Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot scan master node #668

Open
imilchev opened this issue Nov 2, 2022 · 3 comments
Open

Cannot scan master node #668

imilchev opened this issue Nov 2, 2022 · 3 comments
Labels
bug Something isn't working

Comments

@imilchev
Copy link
Member

imilchev commented Nov 2, 2022

My k8s master node scan crashes with this log:

→ no provider specified, using defaults.
  Use --help for a list of available providers. provider=local
→ load inventory inventory=/etc/opt/mondoo/inventory.yml
→ Mondoo 7.2.0 (Space: "//captain.api.mondoo.app/spaces/objective-curie-655584", Service Account: "2FItRt6998fG3gkbqe1sfBsTDjJ", Managed Client: "unset")
→ loaded configuration from /etc/opt/mondoo/mondoo.yml using source --config
→ discover related assets for 1 asset(s)
→ load fs mountdir=/mnt/host
→ resolved assets resolved-assets=1
→ establish connection to asset podkrepibg01 (unknown)
→ load fs mountdir=/mnt/host
→ run policies for asset asset=podkrepibg01
x cannot read content error="read /mnt/host/proc/sys/kernel/unprivileged_userns_apparmor_policy: operation not permitted"
x cannot read content error="read /mnt/host/proc/sys/net/ipv6/conf/all/stable_secret: input/output error"
x cannot read content error="read /mnt/host/proc/sys/net/ipv6/conf/default/stable_secret: input/output error"
x cannot read content error="read /mnt/host/proc/sys/net/ipv6/conf/eth0/stable_secret: input/output error"
x cannot read content error="read /mnt/host/proc/sys/net/ipv6/conf/lo/stable_secret: input/output error"
! collector.db> failed to store data, types don't match asset=//assets.api.mondoo.app/spaces/objective-curie-655584/assets/2H0MRSWS7xtrryk7AdJ3tV7GbCr checksum=L8U/sukIeLE2g4TjaK9DA8lMyyeLlFF3whX4gSsjqjjVa+YLbup+3BPiclfkiYDki9u2h8oyfnijk7a/sAfPAA== data={"type":"\u001bfile"} expected=block received=file
x failed to send datapoints error="1 error occurred:\n\t* failed to store data for \"L8U/sukIeLE2g4TjaK9DA8lMyyeLlFF3whX4gSsjqjjVa+YLbup+3BPiclfkiYDki9u2h8oyfnijk7a/sAfPAA==\", types don't match: expected block, got file\n\n"
@vjeffrey
Copy link

vjeffrey commented Nov 2, 2022

@imilchev can you run with debug and track down the query causing that issue? you should be able to find the code id reference in one of the debug files and track it down from there

@imilchev
Copy link
Member Author

imilchev commented Nov 7, 2022

I just double-checked. This is still valid but it is not the reason why the node is not getting scanned. The scan can complete even with this error but it is getting terminated because of OOM. I will try to see why are we getting that error in the first place though

@imilchev imilchev mentioned this issue Nov 8, 2022
Merged
imilchev added a commit to mondoohq/cnspec-policies that referenced this issue Nov 8, 2022
@imilchev
🐛 Fix kubelet config control (#69)
7fd5c9f 
This fixes the issue described in
mondoohq/mondoo-operator#668

Signed-off-by: Ivan Milchev <[email protected]>
@imilchev
Copy link
Member Author

imilchev commented Nov 8, 2022

The collector.db> warning is now solved. The remainder of the problem is related to the memory issues we are experiencing

@czunker czunker added the bug Something isn't working label Nov 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@czunker @vjeffrey @imilchev