Bug 1378007
Summary: | [RFE] Provide a config property to override "default" docker repository to pull down image-inspector container image. | |||
---|---|---|---|---|
Product: | Red Hat CloudForms Management Engine | Reporter: | Prasad Mukhedkar <pmukhedk> | |
Component: | Providers | Assignee: | Nimrod Shneor <nshneor> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Pavel Zagalsky <pzagalsk> | |
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | 5.6.0 | CC: | bazulay, cben, cpatters, cpelland, dron, fsimonce, jfrey, jhardy, lavenel, ncatling, obarenbo, paul.maddocks1, pmukhedk, simaishi | |
Target Milestone: | GA | Keywords: | FutureFeature, TestOnly, ZStream | |
Target Release: | 5.8.0 | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | container | |||
Fixed In Version: | 5.8.0.2 | Doc Type: | Enhancement | |
Doc Text: |
This enhancement makes registry and repository information configurable for the 'image-inspector’ container image. However, the built-in OpenSCAP policy in CloudForms scans only images named `<file>/image-inspector`, and skips any modified image names and paths. To scan customised images, copy and modify the OpenSCAP policy, then assign the modified condition to the image.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1429654 (view as bug list) | Environment: | ||
Last Closed: | 2017-06-12 17:04:53 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | Container Management | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1429654, 1459189 |
Description
Prasad Mukhedkar
2016-09-21 09:47:58 UTC
Note that configuring where to get 'image-inspector' docker image won't be enough to support OpenSCAP in clusters not connected to the internet. image-inspector currently hardcodes downloading the CVE info from: CVEUrl = "https://www.redhat.com/security/data/metrics/ds/" https://github.com/openshift/image-inspector/issues/18 tracks that part. New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/63b46caf7dd170b752cd233daae824acd2e79fd5 commit 63b46caf7dd170b752cd233daae824acd2e79fd5 Author: Daniel Trieu <dtrieu80> AuthorDate: Mon Feb 20 18:39:19 2017 +0200 Commit: Beni Cherniavsky-Paskin <cben> CommitDate: Mon Feb 20 18:39:24 2017 +0200 Make registry & repo configurable for 'image-inspector' Tag (:2.1) deliberately left non-configurable as we depend on a specific version's interface. (Minor 2.1.z versions will be activated simply by re-pointing the 2.1 tag.) https://bugzilla.redhat.com/show_bug.cgi?id=1378007 .../providers/kubernetes/container_manager/scanning/job.rb | 7 ++++--- config/settings.yml | 2 ++ 2 files changed, 6 insertions(+), 3 deletions(-) |