Harbor: Clair stuck in a loop: "could not branch Ubuntu repository"

Created on 2 Jul 2018  路  8Comments  路  Source: goharbor/harbor

See: https://github.com/coreos/clair/pull/562

This makes the Clair-Container in Harbor 1.5 repeat the Clair CVE update process over and over and results in a never fully initiated DB.

Maybe its possible to include this fix in the Harbor Clair container already ?

Logs:
2.7.2018 11:01:33{"Event":"fetching vulnerability updates","Level":"info","Location":"updater.go:213","Time":"2018-07-02 09:01:33.834314"}
2.7.2018 11:01:33{"Event":"Start fetching vulnerabilities","Level":"info","Location":"alpine.go:52","Time":"2018-07-02 09:01:33.834380","package":"Alpine"}
2.7.2018 11:01:33{"Event":"Start fetching vulnerabilities","Level":"info","Location":"debian.go:63","Time":"2018-07-02 09:01:33.915865","package":"Debian"}
2.7.2018 11:01:33{"Event":"Start fetching vulnerabilities","Level":"info","Location":"oracle.go:119","Time":"2018-07-02 09:01:33.916925","package":"Oracle Linux"}
2.7.2018 11:01:33{"Event":"Start fetching vulnerabilities","Level":"info","Location":"rhel.go:92","Time":"2018-07-02 09:01:33.917250","package":"RHEL"}
2.7.2018 11:01:33{"Event":"Start fetching vulnerabilities","Level":"info","Location":"ubuntu.go:88","Time":"2018-07-02 09:01:33.917408","package":"Ubuntu"}
2.7.2018 11:01:34{"Event":"could not pull Ubuntu repository","Level":"error","Location":"ubuntu.go:189","Time":"2018-07-02 09:01:34.232932","error":"exit status 3","output":"bzr: ERROR: Not a branch: \"/tmp/ubuntu-cve-tracker143731536/\".\n"}
2.7.2018 11:01:34{"Event":"an error occured when fetching update","Level":"error","Location":"updater.go:220","Time":"2018-07-02 09:01:34.233035","error":"could not download requested resource","updater name":"ubuntu"}
2.7.2018 11:01:34{"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2018-07-02 09:01:34.624546","updater name":"alpine"}
2.7.2018 11:01:34{"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2018-07-02 09:01:34.697117","updater name":"rhel"}
2.7.2018 11:01:37{"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2018-07-02 09:01:37.703826","updater name":"oracle"}
2.7.2018 11:03:15{"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2018-07-02 09:03:15.901526","updater name":"debian"}
2.7.2018 11:03:15{"Event":"adding metadata to vulnerabilities","Level":"info","Location":"updater.go:253","Time":"2018-07-02 09:03:15.901635"}
2.7.2018 11:04:07{"Event":"update finished","Level":"info","Location":"updater.go:198","Time":"2018-07-02 09:04:07.575481"}
2.7.2018 11:04:07{"Event":"updating vulnerabilities","Level":"info","Location":"updater.go:167","Time":"2018-07-02 09:04:07.580288"}
2.7.2018 11:04:07{"Event":"fetching vulnerability updates","Level":"info","Location":"updater.go:213","Time":"2018-07-02 09:04:07.580397"}
2.7.2018 11:04:07{"Event":"Start fetching vulnerabilities","Level":"info","Location":"ubuntu.go:88","Time":"2018-07-02 09:04:07.580545","package":"Ubuntu"}
2.7.2018 11:04:07{"Event":"Start fetching vulnerabilities","Level":"info","Location":"alpine.go:52","Time":"2018-07-02 09:04:07.736476","package":"Alpine"}
2.7.2018 11:04:07{"Event":"Start fetching vulnerabilities","Level":"info","Location":"debian.go:63","Time":"2018-07-02 09:04:07.952528","package":"Debian"}
2.7.2018 11:04:07{"Event":"Start fetching vulnerabilities","Level":"info","Location":"oracle.go:119","Time":"2018-07-02 09:04:07.953440","package":"Oracle Linux"}
2.7.2018 11:04:07{"Event":"Start fetching vulnerabilities","Level":"info","Location":"rhel.go:92","Time":"2018-07-02 09:04:07.953769","package":"RHEL"}
2.7.2018 11:04:08{"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2018-07-02 09:04:08.541662","updater name":"alpine"}
2.7.2018 11:04:08{"Event":"could not branch Ubuntu repository","Level":"error","Location":"ubuntu.go:177","Time":"2018-07-02 09:04:08.661194","error":"exit status 3","output":"bzr: ERROR: Not a branch: \"https://launchpad.net/ubuntu-cve-tracker/\".\n"}
2.7.2018 11:04:08{"Event":"an error occured when fetching update","Level":"error","Location":"updater.go:220","Time":"2018-07-02 09:04:08.661458","error":"could not download requested resource","updater name":"ubuntu"}
2.7.2018 11:04:08{"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2018-07-02 09:04:08.752243","updater name":"rhel"}
2.7.2018 11:04:11{"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2018-07-02 09:04:11.385706","updater name":"oracle"}
2.7.2018 11:05:18{"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2018-07-02 09:05:18.640580","updater name":"debian"}
2.7.2018 11:05:18{"Event":"adding metadata to vulnerabilities","Level":"info","Location":"updater.go:253","Time":"2018-07-02 09:05:18.640658"}
2.7.2018 11:06:07{"Event":"update finished","Level":"info","Location":"updater.go:198","Time":"2018-07-02 09:06:07.556265"}
2.7.2018 11:06:07{"Event":"updating vulnerabilities","Level":"info","Location":"updater.go:167","Time":"2018-07-02 09:06:07.559792"}
2.7.2018 11:06:07{"Event":"fetching vulnerability updates","Level":"info","Location":"updater.go:213","Time":"2018-07-02 09:06:07.559849"}
2.7.2018 11:06:07{"Event":"Start fetching vulnerabilities","Level":"info","Location":"oracle.go:119","Time":"2018-07-02 09:06:07.559918","package":"Oracle Linux"}
2.7.2018 11:06:07{"Event":"Start fetching vulnerabilities","Level":"info","Location":"rhel.go:92","Time":"2018-07-02 09:06:07.560020","package":"RHEL"}
2.7.2018 11:06:07{"Event":"Start fetching vulnerabilities","Level":"info","Location":"ubuntu.go:88","Time":"2018-07-02 09:06:07.560217","package":"Ubuntu"}
2.7.2018 11:06:07{"Event":"Start fetching vulnerabilities","Level":"info","Location":"alpine.go:52","Time":"2018-07-02 09:06:07.629264","package":"Alpine"}
2.7.2018 11:06:07{"Event":"Start fetching vulnerabilities","Level":"info","Location":"debian.go:63","Time":"2018-07-02 09:06:07.758355","package":"Debian"}
2.7.2018 11:06:08{"Event":"could not pull Ubuntu repository","Level":"error","Location":"ubuntu.go:189","Time":"2018-07-02 09:06:08.034707","error":"exit status 3","output":"bzr: ERROR: Not a branch: \"/tmp/ubuntu-cve-tracker185575535/\".\n"}
2.7.2018 11:06:08{"Event":"an error occured when fetching update","Level":"error","Location":"updater.go:220","Time":"2018-07-02 09:06:08.034821","error":"could not download requested resource","updater name":"ubuntu"}
2.7.2018 11:06:08{"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2018-07-02 09:06:08.371341","updater name":"alpine"}
2.7.2018 11:06:08{"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2018-07-02 09:06:08.419310","updater name":"rhel"}
2.7.2018 11:06:11{"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2018-07-02 09:06:11.466926","upda

arevulnerability-scan candidat1.5.2 dependencexternal kinnote
Source
picture SysAdmLS

All 8 comments

We have the same issue here.

mungo312 picture mungo312 on 2 Jul 2018

As a temp workaround.
I have re-compiled clair with the fix and pushed an image to docker hub:
vmware/clair-photon:v2-tmp-bzr-url-fix
You can update the docker-compose.clair.yml to reference this image and restart Harbor to workaround this issue.
After there's a new release of clair we'll tag a new release.

reasonerjt picture reasonerjt on 5 Jul 2018

This temp workaround didn't work for me with a fresh deploy of 1.5.1. The docker-entrypoint script seems different to the 1.5.0 release.
Had success changing this temp image with the following dockerfile:
FROM docker.io/vmware/clair-photon:v2-tmp-bzr-url-fix
COPY docker-entrypoint.sh /docker-entrypoint.sh
RUN chmod +x /docker-entrypoint.sh
EXPOSE 6060-6061
ENTRYPOINT ["/docker-entrypoint.sh"]
And docker-entrypoint script from 1.5.0:
#!/bin/bash
set -e
chown -R 10000:10000 /config
sudo -E -H -u \#10000 sh -c "/dumb-init -- /clair2.0.1/clair -config /config/config.yaml"
set +e

dnewhook picture dnewhook on 9 Jul 2018
👍1

sudo -E -H -u \#10000 sh -c "/dumb-init -- /clair2.0.1/clair -config /etc/clair/config.yaml"
This seems to be the issue in the vmware/clair-photon:v2-tmp-bzr-url-fix image.

The 1.5 Release mounts its config files to /config (in the compose file)

Fix:

Add
/yourPath/config.yaml:/etc/clair/config.yaml:z
to your compose file, as a volume mounted into the clair container/service.
Then the tmp-fix image works.

SysAdmLS picture SysAdmLS on 11 Jul 2018

The issue has been fixed in the new release of Clair.

https://github.com/coreos/clair/releases/tag/v2.0.4

SysAdmLS picture SysAdmLS on 11 Jul 2018

Yes we have incorporate the change, now we are pending on another bug fix before tagging 1.5.2

reasonerjt picture reasonerjt on 16 Jul 2018
👍1

Closing it as we have bumped to Clair 2.0.4

reasonerjt picture reasonerjt on 23 Jul 2018

Could you please upload the 1.5.2 Images/Container onto the docker-hub?

SysAdmLS picture SysAdmLS on 23 Jul 2018
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

levchik picture levchik  路  4Comments
protochron picture protochron  路  3Comments
problame picture problame  路  3Comments
andrewtchin picture andrewtchin  路  3Comments
cedvan picture cedvan  路  3Comments