Runnin openscap

Support
1

Hi All,

I am new to foreman . I have installed foreman and the plugin openscap. For now I have 1 host entry(this where my foreman software is) and I need to run openscap.

My setup

  • fresh install
  • centos 7
  • foreman version 1.23.1

Steps I have done in Web console

  • Created a Hostgroup , with 2 puppet classes

  • In my host, I assigned OpenSCAP Proxy

  • In my host, puppet classes tab -> inherited from Hostgroup classes

  • I can see the SCAP contents

  • Create scap policy

  • Assign scap policy to my host

  • I make a weekly schedule in scap policy

  • I tried using ( puppet agent -t ) and I am getting errors

This are the errors
*************************************************8
[root@foreman ~]# puppet agent -t
Info: Using configured environment ‘production’
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for foreman.localdomain
Info: Applying configuration version ‘1574618471’
Error: Execution of ‘/bin/yum -d 0 -e 0 -y install rubygem-foreman_scap_client’ returned 1: Error: Nothing to do
Error: /Stage[main]/Foreman_scap_client/Package[foreman_scap_client]/ensure: change from ‘purged’ to ‘present’ failed: Execution of ‘/bin/yum -d 0 -e 0 -y install rubygem-foreman_scap_client’ returned 1: Error: Nothing to do
Notice: /Stage[main]/Foreman_scap_client/File[/etc/foreman_scap_client]: Dependency Package[foreman_scap_client] has failures: true
Warning: /Stage[main]/Foreman_scap_client/File[/etc/foreman_scap_client]: Skipping because of failed dependencies
Warning: /Stage[main]/Foreman_scap_client/File[foreman_scap_client]: Skipping because of failed dependencies
Notice: Applied catalog in 3.42 seconds

[root@foreman ~]# cat /etc/foreman_scap_client
cat: /etc/foreman_scap_client: No such file or directory

[root@foreman ~]# cat /etc/foreman_scap_client/config.yaml
cat: /etc/foreman_scap_client/config.yaml: No such file or directory

**[root@foreman ~]# cat /etc/cron.d/foreman_scap_client_cron**
**# DO NOT EDIT THIS FILE MANUALLY**
**# IT IS MANAGED BY PUPPET**
**# ANY MANUAL CHANGES WILL BE LOST ON THE NEXT PUPPET RUN**
**#**
**# Executing foreman_scap_client from command line may be useful for debugging purposes.**
**# It may generate warnings due to a reference to a missing file.**

**# foreman_scap_client cron job**

**# Runs foreman_scap_client 1**
0 1 * * 0 root /bin/sleep 124 ; /usr/bin/foreman_scap_client 1 2>&1 | logger -t foreman_scap_client

[root@foreman ~]# /usr/bin/foreman_scap_client 1
-bash: /usr/bin/foreman_scap_client: No such file or directory

Any help is appreciated and thank you in advance.

2

Hi,
it seems like Puppet has problems installing foreman_scap_client. You can try to do that manually on the host you plan to scan:

yum install rubygem-foreman_scap_client

It should provide you with details about why the installation failed - my guess is that your host does not have access to the rpm package, which can be found in our client repos:

http://yum.theforeman.org/client/1.23/el7/x86_64/

You can configure the puppet class in a way that it adds the repo to the host for you - it should be enough to set foreman_repo_rel to the release version (1.23 in your case). You can check the relevant section of the manifest to see what it actually does.

I hope this helps.

1 Like