Bug 1559459 - Smartstate Analysis Schedule Fails for OpenShift 3.7 Container Images
Summary: Smartstate Analysis Schedule Fails for OpenShift 3.7 Container Images
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS
Version: 5.9.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: GA
: 5.10.0
Assignee: Nimrod Shneor
QA Contact: brahmani
URL:
Whiteboard:
: 1626458 (view as bug list)
Depends On:
Blocks: 1566529
TreeView+ depends on / blocked
 
Reported: 2018-03-22 15:31 UTC by myoder
Modified: 2021-12-10 15:50 UTC (History)
12 users (show)

Fixed In Version: 5.10.0.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1566529 (view as bug list)
Environment:
Last Closed: 2019-02-11 14:07:30 UTC
Category: Bug
Cloudforms Team: Container Management
Target Upstream Version:


Attachments (Terms of Use)
SSA schedule (285.93 KB, application/x-gzip)
2018-07-08 13:16 UTC, brahmani
no flags Details

Description myoder 2018-03-22 15:31:30 UTC
Description of problem:
Setup a schedule to run a smartstate scan on all container images.  When the schedule goes to run, there is an error thrown for each container:

[----] I, [2018-03-22T04:00:12.683789 #13523:10b9130]  INFO -- : MIQ(MiqSchedule#invoke_actions) [help3] invoking action: [scan] for target: [jboss-fuse-6/fis-karaf-openshift]
[----] E, [2018-03-22T04:00:12.688682 #13523:10b9130] ERROR -- : MIQ(MiqSchedule#invoke_actions) [help3] Attempting to run action [action_scan] on target [jboss-fuse-6/fis-karaf-openshift], undefined method `userid' for nil:NilClass

I am able to manually scan a container image by selecting Configuration => Perform SmartState Analysis:

[----] I, [2018-03-22T10:23:39.935838 #13541:10b9130]  INFO -- : Q-task_id([job_dispatcher]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#start) Getting inspector-admin secret for pod [management-infra/manageiq-img-scan-3f2dc]
[----] I, [2018-03-22T10:23:40.034000 #13541:10b9130]  INFO -- : Q-task_id([job_dispatcher]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#start) Creating pod [management-infra/manageiq-img-scan-3f2dc] to analyze docker image [registry.access.redhat.com/cloudforms46-beta/cfme-openshift-app-ui@sha256:d739ef04ba67266e29642b01e97b48c82beb3a943f313406a01c17f571cd3bc7] [{"apiVersion":"v1","kind":"Pod","metadata":{"name":"manageiq-img-scan-3f2dc","namespace":"management-infra","labels":{"name":"manageiq-img-scan-3f2dc","manageiq.org":"true"},"annotations":{"manageiq.org/hostname":"dhcp145-173.rdu.redhat.com","manageiq.org/guid":"f5a39ba7-d2d0-4d72-baae-a0ee35d3c5ae","manageiq.org/image":"registry.access.redhat.com/cloudforms46-beta/cfme-openshift-app-ui@sha256:d739ef04ba67266e29642b01e97b48c82beb3a943f313406a01c17f571cd3bc7","manageiq.org/jobid":"3f2dcd41-923e-45ab-9a14-429d7517ea50"}},"spec":{"restartPolicy":"Never","containers":[{"name":"image-inspector","image":"registry.access.redhat.com/openshift3/image-inspector:2.1","imagePullPolicy":"Always","command":["/usr/bin/image-inspector","--chroot","--image=registry.access.redhat.com/cloudforms46-beta/cfme-openshift-app-ui@sha256:d739ef04ba67266e29642b01e97b48c82beb3a943f313406a01c17f571cd3bc7","--scan-type=openscap","--serve=0.0.0.0:8080","--dockercfg=/var/run/secrets/kubernetes.io/inspector-admin-secret-inspector-admin-dockercfg-d9f6c/.dockercfg"],"ports":[{"containerPort":8080}],"securityContext":{"privileged":true},"volumeMounts":[{"mountPath":"/var/run/docker.sock","name":"docker-socket"},{"name":"inspector-admin-secret-inspector-admin-dockercfg-d9f6c","mountPath":"/var/run/secrets/kubernetes.io/inspector-admin-secret-inspector-admin-dockercfg-d9f6c","readOnly":true}],"env":[],"readinessProbe":{"initialDelaySeconds":15,"periodSeconds":5,"httpGet":{"path":"/healthz","port":8080}}}],"volumes":[{"name":"docker-socket","hostPath":{"path":"/var/run/docker.sock"}},{"name":"inspector-admin-secret-inspector-admin-dockercfg-d9f6c","secret":{"secretName":"inspector-admin-dockercfg-d9f6c"}}]}}]
[----] I, [2018-03-22T10:23:40.128445 #13541:10b9130]  INFO -- : Q-task_id([job_dispatcher]) MIQ(MiqQueue.put) Message id: [1000000006994],  id: [], Zone: [default], Role: [smartstate], Server: [], Ident: [generic], Target id: [], Instance id: [1000000000006], Task id: [3f2dcd41-923e-45ab-9a14-429d7517ea50], Command: [Job.signal], Timeout: [600], Priority: [20], State: [ready], Deliver On: [], Data: [], Args: [:pod_wait]
[----] I, [2018-03-22T10:23:40.128871 #13541:10b9130]  INFO -- : Q-task_id([job_dispatcher]) MIQ(MiqQueue#delivered) Message id: [1000000006993], State: [ok], Delivered in [0.267993119] seconds
[----] I, [2018-03-22T10:23:40.936082 #13977:10b9130]  INFO -- : MIQ(ManageIQ::Providers::Openshift::ContainerManager::EventCatcher::Runner#queue_event) EMS [openshift.rickkyy.quicklab.rdu2.cee.redhat.com] as [] Queuing event [{:timestamp=>"2018-03-22T14:23:37Z", :kind=>"Pod", :name=>"manageiq-img-scan-3f2dc", :namespace=>"management-infra", :reason=>"Scheduled", :message=>"Successfully assigned manageiq-img-scan-3f2dc to node-2.rickkyy.quicklab.rdu2.cee.redhat.com", :uid=>"9c99c813-2ddc-11e8-8743-fa163e0aac70", :container_group_name=>"manageiq-img-scan-3f2dc", :container_namespace=>"management-infra", :event_type=>"POD_SCHEDULED"}]


