Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error during the internal updaters process for rhel, alpine and ubuntu url #1933

Open
flomickl opened this issue Dec 17, 2023 · 1 comment
Open

Error during the internal updaters process for rhel, alpine and ubuntu url #1933

flomickl opened this issue Dec 17, 2023 · 1 comment

Comments

@flomickl
Copy link

flomickl commented Dec 17, 2023
edited

Description of Problem / Feature Request

In my setup, I get misc error messages during the internal updaters process. I am using clair v4 and version 4.7.2 but also switched to older versions with the same error outcome.

Expected Outcome

The expected outcome is no error messages and the information is stored in the clair database.

Actual Outcome

clair-indexer   | {"level":"error","component":"rhel/internal/common/Updater.Get","error":"Get \"https://access.redhat.com/security/data/metrics/container-name-repos-map.json\": context deadline exceeded","time":"2023-12-17T12:02:53Z","message":"error updating mapping file"}
clair-indexer   | {"level":"error","version":"1.1","component":"rhel/internal/common/Updater.Get","error":"Get \"https://access.redhat.com/security/data/metrics/repository-to-cpe.json\": context deadline exceeded","time":"2023-12-17T12:03:03Z","message":"error updating mapping file"}
clair-matcher   | {"level":"error","component":"libvuln/updates/Manager.Run","error":"alpine: error requesting \"https://secdb.alpinelinux.org/last-update\": Get \"https://secdb.alpinelinux.org/last-update\": dial tcp 172.105.78.12:443: i/o timeout","time":"2023-12-17T12:03:13Z","message":"failed constructing factory, excluding from run"}
clair-matcher   | {"level":"error","component":"libvuln/updates/Manager.Run","error":"debian: examining remote: debian: unable to do request: Get \"https://deb.debian.org/debian/dists/\": dial tcp 146.75.118.132:443: i/o timeout","time":"2023-12-17T12:03:43Z","message":"failed constructing factory, excluding from run"}
clair-matcher   | {"level":"error","component":"libvuln/updates/Manager.Run","error":"Get \"https://access.redhat.com/security/data/oval/v2/PULP_MANIFEST\": dial tcp 23.213.161.217:443: i/o timeout","time":"2023-12-17T12:04:13Z","message":"failed constructing factory, excluding from run"}
clair-matcher   | {"level":"error","component":"libvuln/updates/Manager.Run","error":"ubuntu: error requesting series collection: Get \"https://api.launchpad.net/1.0/ubuntu/series\": dial tcp 185.125.189.224:443: i/o timeout","time":"2023-12-17T12:04:43Z","message":"failed constructing factory, excluding from run"}
clair-matcher   | {"level":"error","component":"libvuln/updates/Manager.Start","error":"updating errors:\naws-AL2-updater: failed to create client: failed to make request for mirrors: Get \"https://cdn.amazonlinux.com/2/core/latest/x86_64/mirror.list\": context deadline exceeded\naws-AL1-updater: failed to create client: failed to make request for mirrors: Get \"http://repo.us-west-2.amazonaws.com/2018.03/updates/x86_64/mirror.list\": context deadline exceeded\nsuse-updater-suse.linux.enterprise.server.12: Get \"https://support.novell.com/security/oval/suse.linux.enterprise.server.12.xml\": dial tcp 130.57.66.5:443: i/o timeout\nphoton-updater-photon2: Get \"https://packages.vmware.com/photon/photon_oval_definitions/com.vmware.phsa-photon2.xml\": dial tcp 2.18.160.25:443: i/o timeout\naws-AL2023-updater: failed to create