clairctl: HTTP 400 on Push and Analyze

Similar problem as https://github.com/jgsqware/clairctl/issues/18 (Detailed Guidance for setup of CLAIRCTL), however since that issue is now discussing other topics I wanted to return to the basic problem of getting the http error: 400 client quit unexpectedly error for push or analyze to see what it is that I am missing …

Clairctl health-check …

` $ clairctl health --log-level debug 2017-06-04 16:08:01.755098 D | config: Using config file: /home/docker/clairctl.yml 2017-06-04 16:08:01.756459 D | clair: requesting health on: http://172.18.0.4:6061/health

Clair: ✔ `

But PUSH …

` $ clairctl push hello-world:latest --log-level debug

2017-06-04 15:59:48.660635 D | config: Using config file: /home/docker/clairctl.yml 2017-06-04 15:59:48.662555 D | dockerdist: Downloading manifest for hello-world:latest 2017-06-04 15:59:48.664492 D | dockerdist: Retrieving repository client 2017-06-04 15:59:48.666448 D | dockerdist: endpoint.TLSConfig.InsecureSkipVerify: true 2017-06-04 15:59:52.316571 D | dockerdist: manifest type: *schema2.DeserializedManifest 2017-06-04 15:59:52.316594 D | dockerdist: retrieved schema2 manifest, no verification 2017-06-04 15:59:52.317774 I | config: retrieving interface for local IP 2017-06-04 15:59:52.317787 D | config: no interface provided, looking for docker0 2017-06-04 15:59:52.319476 I | clair: Pushing Layer 1/1 [sha256:78445] 2017-06-04 15:59:52.320515 D | clair: Saving sha256:78445dd45222097f5f8d5a16e48dc19c4ca162dcdb80010ab6f1ccfc7e2c0fa3[https://registry-1.docker.io/v2] 2017-06-04 15:59:53.022542 I | clair: adding layer 1/1 [sha256:78445]: receiving http error: 400 client quit unexpectedly 2017-06-04 15:59:53.024542 C | cmd: pushing image “hello-world:latest”: receiving http error: 400 ` Setup is as follows …

Clairctl binary installed (not running inside a container). Clairctl version: 1.2.6

Docker version: 17.05.0-ce

clairctl.yml: clair: port: 6060 healthPort: 6061 uri: http://clair report: path: ./reports format: html docker: insecure-registries: - "localhost:5000"

docker-compose.yml:

` version: ‘2’ services: postgres: container_name: clair_postgres image: postgres:latest restart: unless-stopped environment: POSTGRES_PASSWORD: password

clair: container_name: clair_clair #image: quay.io/coreos/clair:latest image: quay.io/coreos/clair-git:latest restart: unless-stopped depends_on: - postgres ports: - “6060-6061:6060-6061” links: - postgres volumes: - /tmp:/tmp - ./clair_config:/config command: [-config, /config/config.yaml]

registry: container_name: registry image: registry:2 restart: unless-stopped ports: - “5000:5000” `

Pull appears to work ok …

` docker@clairctl:~$ clairctl pull hello-world:latest --log-level debug 2017-06-04 16:07:19.617159 D | config: Using config file: /home/docker/clairctl.yml 2017-06-04 16:07:19.625274 D | dockerdist: Downloading manifest for hello-world:latest 2017-06-04 16:07:19.625920 D | dockerdist: Retrieving repository client 2017-06-04 16:07:19.626598 D | dockerdist: endpoint.TLSConfig.InsecureSkipVerify: true 2017-06-04 16:07:25.464485 D | dockerdist: manifest type: *schema2.DeserializedManifest 2017-06-04 16:07:25.464544 D | dockerdist: retrieved schema2 manifest, no verification

Image: docker.io/library/hello-world:latest 1 layers found ➜ sha256:78445dd45222097f5f8d5a16e48dc19c4ca162dcdb80010ab6f1ccfc7e2c0fa3 `

I have tried using localhost and the clair container IP as the uri: value in clairctl.yml but neither work.

nsloookup clair fails

Really not sure what else to try. I assume clair cannot communicate with clairctl. I note mention of the need for a reverse proxy but thought that came OOTB.

Help appreciated.

Regards

Fraser.

About this issue

  • Original URL
  • State: open
  • Created 7 years ago
  • Comments: 42 (8 by maintainers)

Most upvoted comments

Well spotted !

+1
jdel on Aug 3, 2017

@goffinf, @gauravjos: you can find my setup in #47

The easiest would be to clone my fork https://github.com/jdel/clairctl.git

Then cd in the directory and run IMAGE_NAME=your-hub-account/clairctl hooks/build in a terminal. This will create a clairctl container.

Mind that you will have to amend the docker-compose.yml and change the image jgsqware/clairctl image with your-hub-account/clairctl.

Then, you can run docker-compose up -d to run everything. Clair will need some time to pull all vulnerabilities list before you can use it.

Finally, you can run docker-compose exec clairctl clairctl health, docker-compose exec clairctl clairctl version, docker-compose exec clairctl clairctl push XXX… and so on.

For reference, the clair.yml config file I use is here https://github.com/jdel/clairctl/blob/master/docker-compose-data/clair-config/config.yml

+1
jdel on Jun 8, 2017
Read more comments on GitHub
← clairctl: Got permission denied while trying to connect to the Docker daemon socket
SharePlugin: NuGet error when upgrading Xamarin.Android.Support.Compat packages →