Hi In my situation I have manually changed the profile details in /etc/foreman_scap_client/config.yaml file that's the reason I have faced errors. I have then created a host group in foreman and assigned required profile and ran puppet agent from CLI in respective node. Make sure you provide correct cert details.
let me know how it went. Sai Krishna On Mon, Jul 10, 2017 at 7:05 AM, Phillip Smith <[email protected]> wrote: > Hi > > I am having the exact same issue, have you found a solution yet? > > > On Thursday, 15 June 2017 17:29:01 UTC+2, Sai Krishna wrote: >> >> >> Hello everyone, >> >> >> I have installed openscap plugin for existing foreman 1.15 and trying to >> get the compliance report for a server, facing few issues during this >> process. >> >> Having trouble assigning policy to host, its not loading to select the >> existing policy. >> >> So I have tried from command line by running /usr/bin/foreman_scap_client >> 1 >> >> below is the confi file /etc/foreman_scap_client/config.yaml >> >> # DO NOT EDIT THIS FILE MANUALLY >> # IT IS MANAGED BY PUPPET >> >> # Foreman proxy to which reports should be uploaded >> :server: 'foremanproxy.example.com' >> :port: 8443 >> >> ## SSL specific options ## >> # Client CA file. >> # It could be Puppet CA certificate (e.g., '/var/lib/puppet/ssl/certs/ca. >> pem') >> # Or (recommended for client reporting to Katello) subscription manager >> CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem') >> :ca_file: '/etc/puppetlabs/puppet/ssl/certs/ca.pem' >> # Client host certificate. >> # It could be Puppet agent host certificate (e.g., >> '/var/lib/puppet/ssl/certs/myhost.example.com.pem') >> # Or (recommended for client reporting to Katello) consumer certificate >> (e.g., '/etc/pki/consumer/cert.pem') >> :host_certificate: '/etc/puppetlabs/puppet/ssl/certs/ >> localhost.example.com.pem' >> # Client private key >> # It could be Puppet agent private key (e.g., >> '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem') >> # Or (recommended for client reporting to Katello) consumer private key >> (e.g., '/etc/pki/consumer/key.pem') >> :host_private_key: '/etc/puppetlabs/puppet/ssl/pr >> ivate_keys/localhost.example.com.pem' >> # policy (key is id as in Foreman) >> >> 1: >> :profile: '' >> :content_path: '/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml' >> # Download path >> # A path to download SCAP content from proxy >> :download_path: '/compliance/policies/1/content' >> :tailoring_path: '' >> :tailoring_download_path: '' >> >> >> root localhost [~] # /usr/bin/foreman_scap_client 1 >> DEBUG: running: oscap xccdf eval --results-arf >> /tmp/d20170615-1073-zzt674/results.xml /usr/share/xml/scap/ssg/conten >> t/ssg-rhel7-ds.xml >> WARNING: Skipping http://www.redhat.com/security >> /data/oval/Red_Hat_Enterprise_Linux_7.xml file which is referenced from >> XCCDF content >> DEBUG: running: /usr/bin/bzip2 /tmp/d20170615-1073-zzt674/results.xml >> Uploading results to https://foreman.example.com:8443/compliance/arf/1 >> >> >> >> At https://foreman.example.com:8443/compliance/arf/1 it through a >> message as " No client SSL certificate supplied " >> >> >> >> Below are logs from foreman-proxy server >> /var/log/foreman-proxy/proxy.log >> >> >> https://pastebin.com/uFLAZffP >> >> >> Can anyone please help me with this. >> >> Thank you >> Sai Krishna >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "Foreman users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/foreman-users/TKcNVZQ4b4A/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
