uyuni
uyuni copied to clipboard
Published
20 hours ago •
uyuni-project
uyuni-project
Change RH-like clients from RHEL7 to RHEL8
What does this PR change?
This will replace RHEL7 (CentOS 7) with RHEL8 (Rocky 8).
See
- https://github.com/SUSE/spacewalk/issues/12595
- https://github.com/uyuni-project/sumaform/pull/1151
- https://github.com/SUSE/susemanager-ci/pull/642
- PR test
GUI diff
No difference.
- [x] DONE
Documentation
-
No documentation needed: only internal and user invisible changes
-
[x] DONE
Test coverage
-
Cucumber tests were added
-
[x] DONE
Links
fixes https://github.com/SUSE/spacewalk/issues/12595
- [x] DONE
Changelogs
Make sure the changelogs entries you are adding are compliant with https://github.com/uyuni-project/uyuni/wiki/Contributing#changelogs and https://github.com/uyuni-project/uyuni/wiki/Contributing#uyuni-projectuyuni-repository
If you don't need a changelog check, please mark this checkbox:
- [x] No changelog needed
If you uncheck the checkbox after the PR is created, you will need to re-run changelog_test (see below)
Re-run a test
If you need to re-run a test, please mark the related checkbox, it will be unchecked automatically once it has re-run:
- [ ] Re-run test "changelog_test"
- [ ] Re-run test "backend_unittests_pgsql"
- [ ] Re-run test "java_pgsql_tests"
- [ ] Re-run test "schema_migration_test_pgsql"
- [ ] Re-run test "susemanager_unittests"
- [ ] Re-run test "javascript_lint"
- [ ] Re-run test "spacecmd_unittests"
Issues
:x: No visible sync button although it is there
Scenario: Synchronize the repositories in the custom channel for Rocky 8 DVD # features/reposync/srv_add_rocky8_repositories.feature:53
This scenario ran at: 2022-09-01 10:01:39 +0200
When I follow the left menu "Software > Manage > Channels" # features/step_definitions/navigation_steps.rb:342
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I follow "Custom Channel for Rocky 8 DVD" # features/step_definitions/navigation_steps.rb:284
And I follow "Repositories" in the content area # features/step_definitions/navigation_steps.rb:304
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I follow "Sync" # features/step_definitions/navigation_steps.rb:284
And I click on "Sync Now" # features/step_definitions/navigation_steps.rb:256
Unable to find visible button "Sync Now" that is not disabled (Capybara::ElementNotFound)
./features/support/commonlib.rb:128:in `click_button_and_wait'
./features/step_definitions/navigation_steps.rb:257:in `/^I click on "([^"]*)"$/'
features/reposync/srv_add_rocky8_repositories.feature:58:in `I click on "Sync Now"' Then I should see a "Repository sync scheduled" text # features/step_definitions/navigation_steps.rb:575
=> /var/log/rhn/rhn_web_ui.log
When syncing this channel manually the feature is fine. I found the actual issue for that. Directly in the scenario above the failing one
Scenario: Add both repositories to the custom channel for Rocky 8 DVD
When I follow the left menu "Software > Manage > Channels"
And I follow "Custom Channel for Rocky 8 DVD"
And I follow "Repositories" in the content area
And I select the "rocky-8-iso-appstream" repo
And I select the "rocky-8-iso-baseos" repo
And I click on "Save Repositories"
Then I should see a "repository information was successfully updated" text
I see that the sync button is indeed not available because a sync is triggered automatically
After some minutes the process is somehow interrupted and the sync button becomes available again.
:heavy_check_mark: Bootstrap repository
Scenario: Bootstrap a Red Hat-like minion # features/init_clients/min_rhlike_salt.feature:13 [579/48627]
This scenario ran at: 2022-09-01 16:54:57 +0200
When I follow the left menu "Systems > Bootstrapping" # features/step_definitions/navigation_steps.rb:342
WARN: Step ends with an ajax transition not finished, let's wait a bit!
Then I should see a "Bootstrap Minions" text # features/step_definitions/navigation_steps.rb:575
When I enter the hostname of "rhlike_minion" as "hostname" # features/step_definitions/navigation_steps.rb:422
The hostname of rhlike_minion is rocky-min-rocky8.tf.local
And I enter "22" as "port" # features/step_definitions/navigation_steps.rb:226
And I enter "root" as "user" # features/step_definitions/navigation_steps.rb:226
And I enter "linux" as "password" # features/step_definitions/navigation_steps.rb:226
And I select "1-SUSE-KEY-x86_64" from "activationKeys" # features/step_definitions/navigation_steps.rb:174
And I select the hostname of "proxy" from "proxies" if present # features/step_definitions/navigation_steps.rb:428
And I click on "Bootstrap" # features/step_definitions/navigation_steps.rb:256
And I wait until I see "Successfully bootstrapped host!" text # features/step_definitions/navigation_steps.rb:36
Text 'Successfully bootstrapped host!' not found (RuntimeError)
./features/step_definitions/navigation_steps.rb:37:in `/^I wait until I see "([^"]*)" text$/'
features/init_clients/min_rhlike_salt.feature:23:in `I wait until I see "Successfully bootstrapped host!" text'
And I follow the left menu "Systems > Overview" # features/step_definitions/navigation_steps.rb:342
And I wait until I see the name of "rhlike_minion", refreshing the page # features/step_definitions/navigation_steps.rb:109
And I wait until onboarding is completed for "rhlike_minion" # features/step_definitions/common_steps.rb:896
=> /var/log/rhn/rhn_web_ui.log
Caused by: com.redhat.rhn.domain.contentmgmt.modulemd.ModulemdApiException: Paths should not be empty. At least one path is required (301)
2022-09-01 16:54:44,722 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-4] INFO com.suse.manager.webui.controllers.login.LoginController - LOCAL AUTH SUCCESS: [admin]
2022-09-01 16:54:54,244 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-7] ERROR com.suse.manager.webui.controllers.bootstrap.AbstractMinionBootstrapper - Error during boots
trap: An error has occurred during salt execution: unable to establish ssh connection.
