Hi Prashant, I believe this bug can be closed as well. What you asked for was implemented in the sense that the ocp container does not return its status code directly, but there is some post-processing and unless there is a hard error, the error code from the scanner does not surface to the CRs: openscap-ocp: Container ID: cri-o://2a6ce49736b6d9feeedc89c8dc2527330d3f291de6bbfc4c5c85e3ccdd09762a Image: quay.io/compliance-operator/openscap-ocp:1.3.3 Image ID: quay.io/compliance-operator/openscap-ocp@sha256:fdc69e5d492a70100f40836e21f36ccb984ac134572fb5af9823c0e8fc88e11b Port: <none> Host Port: <none> Command: /scripts/openscap-container-entrypoint State: Terminated Reason: Completed Exit Code: 0 Started: Thu, 18 Jun 2020 18:50:36 +0200 Finished: Thu, 18 Jun 2020 18:50:38 +0200 Ready: False Restart Count: 0 Environment Variables from: workers-scan-openscap-env-map ConfigMap Optional: false Environment: <none> Mounts: /content from content-dir (ro) /host from host (ro) /reports from report-dir (rw) /scripts from workers-scan-openscap-container-entrypoint (ro) /var/run/secrets/kubernetes.io/serviceaccount from resultscollector-token-gvmfq (ro) The above comes from a scan that ended as non-compliant. Can you please confirm that this bug had been fixed?
Hi Jakub, Yes, the issue has been fixed and we are getting expected state and exit code along with the reason for openscap-ocp container. $ oc describe pod openscap-pod-2573cdb4be5ecbfda94f765f4365559b8451ba93 |grep -A 10 "openscap-ocp" openscap-ocp: Container ID: cri-o://2a062992dc61738499adeddc0d628aae93ec874e4f2ad73d23b637dab7510347 Image: quay.io/compliance-operator/openscap-ocp:1.3.3 Image ID: quay.io/compliance-operator/openscap-ocp@sha256:fdc69e5d492a70100f40836e21f36ccb984ac134572fb5af9823c0e8fc88e11b Port: <none> Host Port: <none> Command: /scripts/openscap-container-entrypoint State: Terminated Reason: Completed Exit Code: 0 Started: Tue, 23 Jun 2020 15:06:06 +0530 Finished: Tue, 23 Jun 2020 15:08:07 +0530 Ready: False
openscap-ocp container state looks good now Also verified on: 4.6.0-0.nightly-2020-07-07-233934 $ oc describe pod workers-scan-ip-10-0-75-245.us-east-2.compute.internal-pod |grep -A 10 "openscap-ocp" openscap-ocp: Container ID: cri-o://1f043e3cc5e9abd35ec4ef99e67f4b194e9b78b58ecff4c55170a5a4c841a8f6 Image: quay.io/compliance-operator/openscap-ocp:1.3.3 Image ID: quay.io/compliance-operator/openscap-ocp@sha256:fdc69e5d492a70100f40836e21f36ccb984ac134572fb5af9823c0e8fc88e11b Port: <none> Host Port: <none> Command: /scripts/openscap-container-entrypoint State: Terminated Reason: Completed <<------ Exit Code: 0 <<------ Started: Thu, 09 Jul 2020 18:50:28 +0530 Finished: Thu, 09 Jul 2020 18:52:04 +0530 Ready: False
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196