client: failed to make request for mirrors: Get \"https://cdn.amazonlinux.com/al2023/core/mirrors/latest/x86_64/mirror.list\": context deadline exceeded\nphoton-updater-photon1: Get \"https://packages.vmware.com/photon/photon_oval_definitions/com.vmware.phsa-photon1.xml\": dial tcp 2.18.160.25:443: i/o timeout\nsuse-updater-suse.linux.enterprise.server.15: Get \"https://support.novell.com/security/oval/suse.linux.enterprise.server.15.xml\": dial tcp 130.57.66.5:443: i/o timeout\nsuse-updater-opensuse.leap.15.1: Get \"https://support.novell.com/security/oval/opensuse.leap.15.1.xml\": dial tcp 130.57.66.5:443: i/o timeout\nphoton-updater-photon3: Get \"https://packages.vmware.com/photon/photon_oval_definitions/com.vmware.phsa-photon3.xml\": dial tcp 2.18.160.25:443: i/o timeout\nsuse-updater-opensuse.leap.15.0: Get \"https://support.novell.com/security/oval/opensuse.leap.15.0.xml\": dial tcp 130.57.66.5:443: i/o timeout\nsuse-updater-suse.linux.enterprise.server.11: Get \"https://support.novell.com/security/oval/suse.linux.enterprise.server.11.xml\": dial tcp 130.57.66.5:443: i/o timeout\noracle-2011-updater: Get \"https://linux.oracle.com/security/oval/com.oracle.elsa-2011.xml.bz2\": dial tcp 95.101.178.195:443: i/o timeout\noracle-2012-updater: Get \"https://linux.oracle.com/security/oval/com.oracle.elsa-2012.xml.bz2\": dial tcp 95.101.178.195:443: i/o timeout\noracle-2013-updater: Get \"https://linux.oracle.com/security/oval/com.oracle.elsa-2013.xml.bz2\": dial tcp 95.101.178.195:443: i/o timeout\noracle-2019-updater: Get \"https://linux.oracle.com/security/oval/com.oracle.elsa-2019.xml.bz2\": dial tcp 95.101.178.195:443: i/o timeout\noracle-2020-updater: Get \"https://linux.oracle.com/security/oval/com.oracle.elsa-2020.xml.bz2\": dial tcp 95.101.178.195:443: i/o timeout\noracle-2010-updater: Get \"https://linux.oracle.com/security/oval/com.oracle.elsa-2010.xml.bz2\": dial tcp 95.101.178.195:443: i/o timeout\noracle-2015-updater: Get \"https://linux.oracle.com/security/oval/com.oracle.elsa-2015.xml.bz2\": dial tcp 95.101.178.195:443: i/o timeout\noracle-2018-updater: Get \"https://linux.oracle.com/security/oval/com.oracle.elsa-2018.xml.bz2\": dial tcp 95.101.178.195:443: i/o timeout\noracle-2007-updater: Get \"https://linux.oracle.com/security/oval/com.oracle.elsa-2007.xml.bz2\": dial tcp 95.101.178.195:443: i/o timeout\noracle-2014-updater: Get \"https://linux.oracle.com/security/oval/com.oracle.elsa-2014.xml.bz2\": dial tcp 95.101.178.195:443: i/o timeout\noracle-2016-updater: Get \"https://linux.oracle.com/security/oval/com.oracle.elsa-2016.xml.bz2\": dial tcp 95.101.178.195:443: i/o timeout\noracle-2017-updater: Get \"https://linux.oracle.com/security/oval/com.oracle.elsa-2017.xml.bz2\": dial tcp 95.101.178.195:443: i/o timeout\noracle-2008-updater: Get \"https://linux.oracle.com/security/oval/com.oracle.elsa-2008.xml.bz2\": dial tcp 95.101.178.195:443: i/o timeout\noracle-2009-updater: Get \"https://linux.oracle.com/security/oval/com.oracle.elsa-2009.xml.bz2\": dial tcp 95.101.178.195:443: i/o timeout\noracle-2021-updater: Get \"https://linux.oracle.com/security/oval/com.oracle.elsa-2021.xml.bz2\": dial tcp 95.101.178.195:443: i/o timeout\noracle-2022-updater: Get \"https://linux.oracle.com/security/oval/com.oracle.elsa-2022.xml.bz2\": dial tcp 95.101.178.195:443: i/o timeout\n","time":"2023-12-17T12:06:13Z","message":"errors encountered during updater run"}