Standard output:
[email protected]'s password:
Standard error:
Error: Unable to download https://rocky-pxy.tf.local:443/pub/repositories/res/8/bootstrap/venv-enabled-x86_64.txt file!
=> /var/log/rhn/rhn_web_api.log
:heavy_check_mark: ISO not downloaded/copied correctly to the server VM
~Still seeing error while syncing the custom channel repo:~
repolog
2022/10/12 08:18:01 +02:00 ERROR: Download failed: http://127.0.0.1/rocky-8-iso/AppStream/Packages/t/tuned-utils-systemtap-2.18.0-2.el8.noarch.rpm - [Errno 14] curl#18 - "transfer closed with 53016 bytes remaining to read".
2022/10/12 08:18:01 +02:00 5804/6062 : ttmkfdir-3.0.9-54.el8.x86_64.rpm (failed)
2022/10/12 08:18:01 +02:00 ERROR: Download failed: http://127.0.0.1/rocky-8-iso/AppStream/Packages/t/turbojpeg-1.5.3-12.el8.i686.rpm - [Errno 14] curl#18 - "transfer closed with 162532 bytes remaining to read".
2022/10/12 08:18:01 +02:00 5805/6062 : tuned-utils-2.18.0-2.el8.noarch.rpm (failed)
2022/10/12 08:18:01 +02:00 ERROR: Download failed: http://127.0.0.1/rocky-8-iso/AppStream/Packages/t/turbojpeg-1.5.3-12.el8.x86_64.rpm - [Errno 14] curl#18 - "transfer closed with 151028 bytes remaining to read".
2022/10/12 08:18:01 +02:00 5806/6062 : tuned-utils-systemtap-2.18.0-2.el8.noarch.rpm (failed)
2022/10/12 08:18:01 +02:00 ERROR: Download failed: http://127.0.0.1/rocky-8-iso/AppStream/Packages/t/twolame-libs-0.3.13-12.el8.i686.rpm - [Errno 14] curl#18 - "transfer closed with 59588 bytes remaining to read".
2022/10/12 08:18:01 +02:00 5807/6062 : turbojpeg-1.5.3-12.el8.i686.rpm (failed)
2022/10/12 08:18:01 +02:00 5808/6062 : turbojpeg-1.5.3-12.el8.x86_64.rpm (failed)
2022/10/12 08:18:01 +02:00 5809/6062 : twolame-libs-0.3.13-12.el8.i686.rpm (failed)
2022/10/12 08:18:01 +02:00 ERROR: Download failed: http://127.0.0.1/rocky-8-iso/AppStream/Packages/t/tzdata-java-2022a-1.el8.noarch.rpm - [Errno 14] curl#18 - "transfer closed with 194544 bytes remaining to read".
2022/10/12 08:18:01 +02:00 ERROR: Download failed: http://127.0.0.1/rocky-8-iso/AppStream/Packages/u/ucx-1.11.2-2.el8.x86_64.rpm - [Errno 14] curl#18 - "transfer closed with 709108 bytes remaining to read".
2022/10/12 08:18:01 +02:00 ERROR: Download failed: http://127.0.0.1/rocky-8-iso/AppStream/Packages/u/ucs-miscfixed-fonts-0.3-17.el8.noarch.rpm - [Errno 14] curl#18 - "transfer closed with 481208 bytes remaining to read".
2022/10/12 08:18:01 +02:00 5810/6062 : ucx-1.11.2-2.el8.x86_64.rpm (failed)
(...)
2022/10/12 08:18:01 +02:00 ERROR: Download failed: http://127.0.0.1/rocky-8-iso/AppStream/Packages/y/ypserv-4.1-1.el8.x86_64.rpm - [Errno 14] curl#18 - "transfer closed with 173892 bytes remaining to read".
2022/10/12 08:18:01 +02:00 ERROR: Download failed: http://127.0.0.1/rocky-8-iso/AppStream/Packages/z/zsh-html-5.5.1-9.el8.noarch.rpm - [Errno 14] curl#18 - "transfer closed with 531096 bytes remaining to read".
2022/10/12 08:18:01 +02:00 6059/6062 : zziplib-0.13.68-9.el8.x86_64.rpm (failed)
2022/10/12 08:18:01 +02:00 6060/6062 : ypserv-4.1-1.el8.x86_64.rpm (failed)
2022/10/12 08:18:01 +02:00 ERROR: Download failed: http://127.0.0.1/rocky-8-iso/AppStream/Packages/z/zziplib-utils-0.13.68-9.el8.x86_64.rpm - [Errno 14] curl#18 - "transfer closed with 47616 bytes remaining to read".
