Merge pull request #2972 from reasonerjt/master

Fix perf issue and connection leak in Clair.
This commit is contained in:
Daniel Jiang 2017-08-04 19:48:26 +08:00 committed by GitHub
commit 6bd622196e
2 changed files with 8 additions and 6 deletions

View File

@ -62,7 +62,6 @@ func UpdateScanOverview(digest, layerName string, l ...*log.Logger) error {
vulnMap := make(map[models.Severity]int) vulnMap := make(map[models.Severity]int)
features := res.Layer.Features features := res.Layer.Features
totalComponents := len(features) totalComponents := len(features)
logger.Infof("total features: %d", totalComponents)
var temp models.Severity var temp models.Severity
for _, f := range features { for _, f := range features {
sev := models.SevNone sev := models.SevNone
@ -72,7 +71,6 @@ func UpdateScanOverview(digest, layerName string, l ...*log.Logger) error {
sev = temp sev = temp
} }
} }
logger.Infof("Feature: %s, Severity: %d", f.Name, sev)
vulnMap[sev]++ vulnMap[sev]++
} }
overallSev := models.SevNone overallSev := models.SevNone

View File

@ -22,6 +22,7 @@ import (
"github.com/vmware/harbor/src/jobservice/config" "github.com/vmware/harbor/src/jobservice/config"
"github.com/vmware/harbor/src/jobservice/utils" "github.com/vmware/harbor/src/jobservice/utils"
"crypto/sha256"
"fmt" "fmt"
) )
@ -60,6 +61,7 @@ func (iz *Initializer) Enter() (string, error) {
if err != nil { if err != nil {
return "", err return "", err
} }
logger.Infof("Image: %s:%s, digest: %s", iz.Context.Repository, iz.Context.Tag, iz.Context.Digest)
iz.Context.token = tk iz.Context.token = tk
iz.Context.clairClient = clair.NewClient(config.ClairEndpoint(), logger) iz.Context.clairClient = clair.NewClient(config.ClairEndpoint(), logger)
iz.prepareLayers(regURL, manifest.References()) iz.prepareLayers(regURL, manifest.References())
@ -67,14 +69,16 @@ func (iz *Initializer) Enter() (string, error) {
} }
func (iz *Initializer) prepareLayers(registryEndpoint string, descriptors []distribution.Descriptor) { func (iz *Initializer) prepareLayers(registryEndpoint string, descriptors []distribution.Descriptor) {
// logger := iz.Context.Logger tokenHeader := map[string]string{"Connection": "close", "Authorization": fmt.Sprintf("Bearer %s", iz.Context.token)}
tokenHeader := map[string]string{"Authorization": fmt.Sprintf("Bearer %s", iz.Context.token)} // form the chain by using the digests of all parent layers in the image, such that if another image is built on top of this image the layer name can be re-used.
shaChain := ""
for _, d := range descriptors { for _, d := range descriptors {
if d.MediaType == schema2.MediaTypeConfig { if d.MediaType == schema2.MediaTypeConfig {
continue continue
} }
shaChain += string(d.Digest) + "-"
l := models.ClairLayer{ l := models.ClairLayer{
Name: fmt.Sprintf("%d-%s", iz.Context.JobID, d.Digest), Name: fmt.Sprintf("%x", sha256.Sum256([]byte(shaChain))),
Headers: tokenHeader, Headers: tokenHeader,
Format: "Docker", Format: "Docker",
Path: utils.BuildBlobURL(registryEndpoint, iz.Context.Repository, string(d.Digest)), Path: utils.BuildBlobURL(registryEndpoint, iz.Context.Repository, string(d.Digest)),
@ -100,7 +104,7 @@ type LayerScanHandler struct {
func (ls *LayerScanHandler) Enter() (string, error) { func (ls *LayerScanHandler) Enter() (string, error) {
logger := ls.Context.Logger logger := ls.Context.Logger
currentLayer := ls.Context.layers[ls.Context.current] currentLayer := ls.Context.layers[ls.Context.current]
logger.Infof("Entered scan layer handler, current: %d, layer name: %s", ls.Context.current, currentLayer.Name) logger.Infof("Entered scan layer handler, current: %d, layer name: %s, layer path: %s", ls.Context.current, currentLayer.Name, currentLayer.Path)
err := ls.Context.clairClient.ScanLayer(currentLayer) err := ls.Context.clairClient.ScanLayer(currentLayer)
if err != nil { if err != nil {
logger.Errorf("Unexpected error: %v", err) logger.Errorf("Unexpected error: %v", err)