Date   

API Call for Vulnerability Report

brianwadesmith@...
 

I'm just starting to use the Harbor API and finding it to be very useful.  I would like to create an automated report to detail Vulnerabilities discovered through scanning.  I see Model references to NativeReportSummary, VulnerabilitySummary, VulnerabilityItem, etc.  I cannot figure out how to call this data via the API.  I'm sure I'm missing something simple.  Could anyone help me out?


Re: Redis usage

Steven Zou
 

Please see comments inline.

 

 

thanks&regards

--

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-users@...> on behalf of "bruno via Lists.Cncf.Io" <bruno=robotinfra.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Tuesday, March 31, 2020 at 15:11
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] Redis usage

 

[Edited Message Follows]
[Reason: add clarification on why I sent this msg]

Many open-source project use redis just as a cache.
What about harbor? why it use it?

 

>>Steven: harbor core and registry components are using Redis as cache.  Jobservice is using Redis as job queue that supports retry and failover restore functions.



I did already my homework on this one, and my last step is too look at harbor code itself... but I have a terrible experiences with beego

I want to be sure if redis data must be:

- persitent on redis statefulset upgrade

>>Steven: Y


- is that data important and must be backup? but as PostgreSQL is already there... I assume critical data that need integrity is stored there. I assume it might just be user sessions.

>>Steven: The underlying job framework is using Redis as queue and some cron spec of periodical jobs launched by jobservice are also stored in Redis


- is redis can be rebuild from PostgreSQL, just not efficient when redis start from a blank PVC.

>>Steven: So far, it cannot. We’re planning to provide a manager (like an inner client of jobservice) that may take some responsibilities to store the stateful data in DB to make sure some data can be rebuilt from DB.



Thanks a lot


Redis usage

bruno@...
 
Edited

Many open-source project use redis just as a cache.
What about harbor? why it use it?

I did already my homework on this one, and my last step is too look at harbor code itself... but I have a terrible experiences with beego

I want to be sure if redis data must be:

- persitent on redis statefulset upgrade
- is that data important and must be backup? but as PostgreSQL is already there... I assume critical data that need integrity is stored there. I assume it might just be user sessions.
- is redis can be rebuild from PostgreSQL, just not efficient when redis start from a blank PVC.

Thanks a lot


error during docker login - Error response from daemon: Get https://172.26.37.250/v2/: x509: cannot validate certificate for 172.26.37.250 because it doesn't contain any IP SANs

ppinker@...
 

I can access the Harbor UI - from my mac connected over VPN
but after the install I try to test docker login and get the error
how to I setup IP SANs ?
this VM  is running in Openstack on an isolated network


Re: Limiting label assigning permissions

Steven Zou
 

Welcome any contributions.

 

You can check the proposal-process to learn how to propose a new feature and check the CONTRIBUTING guide to learn how to start your 1st commit.

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-users@...> on behalf of "Julia Vitória Cardoso via Lists.Cncf.Io" <julia.cardoso=saqueepague.com.br@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Monday, March 23, 2020 at 20:51
To: "harbor-users@..." <harbor-users@...>
Subject: RES: [harbor-users] Limiting label assigning permissions

 

Thanks for answering. Yes, I just confirmed this. The only role that restricts the labels is Guest.

 

I will try some work around to make the restrictions we need, but it would be very useful to have more granular permissions. Maybe in the future I work in something for this problem.

 

Thanks again

 

Julia Cardoso

Segurança de TI julia.cardoso@...

 

Fone: +55 51 3455-1605 /

+55 51 3455-1687

www.saqueepague.com.br

 

 

 

0251c8a3-ed20-4be3-b223-3324bbb53153

De: harbor-users@... <harbor-users@...> Em nome de Steven Zou via Lists.Cncf.Io
Enviada em: sábado, 21 de março de 2020 00:00
Para: harbor-users@...
Assunto: Re: [harbor-users] Limiting label assigning permissions

 

Per my understanding, the answer is no so far.

 

Currently, permissions of adding/removing to the image are granted to `Project Admin`, `Master` and `Developer`. Only `Guest` role has not such permissions, but it also have very minimal/limited permissions to do other actions.