2022/10/12 08:18:01 +02:00 6061/6062 : zsh-html-5.5.1-9.el8.noarch.rpm (failed)
2022/10/12 08:18:01 +02:00 6062/6062 : zziplib-utils-0.13.68-9.el8.x86_64.rpm (failed)
2022/10/12 08:18:01 +02:00 Importing packages started.
2022/10/12 08:18:01 +02:00
2022/10/12 08:18:01 +02:00 Importing packages to DB:
2022/10/12 08:18:01 +02:00 Package batch #2 of 304 completed...
(...)
2022/10/12 08:18:07 +02:00 Package batch #304 of 304 completed...
2022/10/12 08:18:07 +02:00 Importing packages finished.
2022/10/12 08:18:07 +02:00
2022/10/12 08:18:07 +02:00 Patches in repo: 0.
2022/10/12 08:18:07 +02:00 RepoMDError: Cannot access repository.
Repository 'rocky-8-iso' is invalid.
[rocky-8-iso|http://127.0.0.1/rocky-8-iso/BaseOS] Valid metadata not found at specified URL
History:
- Timeout exceeded when accessing 'http://127.0.0.1/rocky-8-iso/BaseOS/repodata/repomd.xml'.
- Can't provide /repodata/repomd.xml
Please check if the URIs defined for this repository are pointing to a valid repository.
Skipping repository 'rocky-8-iso' because of the above error.
Could not refresh the repositories because of errors.
rocky-srv:~ # df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 4.0M 8.0K 4.0M 1% /dev
tmpfs 3.9G 656K 3.9G 1% /dev/shm
tmpfs 1.6G 33M 1.6G 3% /run
tmpfs 4.0M 0 4.0M 0% /sys/fs/cgroup
/dev/vda3 200G 31G 170G 16% /
/dev/vda2 33M 3.1M 30M 10% /boot/efi
/dev/loop0 11G 11G 0 100% /srv/www/htdocs/rocky-8-iso
tmpfs 795M 0 795M 0% /run/user/0
rocky-srv:~ # mount
(...)
/tmp/rocky-8-iso.iso on /srv/www/htdocs/rocky-8-iso type iso9660 (ro,relatime,nojoliet,check=s,map=n,blocksize=2048,iocharset=utf8)
(...)
rocky-srv:/srv/www/htdocs/rocky-8-iso # ll
total 16
dr-xr-xr-x 4 root root 2048 May 15 23:06 AppStream
dr-xr-xr-x 4 root root 2048 May 15 23:06 BaseOS
-r--r--r-- 1 root root 43 May 15 23:05 .discinfo
dr-xr-xr-x 3 root root 2048 May 15 23:06 EFI
dr-xr-xr-x 3 root root 2048 May 15 23:06 images
dr-xr-xr-x 2 root root 2048 May 15 23:06 isolinux
-r--r--r-- 1 root root 2204 Mar 30 2022 LICENSE
-r--r--r-- 1 root root 86 May 15 23:05 media.repo
-r--r--r-- 1 root root 883 May 15 23:06 TRANS.TBL
-r--r--r-- 1 root root 1516 May 15 23:05 .treeinfo
It seems there is a problem with the mounted ISO.
rocky-srv:/srv/www/htdocs/rocky-8-iso/AppStream/Packages/t # file tracker-2.1.5-2.el8.i686.rpm
tracker-2.1.5-2.el8.i686.rpm: ERROR: cannot read `tracker-2.1.5-2.el8.i686.rpm' (Input/output error)
rocky-srv:/tmp # ls -lh | grep rocky
-rw-r--r-- 1 root root 1.3G Oct 11 17:25 rocky-8-iso.iso
It seems the downloaded ISO was not correctly transferred from the minima mirror in the following step:
Scenario: Download the iso of Rocky 8 DVD and mount it on the server
When I mount as "rocky-8-iso" the ISO from "http://minima-mirror.mgr.suse.de/pub/rocky/8/isos/x86_64/Rocky-x86_64-dvd.iso" in the server
The timeout of 500s is to little for such a big ISO it seems:
When(/^I mount as "([^"]+)" the ISO from "([^"]+)" in the server$/) do |name, url|
iso_path = "/tmp/#{name}.iso"
mount_point = "/srv/www/htdocs/#{name}"
$server.run("wget --no-check-certificate -O #{iso_path} #{url}", timeout: 500)
(...)
end
:heavy_check_mark: Rocky 8 not available for creating the bootstrap repository
After syncing SUSE Linux Enterprise Server with Expanded Support 8 x86_64, creating bootstrap repositories and onboarding was successful.
rocky-srv:~ # mgr-create-bootstrap-repo -l
1. SLE-12-SP5-x86_64
2. SLE-15-SP3-x86_64
3. SLE-15-SP4-x86_64
Available openSCAP profiles from the package scap-security-guide-redhat.
[root@rocky-min-rocky8 ~]# yum info scap-security-guide-redhat
(..)
