clair returns ok

Question

clair returns ok

netcat2024 opened this issue 4 months ago · comments

netcat2024 commented 4 months ago

Description of Problem / Feature Request

when calling Clair it always return OK

Expected Outcome

Clair should report vulnerabilities

Actual Outcome

command:
clairctl -D report ubuntu:focal

return:

2024-02-19T17:08:48+08:00 DBG enabling signing for authorities authorities=["clair-indexer:6060","clair-matcher:6060","webhook-target"]
2024-02-19T17:08:48+08:00 DBG fetching ref=ubuntu:focal
2024-02-19T17:08:48+08:00 DBG using text output
2024-02-19T17:08:50+08:00 DBG found manifest digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:08:50+08:00 DBG requesting index_report attempt=1 digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:08:55+08:00 DBG digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 method=GET path=/indexer/api/v1/index_report/sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal status="404 Not Found"
2024-02-19T17:08:55+08:00 DBG don't have needed manifest digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 manifest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:08:57+08:00 DBG found manifest digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:08:57+08:00 DBG found layers count=1 digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:08:59+08:00 DBG requesting index_report attempt=2 digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:09:00+08:00 DBG digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 method=GET path=/indexer/api/v1/index_report/sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal status="200 OK"
2024-02-19T17:09:07+08:00 DBG digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 method=POST path=/indexer/api/v1/index_report ref=ubuntu:focal status="201 Created"
2024-02-19T17:09:07+08:00 DBG setting validator digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 path=/indexer/api/v1/index_report/sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal validator="\"746c21e6e713e5208118f7d54c52e391\""
2024-02-19T17:10:02+08:00 DBG digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 method=GET path=/matcher/api/v1/vulnerability_report/sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal status="200 OK"
ubuntu:focal ok

Environment

clairctl's config.yaml

---
log_level: debug-color
introspection_addr: ":8089"
http_listen_addr: ":6060"
updaters:
  sets:
    - ubuntu
    - debian
    - rhel
    - alpine
    - osv
auth:
  psk:
    key: 'c2VjcmV0'
    iss:
      - quay
      - clairctl
indexer:
  connstring: host=clair-database user=clair dbname=indexer sslmode=disable
  scanlock_retry: 10
  layer_scan_concurrency: 5
  migrations: true
matcher:
  indexer_addr: http://clair-indexer:6060/
  connstring: host=clair-database user=clair dbname=matcher sslmode=disable
  max_conn_pool: 100
  migrations: true
matchers: {}
notifier:
  indexer_addr: http://clair-indexer:6060/
  matcher_addr: http://clair-matcher:6060/
  connstring: host=clair-database user=clair dbname=notifier sslmode=disable
  migrations: true
  delivery_interval: 30s
  poll_interval: 1m
  webhook:
    target: "http://webhook-target/"
    callback: "http://clair-notifier:6060/notifier/api/v1/notification/"
  # amqp:
  #   direct: true
  #   exchange:
  #     name: ""
  #     type: "direct"
  #     durable: true
  #     auto_delete: false
  #   uris: ["amqp://guest:guest@clair-rabbitmq:5672/"]
  #   routing_key: "notifications"
  #   callback: "http://clair-notifier/notifier/api/v1/notification"
# tracing and metrics config
trace:
  name: "jaeger"
#  probability: 1
  jaeger:
    agent:
      endpoint: "clair-jaeger:6831"
    service_name: "clair"
metrics:
  name: "prometheus"

clair :
download the newest version clair

and then :

cd clair-v4.7.2
docker-compose up -d

Clair version/image: 4.72
Clair client name/version: clairctl version v4.7.2 (claircore v1.5.19)
Host OS: ubuntu 20.04
Kernel (e.g. uname -a): Linux deng-VirtualBox 5.15.0-92-generic #102~20.04.1-Ubuntu SMP Mon Jan 15 13:09:14 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Kubernetes version (use kubectl version): n/a
Network/Firewall setup: n/a

Hank Donnay · Answer 1 · Tue Feb 20 2024 04:10:39 GMT+0800 (China Standard Time)

Please provide the Clair logs and the JSON output from clairctl.

netcat2024 · Answer 2 · Tue Feb 20 2024 09:33:06 GMT+0800 (China Standard Time)

Please provide the Clair logs and the JSON output from clairctl.

Can you tell me how to provide the Clair logs and the JSON output from clairctl ? I don't know how to collect these information.

netcat2024 · Answer 3 · Wed Feb 21 2024 11:10:54 GMT+0800 (China Standard Time)

I found the answer.
change docker-compose up -d to docker-compose --profile debug up . It can report vulnerabilities.

Hank Donnay · Answer 4 · Tue Feb 27 2024 04:16:57 GMT+0800 (China Standard Time)

I believe the example configuration also drifted over time; we've updated that and the documentation. Glad you got things working.