Hi, I have seen the info you have posted looks configuration messed up, reach out [email protected] / oprazak in IRC freenode he can surely help you.. give a try..
On Thu, Jul 13, 2017 at 3:48 AM, Phillip Smith <[email protected]> wrote: > Hi > > I have tested that and it works, thank you. I am not getting a 500 error, > Internal Server Error, could you maybe see if you can advise? > > https://groups.google.com/forum/#!topic/foreman-users/PjlZhTBklTs > > On Tuesday, 11 July 2017 20:01:19 UTC+2, Sai Krishna wrote: >> >> Hi >> >> Hope you have tried this https://access.redhat.com/solutions/2109131 >> >> above should work if you're using redhat satellite server as foreman. >> >> Which version of puppet are you using if it is 4.x certs location should >> be something like this /etc/puppetlabs/puppet/ssl/certs/ >> >> >> On Tue, Jul 11, 2017 at 4:53 AM, Phillip Smith <[email protected]> >> wrote: >> >>> Hi >>> >>> Please see what error I'm getting >>> >>> root@dev-qua-za-centos7:/etc/cron.d# /usr/bin/foreman_scap_client 1 >>> File /var/lib/openscap/content/3e1654fd14a5352d65294db555710bfda5 >>> cad1a942209e2d787ea7940035616e.xml is missing. Downloading it from >>> proxy. >>> Download SCAP content xml from: https://foreman.qualica.com:90 >>> 90/compliance/policies/1/content/3e1654fd14a5352d65294db5557 >>> 10bfda5cad1a942209e2d787ea7940035616e >>> SCAP content is missing and download failed with error: SSL_connect >>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>> verify failed >>> >>> root@dev-qua-za-centos7:/etc/cron.d# cat /etc/foreman_scap_client/confi >>> g.yaml >>> # DO NOT EDIT THIS FILE MANUALLY >>> # IT IS MANAGED BY PUPPET >>> >>> # Foreman proxy to which reports should be uploaded >>> :server: 'foreman.qualica.com' >>> :port: 9090 >>> >>> ## SSL specific options ## >>> # Client CA file. >>> # It could be Puppet CA certificate (e.g., '/var/lib/puppet/ssl/certs/ca. >>> pem') >>> # Or (recommended for client reporting to Katello) subscription manager >>> CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem') >>> :ca_file: '/var/lib/puppet/ssl/certs/ca.pem' >>> # Client host certificate. >>> # It could be Puppet agent host certificate (e.g., >>> '/var/lib/puppet/ssl/certs/myhost.example.com.pem') >>> # Or (recommended for client reporting to Katello) consumer certificate >>> (e.g., '/etc/pki/consumer/cert.pem') >>> :host_certificate: '/var/lib/puppet/ssl/certs/dev- >>> qua-za-centos7.dc.qualica.com.pem' >>> # Client private key >>> # It could be Puppet agent private key (e.g., >>> '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem') >>> # Or (recommended for client reporting to Katello) consumer private key >>> (e.g., '/etc/pki/consumer/key.pem') >>> :host_private_key: '/var/lib/puppet/ssl/private_k >>> eys/dev-qua-za-centos7.dc.qualica.com.pem' >>> >>> # policy (key is id as in Foreman) >>> >>> 1: >>> :profile: 'xccdf_org.ssgproject.content_profile_pci-dss' >>> :content_path: '/var/lib/openscap/content/3e1 >>> 654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e.xml' >>> # Download path >>> # A path to download SCAP content from proxy >>> :download_path: '/compliance/policies/1/conten >>> t/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e' >>> >>> >>> >>> On Monday, 10 July 2017 17:10:30 UTC+2, Sai Krishna wrote: >>>> >>>> Hi >>>> >>>> In my situation I have manually changed the profile details in >>>> /etc/foreman_scap_client/config.yaml file that's the reason I have >>>> faced errors. I have then created a host group in foreman and assigned >>>> required profile and ran puppet agent from CLI in respective node. Make >>>> sure you provide correct cert details. >>>> >>>> let me know how it went. >>>> >>>> Sai Krishna >>>> >>>> On Mon, Jul 10, 2017 at 7:05 AM, Phillip Smith <[email protected]> >>>> wrote: >>>> >>>>> Hi >>>>> >>>>> I am having the exact same issue, have you found a solution yet? >>>>> >>>>> >>>>> On Thursday, 15 June 2017 17:29:01 UTC+2, Sai Krishna wrote: >>>>>> >>>>>> >>>>>> Hello everyone, >>>>>> >>>>>> >>>>>> I have installed openscap plugin for existing foreman 1.15 and trying >>>>>> to get the compliance report for a server, facing few issues during this >>>>>> process. >>>>>> >>>>>> Having trouble assigning policy to host, its not loading to select >>>>>> the existing policy. >>>>>> >>>>>> So I have tried from command line by running >>>>>> /usr/bin/foreman_scap_client 1 >>>>>> >>>>>> below is the confi file /etc/foreman_scap_client/config.yaml >>>>>> >>>>>> # DO NOT EDIT THIS FILE MANUALLY >>>>>> # IT IS MANAGED BY PUPPET >>>>>> >>>>>> # Foreman proxy to which reports should be uploaded >>>>>> :server: 'foremanproxy.example.com' >>>>>> :port: 8443 >>>>>> >>>>>> ## SSL specific options ## >>>>>> # Client CA file. >>>>>> # It could be Puppet CA certificate (e.g., >>>>>> '/var/lib/puppet/ssl/certs/ca.pem') >>>>>> # Or (recommended for client reporting to Katello) subscription >>>>>> manager CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem') >>>>>> :ca_file: '/etc/puppetlabs/puppet/ssl/certs/ca.pem' >>>>>> # Client host certificate. >>>>>> # It could be Puppet agent host certificate (e.g., >>>>>> '/var/lib/puppet/ssl/certs/myhost.example.com.pem') >>>>>> # Or (recommended for client reporting to Katello) consumer >>>>>> certificate (e.g., '/etc/pki/consumer/cert.pem') >>>>>> :host_certificate: '/etc/puppetlabs/puppet/ssl/certs/ >>>>>> localhost.example.com.pem' >>>>>> # Client private key >>>>>> # It could be Puppet agent private key (e.g., >>>>>> '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem') >>>>>> # Or (recommended for client reporting to Katello) consumer private >>>>>> key (e.g., '/etc/pki/consumer/key.pem') >>>>>> :host_private_key: '/etc/puppetlabs/puppet/ssl/pr >>>>>> ivate_keys/localhost.example.com.pem' >>>>>> # policy (key is id as in Foreman) >>>>>> >>>>>> 1: >>>>>> :profile: '' >>>>>> :content_path: '/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml' >>>>>> # Download path >>>>>> # A path to download SCAP content from proxy >>>>>> :download_path: '/compliance/policies/1/content' >>>>>> :tailoring_path: '' >>>>>> :tailoring_download_path: '' >>>>>> >>>>>> >>>>>> root localhost [~] # /usr/bin/foreman_scap_client 1 >>>>>> DEBUG: running: oscap xccdf eval --results-arf >>>>>> /tmp/d20170615-1073-zzt674/results.xml /usr/share/xml/scap/ssg/conten >>>>>> t/ssg-rhel7-ds.xml >>>>>> WARNING: Skipping http://www.redhat.com/security >>>>>> /data/oval/Red_Hat_Enterprise_Linux_7.xml file which is referenced >>>>>> from XCCDF content >>>>>> DEBUG: running: /usr/bin/bzip2 /tmp/d20170615-1073-zzt674/results.xml >>>>>> Uploading results to https://foreman.example.com:84 >>>>>> 43/compliance/arf/1 >>>>>> >>>>>> >>>>>> >>>>>> At https://foreman.example.com:8443/compliance/arf/1 it through a >>>>>> message as " No client SSL certificate supplied " >>>>>> >>>>>> >>>>>> >>>>>> Below are logs from foreman-proxy server >>>>>> /var/log/foreman-proxy/proxy.log >>>>>> >>>>>> >>>>>> https://pastebin.com/uFLAZffP >>>>>> >>>>>> >>>>>> Can anyone please help me with this. >>>>>> >>>>>> Thank you >>>>>> Sai Krishna >>>>>> >>>>> -- >>>>> You received this message because you are subscribed to a topic in the >>>>> Google Groups "Foreman users" group. >>>>> To unsubscribe from this topic, visit https://groups.google.com/d/to >>>>> pic/foreman-users/TKcNVZQ4b4A/unsubscribe. >>>>> To unsubscribe from this group and all its topics, send an email to >>>>> [email protected]. >>>>> To post to this group, send email to [email protected]. >>>>> Visit this group at https://groups.google.com/group/foreman-users. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Foreman users" group. >>> To unsubscribe from this topic, visit https://groups.google.com/d/to >>> pic/foreman-users/TKcNVZQ4b4A/unsubscribe. >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at https://groups.google.com/group/foreman-users. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to a topic in the > Google Groups "Foreman users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/foreman-users/TKcNVZQ4b4A/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
