Bug 1459555 - [RFE] Allow to specify Location of OpenScap file and Image-Inspector for all OpenShift providers
Summary: [RFE] Allow to specify Location of OpenScap file and Image-Inspector for all ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Providers
Version: 5.8.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: GA
: 5.9.0
Assignee: Erez Freiberger
QA Contact: brahmani
URL:
Whiteboard:
Depends On: 1462835
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-06-07 12:47 UTC by Loic Avenel
Modified: 2018-04-09 12:30 UTC (History)
7 users (show)

Fixed In Version: 5.9.0.1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-03-01 13:12:59 UTC
Category: ---
Cloudforms Team: Container Management
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0380 0 normal SHIPPED_LIVE Moderate: Red Hat CloudForms security, bug fix, and enhancement update 2018-03-01 18:37:12 UTC

Description Loic Avenel 2017-06-07 12:47:30 UTC 
Description of problem: Allow to specify Location of OpenScap file and ImageScan for all OpenShift providers
Comment 2 Federico Simoncelli 2017-06-19 16:18:42 UTC 
This requires the per-provider instance advanced settings.
Comment 3 Federico Simoncelli 2017-07-12 07:49:09 UTC 
Erez, this is already possible through the advanced settings (settings yaml), right?
Comment 4 Erez Freiberger 2017-07-12 07:52:34 UTC 
No, There is not setting for that there yet.
Comment 5 Federico Simoncelli 2017-09-19 21:54:21 UTC 
Erez are you keeping in mind this for your current implementation?

Use advanced settings (yaml) as defaults when there is no provider specific setting.
Comment 6 Erez Freiberger 2017-09-27 09:26:19 UTC 
Yes,
> Use advanced settings (yaml) as defaults when there is no provider specific setting.

Exactly, it is quite parallel to the per-provider features. PR: https://github.com/ManageIQ/manageiq-providers-kubernetes/pull/120

Just making sure, ImageScan means the image-inspector image?
Comment 7 Federico Simoncelli 2017-09-27 10:19:52 UTC 
(In reply to Erez Freiberger from comment #6)
> Yes,
> > Use advanced settings (yaml) as defaults when there is no provider specific setting.
> 
> Exactly, it is quite parallel to the per-provider features. PR:
> https://github.com/ManageIQ/manageiq-providers-kubernetes/pull/120
> 
> Just making sure, ImageScan means the image-inspector image?

Yes
Comment 8 Erez Freiberger 2017-09-28 10:52:07 UTC 
cve_url, both in the settings and in the per-provider options, should be an address where we would look for the file "com.redhat.rhsa-RHEL7.ds.xml.bz2".

If we want to change that we will need to update image-inspector.
Comment 9 Federico Simoncelli 2017-10-03 19:55:30 UTC 
https://github.com/ManageIQ/manageiq-providers-kubernetes/pull/120

Erez I think this should be in POST (all this feature has been merged).
Let me know if that's not the case and something is still missing.
Comment 10 Erez Freiberger 2017-10-04 07:40:05 UTC 
I agree, it should be in POST.
Comment 11 brahmani 2017-11-14 05:50:35 UTC 
Verify on cfme 5.9.0.8.
update image_inspector_cve_url with value https://www.redhat.com/security/data/metrics/ds --> SSA work OK.

update image_inspector_cve_url with wrong value  https://www.redhat.com/security/data/metrics --> SSA fail with Unable to run OpenSCAP: OpenSCAP error, should be update by PR  https://github.com/openshift/image-inspector/pull/78 .

Update image_inspector_registry with wrong value: docker (instead of docker.io) --> SSA fail with "job timed out after 1250.265938917 seconds of inactivity" error as expected.
Comment 14 errata-xmlrpc 2018-03-01 13:12:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0380
Note You need to log in before you can comment on or make changes to this bug.