Hi I have tested that and it works, thank you. I am not getting a 500 error, Internal Server Error, could you maybe see if you can advise?
https://groups.google.com/forum/#!topic/foreman-users/PjlZhTBklTs On Tuesday, 11 July 2017 20:01:19 UTC+2, Sai Krishna wrote: > > Hi > > Hope you have tried this https://access.redhat.com/solutions/2109131 > > above should work if you're using redhat satellite server as foreman. > > Which version of puppet are you using if it is 4.x certs location should > be something like this /etc/puppetlabs/puppet/ssl/certs/ > > > On Tue, Jul 11, 2017 at 4:53 AM, Phillip Smith <[email protected] > <javascript:>> wrote: > >> Hi >> >> Please see what error I'm getting >> >> root@dev-qua-za-centos7:/etc/cron.d# /usr/bin/foreman_scap_client 1 >> File >> /var/lib/openscap/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e.xml >> >> is missing. Downloading it from proxy. >> Download SCAP content xml from: >> https://foreman.qualica.com:9090/compliance/policies/1/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e >> SCAP content is missing and download failed with error: SSL_connect >> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >> verify failed >> >> root@dev-qua-za-centos7:/etc/cron.d# cat >> /etc/foreman_scap_client/config.yaml >> # DO NOT EDIT THIS FILE MANUALLY >> # IT IS MANAGED BY PUPPET >> >> # Foreman proxy to which reports should be uploaded >> :server: 'foreman.qualica.com' >> :port: 9090 >> >> ## SSL specific options ## >> # Client CA file. >> # It could be Puppet CA certificate (e.g., >> '/var/lib/puppet/ssl/certs/ca.pem') >> # Or (recommended for client reporting to Katello) subscription manager >> CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem') >> :ca_file: '/var/lib/puppet/ssl/certs/ca.pem' >> # Client host certificate. >> # It could be Puppet agent host certificate (e.g., >> '/var/lib/puppet/ssl/certs/myhost.example.com.pem') >> # Or (recommended for client reporting to Katello) consumer certificate >> (e.g., '/etc/pki/consumer/cert.pem') >> :host_certificate: >> '/var/lib/puppet/ssl/certs/dev-qua-za-centos7.dc.qualica.com.pem' >> # Client private key >> # It could be Puppet agent private key (e.g., >> '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem') >> # Or (recommended for client reporting to Katello) consumer private key >> (e.g., '/etc/pki/consumer/key.pem') >> :host_private_key: >> '/var/lib/puppet/ssl/private_keys/dev-qua-za-centos7.dc.qualica.com.pem' >> >> # policy (key is id as in Foreman) >> >> 1: >> :profile: 'xccdf_org.ssgproject.content_profile_pci-dss' >> :content_path: >> '/var/lib/openscap/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e.xml' >> # Download path >> # A path to download SCAP content from proxy >> :download_path: >> '/compliance/policies/1/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e' >> >> >> >> On Monday, 10 July 2017 17:10:30 UTC+2, Sai Krishna wrote: >>> >>> Hi >>> >>> In my situation I have manually changed the profile details in >>> /etc/foreman_scap_client/config.yaml file that's the reason I have faced >>> errors. I have then created a host group in foreman and assigned required >>> profile and ran puppet agent from CLI in respective node. Make sure you >>> provide correct cert details. >>> >>> let me know how it went. >>> >>> Sai Krishna >>> >>> On Mon, Jul 10, 2017 at 7:05 AM, Phillip Smith <[email protected]> >>> wrote: >>> >>>> Hi >>>> >>>> I am having the exact same issue, have you found a solution yet? >>>> >>>> >>>> On Thursday, 15 June 2017 17:29:01 UTC+2, Sai Krishna wrote: >>>>> >>>>> >>>>> Hello everyone, >>>>> >>>>> >>>>> I have installed openscap plugin for existing foreman 1.15 and trying >>>>> to get the