Environment

My compose setup:

services:
  matcher:
    image: quay.io/projectquay/clair:4.7.2
    depends_on:
      clair-database:
        condition: service_healthy
    environment:
      CLAIR_MODE: matcher
      CLAIR_CONF: /config/config.yaml
    volumes:
      - ./clair-config/:/config
    restart: unless-stopped
    container_name: clair-matcher
    networks:
      - clair-network


  indexer:
    image: quay.io/projectquay/clair:4.7.2
    depends_on:
      clair-database:
        condition: service_healthy
    volumes:
      - ./clair-config/:/config
    restart: unless-stopped
    container_name: clair-indexer
    environment:
      CLAIR_MODE: "indexer"
      CLAIR_CONF: /config/config.yaml
    networks:
      - clair-network

  clair-database:
    container_name: clair-database
    image: docker.io/library/postgres:13
    environment:
      POSTGRES_HOST_AUTH_METHOD: trust
    volumes:
      - ./config/init.sql:/docker-entrypoint-initdb.d/init.sql
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - ./data/postgres:/var/lib/postgresql/data
    healthcheck:
      test:
        - CMD-SHELL
        - "pg_isready -U postgres"
      interval: 5s
      timeout: 4s
      retries: 12
      start_period: 10s
    networks:
      - clair-network

networks:
  clair-network:
    driver: bridge
    internal: true

My InitSQL File

CREATE USER clair WITH PASSWORD 'clair';
CREATE USER quay WITH PASSWORD 'quay';
CREATE DATABASE indexer WITH OWNER clair;
CREATE DATABASE matcher WITH OWNER clair;
CREATE DATABASE notifier WITH OWNER clair;
CREATE DATABASE quay WITH OWNER quay;
\connect matcher
CREATE EXTENSION "uuid-ossp";
\connect notifier
CREATE EXTENSION "uuid-ossp";
\connect quay
CREATE EXTENSION "pg_trgm";

My clair config.yaml

# ===== MATCHER
matcher:                            # Matcher provides Clair matcher node configuration.
  connstring: "host=clair-database port=5432 user=clair dbname=matcher sslmode=disable" # libpq connection string.
  indexer_addr: "clair-indexer:6060" # A Matcher contacts an Indexer to create a VulnerabilityReport. Required!
  # cache_age:                      # Controls how long clients should be hinted to cache responses for.
  migrations: true                  # Whether Matcher nodes handle migrations to their databases.
  period: "1h"                      # Determines how often updates for new security advisories will take place. Default 6h.
  disable_updaters: false           # Whether to run background updates or not.
  update_retention: 2               # Sets the number of update operations to retain between garbage collection cycles. Default 10.
matchers:                           # Matchers provides configuration for the in-tree Matchers and RemoteMatchers.
  names:                            # A list of string values informing the matcher factory about enabled matchers. 
    - alpine
    - aws
    - debian
    - oracle
    - photon
    - python
    - rhel
    - suse
    - ubuntu
    - crda
  config: {}                         # Provides configuration to specific matcher. Example https://quay.github.io/clair/reference/config.html#matchersconfig
updaters:                            # Updaters provides configuration for the Matcher's update manager.
  sets:                              # A list of string values informing the update manager which Updaters to run. If value is nil default set of Updaters will run.
    - alpine
    - aws
    - debian
    - oracle
    - photon
    - pyupio
    - rhel
    - suse
    - ubuntu
  config: {}                         # Provides configuration to specific updater sets. Example https://quay.github.io/clair/reference/config.html#updatersconfig
  • Clair version/image: quay.io/projectquay/clair:4.7.2
  • Clair client name/version:
  • Host OS: Linux but think that does not matter?
  • Kernel (e.g. uname -a):
  • Network/Firewall setup: No Firewall or proxy involved
@hdonnay
Copy link
Member

hdonnay commented Jan 5, 2024

Those are i/o timeouts in the log -- are the indicated URLs reachable from the container?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hdonnay @flomickl