clair: Clair updates fails on RHEL
Description of Problem / Feature Request
During the database update process I’m getting the following error:
{"Event":"running database migrations","Level":"info","Location":"pgsql.go:216","Time":"2019-04-08 07:02:42.741920"}
{"Event":"database migration ran successfully","Level":"info","Location":"pgsql.go:223","Time":"2019-04-08 07:02:42.880970"}
{"Event":"starting main API","Level":"info","Location":"api.go:52","Time":"2019-04-08 07:02:42.881163","port":6060}
{"Event":"starting health API","Level":"info","Location":"api.go:85","Time":"2019-04-08 07:02:42.881275","port":6061}
{"Event":"updater service started","Level":"info","Location":"updater.go:83","Time":"2019-04-08 07:02:42.881653","lock identifier":"e95e2a0f-3d34-46be-a70a-f63e1a49a2fa"}
{"Event":"notifier service is disabled","Level":"info","Location":"notifier.go:77","Time":"2019-04-08 07:02:42.881934"}
{"Event":"updating vulnerabilities","Level":"info","Location":"updater.go:192","Time":"2019-04-08 07:02:42.884835"}
{"Event":"fetching vulnerability updates","Level":"info","Location":"updater.go:239","Time":"2019-04-08 07:02:42.884876"}
{"Event":"Start fetching vulnerabilities","Level":"info","Location":"debian.go:63","Time":"2019-04-08 07:02:42.884920","package":"Debian"}
{"Event":"Start fetching vulnerabilities","Level":"info","Location":"rhel.go:92","Time":"2019-04-08 07:02:42.885008","package":"RHEL"}
{"Event":"Start fetching vulnerabilities","Level":"info","Location":"oracle.go:119","Time":"2019-04-08 07:02:42.885032","package":"Oracle Linux"}
{"Event":"Start fetching vulnerabilities","Level":"info","Location":"alpine.go:52","Time":"2019-04-08 07:02:42.885323","package":"Alpine"}
{"Event":"Start fetching vulnerabilities","Level":"info","Location":"ubuntu.go:85","Time":"2019-04-08 07:02:42.885267","package":"Ubuntu"}
{"Event":"Failed to update RHEL","Level":"error","Location":"rhel.go:112","StatusCode":403,"Time":"2019-04-08 07:02:43.008489"}
{"Event":"an error occured when fetching update","Level":"error","Location":"updater.go:246","Time":"2019-04-08 07:02:43.008612","error":"could not download requested resource","updater name":"rhel"}
{"Event":"finished fetching","Level":"info","Location":"updater.go:253","Time":"2019-04-08 07:02:43.617969","updater name":"alpine"}
{"Event":"finished fetching","Level":"info","Location":"updater.go:253","Time":"2019-04-08 07:02:43.928346","updater name":"debian"}
Expected Outcome
Clair updates successfully
Actual Outcome
Clair exits with error.
Environment
- Clair version/image: 2.0.8
- Clair client name/version: 2.0.8
- Host OS: Docker?
- Kernel (e.g.
uname -a):
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Reactions: 5
- Comments: 18 (5 by maintainers)
Howdy folks. You’re probably seeing intermittent issues because the update is running into our rate limiter on our CDN. We deployed a change today to try to help but there may be other improvements we can make from the code side.
Looking at the Update code, it fetches the dir listing from https://www.redhat.com/security/data/oval/, matches all the com.redhat.rhsa.\d+.xml in the source, then downloads all the 2,500+ matches.
Could it instead just request https://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml or even better request https://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml.bz2 to do its update?
If it requires individual files we also deploy a tar package of them at https://www.redhat.com/security/data/oval/rhsa.tar.bz2
@KeyboardNerd @jzelinskie
Do we have any channel for communication to RHEL to see why it returns 403?
It’s really a quite intermittent error. Although the status is 4xx, it seems the server side issue and we may need some help from red hat.
Actually, the same problem happened today. So there is an element of randomness.