Bug 1304758 - Unknown Access Error on OpenShift container image analysis
Unknown Access Error on OpenShift container image analysis
Status: CLOSED ERRATA
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: SmartState Analysis (Show other bugs)
5.5.0
All All
high Severity high
: GA
: 5.6.0
Assigned To: Erez Freiberger
Einat Pacifici
container:smartstate
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-04 09:31 EST by Josh Carter
Modified: 2018-05-27 09:05 EDT (History)
16 users (show)

See Also:
Fixed In Version: 5.6.0.6
Doc Type: Bug Fix
Doc Text:
Previously, there was an Unknown Access Error on OpenShift container image analysis. This was due to an issue with authenticating the service account. This fix authenticates the service account that will allow image-inspector to pull images from the Openshift registry with authentication which has now resolved the issue.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-06-29 11:36:14 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
epacific: automate_bug+


Attachments (Terms of Use)
correct log (13.92 MB, application/zip)
2016-02-10 12:03 EST, Josh Carter
no flags Details

  None (edit)
Description Josh Carter 2016-02-04 09:31:36 EST
Description of problem:

Getting the following error - image is pulled correctly, container starts up, but job stops a couple minutes later with an "unknown access error to pod"/HTTP Bad Gateway.



[----] I, [2016-02-02T11:40:06.091131 #15737:11e598c]  INFO -- : Q-task_id([9c382c32-c9cb-11e5-920c-1264baf72861]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#start) creating pod management-infra/manageiq-img-scan-8ea21f4b3377 to analyze docker image 8ea21f4b33771090a388616326edac7762b20d19310512cc6c4bc58ff76aeb39: {"apiVersion":"v1","kind":"Pod","metadata":{"name":"manageiq-img-scan-8ea21f4b3377","namespace":"management-infra","labels":{"name":"manageiq-img-scan-8ea21f4b3377","manageiq.org":"true"},"annotations":{"manageiq.org/hostname":"cl-rhm-4004.ba.ssa.gov","manageiq.org/guid":"1041ecd2-c47f-11e5-b3c2-1264baf72861","manageiq.org/image":"registry.access.redhat.com/openshift3/metrics-cassandra:3.1.0","manageiq.org/jobid":"9c382c32-c9cb-11e5-920c-1264baf72861"}},"spec":{"restartPolicy":"Never","containers":[{"name":"image-inspector","image":"docker.io/fsimonce/image-inspector:v0.1.3","command":["/usr/bin/image-inspector","--image=registry.access.redhat.com/openshift3/metrics-cassandra:3.1.0","--serve=0.0.0.0:8080"],"ports":[{"containerPort":8080}],"securityContext":{"privileged":true},"volumeMounts":[{"mountPath":"/var/run/docker.sock","name":"docker-socket"}]}],"volumes":[{"name":"docker-socket","hostPath":{"path":"/var/run/docker.sock"}}]}}
[----] I, [2016-02-02T11:40:11.080247 #15735:b1f990]  INFO -- : Q-task_id([9c382c32-c9cb-11e5-920c-1264baf72861]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#pod_wait) waiting for pod management-infra/manageiq-img-scan-8ea21f4b3377 to be available
[----] I, [2016-02-02T11:42:05.806632 #15735:b1f990]  INFO -- : Q-task_id([9c382c32-c9cb-11e5-920c-1264baf72861]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#pod_wait) unknown access error to pod management-infra/manageiq-img-scan-8ea21f4b3377: #<Net::HTTPBadGateway:0x0000000bb9bf58>
[----] I, [2016-02-02T11:42:08.919109 #15735:b1f990]  INFO -- : Q-task_id([9c382c32-c9cb-11e5-920c-1264baf72861]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#cleanup) deleting pod management-infra/manageiq-img-scan-8ea21f4b3377

Version-Release number of selected component (if applicable): 5.5.0


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 5 Josh Carter 2016-02-10 12:03 EST
Created attachment 1122846 [details]
correct log
Comment 6 Federico Simoncelli 2016-02-11 10:30:05 EST
Please make sure that they followed the "Service Account" documentation here:

https://access.redhat.com/documentation/en/red-hat-cloudforms/4.0/managing-providers/chapter-3-containers-providers

they're essential to give ManageIQ enough permissions to do the smart state analysis.
Comment 10 Erez Freiberger 2016-03-09 08:44:00 EST
https://github.com/ManageIQ/manageiq/pull/7168
Comment 15 Greg Blomquist 2016-05-06 00:36:32 EDT
Merged upstream
Comment 19 errata-xmlrpc 2016-06-29 11:36:14 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1348

Note You need to log in before you can comment on or make changes to this bug.