Red Hat Bugzilla – Bug 1459555
[RFE] Allow to specify Location of OpenScap file and Image-Inspector for all OpenShift providers
Last modified: 2018-03-01 08:12:59 EST
Description of problem: Allow to specify Location of OpenScap file and ImageScan for all OpenShift providers
This requires the per-provider instance advanced settings.
Erez, this is already possible through the advanced settings (settings yaml), right?
No, There is not setting for that there yet.
Erez are you keeping in mind this for your current implementation?
Use advanced settings (yaml) as defaults when there is no provider specific setting.
> Use advanced settings (yaml) as defaults when there is no provider specific setting.
Exactly, it is quite parallel to the per-provider features. PR: https://github.com/ManageIQ/manageiq-providers-kubernetes/pull/120
Just making sure, ImageScan means the image-inspector image?
(In reply to Erez Freiberger from comment #6)
> > Use advanced settings (yaml) as defaults when there is no provider specific setting.
> Exactly, it is quite parallel to the per-provider features. PR:
> Just making sure, ImageScan means the image-inspector image?
cve_url, both in the settings and in the per-provider options, should be an address where we would look for the file "com.redhat.rhsa-RHEL7.ds.xml.bz2".
If we want to change that we will need to update image-inspector.
Erez I think this should be in POST (all this feature has been merged).
Let me know if that's not the case and something is still missing.
I agree, it should be in POST.
Verify on cfme 220.127.116.11.
update image_inspector_cve_url with value https://www.redhat.com/security/data/metrics/ds --> SSA work OK.
update image_inspector_cve_url with wrong value https://www.redhat.com/security/data/metrics --> SSA fail with Unable to run OpenSCAP: OpenSCAP error, should be update by PR https://github.com/openshift/image-inspector/pull/78 .
Update image_inspector_registry with wrong value: docker (instead of docker.io) --> SSA fail with "job timed out after 1250.265938917 seconds of inactivity" error as expected.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.