dspalmer99
commented
3 years ago @navzen2000 Please set the ANCHORE_VULNERABILITIES_PROVIDER env variable in the policy-engine section of your docker-compose file. This can be set to legacy to use the previous, legacy scanner, or grype to use our new next-gen vulnerability scanner.
navzen2000
Is this a request for help?:
Is this a BUG REPORT or a FEATURE REQUEST? (choose one):
Version of Anchore Engine and Anchore CLI if applicable: v1.0.0
What happened:
Policy engine exits on startup docker-compose up Creating network "anchore_default" with the default driver Creating volume "anchore_anchore-db-volume" with default driver Creating anchore_db_1 ... done Creating anchore_catalog_1 ... done Creating anchore_api_1 ... done Creating anchore_analyzer_1 ... done Creating anchore_policy-engine_1 ... done Creating anchore_queue_1 ... done Attaching to anchore_db_1, anchore_catalog_1, anchore_api_1, anchore_analyzer_1, anchore_policy-engine_1, anchore_queue_1 db_1 | The files belonging to this database system will be owned by user "postgres". db_1 | This user must also own the server process. db_1 | db_1 | The database cluster will be initialized with locale "en_US.utf8". db_1 | The default database encoding has accordingly been set to "UTF8". db_1 | The default text search configuration will be set to "english". db_1 | db_1 | Data page checksums are disabled. db_1 | db_1 | fixing permissions on existing directory /var/lib/postgresql/data ... ok db_1 | creating subdirectories ... ok db_1 | selecting default max_connections ... 100 db_1 | selecting default shared_buffers ... 128MB db_1 | selecting default timezone ... Etc/UTC db_1 | selecting dynamic shared memory implementation ... posix db_1 | creating configuration files ... ok db_1 | running bootstrap script ... ok db_1 | performing post-bootstrap initialization ... ok db_1 | syncing data to disk ... ok db_1 | db_1 | Success. You can now start the database server using: db_1 | db_1 | pg_ctl -D /var/lib/postgresql/data -l logfile start db_1 | db_1 | db_1 | WARNING: enabling "trust" authentication for local connections db_1 | You can change this by editing pg_hba.conf or using the option -A, or db_1 | --auth-local and --auth-host, the next time you run initdb. db_1 | waiting for server to start....LOG: database system was shut down at 2021-10-05 06:24:27 UTC db_1 | LOG: MultiXact member wraparound protections are now enabled db_1 | LOG: database system is ready to accept connections db_1 | LOG: autovacuum launcher started db_1 | done db_1 | server started db_1 | db_1 | /usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/* db_1 | db_1 | waiting for server to shut down...LOG: received fast shutdown request db_1 | LOG: aborting any active transactions db_1 | LOG: autovacuum launcher shutting down db_1 | .LOG: shutting down db_1 | LOG: database system is shut down db_1 | done db_1 | server stopped db_1 | db_1 | PostgreSQL init process complete; ready for start up. db_1 | db_1 | LOG: database system was shut down at 2021-10-05 06:24:28 UTC db_1 | LOG: MultiXact member wraparound protections are now enabled db_1 | LOG: autovacuum launcher started db_1 | LOG: database system is ready to accept connections db_1 | ERROR: relation "anchore" does not exist at character 355 db_1 | STATEMENT: SELECT anchore.service_version AS anchore_service_version, anchore.db_version AS anchore_db_version, anchore.created_at AS anchore_created_at, anchore.last_updated AS anchore_last_updated, anchore.record_state_key AS anchore_record_state_key, anchore.record_state_val AS anchore_record_state_val, anchore.scanner_version AS anchore_scanner_version db_1 | FROM anchore db_1 | LIMIT 1 db_1 | ERROR: relation "anchore" does not exist at character 355 db_1 | STATEMENT: SELECT anchore.service_version AS anchore_service_version, anchore.db_version AS anchore_db_version, anchore.created_at AS