[Platformone] FW: [Non-DoD Source] Fwd: Twistlock Image Scanning issue

Mike Knoth mike.knoth at g2-inc.com
Sun Dec 15 00:05:26 UTC 2019 

Keegan,

Thank you, I see you put in a "hot fix". Now that this hot fix is in there
- Twistlock is working perfectly as we expect it to. As especially I can
view
https://levelup-twistlock.apps.cluster.unified-platform.io/#!/monitor/vulnerabilities/registry?search=das%2F
and
see all of the tags in there.

If you wanted to - you could keep this hot fix in for a few weeks, and make
this a medium priority issue or something. As we're satisfied with what is
in there right now.

Mike

On Sat, Dec 14, 2019 at 12:49 PM Keegan Reap <kreap at redhat.com> wrote:

> Hey Mike,
>
> I saw the comment and we are investigating thoroughly, thank you for
> pointing out the missing images, I have left a detailed comment on a
> workaround in the meantime while we troubleshoot this issue. Thank you for
> your patience, we know this is a high priority so we will continue to
> investigate!
>
> Thanks,
> Keegan Reap
>
> On Fri, Dec 13, 2019 at 10:19 PM Mike Knoth <mike.knoth at g2-inc.com> wrote:
>
>> I added another comment, as we still need assistance.
>>
>> Mike
>>
>> On Fri, Dec 13, 2019 at 4:14 PM Keegan Reap <kreap at redhat.com> wrote:
>>
>>> Hey there all,
>>>
>>> I've added a comment here that might help shed some light on the current
>>> issue you are having. Please let us know if there is any way we can assist
>>> further!
>>>
>>> https://dccscr.dsop.io/dsop/dccscr/issues/231#note_10841
>>>
>>> Thanks,
>>>
>>> Keegan
>>>
>>> On Fri, Dec 13, 2019 at 1:39 PM ABODUNRIN, ADEMOLA A GG-12 USAF AFMC
>>> AFLCMC/HNCP <ademola.abodunrin at us.af.mil> wrote:
>>>
>>>> Hello All,
>>>>
>>>>
>>>>
>>>> Please is anyone able to assist us with a Twistlock image scanning
>>>> issue?
>>>>
>>>> https://dccscr.dsop.io/dsop/dccscr/issues/231
>>>>
>>>>
>>>>
>>>> Most Sincerely,
>>>>
>>>>
>>>>
>>>> Ade Abodunrin, GG-12, USAF
>>>>
>>>> Product Owner (Cybertron & Ginyu Force), Unified Platform
>>>>
>>>>
>>>>
>>>> [image: cid:image001.png at 01D4F814.4AA552D0]
>>>>
>>>> LevelUP Code Works
>>>>
>>>> Commercial: (210) 890-2113
>>>>
>>>> NIPR email: *ademola.abodunrin at us.af.mil <ademola.abodunrin at us.af.mil>*
>>>>
>>>>
>>>>
>>>> *From:* Mike Knoth <mike.knoth at g2-inc.com>
>>>> *Sent:* Friday, December 13, 2019 1:32 PM
>>>> *To:* ABODUNRIN, ADEMOLA A GG-12 USAF AFMC AFLCMC/HNCP <
>>>> ademola.abodunrin at us.af.mil>
>>>> *Subject:* [Non-DoD Source] Fwd: Twistlock Image Scanning issue
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Also - https://dccscr.dsop.io/dsop/dccscr/issues/231
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ---------- Forwarded message ---------
>>>> From: *Curran, Daniel M* <Daniel.Curran at mantech.com>
>>>> Date: Wed, Dec 11, 2019 at 1:46 PM
>>>> Subject: RE: Twistlock Image Scanning issue
>>>> To: Keegan Reap <kreap at redhat.com>, mike.knoth at g2-inc.com <
>>>> mike.knoth at g2-inc.com>
>>>> Cc: Khary Mendez <kmendez at redhat.com>, Mark Nissley <
>>>> mnissley at redhat.com>
>>>>
>>>>
>>>>
>>>> Okay, thanks. I'll head by in a few.
>>>>
>>>> Mike Knoth brought up another issue in our chat. I've added him to the
>>>> thread so he can correct me if I get anything wrong but in essence when we
>>>> navigate to "Monitor -> Vulnerabilities -> image" some of the images are
>>>> missing tags. Why is this?
>>>>
>>>> Also keep seeing this `Scanner undefined: Failed to retrieve repository
>>>> das info, error missing secret key in AWS settings` ... but only sometimes
>>>> ________________________________________
>>>> From: Keegan Reap [kreap at redhat.com]
>>>> Sent: Wednesday, December 11, 2019 11:53 AM
>>>> To: Curran, Daniel M
>>>> Cc: Khary Mendez; Mark Nissley
>>>> Subject: Re: Twistlock Image Scanning issue
>>>>
>>>> Interesting, we were able to scan it on our end just now using the url
>>>> and image you provided.
>>>>
>>>> i.e:
>>>>
>>>> https://levelup-anchore.apps.cluster.unified-platform.io/image/docker-registry-default.apps.cluster.unified-platform.io/ccat-prod%2Fchatup/rollback/sha256:de0ce30bdc9fe12df867854e1c65693caf8fca40b1b15a93d9de376efd139f3d
>>>>
>>>> Feel free to swing by at some point today and we can troubleshoot this
>>>> further, it might be an account issue for your user that we need to tackle.
>>>>
>>>> Thanks,
>>>> Keegan
>>>>
>>>>
>>>> On Wed, Dec 11, 2019 at 12:49 PM Curran, Daniel M <
>>>> Daniel.Curran at mantech.com<mailto:Daniel.Curran at mantech.com>> wrote:
>>>>
>>>> Hey Keegan,
>>>>
>>>>
>>>> Trying to get the folliwng scanned in anchore:
>>>>
>>>>
>>>> docker-registry-default.apps.cluster.unified-platform.io<
>>>> http://docker-registry-default.apps.cluster.unified-platform.io>
>>>>
>>>> ccat-prod/chatup:latest
>>>>
>>>>
>>>> -Dan
>>>>
>>>> ________________________________
>>>> From: Keegan Reap <kreap at redhat.com<mailto:kreap at redhat.com>>
>>>> Sent: Tuesday, December 10, 2019 5:37 PM
>>>> To: Curran, Daniel M
>>>> Cc: Khary Mendez; Mark Nissley
>>>> Subject: Twistlock Image Scanning issue
>>>>
>>>> Hey Daniel,
>>>>
>>>> We looked into the Twistlock scanning issue, and it seems something
>>>> might be wrong with your defender pods. After thoroughly looking through
>>>> the project, it seems the daemonSet for Twistlock lost it's `nodeSelector`
>>>> at some point. This nodeSelector is what allows the Twislock Defenders to
>>>> scan images on a specific host. Due to the lost `nodeSelector` we believed
>>>> this might be the cause of your scanning issues. We attempted to reattach
>>>> the `nodeSelector` to the daemonSet to allow it to restore the defender
>>>> pods with limited success. We will continue to investigate this issue
>>>> tomorrow, but it might be best to just redeploy Twistlock if it's more
>>>> convenient for you. Let's discuss tomorrow in person!
>>>>
>>>> Thanks
>>>> Keegan Reap
>>>>
>>>> ________________________________
>>>>
>>>> This e-mail and any attachments are intended only for the use of the
>>>> addressee(s) named herein and may contain proprietary information. If you
>>>> are not the intended recipient of this e-mail or believe that you received
>>>> this email in error, please take immediate action to notify the sender of
>>>> the apparent error by reply e-mail; permanently delete the e-mail and any
>>>> attachments from your computer; and do not disseminate, distribute, use, or
>>>> copy this message and any attachments.
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Mike Knoth
>>>>
>>>> Software Engineer
>>>>
>>>> HII Mission Driven Innovative Solutions (HII-MDIS) – formerly G2, Inc.
>>>>
>>>> Technical Solutions Division
>>>>
>>>> 302 Sentinel Drive | Annapolis Junction, MD 20701
>>>>
>>>> Email: mike.knoth at g2-inc.com
>>>>
>>>> Mobile: (320) 305-6453
>>>>
>>>>
>>>>
>>>> Confidentiality Statement:
>>>>
>>>> HUNTINGTON INGALLS INDUSTRIES PROPRIETARY – This e-mail contains
>>>> information proprietary or private to Huntington Ingalls Industries, Inc.,
>>>> and is not to be disclosed to, copied by, or used in any manner by others
>>>> without the prior express, written permission. If you are not the intended
>>>> recipient, please delete without copying and kindly advise the sender by
>>>> e-mail of the mistake in delivery.
>>>> _______________________________________________
>>>> platformONE mailing list
>>>> platformONE at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/platformone
>>>>
>>>
>>
>> --
>> Mike Knoth
>> Software Engineer
>>
>> HII Mission Driven Innovative Solutions (HII-MDIS) – formerly G2, Inc.
>>
>> Technical Solutions Division
>>
>> 302 Sentinel Drive | Annapolis Junction, MD 20701
>>
>> Email: mike.knoth at g2-inc.com
>>
>> Mobile: (320) 305-6453
>>
>> Confidentiality Statement:
>>
>> HUNTINGTON INGALLS INDUSTRIES PROPRIETARY – This e-mail contains
>> information proprietary or private to Huntington Ingalls Industries, Inc.,
>> and is not to be disclosed to, copied by, or used in any manner by others
>> without the prior express, written permission. If you are not the intended
>> recipient, please delete without copying and kindly advise the sender by
>> e-mail of the mistake in delivery.
>>
>

-- 
Mike Knoth
Software Engineer

HII Mission Driven Innovative Solutions (HII-MDIS) – formerly G2, Inc.

Technical Solutions Division

302 Sentinel Drive | Annapolis Junction, MD 20701

Email: mike.knoth at g2-inc.com

Mobile: (320) 305-6453

Confidentiality Statement:

HUNTINGTON INGALLS INDUSTRIES PROPRIETARY – This e-mail contains
information proprietary or private to Huntington Ingalls Industries, Inc.,
and is not to be disclosed to, copied by, or used in any manner by others
without the prior express, written permission. If you are not the intended
recipient, please delete without copying and kindly advise the sender by
e-mail of the mistake in delivery.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/platformone/attachments/20191214/592a7128/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2127 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/platformone/attachments/20191214/592a7128/attachment.png>

More information about the platformONE mailing list