Hi,
I have installed openscap plugin, I created correctly policies and SCAP contents.
However I can’t retreive hosts report. They are not not produced at all.
What could be the problem?
Thanks
Stefano
Hi,
if reports are not created, it could be a number of things. We have a couple of debugging steps in our docs that could help you determine what exactly is going on. Could you go over them (if you haven’t already)? Is there anything interesting in logs when running foreman_scap_client manually?
O.
Hi Ondrej,
I’m folowing your guide.
I can’t find /etc/cron.d/foreman_scap_client_cron and /etc/foreman_scap_client/config.yaml even if I installed all the packages as written in Foreman :: Plugin Manuals
guide.
Can you help me?
Thanks
Stefano
Ok, seems like foreman_scap_client was not deployed to your host. View the puppet classes for your host and make sure foreman_scap_client and foreman_scap_client::params are assigned. Then trigger Puppet run on your host, you should see some changes. If Puppet fails on ‘no package foreman_scap_client available’, you may need to configure additional repository. When Puppet successfully installs the package and creates the config, you can try running the scan manually to see if everything works.
O.
Hi,
foreman_scap_client and foreman_scap_client::params are assigned.
How can i trigger puppet run directly on my host?
Typing foreman_scap_client the command is not found.
Thanks
Stefano
Hi,
you can ssh to your host and run puppet agent -t to trigger puppet run, foreman_scap_client is not present because Puppet is meant to install and configure it. Also note that ‘Configure -> Classes’ page you have on your screenshot lists all the classes you have imported into your Foreman, but does not tell you which classes are assigned to which hosts. For that, you need to go to ‘Hosts -> All hosts’, then choose ‘Edit’ in the ‘Actions’ column and go to ‘Puppet Classes’ tab.
O.
1 Like
Hi,
runned
[root@srvlzkatello ~]# puppet agent -t
Info: Using configured environment ‘production’
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for srvlzkatello.conte.it
Info: Applying configuration version ‘1517476357’
Notice: Applied catalog in 2.02 seconds
So, i think puppet is ok.
How can i add puppet classes to single host? I can’t find those classes in puppet classes section
Thanks
Stefano
Hi,
check that your host has the correct Puppet environment assigned - from your previous screenshot I see you have the scap client Puppet classes in ‘production’ environment. Also check that your environment is in the same organization/location as your host if you use them.
O.
Hi Ondrey,
sorry for late reponse. I was temporary moved to another task.
But I need to solve again this issue.
I try to have a quick resume about my configuration.
2 content host with dev environment
The katello instance has production environment
Could be this the reason why report aren’t produced?
Many Thanks
Stefano
And after adding classes foreman_scap_client and foreman_scap_client::params to my host and running puppet agent -t below the outcome:
[root@katello cron.d]# puppet agent -t
Info: Using configured environment 'production’
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman_scap_client]:
expects a value for parameter 'server’
expects a value for parameter ‘port’ on node katello.internallab.lan
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
I made a little step over. Now all seems to be ok, the configuration file has been created but once i create a policy and assign it to host as well, the policy section of the configuration file is not updated.
What can be happened?
Thanks
Stefano
Hi,
each time you assign a policy to a host, you need to run puppet (or wait for scheduled run) so that changes propagate to your client. When you run “puppet agent -t” on your client after assigning it another policy, I expect the changes to appear in the client config .