Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-7425

Quay Clair can't scan images when using NetApp ONTAP S3 Object Storage

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Critical Critical
    • quay-v3.12.1
    • quay-v3.11.0, quay-v3.12.0
    • clair, quay

      Description:

      This is an issue found in Quay 3.11 when Quay is configured to use NetApp ONTAP S3 Object Storage, after pushed image to Quay, found Clair can't scan quay images, checked Clair APP POD logs, get error ""FetchLayers","error":"encountered error while fetching a layer: error realizing layer sha256:7a91844d7037f165d072bfc2ef81967d38d4cd8e21251e161d9ff8cacace8b9d: fetcher: unexpected status code: 501 Not Implemented", pls review the detailed logs quay311_ontap_clair_app_pod1.logs 

      Quay: 3.11.1

      Clair APP POD Logs:

      {"level":"warn","component":"indexer/controller/Controller.Index","manifest":"sha256:4b554e7cc5ee2d8855409cbd66fb3e00b5961a8474e6132268a6126f4a9332c0","request_id":"9a12a49f59a4dc52","state":"FetchLayers","error":"encountered error while fetching a layer: error realizing layer sha256:7a91844d7037f165d072bfc2ef81967d38d4cd8e21251e161d9ff8cacace8b9d: fetcher: unexpected status code: 501 Not Implemented (body starts: \"<?xml version=\\\"1.0\\\" encoding=\\\"UTF-8\\\"?><Error><Code>NotImplemented</Code><Message>A header or query you provided implies functionality that is not implemented.</Message></Error>\")","time":"2024-07-02T05:19:47Z","message":"layers fetch failure"}
{"level":"info","component":"indexer/controller/Controller.Index","manifest":"sha256:4b554e7cc5ee2d8855409cbd66fb3e00b5961a8474e6132268a6126f4a9332c0","request_id":"9a12a49f59a4dc52","state":"FetchLayers","time":"2024-07-02T05:19:47Z","message":"layers fetch done"}
{"level":"error","component":"indexer/controller/Controller.Index","manifest":"sha256:4b554e7cc5ee2d8855409cbd66fb3e00b5961a8474e6132268a6126f4a9332c0","request_id":"9a12a49f59a4dc52","state":"FetchLayers","error":"failed to fetch layers: encountered error while fetching a layer: error realizing layer sha256:7a91844d7037f165d072bfc2ef81967d38d4cd8e21251e161d9ff8cacace8b9d: fetcher: unexpected status code: 501 Not Implemented (body starts: \"<?xml version=\\\"1.0\\\" encoding=\\\"UTF-8\\\"?><Error><Code>NotImplemented</Code><Message>A header or query you provided implies functionality that is not implemented.</Message></Error>\")","time":"2024-07-02T05:19:47Z","message":"error during scan"}
      Quay 3.11 UI:

      Quay config.yaml:

      ALLOW_PULLS_WITHOUT_STRICT_LOGGING: false
AUTHENTICATION_TYPE: Database
BUILDLOGS_REDIS:
  host: quayontap-quay-redis
  port: 6379
CREATE_NAMESPACE_ON_PUSH: true
DATABASE_SECRET_KEY: nNSCxtG6mkqPZ-LWRBkhHnceUttIAE5Td35IDlU3wxONw5xus990MpLHIx-raOb1pzKyPeqpLZKBPhIe
DB_CONNECTION_ARGS:
  autorollback: true
  threadlocals: true
DB_URI: postgresql://quayontap-quay-database:yLmUV9vivwAIaF-Bt0nqooASrawH7hfW0Lvz2zj6rtRDuPtj0DM5fjPrJ6GDzgShMlLlQzoH0PwhhpW5@quayontap-quay-database:5432/quayontap-quay-database
DEFAULT_TAG_EXPIRATION: 2w
DISTRIBUTED_STORAGE_CONFIG:
  local_us:
  - RadosGWStorage
  - access_key: ******
    bucket_name: bucket1
    hostname: poc5113.cpoccloud.com
    is_secure: true
    maximum_chunk_size_mb: 32
    port: 10443
    secret_key: ******
    server_side_assembly: false
    storage_path: /datastorage/registry
DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS:
- local_us
DISTRIBUTED_STORAGE_PREFERENCE:
- local_us
ENTERPRISE_LOGO_URL: /static/img/RH_Logo_Quay_Black_UX-horizontal.svg
EXTERNAL_TLS_TERMINATION: true
FEATURE_AUTO_PRUNE: true
FEATURE_BUILD_SUPPORT: false
FEATURE_DIRECT_LOGIN: true
FEATURE_EXTENDED_REPOSITORY_NAMES: true
FEATURE_MAILING: false
FEATURE_PROXY_CACHE: true
FEATURE_PROXY_STORAGE: true
FEATURE_QUOTA_MANAGEMENT: true
FEATURE_REPO_MIRROR: true
FEATURE_SECURITY_NOTIFICATIONS: true
FEATURE_SECURITY_SCANNER: true
FEATURE_SUPERUSERS_FULL_ACCESS: true
FEATURE_UI_V2: true
FEATURE_USER_INITIALIZE: true
IGNORE_UNKNOWN_MEDIATYPES: true
PERMANENTLY_DELETE_TAGS: true
PREFERRED_URL_SCHEME: https
REGISTRY_TITLE: Red Hat Quay
REGISTRY_TITLE_SHORT: Red Hat Quay
REPO_MIRROR_INTERVAL: 30
REPO_MIRROR_TLS_VERIFY: true
RESET_CHILD_MANIFEST_EXPIRATION: true
SECRET_KEY: B-lRHXbRMCWqbelbVzkn7OebpDyOW1p7SbRwB-bgYF4lc30k6VkyyXs7G71ongD1fMaK0G2JUQNrVzQv
SECURITY_SCANNER_INDEXING_INTERVAL: 30
SECURITY_SCANNER_V4_ENDPOINT: http://quayontap-clair-app.quay311.svc.cluster.local
SECURITY_SCANNER_V4_NAMESPACE_WHITELIST:
- admin
SECURITY_SCANNER_V4_PSK: OTFTU3I4OHFNVjJncmlpOXJRUjFmN2FobDJlWEN2M2M=
SERVER_HOSTNAME: quayontap-quay-quay311.apps.quaytest-2728.qe.azure.devcluster.openshift.com
SETUP_COMPLETE: true
TAG_EXPIRATION_OPTIONS:
- 2w
TEAM_RESYNC_STALE_TIME: 60m
TESTING: false
USER_EVENTS_REDIS:
  host: quayontap-quay-redis
  port: 6379

        1. image-2024-07-02-13-25-46-227.png
          image-2024-07-02-13-25-46-227.png
          290 kB
        2. image-2024-08-08-15-23-15-426.png
          image-2024-08-08-15-23-15-426.png
          600 kB
        3. image-2024-08-14-00-50-00-688.png
          image-2024-08-14-00-50-00-688.png
          51 kB
        4. image-2024-08-14-01-11-48-569.png
          image-2024-08-14-01-11-48-569.png
          80 kB
        5. image-2024-08-14-01-15-09-077.png
          image-2024-08-14-01-15-09-077.png
          83 kB
        6. image-2024-08-14-01-16-10-891.png
          image-2024-08-14-01-16-10-891.png
          160 kB
        7. quay311_ontap_clair_app_pod1.logs
          14.18 MB

              lzha1981 luffy zhang
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: