-
Notifications
You must be signed in to change notification settings - Fork 15
Expand file tree
/
Copy pathclair_disconnected.yaml
More file actions
61 lines (54 loc) · 1.85 KB
/
Copy pathclair_disconnected.yaml
File metadata and controls
61 lines (54 loc) · 1.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
- name: Create local export directory
ansible.builtin.file:
path: "{{ workingDir }}/data/clair"
state: directory
mode: '0777'
- name: Create minimal Clair config for export
ansible.builtin.copy:
dest: "{{ workingDir }}/data/clair/config.yaml"
content: |
http_listen_addr: :8080
introspection_addr: :8081
indexer:
connstring: ""
scanlock_retry: 10
layer_scan_concurrency: 5
matcher:
connstring: ""
max_conn_pool: 100
notifier:
connstring: ""
delivery_interval: 1m
- name: Export vulnerability data on Landing Zone
ansible.builtin.shell: |
{{ workingDir }}/bin/clairctl --config {{ workingDir }}/data/clair/config.yaml export-updaters {{ workingDir }}/data/clair/updates.json.gz
- name: Ensure directory /var/www/html/clair/
become: true
ansible.builtin.file:
path: "/var/www/html/clair/"
state: directory
- name: Copy to /var/www/html/clair/
become: true
ansible.builtin.copy:
src: "{{ workingDir }}/data/clair/updates.json.gz"
dest: "/var/www/html/clair/updates.json.gz"
- name: Get Clair Pod object from quay-enterprise
kubernetes.core.k8s_info:
kind: Pod
namespace: quay-enterprise
label_selectors:
- quay-component=clair-app
register: clair_pod_list
- name: Set Pod fact and verify existence
ansible.builtin.set_fact:
clair_pod: "{{ clair_pod_list.resources[0] }}"
failed_when: clair_pod_list.resources | length == 0
- name: Execute Import inside the Clair Pod
ansible.builtin.shell: |
{{ workingDir }}/bin/oc exec -n quay-enterprise {{ clair_pod.metadata.name }} -- \
/bin/sh -c "
set -e
curl -L -o /tmp/updates.json.gz http://{{ quayHostname }}/clair/updates.json.gz
/usr/bin/clairctl --config /clair/config.yaml import-updaters /tmp/updates.json.gz
"
register: import_output