Installed Packages
Name : scap-security-guide-redhat
Version : 0.1.63
Release : 150440.1.50.1.develHead
Architecture : noarch
Size : 1.2 G
Source : scap-security-guide-0.1.63-150440.1.50.1.develHead.src.rpm
Repository : @System
From repo : tools_update_repo
Summary : XCCDF files for RHEL, CentOS, Fedora and ScientificLinux
URL : https://github.com/ComplianceAsCode/content
License : BSD-3-Clause
Description : Security Content Automation Protocol (SCAP) Security Guide for Redhat/Fedora/CentOS/OracleLinux/ScientificLinux.
(...)
[root@rocky-min-rocky8 content]# oscap -V
OpenSCAP command line tool (oscap) 1.3.6
Copyright 2009--2021 Red Hat Inc., Durham, North Carolina.
==== Supported specifications ====
SCAP Version: 1.3
XCCDF Version: 1.2
OVAL Version: 5.11.1
CPE Version: 2.3
CVSS Version: 2.0
CVE Version: 2.0
Asset Identification Version: 1.1
Asset Reporting Format Version: 1.1
CVRF Version: 1.1
==== Capabilities added by auto-loaded plugins ====
No plugins have been auto-loaded...
==== Paths ====
Schema files: /usr/share/openscap/schemas
Default CPE files: /usr/share/openscap/cpe
==== Inbuilt CPE names ====
Red Hat Enterprise Linux - cpe:/o:redhat:enterprise_linux:-
Red Hat Enterprise Linux 5 - cpe:/o:redhat:enterprise_linux:5
Red Hat Enterprise Linux 6 - cpe:/o:redhat:enterprise_linux:6
Red Hat Enterprise Linux 7 - cpe:/o:redhat:enterprise_linux:7
Red Hat Enterprise Linux 8 - cpe:/o:redhat:enterprise_linux:8
Community Enterprise Operating System 5 - cpe:/o:centos:centos:5
Community Enterprise Operating System 6 - cpe:/o:centos:centos:6
Community Enterprise Operating System 7 - cpe:/o:centos:centos:7
Community Enterprise Operating System 8 - cpe:/o:centos:centos:8
Rocky Linux 8 - cpe:/o:rocky:rocky:8:GA
Fedora 32 - cpe:/o:fedoraproject:fedora:32
Fedora 33 - cpe:/o:fedoraproject:fedora:33
Fedora 34 - cpe:/o:fedoraproject:fedora:34
Fedora 35 - cpe:/o:fedoraproject:fedora:35
==== Supported OVAL objects and associated OpenSCAP probes ====
OVAL family OVAL object OpenSCAP probe
---------- ---------- ----------
independent environmentvariable probe_environmentvariable
independent environmentvariable58 probe_environmentvariable58
independent family probe_family
independent filehash probe_filehash (MD5, SHA-1)
independent filehash58 probe_filehash58 (MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512)
independent system_info probe_system_info
independent textfilecontent probe_textfilecontent
independent textfilecontent54 probe_textfilecontent54
independent variable probe_variable
independent xmlfilecontent probe_xmlfilecontent
independent yamlfilecontent probe_yamlfilecontent
linux iflisteners probe_iflisteners
linux inetlisteningservers probe_inetlisteningservers
linux partition probe_partition
linux rpminfo probe_rpminfo
linux rpmverify probe_rpmverify
linux rpmverifyfile probe_rpmverifyfile
linux rpmverifypackage probe_rpmverifypackage
linux selinuxboolean probe_selinuxboolean
linux selinuxsecuritycontext probe_selinuxsecuritycontext
linux systemdunitdependency probe_systemdunitdependency
linux systemdunitproperty probe_systemdunitproperty
unix dnscache probe_dnscache
unix file probe_file
unix fileextendedattribute probe_fileextendedattribute
unix gconf probe_gconf
unix interface probe_interface
unix password probe_password
unix process probe_process
unix process58 probe_process58
unix routingtable probe_routingtable
unix runlevel probe_runlevel
unix shadow probe_shadow
unix symlink probe_symlink
unix sysctl probe_sysctl
unix uname probe_uname
unix xinetd probe_xinetd
[root@rocky-min-rocky8 content]# pwd
/usr/share/xml/scap/ssg/content
[root@rocky-min-rocky8 content]# ll
total 682552
-rw-r--r--. 1 root root 21240367 Aug 23 15:08 ssg-centos7-ds-1.2.xml
-rw-r--r--. 1 root root 21240709 Aug 23 15:08 ssg-centos7-ds.xml
