Bug 1459189
Summary: | [RFE] Allow to specify per Provider the location of OpenSCAP CVEs and Image-Inspector image | ||
---|---|---|---|
Product: | Red Hat CloudForms Management Engine | Reporter: | Loic Avenel <lavenel> |
Component: | Providers | Assignee: | Erez Freiberger <efreiber> |
Status: | CLOSED ERRATA | QA Contact: | brahmani |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 5.8.0 | CC: | cben, dajohnso, efreiber, fsimonce, gblomqui, hkataria, jfrey, jhardy, lavenel, mpovolny, obarenbo, oourfali, simaishi, tparsons |
Target Milestone: | MVP | Keywords: | FutureFeature |
Target Release: | 5.9.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | 5.9.0.4 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-03-01 13:12:59 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | Container Management | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1378007, 1379185, 1462835 | ||
Bug Blocks: |
Description
Loic Avenel
2017-06-06 13:43:38 UTC
Shout (In reply to Loic Avenel from comment #0) > Description of problem: Allow to specify by Provider Location of OpenStack > file and ImageScan, this is important for customers with OpenShift that has > not access to Internet Please read OpenScap file and not OpenStack (In reply to Loic Avenel from comment #0) > Description of problem: Allow to specify by Provider Location of OpenStack > file and ImageScan, this is important for customers with OpenShift that has > not access to Internet Loic, we already have: - bug 1379185 for the CVE definitions URL (open ATM) - bug 1378007 for the image-inspector configuration (verified) I am OK to keep this BZ as well but it may need a slight different connotation I suppose. So I am transforming this into the UI side (having a page to configure the above settings). Feel free to re-arrange this BZ if you think otherwise. I think from title this talks about configuring image-inspector differently per provider? bug 1378007 was one global setting. Assuming that's the goal: I hope we can stop kludging provider custom attributes. We need a generic mechanism for per-provider setting overrides. This requires the per-provider instance advanced settings. Erez can you add the relevant PRs here? Please move to ON_DEV if you have all the PRs up for review. The main PR in the UI, still WIP: https://github.com/ManageIQ/manageiq-ui-classic/pull/1652 It depends on: ManageIQ/manageiq#15398 ManageIQ/manageiq-schema#23 ManageIQ/manageiq-providers-kubernetes#45 ManageIQ/manageiq-providers-openshift#32 Verify on cfme 5.9.0.8. update CVE location with value https://www.redhat.com/security/data/metrics/ds --> SSA work OK. update CVE location with wrong value https://www.redhat.com/security/data/metrics --> SSA fail with Unable to run OpenSCAP: OpenSCAP error as expected. Update image_inspector_registry with wrong value: docker (instead of docker.io) --> SSA fail with "job timed out after 1250.265938917 seconds of inactivity" error as expected. The error message that I get is different, no mention problem with CVE file : “Unable to run OpenSCAP: OpenSCAP error: 1: exit status 1 Input: [xccdf eval --results-arf /var/tmp/image-inspector-scan-results-274495225/results-arf.xml /tmp/com.redhat.rhsa-RHEL7.ds.xml.bz2] Output: OpenSCAP Error: xmlParseEntityRef: no name [oscap_source.c:278] Entity: line 79: parser error : Entity 'copy' not defined <li>Copyright ©2014 Red Hat, Inc.</li> ^ Entity: line 124: parser error : EntityRef: expecting ';' ="https://smtrcs.redhat.com/b/ss/redhatcom,redhatglobal/1/H.25.4--NS/0?[AQB]&cdp ^ Entity: line 124: parser error : xmlParseEntityRef: no name ttps://smtrcs.redhat.com/b/ss/redhatcom,redhatglobal/1/H.25.4--NS/0?[AQB]&cdp=3& ^ Unable to parse XML at: '/tmp/com.redhat.rhsa-RHEL7.ds.xml.bz2' [oscap_source.c:280]” Erez lets look at that tomorrow. Erez do you need me to open BZ on that? BZ 1512824 - Error message correction in case of wrong CVE Loaction value on provider advance settings https://bugzilla.redhat.com/show_bug.cgi?id=1512824 have been open for track the error message issue. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0380 |