I know it's not much, but here is some more information about the problem:
1. The error from pastebin is OpenSSL::SSL::SSLError at /compliance/arf/1 2. It comes from /usr/share/gems/gems/smart_proxy_openscap-0.6.4/lib/smart_proxy_openscap/foreman_forwarder.rb send_request method It looks like a misconfiguration of foreman and proxy certificates, although I don't know the exact reason for this. On Thursday, July 13, 2017 at 11:23:08 AM UTC+3, Phillip Smith wrote: > > More output information. > > https://pastebin.com/eJrCD6tB > > On Wednesday, 12 July 2017 11:32:14 UTC+2, Phillip Smith wrote: >> >> Hi >> >> Please can someone assist. >> >> [root@foreman foreman]# /usr/bin/foreman_scap_client 1 >> DEBUG: running: oscap xccdf eval --profile >> xccdf_org.ssgproject.content_profile_standard --results-arf >> /tmp/d20170712-3398-r7bvwl/results.xml >> /var/lib/openscap/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e.xml >> WARNING: Skipping >> http://www.redhat.com/security/data/oval/Red_Hat_Enterprise_Linux_7.xml >> file which is referenced from XCCDF content >> DEBUG: running: /usr/bin/bzip2 /tmp/d20170712-3398-r7bvwl/results.xml >> Uploading results to https://foreman.qualica.com:9090/compliance/arf/1 >> >> Upload failed: 500 "Internal Server Error " >> >> >> [root@foreman foreman]# rpm -qa | grep scap >> openscap-scanner-1.2.10-3.el7_3.x86_64 >> tfm-rubygem-foreman_openscap-0.7.4-1.fm1_15.el7.noarch >> rubygem-foreman_scap_client-0.3.0-1.el7.noarch >> perl-Pod-Escapes-1.04-291.el7.noarch >> rubygem-smart_proxy_openscap-0.6.4-1.el7.noarch >> rubygem-openscap-0.4.7-1.el7.noarch >> openscap-1.2.10-3.el7_3.x86_64 >> scap-security-guide-0.1.30-5.el7.centos.noarch >> >> [root@foreman foreman]# cat /etc/foreman_scap_client/config.yaml >> # DO NOT EDIT THIS FILE MANUALLY >> # IT IS MANAGED BY PUPPET >> >> # Foreman proxy to which reports should be uploaded >> :server: 'foreman.qualica.com' >> :port: 9090 >> >> ## SSL specific options ## >> # Client CA file. >> # It could be Puppet CA certificate (e.g., >> '/var/lib/puppet/ssl/certs/ca.pem') >> # Or (recommended for client reporting to Katello) subscription manager >> CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem') >> :ca_file: '/etc/foreman/proxy_ca.pem' >> # Client host certificate. >> # It could be Puppet agent host certificate (e.g., >> '/var/lib/puppet/ssl/certs/myhost.example.com.pem') >> # Or (recommended for client reporting to Katello) consumer certificate >> (e.g., '/etc/pki/consumer/cert.pem') >> :host_certificate: '/etc/foreman/client_cert.pem' >> # Client private key >> # It could be Puppet agent private key (e.g., >> '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem') >> # Or (recommended for client reporting to Katello) consumer private key >> (e.g., '/etc/pki/consumer/key.pem') >> :host_private_key: '/etc/foreman/client_key.pem' >> >> # policy (key is id as in Foreman) >> >> 1: >> :profile: 'xccdf_org.ssgproject.content_profile_standard' >> :content_path: >> '/var/lib/openscap/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e.xml' >> # Download path >> # A path to download SCAP content from proxy >> :download_path: >> '/compliance/policies/1/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e' >> :tailoring_path: '' >> :tailoring_download_path: '' >> >> >> Kind Regards >> Phillip Smith >> > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
