Bug 1459555 - [RFE] Allow to specify Location of OpenScap file and Image-Inspector for all OpenShift providers
[RFE] Allow to specify Location of OpenScap file and Image-Inspector for all ...
Status: VERIFIED
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Providers (Show other bugs)
5.8.0
Unspecified Unspecified
unspecified Severity unspecified
: GA
: 5.9.0
Assigned To: Erez Freiberger
brahmani
: FutureFeature, RFE
Depends On: 1462835
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-07 08:47 EDT by Loic Avenel
Modified: 2017-11-14 00:50 EST (History)
7 users (show)

See Also:
Fixed In Version: 5.9.0.1
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: Container Management


Attachments (Terms of Use)

  None (edit)
Description Loic Avenel 2017-06-07 08:47:30 EDT
Description of problem: Allow to specify Location of OpenScap file and ImageScan for all OpenShift providers
Comment 2 Federico Simoncelli 2017-06-19 12:18:42 EDT
This requires the per-provider instance advanced settings.
Comment 3 Federico Simoncelli 2017-07-12 03:49:09 EDT
Erez, this is already possible through the advanced settings (settings yaml), right?
Comment 4 Erez Freiberger 2017-07-12 03:52:34 EDT
No, There is not setting for that there yet.
Comment 5 Federico Simoncelli 2017-09-19 17:54:21 EDT
Erez are you keeping in mind this for your current implementation?

Use advanced settings (yaml) as defaults when there is no provider specific setting.
Comment 6 Erez Freiberger 2017-09-27 05:26:19 EDT
Yes,
> Use advanced settings (yaml) as defaults when there is no provider specific setting.

Exactly, it is quite parallel to the per-provider features. PR: https://github.com/ManageIQ/manageiq-providers-kubernetes/pull/120

Just making sure, ImageScan means the image-inspector image?
Comment 7 Federico Simoncelli 2017-09-27 06:19:52 EDT
(In reply to Erez Freiberger from comment #6)
> Yes,
> > Use advanced settings (yaml) as defaults when there is no provider specific setting.
> 
> Exactly, it is quite parallel to the per-provider features. PR:
> https://github.com/ManageIQ/manageiq-providers-kubernetes/pull/120
> 
> Just making sure, ImageScan means the image-inspector image?

Yes
Comment 8 Erez Freiberger 2017-09-28 06:52:07 EDT
cve_url, both in the settings and in the per-provider options, should be an address where we would look for the file "com.redhat.rhsa-RHEL7.ds.xml.bz2".

If we want to change that we will need to update image-inspector.
Comment 9 Federico Simoncelli 2017-10-03 15:55:30 EDT
https://github.com/ManageIQ/manageiq-providers-kubernetes/pull/120

Erez I think this should be in POST (all this feature has been merged).
Let me know if that's not the case and something is still missing.
Comment 10 Erez Freiberger 2017-10-04 03:40:05 EDT
I agree, it should be in POST.
Comment 11 brahmani 2017-11-14 00:50:35 EST
Verify on cfme 5.9.0.8.
update image_inspector_cve_url with value https://www.redhat.com/security/data/metrics/ds --> SSA work OK.

update image_inspector_cve_url with wrong value  https://www.redhat.com/security/data/metrics --> SSA fail with Unable to run OpenSCAP: OpenSCAP error, should be update by PR  https://github.com/openshift/image-inspector/pull/78 .

Update image_inspector_registry with wrong value: docker (instead of docker.io) --> SSA fail with "job timed out after 1250.265938917 seconds of inactivity" error as expected.

Note You need to log in before you can comment on or make changes to this bug.