06 10:13:06 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[ukwdr-foremanp-01.iongroup.net]/features: change from ["Ansible", "BMC", "Container_Gateway", "Dynflow", "HTTPBoot", "Logs", "Pulpcore", "Realm", "Registration", "TFTP", "Templates"] to ["Ansible", "BMC", "Container_Gateway", "Dynflow", "HTTPBoot", "Logs", "Openscap", "Pulpcore", "Realm", "Registration", "TFTP", "Templates"] failed: Proxy ukwdr-foremanp-01.iongroup.net has failed to load one or more features (Openscap), check /var/log/foreman-proxy/proxy.log for configuration errors

I don’t see anything useful in the /var/log/foreman-proxy/proxy.log log.

I successfully installed this on a test system when running 3.3, whereas this system is running 3.4.1.

Expected outcome:
The plugin should install successfully.

Foreman and Proxy versions:
3.4.1/4.6

Foreman and Proxy plugin versions:

• ansible-collection-theforeman-foreman-3.5.0-2.el8.noarch
• candlepin-4.2.3-1.el8.noarch
• candlepin-selinux-4.2.3-1.el8.noarch
• foreman-3.4.1-1.el8.noarch
• foreman-cli-3.4.1-1.el8.noarch
• foreman-debug-3.4.1-1.el8.noarch
• foreman-dynflow-sidekiq-3.4.1-1.el8.noarch
• foreman-installer-3.4.1-1.el8.noarch
• foreman-installer-katello-3.4.1-1.el8.noarch
• foreman-ovirt-3.4.1-1.el8.noarch
• foreman-postgresql-3.4.1-1.el8.noarch
• foreman-proxy-3.4.1-1.el8.noarch
• foreman-release-3.4.1-1.el8.noarch
• foreman-selinux-3.4.1-1.el8.noarch
• foreman-service-3.4.1-1.el8.noarch
• foreman-vmware-3.4.1-1.el8.noarch
• katello-4.6.0-1.el8.noarch
• katello-certs-tools-2.9.0-1.el8.noarch
• katello-client-bootstrap-1.7.9-1.el8.noarch
• katello-common-4.6.0-1.el8.noarch
• katello-debug-4.6.0-1.el8.noarch
• katello-repos-4.6.0-1.el8.noarch
• katello-selinux-4.0.2-2.el8.noarch
• pulpcore-selinux-1.3.2-1.el8.x86_64
• python39-pulp-ansible-0.13.2-2.el8.noarch
• python39-pulp-certguard-1.5.2-3.el8.noarch
• python39-pulp-cli-0.14.0-4.el8.noarch
• python39-pulp-container-2.10.9-1.el8.noarch
• python39-pulp-deb-2.18.0-3.el8.noarch
• python39-pulp-file-1.10.2-2.el8.noarch
• python39-pulp-python-3.7.1-1.el8.noarch
• python39-pulp-rpm-3.18.9-1.el8.noarch
• python39-pulpcore-3.18.10-1.el8.noarch
• qpid-proton-c-0.37.0-1.el8.x86_64
• rubygem-foreman-tasks-7.0.0-1.fm3_4.el8.noarch
• rubygem-foreman_ansible-9.0.1-1.fm3_4.el8.noarch
• rubygem-foreman_bootdisk-21.0.2-1.fm3_4.el8.noarch
• rubygem-foreman_maintain-1.2.1-1.el8.noarch
• rubygem-foreman_openscap-5.2.2-2.fm3_3.el8.noarch
• rubygem-foreman_remote_execution-8.0.0-2.fm3_4.el8.noarch
• rubygem-hammer_cli-3.4.0-1.el8.noarch
• rubygem-hammer_cli_foreman-3.4.0-1.el8.noarch
• rubygem-hammer_cli_foreman_ansible-0.4.0-1.fm3_4.el8.noarch
• rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8.noarch
• rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.fm3_0.el8.noarch
• rubygem-hammer_cli_foreman_tasks-0.0.17-1.fm3_2.el8.noarch
• rubygem-hammer_cli_katello-1.7.0-0.1.pre.master.20220802114853git2f16bef.el8.noarch
• rubygem-katello-4.6.0-1.el8.noarch
• rubygem-pulp_ansible_client-0.13.4-1.el8.noarch
• rubygem-pulp_certguard_client-1.5.5-1.el8.noarch
• rubygem-pulp_container_client-2.10.7-1.el8.noarch
• rubygem-pulp_deb_client-2.18.1-1.el8.noarch
• rubygem-pulp_file_client-1.10.5-1.el8.noarch
• rubygem-pulp_ostree_client-2.0.0-0.1.a1.el8.noarch
• rubygem-pulp_python_client-3.6.1-1.el8.noarch
• rubygem-pulp_rpm_client-3.17.12-1.el8.noarch
• rubygem-pulpcore_client-3.18.5-2.el8.noarch
• rubygem-qpid_proton-0.37.0-1.el8.x86_64
• rubygem-smart_proxy_pulp-3.2.0-3.fm3_3.el8.noarch

Distribution and version:
CentOS 8 Stream

Other relevant data:

Unsure if this is your problem but I seen in my notes I installed these two packages before I deployed SCAP on my proxies:
dnf -y install ansiblerole-foreman_scap_client scap-security-guide

Then installed it with:
–enable-foreman-proxy-plugin-ansible
–enable-foreman-proxy-plugin-openscap

Thanks…that unfortunately doesn’t work either.

We tried installing the openscap plugin on a test 3.3 system, and it worked.
So this seems like an issue since 3.4.

Any further help will be much appreciated!

Is there any way to increase logging to try and find out why this install is failing…?

I can confirm that my latest proxy installation was using Foreman 3.3 (then updated to 3.4.1) so if there is a problem with 3.4/3.5 I will notice it soon since I am planning on deploying three more proxies beginning of next year.

Just installed a new proxy with v3.4.1 with Openscap without any issues.

Thanks for the update.
We may end up using a different system for SCAP scans, so not so much of an issue now…but still concerning that our install may be broken.

It is always a little tricky comparing installations since they for sure will be different, I also use AlmaLinux 8, not CentOS.
If I may ask, what other system do you plan to use for SCAP instead?

Yep - in fact this has worked on a test system running AlmaLinux 8. We have thought about converting at some point…

We’re currently testing the Rapid7 SCAP feature.