Creating users fail

[ghost]

I updated to the latest version. Getting to the end of the corridor!

Creating users fail with the message below. Would you have any idea why?

failed: [test_server] (item={u'username': u'julien', u'has_admin_role': True, u'role_name': 
u'developer', u'realname': u'Julien', u'password': u'PASSWORD', u'email': u'test@email.com', 
u'role_id': 2}) => {"changed": false, "connection": "close", "content": "<html>\r\n<head>
<title>502 Bad Gateway</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>502 
Bad Gateway</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n", 
"content_length": "166", "content_type": "text/html", "date": "Wed, 20 Mar 2019 07:35:00 GMT", 
"item": {"email": "test@email.com", "has_admin_role": true, "password": "PASSWORD", 
"realname": "Julien", "role_id": 2, "role_name": "developer", "username": "julien"}, "msg": "Status 
code was 502 and not [201, 409]: HTTP Error 502: Bad Gateway", "redirected": false, "server": 
"nginx", "status": 502, "url": "https://repo.mydomain.domain.com:8443/api/users"}

In addition:

• If I try to l try to login with admin/Harbor12345 admin/MY_SET_PASSWORD. It doesn't work
• I did set harbor_self_registration: "off"

Here is my playbook:

- name: Deploying a docker repository at "{{ DOCKER_REPO_DOMAIM }}:{{ DOCKER_REPO_HTTPS_PORT }}"
  hosts: docker-servers
  remote_user: "{{ SSH_USER }}"
  become: true
  roles:
    - deploy_harbor_via_compose
  vars:
    ansible_become_pass: "{{ INITIAL_PASSWORD }}"
    harbor_self_registration: "off"
    harbor_hostname: "{{ DOCKER_REPO_DOMAIM }}"
    harbor_admin_password: "{{ DOCKER_REPO_ADMIN_PASSWORD }}"
    harbor_extras:
      - clair
      - notary
    harbor_install_dir: "{{ WORKING_DIRECTORY }}/repository/install"
    harbor_datadir: "{{ WORKING_DIRECTORY }}/repository/data"
    harbor_ui_url_protocol: "https"
    harbor_exposed_http_port: "{{ DOCKER_REPO_HTTP_PORT }}"
    harbor_exposed_https_port: "{{ DOCKER_REPO_HTTPS_PORT }}"
    harbor_ssl_cert: "{{ WORKING_DIRECTORY }}/certs/{{ DOMAIN_NAME }}-fullcert.pem"
    harbor_ssl_cert_key: "{{ WORKING_DIRECTORY }}/certs/{{ DOMAIN_NAME }}-privkey.pem"
    harbor_users: "{{ DOCKER_REPO_USERS }}"

[nicholasamorim]

I'm actively working on this role and Harbor can be a bit fiddly, specially because it sets its own Nginx inside and then you have sort of "duplicated" configuration of sorts sometimes.

Do you have it behind a proxy? If you do, you need to comment a line inside <harbor>/common/config/nginx.conf (and have it set on your proxy).

proxy_set_header X-Forwarded-Proto $scheme

There'll be several instance of this line, you need to comment them all. This is what solved for me when I couldn't login. I'm adding somethings to the playbook to do this automatically.

If this doesn't work, you'll need to paste here the contents of /var/log/harbor so that we can understand what's going on.

[nicholasamorim]

you might also want to check the proxy.log first. 502 usually means nginx-photon container failed to start. Permission problems, maybe?

[nicholasamorim]

I've just pushed new changes and they are fully working with my setup from beginning-to-end.

My setup, for your information, is that I run Harbor behind a NGINX proxy. Nginx has the HTTPS termination and harbor runs on http mode.

[ghost]

Thanks for the changes! This wasn't what caused the error it seems. I am checking this further today. I do not use a reverse proxy in this setup

[ghost]

The issue is that

Mar 19 13:38:59 172.21.0.1 core[72254]: 2019-03-19T11:38:59Z [ERROR] [utils.go:101]: failed to connect to tcp://adminserver:8080, retry after 2 seconds :dial tcp: lookup adminserver on [fe80::1%2]:53: dial udp [fe80::1%2]:53: connect: cannot assign requested address

It is probably due to

Mar 23 16:45:45 172.21.0.1 adminserver[72254]: 2019-03-23T14:45:45Z [FATAL] [main.go:45]: failed to initialize the system: read /etc/adminserver/key: is a directory

I will check further EDIT: Date/time doesn't make sense but basically the logs loop on this error

[ghost]

Basically adminserver doesn't start and it is due to Mar 23 16:45:45 172.21.0.1 adminserver[72254]: 2019-03-23T14:45:45Z [FATAL] [main.go:45]: failed to initialize the system: read /etc/adminserver/key: is a directory but I still did not understand why that happens. I think that the compose command creates the binding as a directory initially because it does not exist not exist. I am not yet sure how to solve that. Which element is supposed to create this key initially @nicholasamorim ?

[nicholasamorim]

This is what I found:

https://github.com/goharbor/harbor/issues/2208

To summarize: as for now secretkey_path in harbor.cfg should never be changed or if you have to change it you should remember to adjust paths in docker-compose.yml manually because they are hardcoded.

Does that aligns with your PR #9?

[ghost]

you should remember to adjust paths in docker-compose.yml manually because they are hardcoded. This is what is done but automatically since we use Ansible, we can do that.

You have defaults on harbor_datadir to /data but if someones changes harbor_datadir, that person won't notice why everything breaks without digging quite deep. An alternative to that could be to set a default on harbor_secretkey_path in https://github.com/nicholasamorim/ansible-role-harbor/blob/master/defaults/main.yaml and clearly mention how it works in the main README. What do you think?

[ghost]

After the merge, this works but if we have multiple users only one gets created

[nicholasamorim]

Humm, that's funny, all my users get created. Can you share your structure for creating the users?

I'm sharing mine but not sure it's useful. I build it from another list, a master list of users.

harbor_users: "{{ harbor_users|default([]) + [ {'username': item.username, 'email': item.username ~ '@mycmopany.com', 'realname': item.name | default(item.username), 'has_admin_role': item.admin | default(false)} ] }}"

[ghost]

`harbor_users: "{{ DOCKER_REPO_USERS }}"`

from the playbook

DOCKER_REPO_USERS:
  - username: "{{ SSH_USER }}"
    password: "{{ INITIAL_PASSWORD }}"
    email: name1@domain.com
    realname: Name one
    role_name: developer
    role_id: 2
    has_admin_role: true
  - username: userbis
    password: Password@455
    email: name2@domain.com
    realname: Name two
    role_name: developer
    role_id: 2
    has_admin_role: true

Variable in another file