clairctl icon indicating copy to clipboard operation
clairctl copied to clipboard
verified publisher icon jgsqware

Can not push/analyze images with tag

Open deshui123 opened this issue 7 years ago • 5 comments

@jgsqware @jzelinskie I can not push local images with tag, even the tag is latest.

[root@clair-1 ~/clair/clairctl-master]$ docker-compose exec clairctl clairctl push -l docker.io/registry:2.5.1 --log-level Debug
2018-02-05 08:34:06.862922 D | config: Using config file: /home/clairctl/clairctl.yml
2018-02-05 08:34:06.863115 I | config: retrieving interface for local IP
2018-02-05 08:34:06.863124 D | config: interface provided, looking for eth0
2018-02-05 08:34:06.863387 D | server: Update local server port from "0" to "45399"
2018-02-05 08:34:06.863400 I | server: Starting Server on 172.18.0.4:45399
2018-02-05 08:34:06.868583 D | dockercli: docker image to save: registry:2.5.1
2018-02-05 08:34:06.868595 D | dockercli: saving in: /tmp/clairctl/registry/blobs
2018-02-05 08:34:09.506264 I | config: retrieving interface for local IP
2018-02-05 08:34:09.506286 D | config: interface provided, looking for eth0
2018-02-05 08:34:09.506441 I | clair: using http://172.18.0.4:45399/local as local url
2018-02-05 08:34:09.506454 I | clair: Pushing Layer 1/5 [aa9d9d620aa9]
2018-02-05 08:34:09.506577 D | clair: Saving aa9d9d620aa919ec1eed39cfe8a9d925c8185a15ec16a3ff17a609dfd81d8030[https://registry-1.docker.io/v2]
2018-02-05 08:34:09.547085 I | clair: adding layer 1/5 [aa9d9d620aa9]: receiving http error: 400
client quit unexpectedly
2018-02-05 08:34:09.547108 C | cmd: pushing image "registry:2.5.1": receiving http error: 400

We can see that dockercli save image to the path /tmp/clairctl/registry/blobs While from the clairctl logs, we can see that it will check path docker.io/library/registry/blobs

{"Event":"processing layer","Level":"debug","Location":"worker.go:73","Time":"2018-02-05 08:34:09.543307","engine version":3,"format":"Docker","layer":"aa9d9d620aa919ec1eed39cfe8a9d925c8185a15ec16a3ff17a609dfd81d8030","parent layer":"","path":"**http://172.18.0.4:45399/local/docker.io/library/registry/blobs**/aa9d9d620aa919ec1eed39cfe8a9d925c8185a15ec16a3ff17a609dfd81d8030/layer.tar"}
{"Event":"could not download layer: expected 2XX","Level":"warning","Location":"driver.go:135","Time":"2018-02-05 08:34:09.545893","status code":404}
{"Event":"failed to extract data from path","Level":"error","Location":"worker.go:122","Time":"2018-02-05 08:34:09.546014","error":"could not find layer","layer":"aa9d9d620aa919ec1eed39cfe8a9d925c8185a15ec16a3ff17a609dfd81d8030","path":"http://172.18.0.4:45399/local/docker.io/library/registry/blobs/aa9d9d620aa919ec1eed39cfe8a9d925c8185a15ec16a3ff17a609dfd81d8030/layer.tar"}
{"Event":"Handled HTTP request","Level":"info","Location":"router.go:57","Time":"2018-02-05 08:34:09.546877","elapsed time":3645575,"method":"POST","remote addr":"172.18.0.4:41312","request uri":"/v1/layers","status":"400"}

If i push image without tag, it will push successfully. If i push image with gcr.io and with tag, such as gcr.io/google-containers/etcd-amd64:3.0.17 , it also push successfully.

I found that push image with tag, the path will be http://172.18.0.4:34694/local/docker.io/library/redis/blobs/******* While push image without tag, the path will be http://172.18.0.4:39827/local//redis/blobs/****** Could you please help to explain the logical and how to fix this issue?

deshui123 avatar Feb 05 '18 02:02 deshui123

Hello, thanks for reporting this. There is a known bug (cannot remember which issue is already opened for this) in the URL parsing.

I meant to work on this but I've had no time at all.

jdel avatar Feb 08 '18 13:02 jdel

Hello,

is there any update on this issue?

From my limited understanding of the issue the problem seems to be in: https://github.com/jgsqware/clairctl/blob/f7d6e75179436490ca2c2eebff5010a37cb2fecd/docker/dockercli/dockercli.go#L74-L75

It should save the image like this: ${tempdir}/docker.io/library/ubuntu/ It does save the image instead like this: ${tempdir}/ubuntu/ For custom registries it does it correctly: ${tempdir}/registry.internal/namespace/name/

I also tried to use the full name of the image, but this does not fix the issue: clairctl --log-level debug push -l docker.io/library/ubuntu:14.04

lukeb2e avatar Mar 07 '18 10:03 lukeb2e

Can you try with this branch? https://github.com/jgsqware/clairctl/tree/fix-temp-path

jgsqware avatar Mar 07 '18 14:03 jgsqware

You remove the dots which should still be there and you append the tag which is not needed.

Image is saved in ${tempdir}/docker_io/library/ubuntu/14_04/blobs/, but is expected in http://127.0.0.1:40769/local/docker.io/library/ubuntu/blobs/.

I edited your tempImagePath: https://github.com/glookie1/clairctl/tree/fix-temp-path

This is tested with the ubuntu:14.04 image and works now.

lukeb2e avatar Mar 08 '18 06:03 lukeb2e

Hi @jgsqware

I encounter the same issue from master branch. Would you consider merge the fix to master and update the installation to S3?

cchung100m avatar Sep 26 '19 07:09 cchung100m