clair returns ok

[netcat2024]

Description of Problem / Feature Request

when calling Clair it always return OK

Expected Outcome

Clair should report vulnerabilities

Actual Outcome

command: clairctl -D report ubuntu:focal

return:

2024-02-19T17:08:48+08:00 DBG enabling signing for authorities authorities=["clair-indexer:6060","clair-matcher:6060","webhook-target"]
2024-02-19T17:08:48+08:00 DBG fetching ref=ubuntu:focal
2024-02-19T17:08:48+08:00 DBG using text output
2024-02-19T17:08:50+08:00 DBG found manifest digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:08:50+08:00 DBG requesting index_report attempt=1 digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:08:55+08:00 DBG digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 method=GET path=/indexer/api/v1/index_report/sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal status="404 Not Found"
2024-02-19T17:08:55+08:00 DBG don't have needed manifest digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 manifest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:08:57+08:00 DBG found manifest digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:08:57+08:00 DBG found layers count=1 digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:08:59+08:00 DBG requesting index_report attempt=2 digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:09:00+08:00 DBG digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 method=GET path=/indexer/api/v1/index_report/sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal status="200 OK"
2024-02-19T17:09:07+08:00 DBG digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 method=POST path=/indexer/api/v1/index_report ref=ubuntu:focal status="201 Created"
2024-02-19T17:09:07+08:00 DBG setting validator digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 path=/indexer/api/v1/index_report/sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal validator="\"746c21e6e713e5208118f7d54c52e391\""
2024-02-19T17:10:02+08:00 DBG digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 method=GET path=/matcher/api/v1/vulnerability_report/sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal status="200 OK"
ubuntu:focal ok

Environment

clairctl's config.yaml

---
log_level: debug-color
introspection_addr: ":8089"
http_listen_addr: ":6060"
updaters:
  sets:
    - ubuntu
    - debian
    - rhel
    - alpine
    - osv
auth:
  psk:
    key: 'c2VjcmV0'
    iss:
      - quay
      - clairctl
indexer:
  connstring: host=clair-database user=clair dbname=indexer sslmode=disable
  scanlock_retry: 10
  layer_scan_concurrency: 5
  migrations: true
matcher:
  indexer_addr: http://clair-indexer:6060/
  connstring: host=clair-database user=clair dbname=matcher sslmode=disable
  max_conn_pool: 100
  migrations: true
matchers: {}
notifier:
  indexer_addr: http://clair-indexer:6060/
  matcher_addr: http://clair-matcher:6060/
  connstring: host=clair-database user=clair dbname=notifier sslmode=disable
  migrations: true
  delivery_interval: 30s
  poll_interval: 1m
  webhook:
    target: "http://webhook-target/"
    callback: "http://clair-notifier:6060/notifier/api/v1/notification/"
  # amqp:
  #   direct: true
  #   exchange:
  #     name: ""
  #     type: "direct"
  #     durable: true
  #     auto_delete: false
  #   uris: ["amqp://guest:guest@clair-rabbitmq:5672/"]
  #   routing_key: "notifications"
  #   callback: "http://clair-notifier/notifier/api/v1/notification"
# tracing and metrics config
trace:
  name: "jaeger"
#  probability: 1
  jaeger:
    agent:
      endpoint: "clair-jaeger:6831"
    service_name: "clair"
metrics:
  name: "prometheus"

clair : download the newest version clair and then :

cd clair-v4.7.2
docker-compose up -d

• Clair version/image: 4.72
• Clair client name/version: clairctl version v4.7.2 (claircore v1.5.19)
• Host OS: ubuntu 20.04
• Kernel (e.g. uname -a): Linux deng-VirtualBox 5.15.0-92-generic #102~20.04.1-Ubuntu SMP Mon Jan 15 13:09:14 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
• Kubernetes version (use kubectl version): n/a
• Network/Firewall setup: n/a

[hdonnay]

Please provide the Clair logs and the JSON output from clairctl.

[netcat2024]

Please provide the Clair logs and the JSON output from clairctl.

Can you tell me how to provide the Clair logs and the JSON output from clairctl ? I don't know how to collect these information.

[netcat2024]

I found the answer. change docker-compose up -d to docker-compose --profile debug up . It can report vulnerabilities.

[hdonnay]

I believe the example configuration also drifted over time; we've updated that and the documentation. Glad you got things working.