-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
quay-v3.11.0
-
False
-
None
-
False
-
-
-
0
-
Proposed
Description:
This is an issue found in Quay 3.11, after deploying Quay 3.11 with Quay Operator, choose to use managed Clair Component, and some pushed image to Quay, found Clair. can't scan images, checked Clair APP POD Logs, get errors "error":"fetcher: encountered errors: error realizing layer sha256:51dd7d67a42644c8c77a431e70b73cd8a3c8ae7a218883223b52d775ef261996: open /tmp: operation not supported", see attached Clair APP POD Logs quay311_clair_app_pod1.logs and quay311_clair_app_pod2.logs
Quay: quay-operator-bundle-container-v3.11.0-21
Clair: {"level":"info","component":"main","version":"v4.7.3 (user) (claircore v1.5.25)","time":"2024-03-05T02:39:39Z","message":"starting"}
Clair can't scan images:
Clair logs:
{"level":"warn","manifest":"sha256:09cf6f76f78cc81033fffcda90c59746a7b677d4ee78244b16dd6316c8306918","request_id":"4b7615730a842b00","component":"indexer/controller/Controller.Index","state":"FetchLayers","error":"fetcher: encountered errors: error realizing layer sha256:51dd7d67a42644c8c77a431e70b73cd8a3c8ae7a218883223b52d775ef261996: open /tmp: operation not supported","time":"2024-03-05T03:30:14Z","message":"layers fetch failure"}
Quay config.yaml:
ALLOW_PULLS_WITHOUT_STRICT_LOGGING: false AUTHENTICATION_TYPE: Database BROWSER_API_CALLS_XHR_ONLY: false BUILDLOGS_REDIS: host: quayregistry-quay-redis port: 6379 CREATE_NAMESPACE_ON_PUSH: true CREATE_PRIVATE_REPO_ON_PUSH: true CREATE_REPOSITORY_ON_PUSH_PUBLIC: true DATABASE_SECRET_KEY: B5DMva0sNQMFll1MMtwY2B2mcSP56T1QJkJ7Tg940odkueqJ40aQj3EkWuu0Ab5exPTLkRDekYHia4GR DB_CONNECTION_ARGS: autorollback: true threadlocals: true DB_URI: postgresql://quayregistry-quay-database:jABejWaFVCnw3Qx7qiEQXa2aics9OmDjI2UIRMOdAlAtaVj-aP1QvSE768LqaxKiVvjwKQQ4-1je5X11@quayregistry-quay-database:5432/quayregistry-quay-database DEFAULT_TAG_EXPIRATION: 2w DISTRIBUTED_STORAGE_CONFIG: default: - S3Storage - host: s3.us-east-2.amazonaws.com s3_access_key: ****** s3_bucket: quayaws2165 s3_region: us-east-2 s3_secret_key: ****** storage_path: /datafile DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS: - default DISTRIBUTED_STORAGE_PREFERENCE: - default ENTERPRISE_LOGO_URL: /static/img/RH_Logo_Quay_Black_UX-horizontal.svg EXTERNAL_TLS_TERMINATION: true FEATURE_AUTO_PRUNE: true FEATURE_BUILD_SUPPORT: false FEATURE_DIRECT_LOGIN: true FEATURE_EXTENDED_REPOSITORY_NAMES: true FEATURE_GENERAL_OCI_SUPPORT: true FEATURE_HELM_OCI_SUPPORT: true FEATURE_MAILING: false FEATURE_PROXY_CACHE: true FEATURE_PROXY_STORAGE: true FEATURE_QUOTA_MANAGEMENT: true FEATURE_REPO_MIRROR: true FEATURE_SECURITY_NOTIFICATIONS: true FEATURE_SECURITY_SCANNER: true FEATURE_SUPERUSERS_FULL_ACCESS: true FEATURE_UI_V2: true FEATURE_USER_INITIALIZE: true PERMANENTLY_DELETE_TAGS: true PREFERRED_URL_SCHEME: https REGISTRY_TITLE: Red Hat Quay REGISTRY_TITLE_SHORT: Red Hat Quay REPO_MIRROR_INTERVAL: 30 REPO_MIRROR_TLS_VERIFY: true RESET_CHILD_MANIFEST_EXPIRATION: true SECRET_KEY: aFo-LgMpx7C0ZgoGPpwWhhcbhEd4V753L-PPBVAtww223VAGTCfA6lOCORFAslkAG1sEWuPRKnlJDWKq SECURITY_SCANNER_INDEXING_INTERVAL: 30 SECURITY_SCANNER_V4_ENDPOINT: http://quayregistry-clair-app.quay-enterprise-2165.svc.cluster.local SECURITY_SCANNER_V4_NAMESPACE_WHITELIST: - admin SECURITY_SCANNER_V4_PSK: OFlJRk5xOXh3eFFCN0dqZzdsb2ZxT0hMc3BqaUZRd0U= SERVER_HOSTNAME: quayregistry-quay-quay-enterprise-2165.apps.quaytest-2165.qe.devcluster.openshift.com SETUP_COMPLETE: true SUPER_USERS: - quay - admin TAG_EXPIRATION_OPTIONS: - 2w TEAM_RESYNC_STALE_TIME: 60m TESTING: false USER_EVENTS_REDIS: host: quayregistry-quay-redis port: 6379 USERFILES_LOCATION: default USERFILES_PATH: userfiles/