Hi

I have tested that and it works, thank you. I am not getting a 500 error, 
Internal Server Error, could you maybe see if you can advise?

https://groups.google.com/forum/#!topic/foreman-users/PjlZhTBklTs

On Tuesday, 11 July 2017 20:01:19 UTC+2, Sai Krishna wrote:
>
> Hi
>
> Hope you have tried this https://access.redhat.com/solutions/2109131 
>
> above should work if you're using redhat satellite server as foreman. 
>
> Which version of puppet are you using if it is 4.x certs location should 
> be something like this /etc/puppetlabs/puppet/ssl/certs/
>
>
> On Tue, Jul 11, 2017 at 4:53 AM, Phillip Smith <phi...@qualica.com 
> <javascript:>> wrote:
>
>> Hi
>>
>> Please see what error I'm getting
>>
>> root@dev-qua-za-centos7:/etc/cron.d#  /usr/bin/foreman_scap_client 1
>> File 
>> /var/lib/openscap/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e.xml
>>  
>> is missing. Downloading it from proxy.
>> Download SCAP content xml from: 
>> https://foreman.qualica.com:9090/compliance/policies/1/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e
>> SCAP content is missing and download failed with error: SSL_connect 
>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate 
>> verify failed
>>
>> root@dev-qua-za-centos7:/etc/cron.d# cat 
>> /etc/foreman_scap_client/config.yaml
>> # DO NOT EDIT THIS FILE MANUALLY
>> # IT IS MANAGED BY PUPPET
>>
>> # Foreman proxy to which reports should be uploaded
>> :server: 'foreman.qualica.com'
>> :port: 9090
>>
>> ## SSL specific options ##
>> # Client CA file.
>> # It could be Puppet CA certificate (e.g., 
>> '/var/lib/puppet/ssl/certs/ca.pem')
>> # Or (recommended for client reporting to Katello) subscription manager 
>> CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem')
>> :ca_file: '/var/lib/puppet/ssl/certs/ca.pem'
>> # Client host certificate.
>> # It could be Puppet agent host certificate (e.g., 
>> '/var/lib/puppet/ssl/certs/myhost.example.com.pem')
>> # Or (recommended for client reporting to Katello) consumer certificate 
>> (e.g., '/etc/pki/consumer/cert.pem')
>> :host_certificate: 
>> '/var/lib/puppet/ssl/certs/dev-qua-za-centos7.dc.qualica.com.pem'
>> # Client private key
>> # It could be Puppet agent private key (e.g., 
>> '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem')
>> # Or (recommended for client reporting to Katello) consumer private key 
>> (e.g., '/etc/pki/consumer/key.pem')
>> :host_private_key: 
>> '/var/lib/puppet/ssl/private_keys/dev-qua-za-centos7.dc.qualica.com.pem'
>>
>> # policy (key is id as in Foreman)
>>
>> 1:
>>   :profile: 'xccdf_org.ssgproject.content_profile_pci-dss'
>>   :content_path: 
>> '/var/lib/openscap/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e.xml'
>>   # Download path
>>   # A path to download SCAP content from proxy
>>   :download_path: 
>> '/compliance/policies/1/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e'
>>
>>
>>
>> On Monday, 10 July 2017 17:10:30 UTC+2, Sai Krishna wrote:
>>>
>>> Hi
>>>
>>> In my situation I have manually changed the profile details in 
>>> /etc/foreman_scap_client/config.yaml file that's the reason I have faced 
>>> errors. I have then created a host group in foreman and assigned required 
>>> profile and ran puppet agent from CLI in respective node. Make sure you 
>>> provide correct cert details. 
>>>
>>> let me know how it went.
>>>
>>> Sai Krishna  
>>>
>>> On Mon, Jul 10, 2017 at 7:05 AM, Phillip Smith <phi...@qualica.com> 
>>> wrote:
>>>
>>>> Hi
>>>>
>>>> I am having the exact same issue, have you found a solution yet?
>>>>
>>>>
>>>> On Thursday, 15 June 2017 17:29:01 UTC+2, Sai Krishna wrote:
>>>>>
>>>>>
>>>>> Hello everyone,
>>>>>
>>>>>
>>>>> I have installed openscap plugin for existing foreman 1.15 and trying 
>>>>> to get the compliance report for a server, facing few issues during this 
>>>>> process.
>>>>>
>>>>> Having trouble assigning policy to host, its not loading to select the 
>>>>> existing policy. 
>>>>>
>>>>> So I have tried from command line by running 
>>>>> /usr/bin/foreman_scap_client 1
>>>>>
>>>>> below is the confi file /etc/foreman_scap_client/config.yaml
>>>>>
>>>>> # DO NOT EDIT THIS FILE MANUALLY
>>>>> # IT IS MANAGED BY PUPPET
>>>>>
>>>>> # Foreman proxy to which reports should be uploaded
>>>>> :server: 'foremanproxy.example.com'
>>>>> :port: 8443
>>>>>
>>>>> ## SSL specific options ##
>>>>> # Client CA file.
>>>>> # It could be Puppet CA certificate (e.g., 
>>>>> '/var/lib/puppet/ssl/certs/ca.pem')
>>>>> # Or (recommended for client reporting to Katello) subscription 
>>>>> manager CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem')
>>>>> :ca_file: '/etc/puppetlabs/puppet/ssl/certs/ca.pem'
>>>>> # Client host certificate.
>>>>> # It could be Puppet agent host certificate (e.g., 
>>>>> '/var/lib/puppet/ssl/certs/myhost.example.com.pem')
>>>>> # Or (recommended for client reporting to Katello) consumer 
>>>>> certificate (e.g., '/etc/pki/consumer/cert.pem')
>>>>> :host_certificate: '/etc/puppetlabs/puppet/ssl/certs/
>>>>> localhost.example.com.pem'
>>>>> # Client private key
>>>>> # It could be Puppet agent private key (e.g., 
>>>>> '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem')
>>>>> # Or (recommended for client reporting to Katello) consumer private 
>>>>> key (e.g., '/etc/pki/consumer/key.pem')
>>>>> :host_private_key: 
>>>>> '/etc/puppetlabs/puppet/ssl/private_keys/localhost.example.com.pem'
>>>>> # policy (key is id as in Foreman)
>>>>>
>>>>> 1:
>>>>>   :profile: ''
>>>>>   :content_path: '/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml'
>>>>>   # Download path
>>>>>   # A path to download SCAP content from proxy
>>>>>   :download_path: '/compliance/policies/1/content'
>>>>>   :tailoring_path: ''
>>>>>   :tailoring_download_path: ''
>>>>>
>>>>>
>>>>> root localhost [~] # /usr/bin/foreman_scap_client 1
>>>>> DEBUG: running: oscap xccdf eval  --results-arf 
>>>>> /tmp/d20170615-1073-zzt674/results.xml 
>>>>> /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
>>>>> WARNING: Skipping 
>>>>> http://www.redhat.com/security/data/oval/Red_Hat_Enterprise_Linux_7.xml 
>>>>> file which is referenced from XCCDF content
>>>>> DEBUG: running: /usr/bin/bzip2 /tmp/d20170615-1073-zzt674/results.xml
>>>>> Uploading results to https://foreman.example.com:8443/compliance/arf/1
>>>>>
>>>>>
>>>>>
>>>>> At https://foreman.example.com:8443/compliance/arf/1  it through a 
>>>>> message as "  No client SSL certificate supplied "
>>>>>
>>>>>
>>>>>
>>>>> Below are logs from foreman-proxy server
>>>>> /var/log/foreman-proxy/proxy.log
>>>>>
>>>>>
>>>>> https://pastebin.com/uFLAZffP
>>>>>
>>>>>
>>>>> Can anyone please help me with this.
>>>>>
>>>>> Thank you 
>>>>> Sai Krishna 
>>>>>
>>>> -- 
>>>> You received this message because you are subscribed to a topic in the 
>>>> Google Groups "Foreman users" group.
>>>> To unsubscribe from this topic, visit 
>>>> https://groups.google.com/d/topic/foreman-users/TKcNVZQ4b4A/unsubscribe
>>>> .
>>>> To unsubscribe from this group and all its topics, send an email to 
>>>> foreman-user...@googlegroups.com.
>>>> To post to this group, send email to forema...@googlegroups.com.
>>>> Visit this group at https://groups.google.com/group/foreman-users.
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>> -- 
>> You received this message because you are subscribed to a topic in the 
>> Google Groups "Foreman users" group.
>> To unsubscribe from this topic, visit 
>> https://groups.google.com/d/topic/foreman-users/TKcNVZQ4b4A/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to 
>> foreman-user...@googlegroups.com <javascript:>.
>> To post to this group, send email to forema...@googlegroups.com 
>> <javascript:>.
>> Visit this group at https://groups.google.com/group/foreman-users.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Reply via email to