Forge Home


This puppet module configures foreman_scap_client.

Rubén del Campo



3,049 latest version

5.0 quality score

Version information

  • 0.3.22 (latest)
released Aug 21st 2019
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 3.8.7 < 7.0.0
  • RedHat

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this declaration to your Puppetfile:

mod 'rdelcampog-foreman_scap_client', '0.3.22'
Learn more about managing modules with a Puppetfile

Add this module to a Bolt project:

bolt module add rdelcampog-foreman_scap_client
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install rdelcampog-foreman_scap_client --version 0.3.22

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



rdelcampog/foreman_scap_client — version 0.3.22 Aug 21st 2019

Foreman SCAP client Puppet Module

Foreman SCAP client Puppet Module configures foreman_scap_client to run scans and upload results to foreman proxy.


This puppet module will automatically install foreman_scap_client (if not installed) and will configure /etc/foreman_scap_client/config.yaml with parameters which are needed for the operation of foreman_scap_client.


  • 'server': configures the proxy server
  • 'port': configures the proxy server's port
  • 'ca_file': path to file of certification authority that issued client's certificate
  • 'host_certificate': path to host certificate, may be puppet agent certificate or katello certificate
  • 'host_private_key': path to host private key, may be puppet agent private key or katello private key
  • 'policies': Array of policies that should be configured
  • 'foreman_repo_rel': add / manage foreman-plugins yum repo and set to release version. Eg '1.14'
  • 'foreman_repo_key': RPM Key source file for foreman-plugins repo. Note: Currently, packages are not signed. Unless set to an alternative file source, URL will be used.
  • 'foreman_repo_src': Alternative baseurl for The Foreman plugins repository
  • 'foreman_repo_gpg_chk': Enable / disable GPG checks. Directly passed to Yumrepo resource
  • 'install_options': Additional options for client package installation
  • 'cron_template': Path to cron template
  • 'cron_splay': Upper limit for splay time when sending reports to proxy
  • 'fetch_remote_resources': Whether client should fetch referenced resources that are remote
  • 'http_proxy_server': HTTP proxy server
  • 'http_proxy_port': HTTP proxy port

For detailed info on the parameters see documentation on manifests/init.pp & manifests/params.pp

Sample Usage

The following example ensures that every week an SCAP audit is executed and the results are sent to proxy at The example will automatically attempt to install foreman_scap_client on the system. If you do not wish to use your tailoring file with policy, just pass empty string to "tailoring_path".

class { foreman_scap_client:
  server           => '',
  port             => '8443',
  foreman_repo_rel => '1.14',
  foreman_repo_key => '/net/share/foreman-gpg-rpm-key',
  policies         => [{
    "id"                      => 1,
    "hour"                    => "12",
    "minute"                  => "1",
    "month"                   => "*",
    "monthday"                => "*",
    "weekday"                 => "1",
    "profile_id"              => '',
    "content_path"            => '/usr/share/xml/scap/ssg/fedora/ssg-fedora-ds.xml',
    "download_path"           => '/compliance/policies/1/content',
    "tailoring_path"          => '/var/lib/openacap/ssg-fedora-ds-tailored.xml',
    "tailoring_download_path" => "/compliance/policies/1/tailoring"

Usage with foreman_openscap

When using this module together with foreman_openscap, no further configuration should be necessary as values are by Foreman's ENC. However, verify the values for server, port and policies after importing the class; the policies should be <%= @host.policies_enc %>

Releasing on puppet forge

We use project blacksmith to do the release. All you need to do is configuring theforeman credentials in ~/.puppetforge.yml and then call release task from upstream repo like this

bundle exec rake module:release