Giters

quay / clair

Vulnerability Static Analysis for Containers

Home Page:https://quay.github.io/clair/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Clair fails to run in the combo mode

odidev opened this issue · comments

commented

Description of Problem / Feature Request

Hi Team,

I am working with clair using the latest released version v4.4.4.

I ran clair in the distributed mode using “./local-dev/clair/config.yaml” and everything seemed to work fine. The vulnerability report is getting generated.

I used the same configuration file “./local-dev/clair/config.yaml” for the combo mode, but Clair fails to start.

Below are the commands I used to setup the database and run clair in the combo mode:

// setup postgres database 
sudo docker-compose up -d clair-database 

// run clair in the combo mode 
./clair -conf "./local-dev/clair/config.yaml" -mode "combo"

Logs from the clair-database container shows that:

2022-08-18 12:23:25.713 UTC [1] LOG:  database system is ready to accept connections

Below are the error logs while running clair in the combo mode:

7:40AM ERR fatal error error="service initialization failed: failed to initialize indexer: failed to create ConnPool: failed to connect to `host=clair-database user=clair database=indexer`: hostname resolving error (lookup clair-database: Temporary failure in name resolution)" component=main

I tried with the older version v4.1.1, and changed the host to localhost in the connstring in the config.yaml, combo mode worked fine.
Similarly, I edited the host from clair-database to localhost in v4.4.4 config.yaml, but still clair failed to connect to the postgres database.

IMO, if the same connstring configuration is working for the distributed mode, it should also work for the combo mode.
Can you please provide some pointers on the same?

Expected Outcome

Combo Mode should work

Actual Outcome

Kindly find the logs above.

Environment

  • Clair version/image: v4.4.4
  • Clair client name/version:
  • Host OS: Ubuntu
  • Kernel (e.g. uname -a): Linux ip-172-31-12-172 5.15.0-1017-aws ~20.04.1-Ubuntu SMP Fri Aug 5 11:44:14 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
  • Kubernetes version (use kubectl version):
  • Network/Firewall setup:
commented

The error being hostname resolving error (lookup clair-database: Temporary failure in name resolution) makes me think there's nothing wrong with clair or the config, but something with the container setup.

The sudo docker-compose command starts a database in a container network, then running clair in the host context means the networks aren't connected. I think this would have worked on 4.1.1 because that setup exposed more ports on localhost. The solution would be to start clair in the container network, or expose the database's port on localhost.