Unable to upload the RHACS offline vulnerability definitions
Environment
- Red Hat Advanced Cluster Security for Kubernetes (RHACS)
- 4.x
Issue
Updating the RHACS database from a downloaded definition file fails with 400 expecting 200.
./roxctl scanner upload-db -e "$ROX_CENTRAL_ADDRESS" --scanner-db-file=scanner-vulns-4.zip
ERROR: could not connect with scanner definitions API: expected status code 200, but received 400. Response Body: {"code":3,"message":"couldn't handle scanner-defs sub file: writing scanner definitions: rolling back due to err: writing blob: unexpected EOF: failed to deallocate cached statement(s): conn closed"}
Resolution
- Ensure the downloaded file is not corrupt.
- Make sure the Central database is healthy.
ROX_CENTRAL_ADDRESSis reachable.- The
ROX_API_TOKENhas an Admin role. - The
roxctlbinary version matches the ACS Central version
Root Cause
There are a few reasons for this error:
- The downloaded file might be corrupt.
- A proxy is blocking access. Central, in online mode, will pull vulnerability data from
https://definitions.stackrox.io, and fromhttps://install.stackrox.iowhen ACS is installed offline. The proxy has to allow these. - The server name can not be resolved (DNS).
- The Central Database is corrupt.
- The downloaded scanner database does not match the Central version. The database file will be the same version as the
roxctlversion used. Ea.roxctlbinary 4.9.1 will download the scanner database for ACS 4.9.1
Diagnostic Steps
Download the file from https://install.stackrox.io/scanner/scanner-vuln-updates.zip and unzip it. Make sure the ROX_CENTRAL_ADDRESS can be resolved and is reachable, and the proxy allows access.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments