Closed ytooyama closed 2 years ago
this issue may due to your network config environment. please refer to this for more details:
Tried fresh deploying harbor 2.5.1 with offline installer in my vm, there is no such error:
2022-06-23T06:26:03Z [ERROR] [/pkg/scan/job.go:292]: check scan report with mime type application/vnd.security.vulnerability.report; version=1.1: running trivy wrapper: running trivy: exit status 1: 2022-06-23T06:25:08.560Z �[34mINFO�[0m Need to update DB
2022-06-23T06:25:08.560Z �[34mINFO�[0m DB Repository: ghcr.io/aquasecurity/trivy-db
2022-06-23T06:25:08.560Z �[34mINFO�[0m Downloading DB...
2022-06-23T06:26:02.822Z �[31mFATAL�[0m DB error: failed to download vulnerability DB: OCI artifact error: OCI artifact error: OCI repository error: Get "https://ghcr.io/v2/": net/http: TLS handshake timeout
: general response handler: unexpected status code: 500, expected: 200
@ytooyama could you try to set proxy for trivy and see if it works, i.e.
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- trivy
@zyyw Thanks. I'll try that.
It was already set up.
# Global proxy
# Config http proxy for components, e.g. http://my.proxy.com:3128
# Components doesn't need to connect to each others via http proxy.
# Remove component from `components` array if want disable proxy
# for it. If you want use proxy for replication, MUST enable proxy
# for core and jobservice, and set `http_proxy` and `https_proxy`.
# Add domain to the `no_proxy` field, when you want disable proxy
# for some special registry.
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- trivy
Reference information:
I have set up Firewalled.
]# dnf install firewalld bind-utils
]# systemctl enable --now firewalld
]# firewall-cmd --zone=trusted --add-interface=docker0 --permanent
]# firewall-cmd --reload
On the Docker Host, DNS name resolution is available!
]# nslookup ghcr.io
Server: 1.1.1.1
Address: 1.1.1.1#53
Non-authoritative answer:
Name: ghcr.io
Address: 3.114.109.192
But, It seems that ghcr.io cannot respond inside the container.
]# docker run busybox nslookup ghcr.io
Server: 1.1.1.1
Address: 1.1.1.1:53
Non-authoritative answer:
*** Can't find ghcr.io: No answer
Set The dnf params (on the docker Host).
]# cat /etc/docker/daemon.json
{
"dns": [
"8.8.8.8", "8.8.4.4"
],
"dns-opts": [
"timeout:2"
]
}
]# systemctl restart docker
Didn't resolve.
]# docker run busybox nslookup ghcr.io
Server: 8.8.8.8
Address: 8.8.8.8:53
Non-authoritative answer:
*** Can't find ghcr.io: No answer
]# docker run busybox nslookup google.com
Server: 8.8.8.8
Address: 8.8.8.8:53
Non-authoritative answer:
Name: google.com
Address: 2404:6800:4004:81f::200e
*** Can't find google.com: No answer
Hmm ...It seems that ghcr.io cannot respond inside the container.
I had a problem trying to run trivy with docker and may need to fix this issue.
Sorry. I was trying to run it on Docker in an OpenStack instance. It looks like this is the same symptom, I needed to adjust the MTU.
https://platform9.com/kb/openstack/no-connectivity-to-docker-containers-within-instance
Set up again from scratch.
Expected behavior and actual behavior: Trivy Scan does not work
Steps to reproduce the problem: Please provide the steps to reproduce this problem.
Installation environment:
Installation procedure:
Install the Harbor:
Go Harbor UI. Scan the Image, Then Result
Versions: Please specify the versions of following systems.
Additional context:
harbor.yml
and files in the same directory, including subdirectory./var/log/harbor/
.