Bug 1304758 - Unknown Access Error on OpenShift container image analysis
Summary: Unknown Access Error on OpenShift container image analysis
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: SmartState Analysis
Version: 5.5.0
Hardware: All
OS: All
high
high
Target Milestone: GA
: 5.6.0
Assignee: Erez Freiberger
QA Contact: Einat Pacifici
URL:
Whiteboard: container:smartstate
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-04 14:31 UTC by Josh Carter
Modified: 2019-11-14 07:24 UTC (History)
16 users (show)

Fixed In Version: 5.6.0.6
Doc Type: Bug Fix
Doc Text:
Previously, there was an Unknown Access Error on OpenShift container image analysis. This was due to an issue with authenticating the service account. This fix authenticates the service account that will allow image-inspector to pull images from the Openshift registry with authentication which has now resolved the issue.
Clone Of:
Environment:
Last Closed: 2016-06-29 15:36:14 UTC
Category: ---
Cloudforms Team: ---
Target Upstream Version:
Embargoed:
epacific: automate_bug+

Attachments (Terms of Use)
correct log (13.92 MB, application/zip)
2016-02-10 17:03 UTC, Josh Carter 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:1348 0 normal SHIPPED_LIVE CFME 5.6.0 bug fixes and enhancement update 2016-06-29 18:50:04 UTC

Description Josh Carter 2016-02-04 14:31:36 UTC 
Description of problem:

Getting the following error - image is pulled correctly, container starts up, but job stops a couple minutes later with an "unknown access error to pod"/HTTP Bad Gateway.



[----] I, [2016-02-02T11:40:06.091131 #15737:11e598c]  INFO -- : Q-task_id([9c382c32-c9cb-11e5-920c-1264baf72861]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#start) creating pod management-infra/manageiq-img-scan-8ea21f4b3377 to analyze docker image 8ea21f4b33771090a388616326edac7762b20d19310512cc6c4bc58ff76aeb39: {"apiVersion":"v1","kind":"Pod","metadata":{"name":"manageiq-img-scan-8ea21f4b3377","namespace":"management-infra","labels":{"name":"manageiq-img-scan-8ea21f4b3377","manageiq.org":"true"},"annotations":{"manageiq.org/hostname":"cl-rhm-4004.ba.ssa.gov","manageiq.org/guid":"1041ecd2-c47f-11e5-b3c2-1264baf72861","manageiq.org/image":"registry.access.redhat.com/openshift3/metrics-cassandra:3.1.0","manageiq.org/jobid":"9c382c32-c9cb-11e5-920c-1264baf72861"}},"spec":{"restartPolicy":"Never","containers":[{"name":"image-inspector","image":"docker.io/fsimonce/image-inspector:v0.1.3","command":["/usr/bin/image-inspector","--image=registry.access.redhat.com/openshift3/metrics-cassandra:3.1.0","--serve=0.0.0.0:8080"],"ports":[{"containerPort":8080}],"securityContext":{"privileged":true},"volumeMounts":[{"mountPath":"/var/run/docker.sock","name":"docker-socket"}]}],"volumes":[{"name":"docker-socket","hostPath":{"path":"/var/run/docker.sock"}}]}}
[----] I, [2016-02-02T11:40:11.080247 #15735:b1f990]  INFO -- : Q-task_id([9c382c32-c9cb-11e5-920c-1264baf72861]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#pod_wait) waiting for pod management-infra/manageiq-img-scan-8ea21f4b3377 to be available
[----] I, [2016-02-02T11:42:05.806632 #15735:b1f990]  INFO -- : Q-task_id([9c382c32-c9cb-11e5-920c-1264baf72861]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#pod_wait) unknown access error to pod management-infra/manageiq-img-scan-8ea21f4b3377: #<Net::HTTPBadGateway:0x0000000bb9bf58>
[----] I, [2016-02-02T11:42:08.919109 #15735:b1f990]  INFO -- : Q-task_id([9c382c32-c9cb-11e5-920c-1264baf72861]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#cleanup) deleting pod management-infra/manageiq-img-scan-8ea21f4b3377

Version-Release number of selected component (if applicable): 5.5.0


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 5 Josh Carter 2016-02-10 17:03:30 UTC 
Created attachment 1122846 [details]
correct log
Comment 6 Federico Simoncelli 2016-02-11 15:30:05 UTC 
Please make sure that they followed the "Service Account" documentation here:

https://access.redhat.com/documentation/en/red-hat-cloudforms/4.0/managing-providers/chapter-3-containers-providers

they're essential to give ManageIQ enough permissions to do the smart state analysis.
Comment 10 Erez Freiberger 2016-03-09 13:44:00 UTC 
https://github.com/ManageIQ/manageiq/pull/7168
Comment 15 Greg Blomquist 2016-05-06 04:36:32 UTC 
Merged upstream
Comment 19 errata-xmlrpc 2016-06-29 15:36:14 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1348
Note You need to log in before you can comment on or make changes to this bug.