[----] I, [2018-03-22T10:23:45.933713 #13533:10b9130]  INFO -- : MIQ(MiqPriorityWorker::Runner#get_message_via_drb) Message id: [1000000006994], MiqWorker id: [1000000000003], Zone: [default], Role: [smartstate], Server: [], Ident: [generic], Target id: [], Instance id: [1000000000006], Task id: [3f2dcd41-923e-45ab-9a14-429d7517ea50], Command: [Job.signal], Timeout: [600], Priority: [20], State: [dequeue], Deliver On: [], Data: [], Args: [:pod_wait], Dequeued in: [5.816464858] seconds
[----] I, [2018-03-22T10:23:45.934140 #13533:10b9130]  INFO -- : Q-task_id([job_dispatcher]) MIQ(MiqQueue#deliver) Message id: [1000000006994], Delivering...
[----] I, [2018-03-22T10:23:45.978055 #13533:10b9130]  INFO -- : Q-task_id([job_dispatcher]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#pod_wait) waiting for pod management-infra/manageiq-img-scan-3f2dc to be available
[----] I, [2018-03-22T10:23:46.054399 #13533:10b9130]  INFO -- : Q-task_id([job_dispatcher]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#pod_wait) pod management-infra/manageiq-img-scan-3f2dc is not ready
[----] I, [2018-03-22T10:23:46.072199 #13533:10b9130]  INFO -- : Q-task_id([job_dispatcher]) MIQ(MiqQueue.put) Message id: [1000000006998],  id: [], Zone: [default], Role: [smartstate], Server: [], Ident: [generic], Target id: [], Instance id: [1000000000006], Task id: [3f2dcd41-923e-45ab-9a14-429d7517ea50], Command: [Job.signal], Timeout: [600], Priority: [20], State: [ready], Deliver On: [2018-03-22 14:23:56 UTC], Data: [], Args: [:pod_wait]
[----] I, [2018-03-22T10:23:46.072610 #13533:10b9130]  INFO -- : Q-task_id([job_dispatcher]) MIQ(MiqQueue#delivered) Message id: [1000000006994], State: [ok], Delivered in [0.138514636] seconds
[----] I, [2018-03-22T10:23:46.076800 #13533:10b9130]  INFO -- : Q-task_id([job_dispatcher]) MIQ(MiqQueue#m_callback) Message id: [1000000006994], Invoking Callback with args: ["ok", "Message delivered successfully", "#<MiqQueue id: 1000000006998, target_id: nil, priority: 20, method_name: \"signal\", state: \"ready\", created_on: \"2018-03-22 14:23:46\", updated_on: \"2018-03-22 14:23:46\", lock_version: 0, task_id: \"3f2dcd41-923e-45ab-9a14-429d7517ea50\", deliver_on: \"2018-03-22 14:23:56\", queue_name: \"generic\", class_name: \"Job\", instance_id: 1000000000006, args: [:pod_wait], miq_callback: {:class_name=>\"ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job\", :instance_id=>1000000000006, :method_name=>:q..."]



Version-Release number of selected component (if applicable):
CFME 5.9.0.22
OpenShift 3.7

How reproducible:
always

Steps to Reproduce:
1. Setup a schedule to perform container image analysis
2. 
3.

Actual results:
Schedule does not perform scans on the container images

Expected results:
Expect schedule to perform scans on the container images

Additional info:
Appliance demonstrating this: 10.13.145.173 admin:smartvm

Comment 3 Nimrod Shneor 2018-03-27 08:44:13 UTC
Einat can you describe the steps to set the schedule?

Comment 4 Nimrod Shneor 2018-03-27 09:06:00 UTC
Reporter, for the sake of my sanity check, how exactly are you scheduling the scan?

Comment 12 brahmani 2018-07-08 13:16:04 UTC
Created attachment 1457274 [details]
SSA schedule

Verified on 5.10.0.3.20180705151325_ce4d2b5.

Add new Schedule on Configuration => Settings => Schedules.

For the schedule I have the following settings:

  Action: Container Image Analysis

  Filter : Container Image : Name = "dotnet/dotnetcore-10-rhel7" 

And I had the schedule to run once on Sun Jul 08 12:25:00 UTC 2018.

SSA Run with no problem.

See attached screenshots on a zip file.

Comment 13 Beni Paskin-Cherniavsky 2018-09-12 12:09:16 UTC
*** Bug 1626458 has been marked as a duplicate of this bug. ***

Comment 14 Beni Paskin-Cherniavsky 2018-09-12 14:37:41 UTC
undoing flags set as result of merging a duplicate bug.
this BZ already is solved on master and 5.9.


Note You need to log in before you can comment on or make changes to this bug.