From bfe4362a67904512f5204c4e660b671f88456bae Mon Sep 17 00:00:00 2001 From: Chlins Zhang Date: Tue, 31 Jan 2023 17:30:47 +0800 Subject: [PATCH] fix: remove the scan exports volume (#18107) 1. Change the Export CVE temporary file directory to /tmp. 2. Remove the scan data export volume in Dockerfile and docker-compose yaml. Fixes: #18067 Signed-off-by: chlins --- make/photon/jobservice/Dockerfile | 2 +- .../docker_compose/docker-compose.yml.jinja | 1 - make/photon/prepare/utils/jobservice.py | 2 -- src/pkg/scan/export/constants.go | 15 ++++++++------- 4 files changed, 9 insertions(+), 11 deletions(-) diff --git a/make/photon/jobservice/Dockerfile b/make/photon/jobservice/Dockerfile index e738a55c7..accd7519d 100644 --- a/make/photon/jobservice/Dockerfile +++ b/make/photon/jobservice/Dockerfile @@ -17,7 +17,7 @@ WORKDIR /harbor/ USER harbor -VOLUME ["/var/log/jobs/", "/var/scandata_exports"] +VOLUME ["/var/log/jobs/"] HEALTHCHECK CMD curl --fail -s http://localhost:8080/api/v1/stats || curl -sk --fail --key /etc/harbor/ssl/job_service.key --cert /etc/harbor/ssl/job_service.crt https://localhost:8443/api/v1/stats || exit 1 diff --git a/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja b/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja index 63f3205af..26d76a3a0 100644 --- a/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja +++ b/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja @@ -253,7 +253,6 @@ services: - SETUID volumes: - {{data_volume}}/job_logs:/var/log/jobs:z - - {{data_volume}}/scandata_exports:/var/scandata_exports:z - type: bind source: ./common/config/jobservice/config.yml target: /etc/jobservice/config.yml diff --git a/make/photon/prepare/utils/jobservice.py b/make/photon/prepare/utils/jobservice.py index 0c173c9a4..f4bd1cc97 100644 --- a/make/photon/prepare/utils/jobservice.py +++ b/make/photon/prepare/utils/jobservice.py @@ -18,8 +18,6 @@ def prepare_job_service(config_dict): # Job log and exported reports are stored in data dir job_log_dir = os.path.join('/data', "job_logs") prepare_dir(job_log_dir, uid=DEFAULT_UID, gid=DEFAULT_GID) - job_log_dir = os.path.join('/data', "scandata_exports") - prepare_dir(job_log_dir, uid=DEFAULT_UID, gid=DEFAULT_GID) # Render Jobservice env render_jinja( diff --git a/src/pkg/scan/export/constants.go b/src/pkg/scan/export/constants.go index 08cc4dfbf..0488631cf 100644 --- a/src/pkg/scan/export/constants.go +++ b/src/pkg/scan/export/constants.go @@ -8,11 +8,12 @@ const ( JobNameAttribute = "job_name" UserNameAttribute = "user_name" StatusMessageAttribute = "status_message" - ScanDataExportDir = "/var/scandata_exports" - QueryPageSize = 100000 - ArtifactGroupSize = 10000 - DigestKey = "artifact_digest" - CreateTimestampKey = "create_ts" - Vendor = "SCAN_DATA_EXPORT" - CsvJobVendorIDKey = CsvJobVendorID("vendorId") + // the scan data is a temporary file, use /tmp directory to avoid the permission issue. + ScanDataExportDir = "/tmp" + QueryPageSize = 100000 + ArtifactGroupSize = 10000 + DigestKey = "artifact_digest" + CreateTimestampKey = "create_ts" + Vendor = "SCAN_DATA_EXPORT" + CsvJobVendorIDKey = CsvJobVendorID("vendorId") )