Closed hexxone closed 1 year ago
Update:
after throwing away everything and running install.sh --with-trivy
(without notary), and only doing the bare minimum of changes in docker-compose, it is still broken.
I have now spent approximately 8h trying different things, starting from scratch, etc.
Problem stays the same. Some containers will ALWAYS fail to communicate.
Even though they are in the same network, have the correct hostnames and when using docker compose run
in every container manually, it also works.
Just when upping the whole stack these issues seem to appear.
I dont understand why you are choosing to do the major configuration work with a intransparent and unclear install
script, instead of documenting the procedure in detail. This is a major headache...
The issue was probably caused by the "web" network, because docker seems to only attach a single network on startup, and the choice appears to be random.
So when the proxy get's create, it may only get the "web" network attached at first. If that happens, nginx is unable to find the upstream service and immediately crashes the container.
Removing the network fixed the issue. Now we just add the harbor network to the traefik container instead.
But perhaps it would be a good practice to just let nginx display a 500
error and retry instead of crashing.
Maybe like this:
location / {
proxy_pass http://portal/;
proxy_next_upstream off; # Add this line
...
}
location /c/ {
proxy_pass http://core/c/;
proxy_next_upstream off; # Add this line
...
}
...
With this change, Nginx should display its default 502 or 504 error page if it can't reach the upstream server...
Expected behavior and actual behavior:
I expect the harbor notary-server to be consistently reachable during runtime. However, the notary-server becomes unreachable while the system is running.
Steps to reproduce the problem:
The issue occurs intermittently during runtime, and exact steps to reproduce the problem are still unclear. However, the issue seems to manifest after several successful operations, as can be seen from the log files.
Versions:
Additional context:
The problem seems to be related to the notary-server becoming unreachable, which may be due to network issues or a problem with the notary-server itself. The nginx error message suggests that the host is not found in the upstream definition for the notary-server.
However, when running
docker compose down
andup
again, the issue might sometimes be gone and instead appear innotary-server
itself, saying thatnotary-SIGNER
is unavailable:For installing, I have followed the documented procedure and used
/install.sh --with-notary ---with-trivy
.The problem is, because we are already using an "Traefik" reverse proxy for handling SSL, and cannot expose the web server ports, we manually had to modify our docker-compose from the generated one.
Running the install or prepare script afterwards will destroy our customized config.
The weird thing is, the registry was working at first, and then suddenly started acting up as you can see in the logs.
It was already possible to push and pull different images, everything was fine.