Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: quay-v3.14.0
Affects Version/s: quay-v3.10.6
Component/s: quay
Labels:

Work Type:
Strategic Product Work
Blocked:
False
Blocked Reason:
None
Ready:
False
Affects:

Compatibility/Configuration, User Experience
Steps to Reproduce:
Hide

{"log":"{\"level\":\"debug\",\"component\":\"httptransport/New\",\"request_id\":\"245623f5861cff56\",\"code\":500,\"error\":\"failed to start scan: failed to fetch layers: encountered error while fetching a layer: error realizing layer sha256:0c186e733db598968d62afa4aa97d922462248c2d61dbbf9b3b1b14bb1e9680e: fetcher: unexpected status code: 400 Bad Request (body starts: \\\"\u003c?xml version=\\\\\\\"1.0\\\\\\\" encoding=\\\\\\\"UTF-8\\\\\\\"?\u003e\\\\n\u003cError\u003e\u003cCode\u003eAuthorizationQueryParametersError\u003c/Code\u003e\u003cMessage\u003eError parsing the X-Amz-Credential parameter; the region 'us-east-1' is wrong; expecting 'us-west-2'\u003c/Message\u003e\u003cRegion\u003eus-west-2\u003c/Region\u003e\u003cRequestId\u003eKD38M7GE\\\")\",\"time\":\"2025-02-05T17:12:08Z\",\"message\":\"http error response\"}\n","stream":"stderr","time":"2025-02-05T17:12:08.14576163Z"}

looks like it is getting us-east-1 from boto but the storage config has us-west-2:

DISTRIBUTED_STORAGE_CONFIG: s3Storage: - CloudFrontedS3Storage - host: s3-us-west-2.amazonaws.com s3_access_key: AKIA2U3SAW7D33SMXZMY s3_secret_key: XXXXXXXXXXXXXXXXXXXXXXXXX s3_bucket: dckr-reg-files-development s3_region: us-west-2 storage_path: /datastorage/registry cloudfront_distribution_domain: d2ajgav4lbdz56.cloudfront.net/datastorage/registry cloudfront_key_id: K1L2G0PKWXJ5T0 cloudfront_privatekey_filename: cloudfront-signing-key.pem cloudfront_distribution_org_overrides: {}
Show
{ "log" : "{\" level\ ":\" debug\ ",\" component\ ":\" httptransport/New\ ",\" request_id\ ":\" 245623f5861cff56\ ",\" code\ ":500,\" error\ ":\" failed to start scan: failed to fetch layers: encountered error while fetching a layer: error realizing layer sha256:0c186e733db598968d62afa4aa97d922462248c2d61dbbf9b3b1b14bb1e9680e: fetcher: unexpected status code: 400 Bad Request (body starts: \\\ "\u003c?xml version=\\\\\\\" 1.0\\\\\\\ " encoding=\\\\\\\" UTF-8\\\\\\\ "?\u003e\\\\n\u003cError\u003e\u003cCode\u003eAuthorizationQueryParametersError\u003c/Code\u003e\u003cMessage\u003eError parsing the X-Amz-Credential parameter; the region 'us-east-1' is wrong; expecting 'us-west-2' \u003c/Message\u003e\u003cRegion\u003eus-west-2\u003c/Region\u003e\u003cRequestId\u003eKD38M7GE\\\" )\ ",\" time\ ":\" 2025-02-05T17:12:08Z\ ",\" message\ ":\" http error response\ "}\n" , "stream" : "stderr" , "time" : "2025-02-05T17:12:08.14576163Z" } looks like it is getting us-east-1 from boto but the storage config has us-west-2: DISTRIBUTED_STORAGE_CONFIG: s3Storage: - CloudFrontedS3Storage - host: s3-us-west-2.amazonaws.com s3_access_key: AKIA2U3SAW7D33SMXZMY s3_secret_key: XXXXXXXXXXXXXXXXXXXXXXXXX s3_bucket: dckr-reg-files-development s3_region: us-west-2 storage_path: /datastorage/registry cloudfront_distribution_domain: d2ajgav4lbdz56.cloudfront.net/datastorage/registry cloudfront_key_id: K1L2G0PKWXJ5T0 cloudfront_privatekey_filename: cloudfront-signing-key.pem cloudfront_distribution_org_overrides: {}
Intelligence Requested:
Market:

Severity:
Important
Customer Impact:

Customer Reported

Target Version:

quay-v3.14.0

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

PX Impact Score:

We've updated our AWS RDS managed Clair v4 PostGres SQL DB from 12.19 to 15.7 
The DB upgrade went ahead without problem but we see issues when trying to scan new images. 
The images appear to be stuck in the '...Queued` state and appear to be unable to progress to generating a bug report. 

I've uploaded a image called : clair-test:bitnami_memcached as a reference and I'm including all the relevant config debug logs.

Our version of Quay is v3.10.6 and Clair-v4 is v3.10.6

links to

quay/quay#3666: storage(cloudfront): fixed presign uri for multi-region (PROJQUAY-8532)

RHBA-2025:146347 Red Hat Quay v3.14.0 bug fix release

mentioned on

Merge request - Updated US source to: e2dbce0 storage(cloudfront): fixed presign uri for multi-region (PROJQUAY-8532) (#3666)

Assignee:: Brandon Caton

Reporter:: Daniel Shoemaker

QA Contact:: Sean Zhao

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2025/02/05 7:01 PM

Updated:: 2025/03/12 8:16 AM

Resolved:: 2025/03/12 8:16 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates