Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-1910

Clair 3.6.0 APP POD was failed to start with Quay 3.5.1 Operator

XMLWordPrintable

      Description:

      This is an issue found when use quay operator 3.5.1 to deploy quay and use Clair 3.6.0, after changed environment variable "RELATED_IMAGE_COMPONENT_CLAIR" to use Clair 3.6.0 image, Clair App POD was failed to start with error message "failed to validate config: matcher mode requires a remote Indexer address"

      oc get pod
      NAME                                         READY   STATUS             RESTARTS   AGE
      quay-operator.v3.5.1-79f549c599-gbp7s        1/1     Running            0          2m18s
      quay350-clair-app-5d86485fbc-cf9h2           1/1     Running            0          21m
      quay350-clair-app-859c946649-q4b6v           0/1     CrashLoopBackOff   4          2m5s
      quay350-clair-postgres-5b85dc5659-8d25w      1/1     Running            1          47m
      quay350-quay-app-7d96fbb79-j6g4m             1/1     Running            2          2m10s
      quay350-quay-config-editor-994ddf56c-pm4f7   1/1     Running            0          2m9s
      quay350-quay-database-5f577858bf-7rffr       1/1     Running            0          119s
      quay350-quay-mirror-7bcf95f48f-smpbq         1/1     Running            0          90s
      quay350-quay-postgres-init-8zx7k             0/1     Completed          0          2m6s
      quay350-quay-redis-596b55c4fc-6dc4j          1/1     Running            0          47m
      lizhang@lzha-mac quay3.4 % oc logs quay350-clair-app-859c946649-q4b6v
      2021/04/21 03:03:26 failed to validate config: matcher mode requires a remote Indexer address
      

      Quay Image:

      oc get pod quay-operator.v3.5.1-79f549c599-gbp7s -o json | jq '.spec.containers[0].image'
      "registry.redhat.io/quay/quay-operator-rhel8@sha256:f04a60bfc73284ee1c776182c66920cf730b205d521a23f710c6b3603aed096f"
      oc get pod quay350-clair-app-859c946649-q4b6v -o json | jq '.spec.containers[0].image'
      "registry-proxy.engineering.redhat.com/rh-osbs/quay-clair-rhel8@sha256:42f8ac787e4ed399ec4061d1a4334b116f29cedb60cf5c9c3e4af1630e34e62f"
      

      Clair 3.6.0 Image:

      registry-proxy.engineering.redhat.com/rh-osbs/quay-clair-rhel8:v3.6.0-2
      registry-proxy.engineering.redhat.com/rh-osbs/quay-clair-rhel8@sha256:42f8ac787e4ed399ec4061d1a4334b116f29cedb60cf5c9c3e4af1630e34e62f
      

       

      Clair config.yaml:

      http_listen_addr: :8080
      introspection_addr: ""
      log_level: info
      indexer:
          connstring: host=quay350-clair-postgres port=5432 dbname=postgres user=postgres password=postgres sslmode=disable
          scanlock_retry: 10
          layer_scan_concurrency: 5
          migrations: true
          scanner:
              package: {}
              dist: {}
              repo: {}
          airgap: false
      matcher:
          connstring: host=quay350-clair-postgres port=5432 dbname=postgres user=postgres password=postgres sslmode=disable
          max_conn_pool: 100
          indexer_addr: ""
          migrations: true
          period: null
          disable_updaters: false
      notifier:
          connstring: host=quay350-clair-postgres port=5432 dbname=postgres user=postgres password=postgres sslmode=disable
          migrations: true
          indexer_addr: ""
          matcher_addr: ""
          poll_interval: 5m
          delivery_interval: 1m
          webhook:
              target: https://quay350-quay-quayclair360.apps.quay-perf-549.perfscale.devcluster.openshift.com/secscan/notification
              callback: http://quay350-clair-app/notifier/api/v1/notifications
              headers: {}
              signed: false
          amqp: null
          stomp: null
      auth:
          psk:
              key: NnVxZE1tZDNld2NzeXg0TGNVN2x2cUgtMmxUVk9kWFg=
              iss:
                  - quay
                  - clairctl
      trace:
          name: ""
          probability: null
          jaeger:
              agent:
                  endpoint: ""
              collector:
                  endpoint: ""
                  username: null
                  password: null
              service_name: ""
              tags: {}
              buffer_max: 0
      metrics:
          name: prometheus
          prometheus:
              endpoint: null
          dogstatsd:
              url: ""
      
      

      Steps:

      1. Deploy Quay 3.5.1 Operator to single OCP namespace
      2. Deploy quay with quay 3.5 Operator with using AWS S3 as backend registry storage
      3. Update quay ClusterServiceVersion named "quay-operator.v3.5.1" to change RELATED_IMAGE_COMPONENT_CLAIR to value "registry-proxy.engineering.redhat.com/rh-osbs/quay-clair-rhel8@sha256:42f8ac787e4ed399ec4061d1a4334b116f29cedb60cf5c9c3e4af1630e34e62f"
      4. Waiting for new Quay Operator POD to be ready
      5. Check the status of new Clair App POD

      Expected Results:

      Clair App POD should be in ready status.

      Actual Results:

      Clair App POD was failed to start with error message "2021/04/21 02:58:39 failed to validate config: matcher mode requires a remote Indexer address"

       

        1. image-2021-05-07-10-34-24-532.png
          380 kB
          luffy zhang
        2. python3 base image.png
          379 kB
          luffy zhang

              hdonnay Henry Donnay
              lzha1981 luffy zhang
              luffy zhang luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: