Bug 1795193 - [OCP v4.4] openscap-ocp container in the ComplianceScan pod terminates with an error code.
Summary: [OCP v4.4] openscap-ocp container in the ComplianceScan pod terminates with a...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Compliance Operator
Version: 4.4
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.6.0
Assignee: Jakub Hrozek
QA Contact: Prashant Dhamdhere
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-01-27 12:06 UTC by Prashant Dhamdhere
Modified: 2020-10-27 15:55 UTC (History)
3 users (show)

Fixed In Version: v0.1.9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 15:54:52 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 15:55:19 UTC

Comment 4 Jakub Hrozek 2020-06-18 16:57:59 UTC
Hi Prashant,
I believe this bug can be closed as well. What you asked for was implemented in the sense that the ocp container does not return its status code directly, but there is some post-processing and unless there is a hard error, the error code from the scanner does not surface to the CRs:

  openscap-ocp:          
    Container ID:  cri-o://2a6ce49736b6d9feeedc89c8dc2527330d3f291de6bbfc4c5c85e3ccdd09762a                           
    Image:         quay.io/compliance-operator/openscap-ocp:1.3.3
    Image ID:      quay.io/compliance-operator/openscap-ocp@sha256:fdc69e5d492a70100f40836e21f36ccb984ac134572fb5af9823c0e8fc88e11b
    Port:          <none>                                  
    Host Port:     <none>                                                                                             
    Command:                                               
      /scripts/openscap-container-entrypoint                                                                          
    State:          Terminated     
      Reason:       Completed                                                                                         
      Exit Code:    0                                                                                                 
      Started:      Thu, 18 Jun 2020 18:50:36 +0200                                                                   
      Finished:     Thu, 18 Jun 2020 18:50:38 +0200        
    Ready:          False                                                                                             
    Restart Count:  0     
    Environment Variables from:                                                                                       
      workers-scan-openscap-env-map  ConfigMap  Optional: false
    Environment:                     <none>                                                                           
    Mounts:                                                
      /content from content-dir (ro)
      /host from host (ro)                                 
      /reports from report-dir (rw)
      /scripts from workers-scan-openscap-container-entrypoint (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from resultscollector-token-gvmfq (ro)

The above comes from a scan that ended as non-compliant.

Can you please confirm that this bug had been fixed?

Comment 5 Prashant Dhamdhere 2020-06-23 10:01:40 UTC
Hi Jakub,

Yes, the issue has been fixed and we are getting expected state and exit code along with the reason
for openscap-ocp container.


$ oc describe pod openscap-pod-2573cdb4be5ecbfda94f765f4365559b8451ba93 |grep -A 10 "openscap-ocp"
  openscap-ocp:
    Container ID:  cri-o://2a062992dc61738499adeddc0d628aae93ec874e4f2ad73d23b637dab7510347
    Image:         quay.io/compliance-operator/openscap-ocp:1.3.3
    Image ID:      quay.io/compliance-operator/openscap-ocp@sha256:fdc69e5d492a70100f40836e21f36ccb984ac134572fb5af9823c0e8fc88e11b
    Port:          <none>
    Host Port:     <none>
    Command:
      /scripts/openscap-container-entrypoint
    State:          Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Tue, 23 Jun 2020 15:06:06 +0530
      Finished:     Tue, 23 Jun 2020 15:08:07 +0530
    Ready:          False

Comment 6 Prashant Dhamdhere 2020-07-09 13:27:58 UTC
openscap-ocp container state looks good now

Also verified on: 4.6.0-0.nightly-2020-07-07-233934

$ oc describe pod workers-scan-ip-10-0-75-245.us-east-2.compute.internal-pod |grep -A 10 "openscap-ocp"
  openscap-ocp:
    Container ID:  cri-o://1f043e3cc5e9abd35ec4ef99e67f4b194e9b78b58ecff4c55170a5a4c841a8f6
    Image:         quay.io/compliance-operator/openscap-ocp:1.3.3
    Image ID:      quay.io/compliance-operator/openscap-ocp@sha256:fdc69e5d492a70100f40836e21f36ccb984ac134572fb5af9823c0e8fc88e11b
    Port:          <none>
    Host Port:     <none>
    Command:
      /scripts/openscap-container-entrypoint
    State:          Terminated
      Reason:       Completed  <<------
      Exit Code:    0       <<------
      Started:      Thu, 09 Jul 2020 18:50:28 +0530
      Finished:     Thu, 09 Jul 2020 18:52:04 +0530
    Ready:          False

Comment 9 errata-xmlrpc 2020-10-27 15:54:52 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.