Red Hat Bugzilla – Bug 1459189
[RFE] Allow to specify per Provider the location of OpenSCAP CVEs and Image-Inspector image
Last modified: 2018-04-09 08:31:07 EDT
Description of problem: Allow to specify by Provider Location of OpenStack file and ImageScan, this is important for customers with OpenShift that has not access to Internet
Shout (In reply to Loic Avenel from comment #0) > Description of problem: Allow to specify by Provider Location of OpenStack > file and ImageScan, this is important for customers with OpenShift that has > not access to Internet Please read OpenScap file and not OpenStack
(In reply to Loic Avenel from comment #0) > Description of problem: Allow to specify by Provider Location of OpenStack > file and ImageScan, this is important for customers with OpenShift that has > not access to Internet Loic, we already have: - bug 1379185 for the CVE definitions URL (open ATM) - bug 1378007 for the image-inspector configuration (verified) I am OK to keep this BZ as well but it may need a slight different connotation I suppose. So I am transforming this into the UI side (having a page to configure the above settings). Feel free to re-arrange this BZ if you think otherwise.
I think from title this talks about configuring image-inspector differently per provider? bug 1378007 was one global setting. Assuming that's the goal: I hope we can stop kludging provider custom attributes. We need a generic mechanism for per-provider setting overrides.
This requires the per-provider instance advanced settings.
Erez can you add the relevant PRs here? Please move to ON_DEV if you have all the PRs up for review.
The main PR in the UI, still WIP: https://github.com/ManageIQ/manageiq-ui-classic/pull/1652 It depends on: ManageIQ/manageiq#15398 ManageIQ/manageiq-schema#23 ManageIQ/manageiq-providers-kubernetes#45 ManageIQ/manageiq-providers-openshift#32
Verify on cfme 5.9.0.8. update CVE location with value https://www.redhat.com/security/data/metrics/ds --> SSA work OK. update CVE location with wrong value https://www.redhat.com/security/data/metrics --> SSA fail with Unable to run OpenSCAP: OpenSCAP error as expected. Update image_inspector_registry with wrong value: docker (instead of docker.io) --> SSA fail with "job timed out after 1250.265938917 seconds of inactivity" error as expected.
The error message that I get is different, no mention problem with CVE file : “Unable to run OpenSCAP: OpenSCAP error: 1: exit status 1 Input: [xccdf eval --results-arf /var/tmp/image-inspector-scan-results-274495225/results-arf.xml /tmp/com.redhat.rhsa-RHEL7.ds.xml.bz2] Output: OpenSCAP Error: xmlParseEntityRef: no name [oscap_source.c:278] Entity: line 79: parser error : Entity 'copy' not defined <li>Copyright ©2014 Red Hat, Inc.</li> ^ Entity: line 124: parser error : EntityRef: expecting ';' ="https://smtrcs.redhat.com/b/ss/redhatcom,redhatglobal/1/H.25.4--NS/0?[AQB]&cdp ^ Entity: line 124: parser error : xmlParseEntityRef: no name ttps://smtrcs.redhat.com/b/ss/redhatcom,redhatglobal/1/H.25.4--NS/0?[AQB]&cdp=3& ^ Unable to parse XML at: '/tmp/com.redhat.rhsa-RHEL7.ds.xml.bz2' [oscap_source.c:280]” Erez lets look at that tomorrow.
Erez do you need me to open BZ on that?
BZ 1512824 - Error message correction in case of wrong CVE Loaction value on provider advance settings https://bugzilla.redhat.com/show_bug.cgi?id=1512824 have been open for track the error message issue.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0380