Open srad760 opened 3 weeks ago
Hi @srad760 ,
Could you check if your are using correct ca.crt for verification by using the s3fs
cli without -o no_check_certificate
and identifying the same crt you configured in harbor.yml
s3fs harbor-test-stor /s3 -o url=https://10.71.165.28/ -o passwd_file=.passwd-s3fs -o allow_other -o no_check_certificate -o dbglevel=info -o use_path_request_style
you could also check other settings of your s3/miniio, for your reference: https://github.com/goharbor/harbor/issues/16437
Hi @MinerYang
thank you for your reply and suggestions.
As you asked. I mounted the minio s3 resource without any problems using the s3fs command WITHOUT the
"-o no_check_certificate
" parameter
However, I had an error in the harbor.yml file configuration.
ca_bundle section:
must be placed before s3:
I had this:
storage_service:
s3:
ca_bundle: /data/certs/s3certs/harbor.lab.crt
bucket: harbor-bucket
accesskey: luEf4hsoqISyXRuUh2Gh
and it must be:
storage_service:
ca_bundle: /data/certs/s3certs/harbor.lab.crt
s3:
bucket: harbor-bucket
accesskey: luEf4hsoqISyXRuUh2Gh
After changing the order, everything started working fine.
Thanks again for your help 👍
Good catch. We will check if there's any gap here.
Hello, I have HARBOR configured with MINIO. Everything works correctly when I refer to S3 (on MINIO) using the http protocol. When I configured HARBOR to communicate with S3 on MINIO via https, I get the error "received unexpected HTTP status: 500 Internal Server Error"
root@AOPTAPP01HARBORPOC:~/harbor/ Using default tag: latest The push refers to repository [aoptapp01harborpoc.local:443/minio02/nginx] 9fd54926bcae: Layer already exists 175aa66db4cc: Layer already exists e6380a7057a5: Layer already exists 1db2242fc1fa: Layer already exists b09347a1aec6: Layer already exists bbde741e108b: Layer already exists 52ec5a4316fa: Layer already exists received unexpected HTTP status: 500 Internal Server Error root@AOPTAPP01HARBORPOC:~/harbor#
However, I can easily mount the s3 resource directly on the Harbor server and list all the files. s3fs harbor-test-stor /s3 -o url=https://10.71.165.28 -o passwd_file=.passwd-s3fs -o allow_other -o no_check_certificate -o dbglevel=info -o use_path_request_style
root@AOPTAPP01HARBORPOC:~# ls /s3/docker/registry/v2/repositories/ minio02 minio03 root@AOPTAPP01HARBORPOC:~# Below I paste part od secion configuration file STORE_SERVICE
storage_service: s3: ca_bundle: /data/certs/s3certs/harbor.lab.crt bucket: harbor-bucket accesskey: luEf4hsoqISyXRuUh2Gh secretkey: ***** regionendpoint: https://10.71.165.28:9443/ region: LAB rootdirectory: / v4auth: true encrypt: false secure: true chunksize: 5242880 ca_bundle: /data/certs/s3certs/harbor.lab.crt skipverify: true
I tried with different settings of all parameters but the result was always the same INTERNAL ERROR 500
[Step 5]: starting Harbor ... WARN[0000] /root/harbor/docker-compose.yml:
version
is obsolete [+] Running 9/9 ✔ Network harbor_harbor Created 0.1s ✔ Container harbor-log Started 0.0s ✔ Container redis Started 0.1s ✔ Container registry Started 0.1s ✔ Container registryctl Started 0.1s ✔ Container harbor-portal Started 0.1s ✔ Container harbor-core Started 0.0s ✔ Container harbor-jobservice Started 0.0s ✔ Container nginx Started 0.0s ✔ ----Harbor has been installed and started successfully.----root@AOPTAPP01HARBORPOC:~/harbor# /root/.docker/cli-plugins/docker-compose ps WARN[0000] /root/harbor/slawol/harbor/docker-compose.yml:
version
is obsolete NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS harbor-core goharbor/harbor-core:v2.10.2 "/harbor/entrypoint.…" core About a minute ago Up About a minute (healthy) harbor-jobservice goharbor/harbor-jobservice:v2.10.2 "/harbor/entrypoint.…" jobservice About a minute ago Up About a minute (healthy) harbor-log goharbor/harbor-log:v2.10.2 "/bin/sh -c /usr/loc…" log About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-portal goharbor/harbor-portal:v2.10.2 "nginx -g 'daemon of…" portal About a minute ago Up About a minute (healthy) nginx goharbor/nginx-photon:v2.10.2 "nginx -g 'daemon of…" proxy About a minute ago Up About a minute (healthy) 0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp redis goharbor/redis-photon:v2.10.2 "redis-server /etc/r…" redis About a minute ago Up About a minute (healthy) registry goharbor/registry-photon:v2.10.2 "/home/harbor/entryp…" registry About a minute ago Up About a minute (healthy) registryctl goharbor/harbor-registryctl:v2.10.2 "/home/harbor/start.…" registryctl About a minute ago Up About a minute (healthy) root@AOPTAPP01HARBORPOC:~/harbor#I would like to mention that all commands are executed from the host where HARBIOR is installed
Version of hartbor : harbor-offline-installer-v2.10.1
Regards Slawomir