Closed bingo4933 closed 1 year ago
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.
If you are reporting a problem, please make sure the following information are provided:
Expected behavior and actual behavior: I'd like to deploy harbor with internal tls communication. I made theirs certificates and passed running
./prepare --with-notary --with-trivy
and./install.sh --with-notary --with-trivy
I could see every component goes well except
harbor-jobservice
endless restarting issue after runningdocker-compose ps
The log message shown likecould you please help to fix the issue or any misconfiguration? thanks a lot
Steps to reproduce the problem: Please provide the steps to reproduce this problem.
Generate a Server Certificate
$ openssl genrsa -out registry.local.com.key 4096 $ openssl req -sha512 -new \ -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=registry.local.com" \ -key registry.local.com.key \ -out registry.local.com.csr $ vi v3.ext authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names
[alt_names] DNS.1=registry.local.com DNS.2=registry DNS.3=k8s-node3.local.com DNS.4=core DNS.5=10.138.181.6
$ openssl x509 -req -sha512 -days 3650 \ -extfile v3.ext \ -CA ca.crt -CAkey ca.key -CAcreateserial \ -in registry.local.com.csr \ -out registry.local.com.crt
copy certificate to harbor cert directory
$ cp registry.local.com.crt /harbor-data/cert/ $ cp registry.local.com.key /harbor-data/cert/
provide cert to docker
$ openssl x509 -inform PEM -in registry.local.com.crt -out registry.local.com.cert $ cp registry.local.com.cert /etc/docker/certs.d/registry.local.com/ $ cp registry.local.com.key /etc/docker/certs.d/registry.local.com/ $ cp ca.crt /etc/docker/certs.d/registry.local.com/
$ ./install.sh --with-notary --with-trivy
[Step 0]: checking if docker is installed ...
Note: docker version: 19.03.14
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 2.18.1
[Step 2]: loading Harbor images ... Loaded image: goharbor/registry-photon:v2.8.1 Loaded image: goharbor/notary-server-photon:v2.8.1 Loaded image: goharbor/harbor-core:v2.8.1 Loaded image: goharbor/harbor-jobservice:v2.8.1 Loaded image: goharbor/harbor-exporter:v2.8.1 Loaded image: goharbor/trivy-adapter-photon:v2.8.1 Loaded image: goharbor/prepare:v2.8.1 Loaded image: goharbor/redis-photon:v2.8.1 Loaded image: goharbor/nginx-photon:v2.8.1 Loaded image: goharbor/notary-signer-photon:v2.8.1 Loaded image: goharbor/harbor-portal:v2.8.1 Loaded image: goharbor/harbor-log:v2.8.1 Loaded image: goharbor/harbor-db:v2.8.1 Loaded image: goharbor/harbor-registryctl:v2.8.1
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ... prepare base dir is set to /root/harbor Clearing the configuration file: /config/portal/nginx.conf Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/log/rsyslog_docker.conf Clearing the configuration file: /config/nginx/conf.d/notary.upstream.conf Clearing the configuration file: /config/nginx/conf.d/notary.server.conf Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/core/env Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/registry/passwd Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/db/env Clearing the configuration file: /config/jobservice/env Clearing the configuration file: /config/jobservice/config.yml Clearing the configuration file: /config/shared/trust-certificates/harbor_internal_ca.crt Clearing the configuration file: /config/notary/server-config.postgres.json Clearing the configuration file: /config/notary/server_env Clearing the configuration file: /config/notary/signer_env Clearing the configuration file: /config/notary/signer-config.postgres.json Clearing the configuration file: /config/trivy-adapter/env Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml loaded secret from file: /data/secret/keys/secretkey Copying nginx configuration file for notary Generated configuration file: /config/nginx/conf.d/notary.upstream.conf Generated configuration file: /config/nginx/conf.d/notary.server.conf Generated configuration file: /config/notary/server-config.postgres.json Generated configuration file: /config/notary/server_env loaded secret from file: /data/secret/keys/defaultalias Generated configuration file: /config/notary/signer_env Generated configuration file: /config/notary/signer-config.postgres.json Generated configuration file: /config/trivy-adapter/env Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir
Note: stopping existing Harbor instance ...
[Step 5]: starting Harbor ... ➜ Notary will be deprecated as of Harbor v2.6.0 and start to be removed in v2.8.0 or later. You can use cosign for signature instead since Harbor v2.5.0. Please see discussion here for more details. https://github.com/goharbor/harbor/discussions/16612 [+] Building 0.0s (0/0)
[+] Running 15/15 ✔ Network harbor_harbor-notary Created
✔ Network harbor_notary-sig Created
✔ Network harbor_harbor Created
✔ Container harbor-log Started
✔ Container redis Started
✔ Container registryctl Started
✔ Container harbor-db Started
✔ Container registry Started
✔ Container harbor-portal Started
✔ Container notary-signer Started
✔ Container trivy-adapter Started
✔ Container harbor-core Started
✔ Container notary-server Started
✔ Container harbor-jobservice Started
✔ Container nginx Started
✔ ----Harbor has been installed and started successfully.----
$ docker-compose ps | grep Restarting harbor-jobservice goharbor/harbor-jobservice:v2.8.1 "/harbor/entrypoint.…" jobservice 3 hours ago Restarting (2) 53 seconds ago
/var/log/harbor/jobservice.log