-rw-r--r--. 1 root root 14065804 Aug 23 15:08 ssg-centos7-xccdf.xml
-rw-r--r--. 1 root root 23476090 Aug 23 15:12 ssg-centos8-ds-1.2.xml
-rw-r--r--. 1 root root 23476432 Aug 23 15:12 ssg-centos8-ds.xml
-rw-r--r--. 1 root root 15381277 Aug 23 15:12 ssg-centos8-xccdf.xml
-rw-r--r--. 1 root root 21776984 Aug 23 15:15 ssg-cs9-ds-1.2.xml
-rw-r--r--. 1 root root 21777326 Aug 23 15:15 ssg-cs9-ds.xml
-rw-r--r--. 1 root root 14121054 Aug 23 15:15 ssg-cs9-xccdf.xml
-rw-r--r--. 1 root root 9002 Aug 23 14:57 ssg-fedora-cpe-dictionary.xml
-rw-r--r--. 1 root root 127103 Aug 23 14:57 ssg-fedora-cpe-oval.xml
-rw-r--r--. 1 root root 16632320 Aug 23 14:57 ssg-fedora-ds-1.2.xml
-rw-r--r--. 1 root root 16632320 Aug 23 14:57 ssg-fedora-ds.xml
-rw-r--r--. 1 root root 1046837 Aug 23 14:57 ssg-fedora-ocil.xml
-rw-r--r--. 1 root root 3846800 Aug 23 14:57 ssg-fedora-oval.xml
-rw-r--r--. 1 root root 11035053 Aug 23 14:57 ssg-fedora-xccdf.xml
-rw-r--r--. 1 root root 8344 Aug 23 15:00 ssg-ol7-cpe-dictionary.xml
-rw-r--r--. 1 root root 127727 Aug 23 15:00 ssg-ol7-cpe-oval.xml
-rw-r--r--. 1 root root 18381526 Aug 23 15:00 ssg-ol7-ds-1.2.xml
-rw-r--r--. 1 root root 18381840 Aug 23 15:00 ssg-ol7-ds.xml
-rw-r--r--. 1 root root 1163082 Aug 23 15:00 ssg-ol7-ocil.xml
-rw-r--r--. 1 root root 3902836 Aug 23 15:00 ssg-ol7-oval.xml
-rw-r--r--. 1 root root 12400386 Aug 23 15:00 ssg-ol7-xccdf.xml
-rw-r--r--. 1 root root 9767 Aug 23 15:02 ssg-ol8-cpe-dictionary.xml
-rw-r--r--. 1 root root 127727 Aug 23 15:02 ssg-ol8-cpe-oval.xml
-rw-r--r--. 1 root root 19650849 Aug 23 15:02 ssg-ol8-ds-1.2.xml
-rw-r--r--. 1 root root 19651163 Aug 23 15:02 ssg-ol8-ds.xml
-rw-r--r--. 1 root root 1300720 Aug 23 15:02 ssg-ol8-ocil.xml
-rw-r--r--. 1 root root 4240719 Aug 23 15:02 ssg-ol8-oval.xml
-rw-r--r--. 1 root root 13167426 Aug 23 15:02 ssg-ol8-xccdf.xml
-rw-r--r--. 1 root root 7020 Aug 23 15:04 ssg-ol9-cpe-dictionary.xml
-rw-r--r--. 1 root root 127727 Aug 23 15:04 ssg-ol9-cpe-oval.xml
-rw-r--r--. 1 root root 10697169 Aug 23 15:04 ssg-ol9-ds-1.2.xml
-rw-r--r--. 1 root root 10697483 Aug 23 15:04 ssg-ol9-ds.xml
-rw-r--r--. 1 root root 650751 Aug 23 15:04 ssg-ol9-ocil.xml
-rw-r--r--. 1 root root 2333913 Aug 23 15:04 ssg-ol9-oval.xml
-rw-r--r--. 1 root root 7193993 Aug 23 15:04 ssg-ol9-xccdf.xml
-rw-r--r--. 1 root root 7451 Aug 23 14:58 ssg-rhcos4-cpe-dictionary.xml
-rw-r--r--. 1 root root 129209 Aug 23 14:58 ssg-rhcos4-cpe-oval.xml
-rw-r--r--. 1 root root 10529081 Aug 23 14:58 ssg-rhcos4-ds-1.2.xml
-rw-r--r--. 1 root root 10529081 Aug 23 14:58 ssg-rhcos4-ds.xml
-rw-r--r--. 1 root root 791695 Aug 23 14:58 ssg-rhcos4-ocil.xml
-rw-r--r--. 1 root root 3042333 Aug 23 14:58 ssg-rhcos4-oval.xml
-rw-r--r--. 1 root root 6033400 Aug 23 14:58 ssg-rhcos4-xccdf.xml
-rw-r--r--. 1 root root 10135 Aug 23 15:07 ssg-rhel7-cpe-dictionary.xml
-rw-r--r--. 1 root root 128663 Aug 23 15:07 ssg-rhel7-cpe-oval.xml
-rw-r--r--. 1 root root 22453038 Aug 23 15:07 ssg-rhel7-ds-1.2.xml
-rw-r--r--. 1 root root 22453380 Aug 23 15:07 ssg-rhel7-ds.xml
-rw-r--r--. 1 root root 1630500 Aug 23 15:07 ssg-rhel7-ocil.xml
-rw-r--r--. 1 root root 4745379 Aug 23 15:07 ssg-rhel7-oval.xml
-rw-r--r--. 1 root root 14868938 Aug 23 15:07 ssg-rhel7-xccdf.xml
-rw-r--r--. 1 root root 14201 Aug 23 15:11 ssg-rhel8-cpe-dictionary.xml
-rw-r--r--. 1 root root 128663 Aug 23 15:11 ssg-rhel8-cpe-oval.xml
-rw-r--r--. 1 root root 23786481 Aug 23 15:11 ssg-rhel8-ds-1.2.xml
-rw-r--r--. 1 root root 23786823 Aug 23 15:11 ssg-rhel8-ds.xml
-rw-r--r--. 1 root root 1795923 Aug 23 15:11 ssg-rhel8-ocil.xml
-rw-r--r--. 1 root root 5197454 Aug 23 15:11 ssg-rhel8-oval.xml
-rw-r--r--. 1 root root 15576449 Aug 23 15:11 ssg-rhel8-xccdf.xml
-rw-r--r--. 1 root root 9071 Aug 23 15:14 ssg-rhel9-cpe-dictionary.xml
-rw-r--r--. 1 root root 128663 Aug 23 15:14 ssg-rhel9-cpe-oval.xml
-rw-r--r--. 1 root root 21991021 Aug 23 15:14 ssg-rhel9-ds-1.2.xml
-rw-r--r--. 1 root root 21991363 Aug 23 15:14 ssg-rhel9-ds.xml
-rw-r--r--. 1 root root 1653196 Aug 23 15:14 ssg-rhel9-ocil.xml
-rw-r--r--. 1 root root 5003526 Aug 23 15:14 ssg-rhel9-oval.xml
-rw-r--r--. 1 root root 14231846 Aug 23 15:14 ssg-rhel9-xccdf.xml
-rw-r--r--. 1 root root 8432 Aug 23 15:16 ssg-rhv4-cpe-dictionary.xml
-rw-r--r--. 1 root root 128507 Aug 23 15:16 ssg-rhv4-cpe-oval.xml
-rw-r--r--. 1 root root 13317993 Aug 23 15:16 ssg-rhv4-ds-1.2.xml
-rw-r--r--. 1 root root 13317993 Aug 23 15:16 ssg-rhv4-ds.xml
-rw-r--r--. 1 root root 878436 Aug 23 15:16 ssg-rhv4-ocil.xml
-rw-r--r--. 1 root root 2722496 Aug 23 15:16 ssg-rhv4-oval.xml
-rw-r--r--. 1 root root 9075632 Aug 23 15:16 ssg-rhv4-xccdf.xml
-rw-r--r--. 1 root root 21256578 Aug 23 15:07 ssg-sl7-ds-1.2.xml
-rw-r--r--. 1 root root 21256920 Aug 23 15:07 ssg-sl7-ds.xml
-rw-r--r--. 1 root root 14066351 Aug 23 15:07 ssg-sl7-xccdf.xml
:heavy_check_mark: CentOS 8 profile
I talked to Abid and it is finde when the openSCAP scan succeeds. We do not care about the results.
The profile ssg-centos8-xccdf.xml did work, but the results are either notapplicable or notselected and I am not sure if this is desired since we do test for a pass in the test suite with CentOS 7 (see the failing scenario after the screenshots below).
The complete warnings from the screenshot:
WARNING: This content points out to the remote resources. Use `--fetch-remote-resources' option to download them.
WARNING: Skipping https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml.bz2 file which is referenced from XCCDF content
W: oscap: Exporting ARF from XCCDF 1.1 is not allowed by SCAP specification. The resulting ARF will not validate. Convert the input to XCCDF 1.2 to get valid ARF results. The xccdf_1.1_to_1.2.xsl transformation.that ships with OpenSCAP can do that automatically.
It could be that W: oscap: Exporting ARF from XCCDF 1.1 is not allowed by SCAP specification. The resulting ARF will not validate. is due to the fact that we do not use the most recent version 0.1.63 instead of 0.1.64. From the changelog I read:
- Use XCCDF 1.2 to create STIG overlay (https://github.com/ComplianceAsCode/content/pull/9301)
- Use XCCDF 1.2 to generate STIG HTML tables (https://github.com/ComplianceAsCode/content/pull/9406)
All scenarios do work now:
rocky-ctl:~/spacewalk/testsuite # cucumber -r features/ features/secondary/min_rhlike_openscap_audit.feature
Capybara APP Host: https://rocky-srv.tf.local:8888
Client IP address or domain name variable empty
Minion IP address or domain name variable empty
Buildhost IP address or domain name variable empty
Debian-like minion IP address or domain name variable empty
SSH minion IP address or domain name variable empty
PXE boot MAC address variable empty
KVM server minion IP address or domain name variable empty
XEN server minion IP address or domain name variable empty
Host 'rocky-ctl' is alive with determined hostname rocky-ctl and FQDN rocky-ctl.tf.local
Node: rocky-ctl, OS Version: 15.2, Family: opensuse-leap
'rocky-ctl' is running OS opensuse-leap 15.2
Host 'rocky-srv.tf.local' is alive with determined hostname rocky-srv and FQDN rocky-srv.tf.local
Node: rocky-srv, OS Version: 15-SP4, Family: sles
'rocky-srv.tf.local' is running OS sles 15-SP4
Host 'rocky-pxy.tf.local' is alive with determined hostname rocky-pxy and FQDN rocky-pxy.tf.local
Node: rocky-pxy, OS Version: 15-SP4, Family: sles
'rocky-pxy.tf.local' is running OS sles 15-SP4
Host 'rocky-min-rocky8.tf.local' is alive with determined hostname rocky-min-rocky8 and FQDN rocky-min-rocky8.tf.local
Node: rocky-min-rocky8, OS Version: 8.6, Family: rocky
'rocky-min-rocky8.tf.local' is running OS rocky 8.6
Activating XML-RPC API
Using the default profile...
