Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-581

Quay Clair jwtproxy service was failed to start

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Blocker Blocker
    • quay-v3.3.0
    • quay-v3.3.0
    • clair

      Description:
      This is an issue found when deploy and configure Quay Clair with new 3.3 image "quay.io/quay/clair-jwt:v3.3.0-1", found the "SECURITY SCAN " of all pushed image are stuck in "Queued" status, checking Clair POD found error message "mkdir: cannot create directory '/certificates': Permission denied","time="2020-04-14T10:46:06Z" level=error msg="Failed to create forward proxy: open /certificates/mitm.crt: no such file or directory", see attached logs for more information.

      ENV:
      Quay image: quay.io/quay/quay:v3.3.0-1
      Clair image: quay.io/quay/clair-jwt:v3.3.0-1

      Steps:
      1. Following guide "https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/deploy_red_hat_quay_on_openshift/index#add-clair-scanner" to deploy Clair.
      2. Open Quay-config app and enable "Enable Security Scanning"
      3. Provide correct "Security Scanner Endpoint"
      4. Save configurations and launch "deployment rollout"
      5. Check the the status of SECURITY SCAN for new pushed images

      Expected Result:
      The status of SECURITY SCAN for new pushed images should display correct vulnerability information.

      Actual Results:
      The status of SECURITY SCAN for new pushed images are stuck in "Queued".

      Logs of Clair POD:
      bash-3.2$ oc get pod
      NAME READY STATUS RESTARTS AGE
      clair-scanner-7449f8474-ncrrp 1/1 Running 0 149m
      demo-quayecosystem-quay-6654d96759-hr7dg 1/1 Running 0 138m
      demo-quayecosystem-quay-6654d96759-tsw9t 1/1 Running 0 137m
      demo-quayecosystem-quay-6654d96759-wlrq9 1/1 Running 0 136m
      demo-quayecosystem-quay-config-58b47c587d-jnxbj 1/1 Running 0 10h
      demo-quayecosystem-quay-postgresql-6b78596b6b-hq42k 1/1 Running 0 10h
      demo-quayecosystem-redis-6987ffff78-cmhw7 1/1 Running 0 10h

      bash-3.2$ oc rsh clair-scanner-7449f8474-ncrrp
      sh-4.2$ whoami
      default
      bash-3.2$ oc logs clair-scanner-7449f8474-ncrrp

      ______ _ __ _ _____
      / ____| | | / \ | | | \

            / /\ \     /\ /
        ____   __ / ____ \     __ \
      ______
        ____ /_/ _\ _   _ _\

      Running scanner
      mkdir: cannot create directory '/certificates': Permission denied

      2020-04-14 10:46:05,778 INFO supervisord started with pid 12
      2020-04-14 10:46:06,781 INFO spawned: 'jwtproxy' with pid 15
      2020-04-14 10:46:06,784 INFO spawned: 'clair' with pid 16
      time="2020-04-14T10:46:06Z" level=error msg="Failed to create forward proxy: open /certificates/mitm.crt: no such file or directory"
      ......
      time="2020-04-14T10:48:08Z" level=info msg="Starting reverse proxy (Listening on ':6060')"
      time="2020-04-14T10:48:08Z" level=error msg="Failed to create forward proxy: open /certificates/mitm.crt: no such file or directory"
      2020-04-14 10:48:08,392 INFO exited: jwtproxy (exit status 0; not expected)
      2020-04-14 10:48:09,393 INFO gave up: jwtproxy entered FATAL state, too many start retries too quickly

        1. clairPodlogs
          33 kB
        2. screenshot-1.png
          screenshot-1.png
          237 kB

              tomckay@redhat.com Thomas Mckay (Inactive)
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: