VIC disk space is filled by Clair service
Article ID: 342407
Updated On:
Products
Issue/Introduction
- VIC Appliance runs out of disk space due to the Clair Service.
- In the /var/log/harbor/<YYYY-MM-DD>/clair.log file, you see similar entries showing failed attempts to update from the tracker registry URLs:
certificate signed by unknown authority"}
Sep 28 13:58:22 172.18.0.1 clair[363]: {"Event":"an error occured when fetching update","Level":"error","Location":"updater.go:220","Time":"2017-09-28 13:58:22.2
19353","error":"could not download requested resource","updater name":"rhel"}
Sep 28 13:58:22 172.18.0.1 clair[363]: {"Event":"could not download Oracle's update list","Level":"error","Location":"oracle.go:134","Time":"2017-09-28 13:58:22.249759","error":"Get https://linux.oracle.com/oval/: x509: certificate signed by unknown authority"}
Sep 28 13:58:22 172.18.0.1 clair[363]: {"Event":"an error occured when fetching update","Level":"error","Location":"updater.go:220","Time":"2017-09-28 13:58:22.249838","error":"could not download requested resource","updater name":"oracle"}
Sep 28 13:58:22 172.18.0.1 clair[363]: {"Event":"could not download Debian's update","Level":"error","Location":"debian.go:68","Time":"2017-09-28 13:58:22.277549","error":"Get https://security-tracker.debian.org/tracker/data/json: x509: certificate signed by unknown authority"}
Sep 28 13:58:22 172.18.0.1 clair[363]: {"Event":"an error occured when fetching update","Level":"error","Location":"updater.go:220","Time":"2017-09-28 13:58:22.277577","error":"could not download requested resource","updater name":"debian"}
Sep 28 13:58:22 172.18.0.1 clair[363]: {"Event":"could not branch Ubuntu repository","Level":"error","Location":"ubuntu.go:177","Time":"2017-09-28 13:58:22.655789","error":"exit status 3","output":"\nSee `bzr help ssl.ca_certs` for how to specify trusted CAcertificates.\nPass -Ossl.cert_reqs=none to disable certificate verification entirely.\n\nbzr: ERROR: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)\n"}
Sep 28 13:58:22 172.18.0.1 clair[363]: {"Event":"an error occured when fetching update","Level":"error","Location":"updater.go:220","Time":"2017-09-28 13:58:22.655844","error":"could not download requested resource","updater name":"ubuntu"}
Sep 28 13:58:22 172.18.0.1 clair[363]: {"Event":"could not pull alpine-secdb repository","Level":"error","Location":"alpine.go:186","Time":"2017-09-28 13:58:22.859488","error":"exit status 128","output":"Cloning into '.'...\nfatal: unable to access 'https://git.alpinelinux.org/cgit/alpine-secdb/': SSL certificate problem: unable to get local issuer certificate\n"}
Sep 28 13:58:22 172.18.0.1 clair[363]: {"Event":"an error occured when fetching update","Level":"error","Location":"updater.go:220","Time":"2017-09-28 13:58:22.859608","error":"could not download requested resource","updater name":"alpine"}
- In the /var/log/harbor/<YYYY-MM-DD>/clair-db.log file, you see entries similar to:
Sep 28 00:10:52 172.18.0.1 clair-db[368]: LOG: could not fork autovacuum worker process: Resource temporarily unavailable
Sep 28 00:10:53 172.18.0.1 clair-db[368]: LOG: could not fork autovacuum worker process: Resource temporarily unavailable
Sep 28 00:11:22 172.18.0.1 clair-db[368]: message repeated 29 times: [ LOG: could not fork autovacuum worker process: Resource temporarily unavailable]
Environment
VMware vSphere Integrated Containers 1.x
Cause
This issue occurs because the Clair service is not connected to the tracker repository URLs to initialize the vulnerability database correctly.
Resolution
To resolve this issue, ensure to deploy the VIC Appliance on a network that can connect to the internet and download the updates for the vulnerability database creation.
Feedback