# Copyright (c) 2017-2022 SUSE LLC
# Licensed under the terms of the MIT license.
@scope_openscap @scope_res @rhlike_minion
Feature: OpenSCAP audit of Red Hat-like Salt minion
In order to audit a Red Hat-like Salt minion
As an authorized user
I want to run an OpenSCAP scan on it
Scenario: Log in as admin user # features/secondary/min_rhlike_openscap_audit.feature:12
This scenario ran at: 2022-10-17 11:28:41 +0200
Given I am authorized for the "Admin" section # features/step_definitions/navigation_steps.rb:379
This scenario took: 2 seconds
Scenario: Enable repositories for openSCAP on the Red Hat-like minion # features/secondary/min_rhlike_openscap_audit.feature:15
This scenario ran at: 2022-10-17 11:28:43 +0200
Given I am on the Systems overview page of this "rhlike_minion" # features/step_definitions/navigation_steps.rb:391
When I follow "Software" in the content area # features/step_definitions/navigation_steps.rb:287
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I follow "Software Channels" in the content area # features/step_definitions/navigation_steps.rb:287
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I wait until I do not see "Loading..." text # features/step_definitions/navigation_steps.rb:40
And I check radio button "no-appstream-result-RHEL8-Pool for x86_64" # features/step_definitions/common_steps.rb:203
And I check "no-appstream-result-Custom Channel for Rocky 8 DVD" # features/step_definitions/navigation_steps.rb:162
And I wait until I do not see "Loading..." text # features/step_definitions/navigation_steps.rb:40
And I click on "Next" # features/step_definitions/navigation_steps.rb:244
Then I should see a "Confirm Software Channel Change" text # features/step_definitions/navigation_steps.rb:550
When I click on "Confirm" # features/step_definitions/navigation_steps.rb:244
Then I should see a "Changing the channels has been scheduled." text # features/step_definitions/navigation_steps.rb:550
And I wait until event "Subscribe channels scheduled by admin" is completed # features/step_definitions/common_steps.rb:127
sed -i 's/enabled=.*/enabled=1/g' /etc/yum.repos.d/Rocky-BaseOS.repo returned status code = 0.
Output:
When I enable repository "Rocky-BaseOS" on this "rhlike_minion" # features/step_definitions/command_steps.rb:776
And I enable client tools repositories on "rhlike_minion" # features/step_definitions/common_steps.rb:740
And I refresh the metadata for "rhlike_minion" # features/step_definitions/common_steps.rb:352
This scenario took: 32 seconds
Scenario: Install the OpenSCAP packages on the Red Hat-like minion # features/secondary/min_rhlike_openscap_audit.feature:32
This scenario ran at: 2022-10-17 11:29:15 +0200
Given I am on the Systems overview page of this "rhlike_minion" # features/step_definitions/navigation_steps.rb:391
And I install OpenSCAP dependencies on "rhlike_minion" # features/step_definitions/command_steps.rb:845
And I follow "Software" in the content area # features/step_definitions/navigation_steps.rb:287
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I click on "Update Package List" # features/step_definitions/navigation_steps.rb:244
And I wait until event "Package List Refresh" is completed # features/step_definitions/common_steps.rb:127
This scenario took: 115 seconds
Scenario: Schedule an OpenSCAP audit job on the Red Hat-like minion # features/secondary/min_rhlike_openscap_audit.feature:39
This scenario ran at: 2022-10-17 11:31:10 +0200
Given I am on the Systems overview page of this "rhlike_minion" # features/step_definitions/navigation_steps.rb:391
When I follow "Audit" in the content area # features/step_definitions/navigation_steps.rb:287
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I follow "Schedule" in the content area # features/step_definitions/navigation_steps.rb:287
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I wait at most 30 seconds until I do not see "This system does not yet have OpenSCAP scan capability." text, refreshing the page # features/step_definitions/navigation_steps.rb:67
And I enter "--profile standard" as "params" # features/step_definitions/navigation_steps.rb:214
And I enter "/usr/share/xml/scap/ssg/content/ssg-centos8-xccdf.xml" as "path" # features/step_definitions/navigation_steps.rb:214
And I click on "Schedule" # features/step_definitions/navigation_steps.rb:244
Then I should see a "XCCDF scan has been scheduled" text # features/step_definitions/navigation_steps.rb:550
And I wait at most 500 seconds until event "OpenSCAP xccdf scanning" is completed # features/step_definitions/common_steps.rb:146
This scenario took: 39 seconds
Scenario: Check the results of the OpenSCAP scan on the Red Hat-like minion # features/secondary/min_rhlike_openscap_audit.feature:50
This scenario ran at: 2022-10-17 11:31:49 +0200
Given I am on the Systems overview page of this "rhlike_minion" # features/step_definitions/navigation_steps.rb:391
When I follow "Audit" in the content area # features/step_definitions/navigation_steps.rb:287
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I follow "xccdf_org.open-scap_testresult_standard" # features/step_definitions/navigation_steps.rb:272
Then I should see a "Details of XCCDF Scan" text # features/step_definitions/navigation_steps.rb:550
And I should see a "RHEL-8" text # features/step_definitions/navigation_steps.rb:550
And I should see a "XCCDF Rule Results" text # features/step_definitions/navigation_steps.rb:550
This scenario took: 1 seconds
#
# When I enter "pass" as the filtered XCCDF result type
# And I click on the filter button
# Then I should see a "rpm_verify_permissions" link
Scenario: Cleanup: remove audit scans retention period from Red Hat-like minion # features/secondary/min_rhlike_openscap_audit.feature:62
This scenario ran at: 2022-10-17 11:31:50 +0200
When I follow the left menu "Admin > Organizations" # features/step_definitions/navigation_steps.rb:325
WARN: Step ends with an ajax transition not finished, let's wait a bit!
