git-remote-http zombies

[sweharris]

A ps listing on my machine showed a lot of zombie processes, all children of the main clair process

eg

root     15236 15220  1 Jul25 ?        02:26:41 /clair -config=/config/config.yaml
root     15881 15236  0 Aug01 ?        00:00:00 [git-remote-http] <defunct>
root     15947 15236  0 Aug01 ?        00:00:00 [git-remote-http] <defunct>
root     16903 15236  0 Aug01 ?        00:00:00 [git-remote-http] <defunct>
root     17402 15236  0 Aug01 ?        00:00:00 [git-remote-http] <defunct>
root     18491 15236  0 Aug01 ?        00:00:00 [git-remote-http] <defunct>
root     18731 15236  0 Aug01 ?        00:00:00 [git-remote-http] <defunct>
root     19556 15236  0 Aug01 ?        00:00:00 [git-remote-http] <defunct>
root     19714 15236  0 Aug01 ?        00:00:00 [git-remote-http] <defunct>
root     20534 15236  0 Aug01 ?        00:00:00 [git-remote-http] <defunct>

They're all dated "Aug01", starting from 8:15 through to 13:15 UTC, pretty much 2 every 10 minutes.

There might have been some networking issues around that time; I wasn't paying attention (this server is behind at least 2 layers of proxy).

If it helps identify the version

quay.io/coreos/clair-git   latest              ee6cf4643b22        2 weeks ago         422 MB

    {
        "Id": "sha256:ee6cf4643b22aba6dfcb18c653ae60b13f46f9a747b4226a69090712b2510f26",
        "RepoTags": [
            "quay.io/coreos/clair-git:latest"
        ],
        "RepoDigests": [
            "quay.io/coreos/clair-git@sha256:0a9b504a4e174aec9a5e3d7ca239ed58aaca0c282226b845a61e4b9978b6131c"
        ],
   

[bseb]

+1 on this Issue

I have seen this issue caused by a network interruption and as well firewall misconfiguration. It seems that an http timeout retrieving vulnerability data results in these processes, and they do not clear until the Clair container is restarted.

[jzelinskie]

Thanks for the report. I have some other projects that shell out to git that have had similar issues in the past. I'll see if I can share that code with this project to make our handling of git more robust.

[bseb]

@jzelinskie I have found that making the entrypoint of the container Yelp's dumb-init mitigates the issue. I am running Clair as part of Vmware Harbor and submitted this PR goharbor/harbor#3361 .

Hope that helps

[bseb]

Also opened #477

[wdoekes]

It appears to me that git is the one creating the zombies, so then the (merged) dumb-init is the fix, right?

[jzelinskie]

This is correct. We now have an init system to reap these zombies.

[databus23]

We just run into this with Clair quay.io/coreos/clair:v2.0.4. While this was merged almost a year ago the recently published image still don't contain this fix.

See the manifest for v2.0.7 from 7 days ago: https://quay.io/repository/coreos/clair/manifest/sha256:931edc5abc036bcc6cd8316e54217958fe27c00f71bbf45c72814563c6acd088

[databus23]

Would you mind reopening this bug until the published images actually reflect that change?