clairctl: export-updaters OOM issues

Question

clairctl: export-updaters OOM issues

BirgerM opened this issue 8 months ago · comments

Description of Problem

Im trying to follow the steps as documented in the clair documentation, but i have the following issue:

Running clairctl export-updaters updates.json.gz to export updaters to a file ends up with the process consuming all available system memory before the process gets killed by the OOM killer or the machine enters a frozen state. I find it hard to believe that this command would require more than 16GB of available memory.

Expected Outcome

clairctl runs configured exporters and exports the results to a file.

Actual Outcome

Process gets killed by the OOM killer resulting in an empty updates.json.gz file.

or

Process hangs indefinitely waiting for more available system resources.

Environment

Freshly installed virtual machine in Azure

clairctl version: v4.7.2 (claircore v1.5.19)
Host OS: Red Hat Enterprise Linux 8.8 (Ootpa)
Kernel (e.g. uname -a): 4.18.0-477.27.1.el8_8.x86_64
Total online memory: 16G

Hank Donnay · Answer 1 · Fri Oct 27 2023 07:00:40 GMT+0800 (China Standard Time)

I've opened a PR at quay/claircore#1120 in an attempt to address this. If you can build a patched clairctl and take it for a spin, I'd greatly appreciate it!

Hank Donnay · Answer 2 · Sat Oct 28 2023 01:48:35 GMT+0800 (China Standard Time)

clairctl.gz

I built a way to test this a bit easier here, and build this version of clairctl (for amd64/linux). Please try it if you get a chance.

Birger · Answer 3 · Sat Oct 28 2023 05:25:07 GMT+0800 (China Standard Time)

Tried running the new clairctl on Red Hat Enterprise Linux 8.8 (Ootpa), but had some issues with the available version of glibc.

./clairctl: /lib64/libc.so.6: version `GLIBC_2.34' not found (required by ./clairctl)

Since GLIBC_2.34 is available on RHEL 9 i installed a new virtual machine with Red Hat Enterprise Linux 9.2 (Plow) and ran clairctl. The memory consumption stays around 3-4GB, but i keep getting this error:

./clairctl export-updaters updates.json.gz
< omitted output >

2023-10-27T23:05:05+02:00 INF successful update component=libvuln/updates/Manager.driveUpdater ref=c8045fa9-139d-4fea-86c5-2e332c0a98ba updater=debian/updater
2023-10-27T23:05:05+02:00 INF finished update component=libvuln/updates/Manager.driveUpdater updater=debian/updater
json: error calling MarshalJSON for type *jsonblob.bufShim: unexpected EOF

Hank Donnay · Answer 4 · Sat Oct 28 2023 05:49:41 GMT+0800 (China Standard Time)

okay, thanks for trying. I'll keep hacking at it.

Hank Donnay · Answer 5 · Thu Nov 02 2023 00:27:50 GMT+0800 (China Standard Time)

Current version of that PR runs and seems to peak (just eyeballing it) at ~2GB of memory usage.

Hank Donnay · Answer 6 · Thu Nov 02 2023 01:44:25 GMT+0800 (China Standard Time)

I'll also note that setting GOMAXPROCS to something like 1 seems to pretty aggressively constrain memory with the linked PR.

Hank Donnay · Answer 7 · Tue Feb 27 2024 04:14:10 GMT+0800 (China Standard Time)

Should be completely fixed in v4.7.3