anchore_created_at, anchore.last_updated AS anchore_last_updated, anchore.record_state_key AS anchore_record_state_key, anchore.record_state_val AS anchore_record_state_val, anchore.scanner_version AS anchore_scanner_version db_1 | FROM anchore db_1 | LIMIT 1 db_1 | ERROR: relation "anchore" does not exist at character 355 db_1 | STATEMENT: SELECT anchore.service_version AS anchore_service_version, anchore.db_version AS anchore_db_version, anchore.created_at AS anchore_created_at, anchore.last_updated AS anchore_last_updated, anchore.record_state_key AS anchore_record_state_key, anchore.record_state_val AS anchore_record_state_val, anchore.scanner_version AS anchore_scanner_version db_1 | FROM anchore db_1 | LIMIT 1 db_1 | ERROR: relation "anchore" does not exist at character 355 db_1 | STATEMENT: SELECT anchore.service_version AS anchore_service_version, anchore.db_version AS anchore_db_version, anchore.created_at AS anchore_created_at, anchore.last_updated AS anchore_last_updated, anchore.record_state_key AS anchore_record_state_key, anchore.record_state_val AS anchore_record_state_val, anchore.scanner_version AS anchore_scanner_version db_1 | FROM anchore db_1 | LIMIT 1 db_1 | ERROR: relation "anchore" does not exist at character 355 db_1 | STATEMENT: SELECT anchore.service_version AS anchore_service_version, anchore.db_version AS anchore_db_version, anchore.created_at AS anchore_created_at, anchore.last_updated AS anchore_last_updated, anchore.record_state_key AS anchore_record_state_key, anchore.record_state_val AS anchore_record_state_val, anchore.scanner_version AS anchore_scanner_version db_1 | FROM anchore db_1 | LIMIT 1 policy-engine_1 | /usr/local/lib/python3.8/site-packages/yosai/core/conf/yosaisettings.py:100: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details. policy-engine_1 | config = yaml.load(stream) policy-engine_1 | Traceback (most recent call last): policy-engine_1 | File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/init.py", line 113, in process_preflight policy-engine_1 | fn() policy-engine_1 | File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/init.py", line 199, in init_vulnerabilities_provider policy-engine_1 | get_vulnerabilities_provider() policy-engine_1 | File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/vulns/providers.py", line 1631, in get_vulnerabilities_provider policy-engine_1 | set_provider() policy-engine_1 | File "/usr/local/lib/python3.8/site-packages/anchore_engine/services/policy_engine/engine/vulns/providers.py", line 1610, in set_provider policy-engine_1 | raise ValueError( policy-engine_1 | ValueError: No vulnerabilities->provider found in the policy-engine configuration, set the provider in your helm chart or docker-compose.yaml policy-engine_1 | Creating DB Tables policy-engine_1 | DB Tables created policy-engine_1 | [MainThread] [anchore_manager.cli.service/start()] [INFO] Loading DB routines from module (anchore_engine) policy-engine_1 | [MainThread] [anchore_manager.util.db/connect_database()] [INFO] DB params: {"db_connect_args": {"connect_timeout": 86400}, "db_pool_size": 30, "db_pool_max_overflow": 100, "db_echo": false, "db_engine_args": null} policy-engine_1 | [MainThread] [anchore_manager.util.db/connect_database()] [INFO] DB connection configured: True policy-engine_1 | [MainThread] [anchore_manager.util.db/connect_database()] [INFO] DB attempting to connect... policy-engine_1 | [MainThread] [anchore_manager.util.db/connect_database()] [INFO] DB connected: True policy-engine_1 | [MainThread] [anchore_manager.util.db/init_database()] [INFO] DB compatibility check: running... policy-engine_1 | [MainThread] [anchore_manager.util.db/init_database()] [INFO] DB compatibility check success policy-engine_1 | [MainThread] [anchore_engine.db.entities.upgrade/get_versions()] [INFO] anchore table not found policy-engine_1 | [MainThread] [anchore_manager.util.db/init_database()] [INFO] DB not initialized: initializing tables... policy-engine_1 | [MainThread] [anchore_manager.util.db/init_database()] [INFO] DB post actions: running... policy-engine_1 | [MainThread] [anchore_manager.cli.service/start()] [INFO] DB version and code version in sync. policy-engine_1 | [MainThread] [anchore_manager.cli.service/start()] [INFO] Starting services: ['anchore-policy-engine'] policy-engine_1 | [MainThread] [anchore_manager.cli.service/terminate_service()] [INFO] Looking for pre-existing service (anchore-policy-engine) pid from pidfile (/var/run/anchore/anchore-policy-engine.pid) policy-engine_1 | [anchore-policy-engine] [anchore_manager.cli.service/startup_service()] [INFO] cleaning up service: anchore-policy-engine policy-engine_1 | [MainThread] [anchore_manager.cli.service/start()] [INFO] waiting for service pidfile /var/run/anchore/anchore-policy-engine.pid to exist 0/30 policy-engine_1 | [anchore-policy-engine] [anchore_manager.cli.service/terminate_service()] [INFO] Looking for pre-existing service (anchore-policy-engine) pid from pidfile (/var/run/anchore/anchore-policy-engine.pid) policy-engine_1 | [anchore-policy-engine] [anchore_manager.cli.service/startup_service()] [INFO] starting service: anchore-policy-engine policy-engine_1 | [anchore-policy-engine] [anchore_manager.cli.service/startup_service()] [INFO] /usr/local/bin/twistd --logger=anchore_engine.subsys.twistd_logger.logger --pidfile /var/run/anchore/anchore-policy-engine.pid -n anchore-policy-engine --config /config policy-engine_1 | [MainThread] [anchore_manager.cli.service/start()] [INFO] waiting for service pidfile /var/run/anchore/anchore-policy-engine.pid to exist 1/30 policy-engine_1 | [MainThread] [anchore_manager.cli.service/start()] [INFO] waiting for service pidfile /var/run/anchore/anchore-policy-engine.pid to exist 2/30 policy-engine_1 | Traceback (most recent call last): policy-engine_1 | File "/usr/local/lib/python3.8/site-packages/anchore_manager/cli/service.py", line 200, in startup_service policy-engine_1 | raise Exception("process exited: " + str(rc)) policy-engine_1 | Exception: process exited: 1 policy-engine_1 | [anchore-policy-engine] [anchore_manager.cli.service/startup_service()] [ERROR] service process exited at (Tue Oct 5 06:24:32 2021): process exited: 1 policy-engine_1 | [anchore-policy-engine] [anchore_manager.cli.service/startup_service()] [FATAL] Could not start service due to: process exited: 1 policy-engine_1 | [anchore-policy-engine] [anchore_manager.cli.service/startup_service()] [INFO] exiting service thread policy-engine_1 | [MainThread] [anchore_manager.cli.service/start()] [INFO] waiting for service pidfile /var/run/anchore/anchore-policy-engine.pid to exist 3/30 policy-engine_1 | [MainThread] [anchore_manager.cli.service/start()] [INFO] service thread has stopped anchore-policy-engine policy-engine_1 | [MainThread] [anchore_manager.cli.service/start()] [INFO] auto_restart_services setting: False policy-engine_1 | [MainThread] [anchore_manager.cli.service/start()] [INFO] checking for startup failure pidfile=False, is_alive=False policy-engine_1 | [MainThread] [anchore_manager.cli.service/start()] [WARN] service start failed - exception: service thread for (anchore-policy-engine) failed to start policy-engine_1 | [MainThread] [anchore_manager.cli.service/start()] [FATAL] one or more services failed to start. cleanly terminating the others policy-engine_1 | [MainThread] [anchore_manager.cli.service/terminate_service()] [INFO] Looking for pre-existing service (anchore-policy-engine) pid from pidfile (/var/run/anchore/anchore-policy-engine.pid) anchore_policy-engine_1 exited with code 1
What did you expect to happen:
Any relevant log output from /var/log/anchore:
What docker images are you using:
How to reproduce the issue:
Anything else we need to know: