Can't pull fsLayers Error on 2.4.0

foobar888 commented 5 years ago

When I run the command line below: docker run --env-file=klar.env ############.dkr.ecr.us-east-1.amazonaws.com/klar:latest ${REGISTRY}/nifi:latest

I get the following errors:

clair timeout 1m0s
   docker timeout: 1m0s
   no whitelist file
   Can't pull fsLayers

My klar Dockerfile is defined as follow:

FROM golang:1.8-alpine as builder

RUN apk --update add git;
RUN go get -d github.com/optiopay/klar
RUN go build ./src/github.com/optiopay/klar

FROM python:alpine

RUN apk -uv add --no-cache groff jq less ca-certificates && \
    pip install --no-cache-dir awscli

COPY --from=builder /go/klar /klar

RUN aws ecr get-authorization-token --region us-east-1 && \
        eval $(aws ecr get-login --no-include-email --region us-east-1)

My klar.env is defined as follow:

CLAIR_ADDR=###.##.###.##:6060
   CLAIR_OUTPUT=High
   CLAIR_THRESHOLD=10
   DOCKER_LOGIN=`aws ecr get-login --no-include-email --region us-east-1`
   PASSWORD=`echo $DOCKER_LOGIN | cut -d' ' -f6`
   REGISTRY=`echo $DOCKER_LOGIN | cut -d' ' -f7 | sed "s/https:\/\///"`
   KLARE_TRACE=true
   DOCKER_USER=AWS

And the docker-compose.yml to run Clair/Postgres is defined as follow:

version: '2.1'
services:
  postgres:
    container_name: clair_postgres
    image: postgres:9.6
    restart: unless-stopped
    environment:
      - POSTGRES_USER=clair
      - POSTGRES_PASSWORD=clair
      - POSTGRES_DB=clair

  clair:
    container_name: clair_clair
    image: quay.io/coreos/clair:latest
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_started
    ports:
      - "6060-6061:6060-6061"
    links:
      - postgres
    volumes:
      - /tmp:/tmp
      - ./clair_config:/config
    command: [-config, /config/config.yaml]

NOTE: 1. If I docker pull the image I would like to scan, it works docker pull ############.dkr.ecr.us-east-1.amazonaws.com/nifi

2.To test all, I'm running everything in the same AWS EC2.

I wonder if it is an issue with Klar and or Clair/Postgres?

I would be grateful if someone could help me.

Thank you!

hashmap commented 5 years ago

Please update klar.env to contain KLAR_TRACE=true (without E), it seems that Klar can't connect do docker registry.

paulliss commented 4 years ago

@hashmap Thank you very much! In my case it was my fault: there was no such tag in my docker repo :)

`----> HTTP REQUEST: GET /v2/xxx/manifests/v19.11.01 HTTP/1.1 Host: xxxx.my.cloud:443 Accept: application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.v1+prettyjws Authorization: Basic xxxxxxxxxxxxxxxx

<---- HTTP RESPONSE: HTTP/1.1 404 Not Found Content-Length: 99 Connection: keep-alive Content-Type: application/json; charset=utf-8 Date: Fri, 29 Nov 2019 10:01:19 GMT Docker-Distribution-Api-Version: registry/2.0 Server: nginx/xxxxxxx X-Content-Type-Options: nosniff

{"errors":[{"code":"MANIFEST_UNKNOWN","message":"manifest unknown","detail":{"Tag":"v19.11.01"}}]} `

optiopay / klar

Can't pull fsLayers Error on 2.4.0 #141