Bug 1459555

Summary: [RFE] Allow to specify Location of OpenScap file and Image-Inspector for all OpenShift providers
Product: Red Hat CloudForms Management Engine Reporter: Loic Avenel <lavenel>
Component: ProvidersAssignee: Erez Freiberger <efreiber>
Status: CLOSED ERRATA QA Contact: brahmani
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.8.0CC: efreiber, fsimonce, gblomqui, jfrey, jhardy, obarenbo, simaishi
Target Milestone: GAKeywords: FutureFeature, RFE
Target Release: 5.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 5.9.0.1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-01 13:12:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: Container Management Target Upstream Version:
Embargoed:
Bug Depends On: 1462835    
Bug Blocks:    

Description Loic Avenel 2017-06-07 12:47:30 UTC
Description of problem: Allow to specify Location of OpenScap file and ImageScan for all OpenShift providers

Comment 2 Federico Simoncelli 2017-06-19 16:18:42 UTC
This requires the per-provider instance advanced settings.

Comment 3 Federico Simoncelli 2017-07-12 07:49:09 UTC
Erez, this is already possible through the advanced settings (settings yaml), right?

Comment 4 Erez Freiberger 2017-07-12 07:52:34 UTC
No, There is not setting for that there yet.

Comment 5 Federico Simoncelli 2017-09-19 21:54:21 UTC
Erez are you keeping in mind this for your current implementation?

Use advanced settings (yaml) as defaults when there is no provider specific setting.

Comment 6 Erez Freiberger 2017-09-27 09:26:19 UTC
Yes,
> Use advanced settings (yaml) as defaults when there is no provider specific setting.

Exactly, it is quite parallel to the per-provider features. PR: https://github.com/ManageIQ/manageiq-providers-kubernetes/pull/120

Just making sure, ImageScan means the image-inspector image?

Comment 7 Federico Simoncelli 2017-09-27 10:19:52 UTC
(In reply to Erez Freiberger from comment #6)
> Yes,
> > Use advanced settings (yaml) as defaults when there is no provider specific setting.
> 
> Exactly, it is quite parallel to the per-provider features. PR:
> https://github.com/ManageIQ/manageiq-providers-kubernetes/pull/120
> 
> Just making sure, ImageScan means the image-inspector image?

Yes

Comment 8 Erez Freiberger 2017-09-28 10:52:07 UTC
cve_url, both in the settings and in the per-provider options, should be an address where we would look for the file "com.redhat.rhsa-RHEL7.ds.xml.bz2".

If we want to change that we will need to update image-inspector.

Comment 9 Federico Simoncelli 2017-10-03 19:55:30 UTC
https://github.com/ManageIQ/manageiq-providers-kubernetes/pull/120

Erez I think this should be in POST (all this feature has been merged).
Let me know if that's not the case and something is still missing.

Comment 10 Erez Freiberger 2017-10-04 07:40:05 UTC
I agree, it should be in POST.

Comment 11 brahmani 2017-11-14 05:50:35 UTC
Verify on cfme 5.9.0.8.
update image_inspector_cve_url with value https://www.redhat.com/security/data/metrics/ds --> SSA work OK.

update image_inspector_cve_url with wrong value  https://www.redhat.com/security/data/metrics --> SSA fail with Unable to run OpenSCAP: OpenSCAP error, should be update by PR  https://github.com/openshift/image-inspector/pull/78 .

Update image_inspector_registry with wrong value: docker (instead of docker.io) --> SSA fail with "job timed out after 1250.265938917 seconds of inactivity" error as expected.

Comment 14 errata-xmlrpc 2018-03-01 13:12:59 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0380