Description of problem: At the moment cloud form's docker OpenSCAP scanning functionality relies on triggering Openshift to launch the Image Inspector docker file to perform the scanning. Cloudforms is instructing Openshift to explicitly download the docker file from an internet location and then launch it. If you are not connected to the internet then this functionality is broken. To fix this broken functionality it would be best if we can specify a "default" docker repository location property such that ANY cloudforms activity that involved downloading docker files from the internet could use this property (if present) rather then the hard-coded location on the internet. config/initializers/override_containers_scanning_image.rb module OverrideContainersScanningImage def inspector_image 'registry.access.redhat.com/openshift3/image-inspector:2.0' end end ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job.prepend(OverrideContainersScanningImage) ~
Note that configuring where to get 'image-inspector' docker image won't be enough to support OpenSCAP in clusters not connected to the internet. image-inspector currently hardcodes downloading the CVE info from: CVEUrl = "https://www.redhat.com/security/data/metrics/ds/" https://github.com/openshift/image-inspector/issues/18 tracks that part.
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/63b46caf7dd170b752cd233daae824acd2e79fd5 commit 63b46caf7dd170b752cd233daae824acd2e79fd5 Author: Daniel Trieu <dtrieu80> AuthorDate: Mon Feb 20 18:39:19 2017 +0200 Commit: Beni Cherniavsky-Paskin <cben> CommitDate: Mon Feb 20 18:39:24 2017 +0200 Make registry & repo configurable for 'image-inspector' Tag (:2.1) deliberately left non-configurable as we depend on a specific version's interface. (Minor 2.1.z versions will be activated simply by re-pointing the 2.1 tag.) https://bugzilla.redhat.com/show_bug.cgi?id=1378007 .../providers/kubernetes/container_manager/scanning/job.rb | 7 ++++--- config/settings.yml | 2 ++ 2 files changed, 6 insertions(+), 3 deletions(-)