compliance-backend is a project meant to parse OpenSCAP reports into a database, and perform all kind of actions that will make your systems more compliant with a policy. For example, you should be able to generate reports of all kinds for your auditors, get alerts, and create playbooks to fix your hosts.

This project does two main things:

1 - Connect to a Kafka message queue provided by the Insights Platform 2 - Serve as the API backend for the web UI compliance-frontend and for other consumers.

Let's examine how to run the project:

You may use the templates in openshift/templates/ and upload them to Openshift to run the project without any further configuration. The template uses two docker images: quarck/ruby25-openscap and centos/postgresql-96-centos7.

• ocdeployer

ocdeployer -s compliance your_openshift_project

compliance-backend is a Ruby on Rails application. It should run using at least two different processes:

Prerequisites:

• URL to Kafka
  • environment variable: KAFKAMQ
• URL to PostgreSQL database
  • environment variables: POSTGRESQL_DATABASE, POSTGRESQL_SERVICE_HOST, POSTGRESQL_USER, POSTGRESQL_PASSWORD, POSTGRESQL_ADMIN_PASSWORD, DATABASE_SERVICE_NAME

First, let's install all dependencies and initialize the database.

bundle install
bundle exec rake db:create db:migrate

At this point you can launch as many 'racecar' processes as you want. These processes will become part of a consumer group in Kafka, so by default the system is highly available.

To run a Reports consumer:

KAFKAMQ=localhost:29092 bundle exec racecar ComplianceReportsConsumer

You may simply run:

bundle exec rails server

Notice there's no CORS protection by default. If you want your requests to be CORS-protected, check out config/initializers/cors.rb and change it to only allow a certain domain.

After this, make sure you can redirect your requests to your the backend's port 3000 using insights-proxy. You may run the proxy using the SPANDX config provided here:

SPANDX_CONFIG=$(pwd)/compliance-backend.js ../insights-proxy/scripts/run.sh

Bring up the DB, rails, and racecar:

docker-compose up

Access the rails console:

docker-compose exec rails bundle exec rails console

Debug with pry-remote:

docker-compose exec rails pry-remote -w

If you'd like to contribute, please fork the repository and use a feature branch. Pull requests are warmly welcome.

This project ensures code style guidelines are followed on every pull request using Rubocop.

The code in this project is licensed under GPL v3 license.