clair-scanner icon indicating copy to clipboard operation
clair-scanner copied to clipboard
verified publisher icon arminc

POST to Clair failed to Post

Open jamatute opened this issue 7 years ago • 4 comments

I'm trying to scan an image with clair-scanner and I get the following error:

$ clair-scanner -c http://{{ clair_url }} alpine:3.5
2018/01/25 10:54:48 [INFO] ▶ Start clair-scanner
2018/01/25 10:54:48 [INFO] ▶ Server listening on port 9279
2018/01/25 10:54:48 [INFO] ▶ Analyzing a53e65bf86af4e96e87dc34c40d99d8b25676fb6ccf2c10ec2d1d286c24877b7
2018/01/25 10:55:18 [CRIT] ▶ Could not analyze layer: POST to Clair failed Post http://{{ clair_url }}: dial tcp {{ clair_server_ip }}:80: i/o timeout

The server is listening in the default clair ports 6060 and 6061, and not 80. I've tried setting the clair_url as http://{{ clair_url }}:6060 or http://{{ clair_url }}:6061 but it doesn't work either.

klar works flawlessly

$ CLAIR_ADDR=http://{{ clair_url }} klar alpine:3.5
Analysing 1 layers
Got results from Clair API v1
Found 0 vulnerabilities

jamatute avatar Jan 25 '18 11:01 jamatute

Having a similar issue running it in a Docker container on gitlab.

clair.log

2018/04/11 09:01:38 [INFO] ▶ Start clair-scanner
2018/04/11 09:01:44 [INFO] ▶ Server listening on port 9279
2018/04/11 09:01:44 [INFO] ▶ Analyzing 7cc0b9f49c1e6f61e550d04a22f528374b098420189abf861cb691b3878f40f4
2018/04/11 09:01:44 [CRIT] ▶ Could not analyze layer: POST to Clair failed Post http://docker:6060/v1/layers: dial tcp 172.17.0.6:6060: getsockopt: connection refused

mdix avatar Apr 11 '18 09:04 mdix

I have problems with alpine too, is it supported?

#63

ghost avatar Jun 30 '19 06:06 ghost

Try to set the --ip parameter of clair-scanner to your external IP rather than default localhost (caution: --ip is for the client IP, --clair is for server IP):

own_ip=$(hostname -i)
clair-scanner --clair=$clair_ip --ip=$own_ip ubuntu:latest

mirekphd avatar Dec 10 '19 19:12 mirekphd

I got the i/o timeout error even with correct IP and port, when I moved a working script with clair-scanner from the host to a container (jenkins/jenkins):

2019/12/11 09:26:48 [CRIT] ▶ Could not analyze layer: POST to Clair failed Post http://<clair-container-ip-in-my-clair-network>:6060/v1/layers: dial tcp <clair-container-ip-in-my-clair-network>:6060: i/o timeout

When I tried to curl http://<clair-container-ip-in-my-clair-network>:6060 I could connect only from the host, but not from the jenkins container.

I solved the problem by ensuring that jenkins container joined the same docker network that Clair container and Postgres container (docker run --network=my-clair-network [...] jenkins/jenkins), so that jenkins container received IP in the same private subnet as Clair (and Postgres), and curl to Clair's endpoint started working within jenkins container and clair-scanner could be run normally by Jenkins during automated builds :)

mirekphd avatar Dec 11 '19 11:12 mirekphd