compliance report for a server, facing few issues during this >>>>> process. >>>>> >>>>> Having trouble assigning policy to host, its not loading to select the >>>>> existing policy. >>>>> >>>>> So I have tried from command line by running >>>>> /usr/bin/foreman_scap_client 1 >>>>> >>>>> below is the confi file /etc/foreman_scap_client/config.yaml >>>>> >>>>> # DO NOT EDIT THIS FILE MANUALLY >>>>> # IT IS MANAGED BY PUPPET >>>>> >>>>> # Foreman proxy to which reports should be uploaded >>>>> :server: 'foremanproxy.example.com' >>>>> :port: 8443 >>>>> >>>>> ## SSL specific options ## >>>>> # Client CA file. >>>>> # It could be Puppet CA certificate (e.g., >>>>> '/var/lib/puppet/ssl/certs/ca.pem') >>>>> # Or (recommended for client reporting to Katello) subscription >>>>> manager CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem') >>>>> :ca_file: '/etc/puppetlabs/puppet/ssl/certs/ca.pem' >>>>> # Client host certificate. >>>>> # It could be Puppet agent host certificate (e.g., >>>>> '/var/lib/puppet/ssl/certs/myhost.example.com.pem') >>>>> # Or (recommended for client reporting to Katello) consumer >>>>> certificate (e.g., '/etc/pki/consumer/cert.pem') >>>>> :host_certificate: '/etc/puppetlabs/puppet/ssl/certs/ >>>>> localhost.example.com.pem' >>>>> # Client private key >>>>> # It could be Puppet agent private key (e.g., >>>>> '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem') >>>>> # Or (recommended for client reporting to Katello) consumer private >>>>> key (e.g., '/etc/pki/consumer/key.pem') >>>>> :host_private_key: >>>>> '/etc/puppetlabs/puppet/ssl/private_keys/localhost.example.com.pem' >>>>> # policy (key is id as in Foreman) >>>>> >>>>> 1: >>>>> :profile: '' >>>>> :content_path: '/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml' >>>>> # Download path >>>>> # A path to download SCAP content from proxy >>>>> :download_path: '/compliance/policies/1/content' >>>>> :tailoring_path: '' >>>>> :tailoring_download_path: '' >>>>> >>>>> >>>>> root localhost [~] # /usr/bin/foreman_scap_client 1 >>>>> DEBUG: running: oscap xccdf eval --results-arf >>>>> /tmp/d20170615-1073-zzt674/results.xml >>>>> /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml >>>>> WARNING: Skipping >>>>> http://www.redhat.com/security/data/oval/Red_Hat_Enterprise_Linux_7.xml >>>>> file which is referenced from XCCDF content >>>>> DEBUG: running: /usr/bin/bzip2 /tmp/d20170615-1073-zzt674/results.xml >>>>> Uploading results to https://foreman.example.com:8443/compliance/arf/1 >>>>> >>>>> >>>>> >>>>> At https://foreman.example.com:8443/compliance/arf/1 it through a >>>>> message as " No client SSL certificate supplied " >>>>> >>>>> >>>>> >>>>> Below are logs from foreman-proxy server >>>>> /var/log/foreman-proxy/proxy.log >>>>> >>>>> >>>>> https://pastebin.com/uFLAZffP >>>>> >>>>> >>>>> Can anyone please help me with this. >>>>> >>>>> Thank you >>>>> Sai Krishna >>>>> >>>> -- >>>> You received this message because you are subscribed to a topic in the >>>> Google Groups "Foreman users" group. >>>> To unsubscribe from this topic, visit >>>> https://groups.google.com/d/topic/foreman-users/TKcNVZQ4b4A/unsubscribe >>>> . >>>> To unsubscribe from this group and all its topics, send an email to >>>> [email protected]. >>>> To post to this group, send email to [email protected]. >>>> Visit this group at https://groups.google.com/group/foreman-users. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Foreman users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/foreman-users/TKcNVZQ4b4A/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> Visit this group at https://groups.google.com/group/foreman-users. >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