When I follow "SUSE Test" in the content area # features/step_definitions/navigation_steps.rb:287
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I follow "Configuration" in the content area # features/step_definitions/navigation_steps.rb:287
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I enter "0" as "scap_retention_period" # features/step_definitions/navigation_steps.rb:214
And I click on "Update Organization" # features/step_definitions/navigation_steps.rb:244
Then I should see a "Organization SUSE Test was successfully updated." text # features/step_definitions/navigation_steps.rb:550
This scenario took: 1 seconds
Scenario: Cleanup: delete audit results from Red Hat-like minion # features/secondary/min_rhlike_openscap_audit.feature:70
This scenario ran at: 2022-10-17 11:31:51 +0200
Given I am on the Systems overview page of this "rhlike_minion" # features/step_definitions/navigation_steps.rb:391
When I follow "Audit" in the content area # features/step_definitions/navigation_steps.rb:287
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I follow "List Scans" in the content area # features/step_definitions/navigation_steps.rb:287
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I click on "Select All" # features/step_definitions/navigation_steps.rb:244
And I click on "Remove Selected Scans" # features/step_definitions/navigation_steps.rb:244
And I click on "Confirm" # features/step_definitions/navigation_steps.rb:244
Then I should see a " SCAP Scan(s) deleted. 0 SCAP Scan(s) retained" text # features/step_definitions/navigation_steps.rb:550
This scenario took: 2 seconds
Scenario: Cleanup: restore audit scans retention period on Red Hat-like minion # features/secondary/min_rhlike_openscap_audit.feature:79
This scenario ran at: 2022-10-17 11:31:53 +0200
When I follow the left menu "Admin > Organizations" # features/step_definitions/navigation_steps.rb:325
WARN: Step ends with an ajax transition not finished, let's wait a bit!
When I follow "SUSE Test" in the content area # features/step_definitions/navigation_steps.rb:287
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I follow "Configuration" in the content area # features/step_definitions/navigation_steps.rb:287
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I enter "90" as "scap_retention_period" # features/step_definitions/navigation_steps.rb:214
And I click on "Update Organization" # features/step_definitions/navigation_steps.rb:244
Then I should see a "Organization SUSE Test was successfully updated." text # features/step_definitions/navigation_steps.rb:550
This scenario took: 1 seconds
Scenario: Cleanup: remove the OpenSCAP packages from the Red Hat-like minion # features/secondary/min_rhlike_openscap_audit.feature:87
This scenario ran at: 2022-10-17 11:31:54 +0200
When I remove OpenSCAP dependencies from "rhlike_minion" # features/step_definitions/command_steps.rb:845
sed -i 's/enabled=.*/enabled=0/g' /etc/yum.repos.d/Rocky-BaseOS.repo returned status code = 0.
Output:
And I disable repository "Rocky-BaseOS" on this "rhlike_minion" # features/step_definitions/command_steps.rb:776
And I disable client tools repositories on "rhlike_minion" # features/step_definitions/common_steps.rb:762
This scenario took: 8 seconds
Scenario: Cleanup: restore the base channel for the Red Hat-like minion # features/secondary/min_rhlike_openscap_audit.feature:92
This scenario ran at: 2022-10-17 11:32:02 +0200
Given I am on the Systems overview page of this "rhlike_minion" # features/step_definitions/navigation_steps.rb:391
When I follow "Software" in the content area # features/step_definitions/navigation_steps.rb:287
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I follow "Software Channels" in the content area # features/step_definitions/navigation_steps.rb:287
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I wait until I do not see "Loading..." text # features/step_definitions/navigation_steps.rb:40
And I check radio button "Test Base Channel" # features/step_definitions/common_steps.rb:203
And I wait until I do not see "Loading..." text # features/step_definitions/navigation_steps.rb:40
And I click on "Next" # features/step_definitions/navigation_steps.rb:244
Then I should see a "Confirm Software Channel Change" text # features/step_definitions/navigation_steps.rb:550
When I click on "Confirm" # features/step_definitions/navigation_steps.rb:244
Then I should see a "Changing the channels has been scheduled." text # features/step_definitions/navigation_steps.rb:550
And I wait until event "Subscribe channels scheduled by admin" is completed # features/step_definitions/common_steps.rb:127
This scenario took: 22 seconds
10 scenarios (10 passed)
69 steps (69 passed)
3m42.533s
The PR is ready for review. Before merging, I will squash everything into 2 commit to have a clean history.