could not find layer about clair-scanner HOT 12 CLOSED

I ran into this issue today, but while using CentOS 7. Make sure you open port 9279/tcp using something like the command below:
sudo firewall-cmd --zone=public --add-port=9729/tcp --permanent
sudo firewall-cmd --reload
This did the trick. An alternative to the above would be to change the listening port in server.go and then open the corresponding port in the firewall.

from clair-scanner.

I haven't tested it (I am on osx) but something like this should work I think on Linux:

docker run --net=host -d --name db arminc/clair-db:2017-09-18
docker run --net=host --add-host postgres:127.0.0.1 -d --name clair --net=host arminc/clair-local-scan:v2.0.1
./clair-scanner nginx:1.11.6-alpine example-nginx.yaml http://127.0.0.1:6060 127.0.0.1

from clair-scanner.

If you are running on OSX you will need to provide the ip address of the "en0" adapter because the ip 127.0.0.1 and localhost inside 'clair-local-scan' is inside the container and not actually your OSX.

I see you use linux, but the problem is the same. Use the ip of your 'eth0' or whatever your network interface is :)

from clair-scanner.

I am getting the same error, here are the logs from the clair docker container:
$docker logs clair
{"Event":"running database migrations","Level":"info","Location":"pgsql.go:216","Time":"2017-09-19 16:35:38.523420"}
{"Event":"database migration ran successfully","Level":"info","Location":"pgsql.go:223","Time":"2017-09-19 16:35:38.531607"}
{"Event":"notifier service is disabled","Level":"info","Location":"notifier.go:77","Time":"2017-09-19 16:35:38.532130"}
{"Event":"starting main API","Level":"info","Location":"api.go:52","Time":"2017-09-19 16:35:38.532210","port":6060}
{"Event":"starting health API","Level":"info","Location":"api.go:85","Time":"2017-09-19 16:35:38.532406","port":6061}
{"Event":"updater service started","Level":"info","Location":"updater.go:80","Time":"2017-09-19 16:35:38.532521","lock identifier":"84baf63e-c944-4577-b9c9-e67326dc8940"}
{"Event":"updating vulnerabilities","Level":"info","Location":"updater.go:167","Time":"2017-09-19 16:35:38.546804"}
{"Event":"fetching vulnerability updates","Level":"info","Location":"updater.go:213","Time":"2017-09-19 16:35:38.546865"}
{"Event":"Start fetching vulnerabilities","Level":"info","Location":"ubuntu.go:88","Time":"2017-09-19 16:35:38.546931","package":"Ubuntu"}
{"Event":"Start fetching vulnerabilities","Level":"info","Location":"alpine.go:52","Time":"2017-09-19 16:35:38.560280","package":"Alpine"}
{"Event":"Start fetching vulnerabilities","Level":"info","Location":"debian.go:63","Time":"2017-09-19 16:35:38.567972","package":"Debian"}
{"Event":"Start fetching vulnerabilities","Level":"info","Location":"oracle.go:119","Time":"2017-09-19 16:35:38.572712","package":"Oracle Linux"}
{"Event":"Start fetching vulnerabilities","Level":"info","Location":"rhel.go:92","Time":"2017-09-19 16:35:38.580827","package":"RHEL"}
{"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2017-09-19 16:35:39.860133","updater name":"rhel"}
{"Event":"Debian buster is not mapped to any version number (eg. Jessie-\u003e8). Please update me.","Level":"warning","Location":"debian.go:128","Time":"2017-09-19 16:35:46.040817"}
{"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2017-09-19 16:35:46.041034","updater name":"debian"}
{"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2017-09-19 16:35:49.093775","updater name":"oracle"}
{"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2017-09-19 16:35:57.578649","updater name":"alpine"}
{"Event":"could not download layer","Level":"warning","Location":"driver.go:129","Time":"2017-09-19 16:39:03.540543","error":"Get http://localhost:9279/fa8c9564107436d9aebe3909e91b41a08d5cd910535fdc05a6a620db677d13b3/layer.tar: dial tcp 127.0.0.1:9279: getsockopt: connection refused"}
{"Event":"failed to extract data from path","Level":"error","Location":"worker.go:122","Time":"2017-09-19 16:39:03.540614","error":"could not find layer","layer":"fa8c9564107436d9aebe3909e91b41a08d5cd910535fdc05a6a620db677d13b3","path":"http://localhost:9279/fa8c9564107436d9aebe3909e91b41a08d5cd910535fdc05a6a620db677d13b3/layer.tar"}
{"Event":"Handled HTTP request","Level":"info","Location":"router.go:57","Time":"2017-09-19 16:39:03.540969","elapsed time":33454970,"method":"POST","remote addr":"172.17.0.1:49340","request uri":"/v1/layers","status":"400"}
{"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2017-09-19 16:39:19.543548","updater name":"ubuntu"}
{"Event":"adding metadata to vulnerabilities","Level":"info","Location":"updater.go:253","Time":"2017-09-19 16:39:19.543730"}
{"Event":"fetcher note","Level":"warning","Location":"updater.go:189","Time":"2017-09-19 16:43:24.495869","note":"Debian buster is not mapped to any version number (eg. Jessie-\u003e8). Please update me."}
{"Event":"fetcher note","Level":"warning","Location":"updater.go:189","Time":"2017-09-19 16:43:24.495919","note":"Ubuntu precise/esm is not mapped to any version number (eg. trusty-\u003e14.04). Please update me."}
{"Event":"update finished","Level":"info","Location":"updater.go:198","Time":"2017-09-19 16:43:24.497495"}
{"Event":"could not download layer","Level":"warning","Location":"driver.go:129","Time":"2017-09-19 16:49:17.652293","error":"Get http://localhost:9279/fa8c9564107436d9aebe3909e91b41a08d5cd910535fdc05a6a620db677d13b3/layer.tar: dial tcp 127.0.0.1:9279: getsockopt: connection refused"}
{"Event":"failed to extract data from path","Level":"error","Location":"worker.go:122","Time":"2017-09-19 16:49:17.652354","error":"could not find layer","layer":"fa8c9564107436d9aebe3909e91b41a08d5cd910535fdc05a6a620db677d13b3","path":"http://localhost:9279/fa8c9564107436d9aebe3909e91b41a08d5cd910535fdc05a6a620db677d13b3/layer.tar"}
{"Event":"Handled HTTP request","Level":"info","Location":"router.go:57","Time":"2017-09-19 16:49:17.652515","elapsed time":427421471,"method":"POST","remote addr":"172.17.0.1:49382","request uri":"/v1/layers","status":"400"}
{"Event":"could not download layer","Level":"warning","Location":"driver.go:129","Time":"2017-09-19 17:12:48.988776","error":"Get http://127.0.0.2:9279/fa8c9564107436d9aebe3909e91b41a08d5cd910535fdc05a6a620db677d13b3/layer.tar: dial tcp 127.0.0.2:9279: getsockopt: connection refused"}
{"Event":"failed to extract data from path","Level":"error","Location":"worker.go:122","Time":"2017-09-19 17:12:48.988838","error":"could not find layer","layer":"fa8c9564107436d9aebe3909e91b41a08d5cd910535fdc05a6a620db677d13b3","path":"http://127.0.0.2:9279/fa8c9564107436d9aebe3909e91b41a08d5cd910535fdc05a6a620db677d13b3/layer.tar"}
{"Event":"Handled HTTP request","Level":"info","Location":"router.go:57","Time":"2017-09-19 17:12:48.989254","elapsed time":2070749,"method":"POST","remote addr":"172.17.0.1:49392","request uri":"/v1/layers","status":"400"}

