Discovery fails while discovering Amazon Web Services when public images are in the payload. The Discovery log shows the following:

"Sensor error when processing <a href='ecc_queue.do?sys_id={SYS_ID}><u>AWSRESTProbe/https:{URL}</u></a>: Payload attachment exceeds the limit of 5242880 bytes set by system property com.glide.attachment.max_get_size."

This issue occurs because the public images in AWS for a particular region increases the payload attachment limit that is set on the instance through the com.glide.attachment.max_get_size property.

Steps to Reproduce

  1. Activate AWS and run Discovery.
    By default, both public and private images on AWS are retrieved in the payload.
  2. Go to to the Discovery Status record and look at the Discovery logs. Note the error messages:

These error messages occur because the system has a property that limits the size of attachments to 5MB: com.glide.attachment.max_get_size.  Payloads are attached to ecc_queue records as attachments so when probes are processed they download the payload. If the payload is larger than 5MB it will fail.

Note: This property should NOT be increased as many areas of the platform download attachments. Increasing the value of this property leads to vulnerability to low/out-of-memory situations


Temporary relief:

If you are unable to upgrade to a fix, you can alter the describeImages probe to only return private images. As is, the probe will return both private and public images, which can make the payload significantly larger. To filter out public images:

  1. Go to table AWS Probes (discovery_aws_probe) and select the probe you want. In this case, AWS EC2 - DescribeImages.
  2. Click the Action column, which will go to the AWS action table.
  3. All filters of this action show in the AWS Action Parameters related list. Create a filter with the following:

    params['Owner.1'] = 'amazon';
    params['Owner.2'] = 'self';

    TO THIS:
    params['Owner.1'] = 'self';

Permanent relief:

In Helsinki and later versions, the describeImage probe is split into 8 probes. This will allow all data to be returned, but in smaller chunks.

Related Problem: PRB663054

Seen In

Geneva Patch 0 Hot Fix 1
Geneva Patch 6 Hot Fix 2
Geneva Patch 7
Geneva Patch 9
Helsinki Patch 2

Fixed In

Geneva Patch 10

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2017-02-06 18:42:16