I am trying to run atomic scanner behind our corporate proxy but it fails with a "Network is unreachable" error. I have added our proxy details to the/etc/atomic.conf
# Default identity for signing images
# default_signer:
# Absolute path to GPG keyring. Value set as environment variable GNUPGHOME
#gnupg_homedir: /home/USER/.gnupg
#
\ # To always use a proxy with atomic, you can uncomment and fill out
# below.
#
http_proxy: http://server:80
https_proxy: http://server.com:80
no_proxy:
docker run -t --rm -v /etc/localtime:/etc/localtime -v /run/atomic/2019-03-18-11-34-31-009787:/scanin -v /var/lib/atomic/openscap/2019-03-18-11-34-31-009787:/scanout:rw,Z -v /etc/oscapd:/etc/oscapd:ro registry.access.redhat.com/rhel7/openscap oscapd-evaluate scan --no-standard-compliance --targets chroots-in-dir:///scanin --output /scanout -j1
Created /run/atomic/2019-03-18-11-34-31-009787/26aa6fc8812192182fd7b8a7555456f27ef889b1cc367d76ab5f584e112dd5e0
Mounted 26aa6fc8812192182fd7b8a7555456f27ef889b1cc367d76ab5f584e112dd5e0 to /run/atomic/2019-03-18-11-34-31-009787/26aa6fc8812192182fd7b8a7555456f27ef889b1cc367d76ab5f584e112dd5e0
Creating the output dir at /var/lib/atomic/openscap/2019-03-18-11-34-31-009787
INFO:OpenSCAP Daemon one-off evaluator 0.1.10
INFO:Autodetected "oscap" in path "/usr/bin/oscap".
INFO:Autodetected "oscap-ssh" in path "/usr/bin/oscap-ssh".
INFO:Autodetected "oscap-vm" in path "/usr/bin/oscap-vm".
INFO:Autodetected "oscap-docker" in path "/usr/bin/oscap-docker".
INFO:Autodetected "oscap-chroot" in path "/usr/bin/oscap-chroot".
WARNING:Can't import the 'docker' package. Direct container scanning via oscap-docker will be disabled.
INFO:Autodetected SCAP content at "/usr/share/openscap/cpe/openscap-cpe-oval.xml".
INFO:Autodetected SCAP content in path "/usr/share/xml/scap/ssg/content".
INFO:Creating tasks directory at '/var/lib/oscapd/tasks' because it didn't exist.
INFO:Creating results directory at '/var/lib/oscapd/results' because it didn't exist.
INFO:Creating results work in progress directory at '/var/lib/oscapd/work_in_progress' because it didn't exist.
INFO:Evaluated EvaluationSpec, exit_code=0.
ERROR:Failed to scan target 'chroot:///scanin/26aa6fc8812192182fd7b8a7555456f27ef889b1cc367d76ab5f584e112dd5e0' for vulnerabilities.
Traceback (most recent call last):
File "/usr/bin/oscapd-evaluate", line 146, in scan_worker
es.evaluate(config)
File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 521, in evaluate
wip_result = self.evaluate_into_dir(config)
File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 518, in evaluate_into_dir
return oscap_helpers.evaluate(self, config)
File "/usr/lib/python2.7/site-packages/openscap_daemon/oscap_helpers.py", line 323, in evaluate
args = get_evaluation_args(spec, config)
File "/usr/lib/python2.7/site-packages/openscap_daemon/oscap_helpers.py", line 298, in get_evaluation_args
ret.extend(spec.get_oscap_arguments(config))
File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 482, in get_oscap_arguments
ret.append(config.get_cve_feed(self.get_cpe_ids(config)))
File "/usr/lib/python2.7/site-packages/openscap_daemon/config.py", line 460, in get_cve_feed
return self.cve_feed_manager.get_cve_feed(cpe_ids)
File "/usr/lib/python2.7/site-packages/openscap_daemon/cve_feed_manager.py", line 212, in get_cve_feed
return self.get_rhel_cve_feed(7)
File "/usr/lib/python2.7/site-packages/openscap_daemon/cve_feed_manager.py", line 168, in get_rhel_cve_feed
if self._is_cache_same(local_file, remote_url):
File "/usr/lib/python2.7/site-packages/openscap_daemon/cve_feed_manager.py", line 112, in _is_cache_same
res = opener.open(CVEFeedManager.HeadRequest(remote_url))
File "/usr/lib64/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/usr/lib64/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/usr/lib64/python2.7/urllib2.py", line 1258, in https_open
context=self._context, check_hostname=self._check_hostname)
File "/usr/lib64/python2.7/urllib2.py", line 1214, in do_open
raise URLError(err)
URLError: <urlopen error [Errno 101] Network is unreachable>
Hi All
I am trying to run atomic scanner behind our corporate proxy but it fails with a "Network is unreachable" error. I have added our proxy details to the/etc/atomic.conf
/etc/atomic.conf
ERROR: atomic --debug scan myregistry/myimage:latest