from clair-scanner.

Context to add to the complexity of debugging: I am running a ubuntu 16.04 VM inside virtualbox on my windows host. Inside the Ubuntu VM I am running docker 17.05.

I modified the end ip address for clair-scanner and it appears to have conducted a scan, but I am unsure how I am supposed to get the results now? For your reference I ran two commands, one is a personal docker container:
clair-scanner alpine blankwhitelist.yaml http://localhost:6060 10.0.2.15
clair-scanner joeyn414/centosgauntlt blankwhitelist.yaml http://localhost:6060 10.0.2.15

blankwhitelist.yaml is just blank, its only there because you appear to require a file.

from clair-scanner.

It does not matter as long as you run everything in linux. When you run the scan, for example alpine, you will get a response commandline telling you which CVE's are present (as long as they are not whitelisted in the yaml).
For example the output of the above two containers is:

$ ./clair-scanner alpine empty.yaml http://ip:6060 ip
2017-09-20 08:21:59.644498 I | Analyzing 693bdf455e7bf0952f8a4539f9f96aa70c489ca239a7dbed0afb481c87cbe131
2017-09-20 08:21:59.655602 I | Image contains unapproved vulnerabilities: [CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843]

Or your own docker container:

./clair-scanner joeyn414/centosgauntlt empty.yaml http://ip:6060 ip
2017-09-20 08:30:01.019036 I | Analyzing 52fd088917739a96f23826a3c6ef98c465e7dd34a688a52752077da0903a638f
2017-09-20 08:30:07.123831 I | Analyzing afc532cb6eb99801c8f1d60780ff852f57415a5567319c2714c9c2f27d9dac18
2017-09-20 08:30:22.658011 I | Image contains unapproved vulnerabilities: [RHSA-2017:1860 RHSA-2017:1916 RHSA-2017:1916 RHSA-2017:0906 RHSA-2017:2479 RHSA-2017:1916 RHSA-2017:2029 RHSA-2017:2473 RHSA-2017:2679 RHSA-2017:1842 RHSA-2017:0372 RHSA-2017:1916 RHSA-2017:2016 RHSA-2017:1852 RHSA-2017:0906 RHSA-2017:2479 RHSA-2017:2004 RHSA-2017:2484 RHSA-2017:1931 RHSA-2017:0906 RHSA-2017:2479 RHSA-2017:2016 RHSA-2017:1868 RHSA-2017:2029 RHSA-2017:1868 RHSA-2017:2016 RHSA-2017:2004 RHSA-2017:2484 RHSA-2017:1852]

from clair-scanner.

Excellent thank you for the clarification, I was expecting a report to be dropped somewhere but this works just fine for my purposes.

Great work getting this working!

from clair-scanner.

I am glad it works.

from clair-scanner.

@arminc Should the documentation be updated?

from clair-scanner.

@030 what is missing? You mean the explanation regarding "localhost"?

from clair-scanner.

For me it was the port 9279 which required firewall open.
firewall-cmd --zone=public --add-port=9279/tcp --permanent

from clair-scanner.

I ran into this issue today, but while using CentOS 7. Make sure you open port 9279/tcp using something like the command below: sudo firewall-cmd --zone=public --add-port=9729/tcp --permanent sudo firewall-cmd --reload This did the trick. An alternative to the above would be to change the listening port in server.go and then open the corresponding port in the firewall.

It's exectly this reason, thx.

from clair-scanner.