 

 

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-users@...> on behalf of "Julia Vitória Cardoso via Lists.Cncf.Io" <julia.cardoso=saqueepague.com.br@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Friday, March 20, 2020 at 23:29
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] Limiting label assigning permissions

 

Hi there. We are working with labels in Harbor to configure replication of images, but because of this we need to limit who can assign a label to certain image, as this label will provide the replication of the image after approval.

 

Is this possible?

 

Julia Cardoso

Segurança de TI julia.cardoso@...

 

Fone: +55 51 3455-1605 /

+55 51 3455-1687

www.saqueepague.com.br

 

 

 

0251c8a3-ed20-4be3-b223-3324bbb53153

Aviso: O conteúdo integral deste e-mail, incluindo os anexos, é destinado exclusivamente ao(s) destinatário(s) nomeado(s) e contém informações confidenciais. Você está notificado e ciente que qualquer divulgação, disseminação, distribuição, cópia ou outro uso deste conteúdo é terminantemente proibido sem o prévio consentimento por escrito da Saque e Pague e sujeito a penalidade do art. 153 do Código Penal. Se você recebeu esta comunicação por engano, por favor, notifique imediatamente o remetente por e-mail de resposta.

Aviso: O conteúdo integral deste e-mail, incluindo os anexos, é destinado exclusivamente ao(s) destinatário(s) nomeado(s) e contém informações confidenciais. Você está notificado e ciente que qualquer divulgação, disseminação, distribuição, cópia ou outro uso deste conteúdo é terminantemente proibido sem o prévio consentimento por escrito da Saque e Pague e sujeito a penalidade do art. 153 do Código Penal. Se você recebeu esta comunicação por engano, por favor, notifique imediatamente o remetente por e-mail de resposta.


RES: [harbor-users] Limiting label assigning permissions

Julia Vitória Cardoso
 

Thanks for answering. Yes, I just confirmed this. The only role that restricts the labels is Guest.

 

I will try some work around to make the restrictions we need, but it would be very useful to have more granular permissions. Maybe in the future I work in something for this problem.

 

Thanks again

 

Julia Cardoso

Segurança de TI julia.cardoso@...

 

Fone: +55 51 3455-1605 /

+55 51 3455-1687

www.saqueepague.com.br

 

 

 

0251c8a3-ed20-4be3-b223-3324bbb53153

De: harbor-users@... <harbor-users@...> Em nome de Steven Zou via Lists.Cncf.Io
Enviada em: sábado, 21 de março de 2020 00:00
Para: harbor-users@...
Assunto: Re: [harbor-users] Limiting label assigning permissions

 

Per my understanding, the answer is no so far.

 

Currently, permissions of adding/removing to the image are granted to `Project Admin`, `Master` and `Developer`. Only `Guest` role has not such permissions, but it also have very minimal/limited permissions to do other actions.

 

 

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-users@...> on behalf of "Julia Vitória Cardoso via Lists.Cncf.Io" <julia.cardoso=saqueepague.com.br@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Friday, March 20, 2020 at 23:29
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] Limiting label assigning permissions

 

Hi there. We are working with labels in Harbor to configure replication of images, but because of this we need to limit who can assign a label to certain image, as this label will provide the replication of the image after approval.

 

Is this possible?

 

Julia Cardoso

Segurança de TI julia.cardoso@...

 

Fone: +55 51 3455-1605 /

+55 51 3455-1687

www.saqueepague.com.br

 

 

 

0251c8a3-ed20-4be3-b223-3324bbb53153

Aviso: O conteúdo integral deste e-mail, incluindo os anexos, é destinado exclusivamente ao(s) destinatário(s) nomeado(s) e contém informações confidenciais. Você está notificado e ciente que qualquer divulgação, disseminação, distribuição, cópia ou outro uso deste conteúdo é terminantemente proibido sem o prévio consentimento por escrito da Saque e Pague e sujeito a penalidade do art. 153 do Código Penal. Se você recebeu esta comunicação por engano, por favor, notifique imediatamente o remetente por e-mail de resposta.

Aviso: O conteúdo integral deste e-mail, incluindo os anexos, é destinado exclusivamente ao(s) destinatário(s) nomeado(s) e contém informações confidenciais. Você está notificado e ciente que qualquer divulgação, disseminação, distribuição, cópia ou outro uso deste conteúdo é terminantemente proibido sem o prévio consentimento por escrito da Saque e Pague e sujeito a penalidade do art. 153 do Código Penal. Se você recebeu esta comunicação por engano, por favor, notifique imediatamente o remetente por e-mail de resposta.


Re: Limiting label assigning permissions

Steven Zou
 

Per my understanding, the answer is no so far.

 

Currently, permissions of adding/removing to the image are granted to `Project Admin`, `Master` and `Developer`. Only `Guest` role has not such permissions, but it also have very minimal/limited permissions to do other actions.

 

 

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-users@...> on behalf of "Julia Vitória Cardoso via Lists.Cncf.Io" <julia.cardoso=saqueepague.com.br@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Friday, March 20, 2020 at 23:29
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] Limiting label assigning permissions

 

Hi there. We are working with labels in Harbor to configure replication of images, but because of this we need to limit who can assign a label to certain image, as this label will provide the replication of the image after approval.

 

Is this possible?

 

Julia Cardoso

Segurança de TI julia.cardoso@...

 

Fone: +55 51 3455-1605 /

+55 51 3455-1687

www.saqueepague.com.br

 

 

 

0251c8a3-ed20-4be3-b223-3324bbb53153

Aviso: O conteúdo integral deste e-mail, incluindo os anexos, é destinado exclusivamente ao(s) destinatário(s) nomeado(s) e contém informações confidenciais. Você está notificado e ciente que qualquer divulgação, disseminação, distribuição, cópia ou outro uso deste conteúdo é terminantemente proibido sem o prévio consentimento por escrito da Saque e Pague e sujeito a penalidade do art. 153 do Código Penal. Se você recebeu esta comunicação por engano, por favor, notifique imediatamente o remetente por e-mail de resposta.


Limiting label assigning permissions

Julia Vitória Cardoso
 

Hi there. We are working with labels in Harbor to configure replication of images, but because of this we need to limit who can assign a label to certain image, as this label will provide the replication of the image after approval.

 

Is this possible?

 

Julia Cardoso

Segurança de TI julia.cardoso@...

 

Fone: +55 51 3455-1605 /

+55 51 3455-1687

www.saqueepague.com.br

 

 


0251c8a3-ed20-4be3-b223-3324bbb53153

Aviso: O conteúdo integral deste e-mail, incluindo os anexos, é destinado exclusivamente ao(s) destinatário(s) nomeado(s) e contém informações confidenciais. Você está notificado e ciente que qualquer divulgação, disseminação, distribuição, cópia ou outro uso deste conteúdo é terminantemente proibido sem o prévio consentimento por escrito da Saque e Pague e sujeito a penalidade do art. 153 do Código Penal. Se você recebeu esta comunicação por engano, por favor, notifique imediatamente o remetente por e-mail de resposta.


Re: PersistentVolumeClaims issue on jobservice

Gaurav Negi
 

After I disabled persistence in value files, it generated the right template and using that
I was able to deploy in k8s cluster. 

Thanks
-Gaurav

On Fri, Mar 13, 2020 at 5:31 PM Gaurav Negi <gaurav.negi@...> wrote:
Dear Harbor experts,
   Can you please help me fix the issue I am facing?
I deployed Harbor via using Helm. (generated k8s manifest using helm and then applying kubectl). 

1. My jobservice POS are not coming up. All other pods are running.

prod-harbor-harbor-jobservice-65465446bb-6m6gl   0/1     Pending   0          27m

prod-harbor-harbor-jobservice-65465446bb-7n4km   0/1     Pending   0          27m

prod-harbor-harbor-jobservice-65465446bb-8mjcc   0/1     Pending   0          27m



2. Describing pods it says


Events:

  Type     Reason            Age                 From               Message

  ----     ------            ----                ----               -------

  Warning  FailedScheduling  18s (x16 over 20m)  default-scheduler  pod has unbound immediate PersistentVolumeClaims (repeated 6 times)


Some complaint about PersistentVolumeClaims


3. My manifest file says following about the jobservice. 


---

# Source: harbor/templates/jobservice/jobservice-pvc.yaml

kind: PersistentVolumeClaim

apiVersion: v1

metadata:

  name: prod-harbor-harbor-jobservice

  annotations:

    helm.sh/resource-policy: keep

  labels:

    heritage: Helm

    release: prod-harbor

    chart: harbor

    app: "harbor"

    component: jobservice

spec:

  accessModes:

    - ReadWriteOnce

  resources:

    requests:

      storage: 1Gi

---


Any input will be highly appreciated. 

Thanks
-Gaurav


RES: [harbor-users] Configuring LDAP Auth retrieves random AD groups to Harbor

Julia Vitória Cardoso
 

Thanks for answering. Just checked the issues and found an open issue with this problem. Added informations there and will keep an eye on it.

 

Thanks again.

 

Julia Cardoso

Segurança de TI julia.cardoso@...

 

Fone: +55 51 3455-1605 /

+55 51 3455-1687

www.saqueepague.com.br

 

 

 

d8c2fa7e-ad4f-43e2-8e5d-8becd65c46ce

De: harbor-users@... <harbor-users@...> Em nome de daojunz via Lists.Cncf.Io
Enviada em: quarta-feira, 11 de março de 2020 10:08
Para: harbor-users@...
Assunto: Re: [harbor-users] Configuring LDAP Auth retrieves random AD groups to Harbor

 

Julia,

 

Could you please open an issue in github?

 

Best regards,

Stone (张道军)

Software Engineer, CNA, VMware R&D

 

-- 

 

 

From: <harbor-users@...> on behalf of "julia.cardoso via Lists.Cncf.Io" <julia.cardoso=saqueepague.com.br@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Wednesday, March 11, 2020 at 8:46 PM
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] Configuring LDAP Auth retrieves random AD groups to Harbor

 

Hello, and thanks you all for this amazing message group. 

Does anyone had an issue of ldap retrieving groups that were not supposed to be retrieved? 

We are facing an issue after configuring active directory to authenticate users in our Harbor fresh installation. The connection works just fine: We created a group to users who need the basic access, then the configuration in Harbor is using a LDAP filter to look after users in this group. This was the only way we could restrinct to only members of the group "harbor_access_whatever". Works just fine. 

The problem is that after logging with said users, harbor brings a lot of random groups from AD and sets them as a Harbor Group. When i say random groups, it means "Domain Users", "Whatever_other_tool_we_use_access", etc. I think one connection may be that the user that logs in harbor has access in this groups? I am not sure. 

Then I thought it was configuration problem of the groups retireving config, but no matter what I put there it does the same. I tried to: 
- Configure just the group i wanted to look at
- Let it empty
- Put an LDAP filter to validate if the groups are member of harbor specific group
- Manually deny reading permission at certain groups for the consulting user for harbor in Active Directory. 
- Deleting the groups direct on Postgres database. When user logs, groups come back from the ashes
- a lot of other things i do not remember. It was a lot of try and error. 

I am exausted, heh. Does anyone has an tip for me?

Aviso: O conteúdo integral deste e-mail, incluindo os anexos, é destinado exclusivamente ao(s) destinatário(s) nomeado(s) e contém informações confidenciais. Você está notificado e ciente que qualquer divulgação, disseminação, distribuição, cópia ou outro uso deste conteúdo é terminantemente proibido sem o prévio consentimento por escrito da Saque e Pague e sujeito a penalidade do art. 153 do Código Penal. Se você recebeu esta comunicação por engano, por favor, notifique imediatamente o remetente por e-mail de resposta.


PersistentVolumeClaims issue on jobservice

Gaurav Negi
 

Dear Harbor experts,
   Can you please help me fix the issue I am facing?
I deployed Harbor via using Helm. (generated k8s manifest using helm and then applying kubectl). 

1. My jobservice POS are not coming up. All other pods are running.

prod-harbor-harbor-jobservice-65465446bb-6m6gl   0/1     Pending   0          27m

prod-harbor-harbor-jobservice-65465446bb-7n4km   0/1     Pending   0          27m

prod-harbor-harbor-jobservice-65465446bb-8mjcc   0/1     Pending   0          27m



2. Describing pods it says


Events:

  Type     Reason            Age                 From               Message

  ----     ------            ----                ----               -------

  Warning  FailedScheduling  18s (x16 over 20m)  default-scheduler  pod has unbound immediate PersistentVolumeClaims (repeated 6 times)


Some complaint about PersistentVolumeClaims


3. My manifest file says following about the jobservice. 


---

# Source: harbor/templates/jobservice/jobservice-pvc.yaml

kind: PersistentVolumeClaim

apiVersion: v1

metadata:

  name: prod-harbor-harbor-jobservice

  annotations:

    helm.sh/resource-policy: keep

  labels:

    heritage: Helm

    release: prod-harbor

    chart: harbor

    app: "harbor"

    component: jobservice

spec:

  accessModes:

    - ReadWriteOnce

  resources:

    requests:

      storage: 1Gi

---


Any input will be highly appreciated. 

Thanks
-Gaurav


Re: Configuring LDAP Auth retrieves random AD groups to Harbor

daojunz
 

Julia,

 

Could you please open an issue in github?

 

Best regards,

Stone (张道军)

Software Engineer, CNA, VMware R&D

 

-- 

 

 

From: <harbor-users@...> on behalf of "julia.cardoso via Lists.Cncf.Io" <julia.cardoso=saqueepague.com.br@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Wednesday, March 11, 2020 at 8:46 PM
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] Configuring LDAP Auth retrieves random AD groups to Harbor

 

Hello, and thanks you all for this amazing message group. 

Does anyone had an issue of ldap retrieving groups that were not supposed to be retrieved? 

We are facing an issue after configuring active directory to authenticate users in our Harbor fresh installation. The connection works just fine: We created a group to users who need the basic access, then the configuration in Harbor is using a LDAP filter to look after users in this group. This was the only way we could restrinct to only members of the group "harbor_access_whatever". Works just fine. 

The problem is that after logging with said users, harbor brings a lot of random groups from AD and sets them as a Harbor Group. When i say random groups, it means "Domain Users", "Whatever_other_tool_we_use_access", etc. I think one connection may be that the user that logs in harbor has access in this groups? I am not sure. 

Then I thought it was configuration problem of the groups retireving config, but no matter what I put there it does the same. I tried to: 
- Configure just the group i wanted to look at
- Let it empty
- Put an LDAP filter to validate if the groups are member of harbor specific group
- Manually deny reading permission at certain groups for the consulting user for harbor in Active Directory. 
- Deleting the groups direct on Postgres database. When user logs, groups come back from the ashes
- a lot of other things i do not remember. It was a lot of try and error. 

I am exausted, heh. Does anyone has an tip for me?


Configuring LDAP Auth retrieves random AD groups to Harbor

Julia Vitória Cardoso
 

Hello, and thanks you all for this amazing message group. 

Does anyone had an issue of ldap retrieving groups that were not supposed to be retrieved? 

We are facing an issue after configuring active directory to authenticate users in our Harbor fresh installation. The connection works just fine: We created a group to users who need the basic access, then the configuration in Harbor is using a LDAP filter to look after users in this group. This was the only way we could restrinct to only members of the group "harbor_access_whatever". Works just fine. 

The problem is that after logging with said users, harbor brings a lot of random groups from AD and sets them as a Harbor Group. When i say random groups, it means "Domain Users", "Whatever_other_tool_we_use_access", etc. I think one connection may be that the user that logs in harbor has access in this groups? I am not sure. 

Then I thought it was configuration problem of the groups retireving config, but no matter what I put there it does the same. I tried to: 
- Configure just the group i wanted to look at
- Let it empty
- Put an LDAP filter to validate if the groups are member of harbor specific group
- Manually deny reading permission at certain groups for the consulting user for harbor in Active Directory. 
- Deleting the groups direct on Postgres database. When user logs, groups come back from the ashes
- a lot of other things i do not remember. It was a lot of try and error. 

I am exausted, heh. Does anyone has an tip for me?


Data migration of harbour #cal-invite

gamebouy09@...
 

I need to migrate my harbor instance to a new machine - the existing machine is running out of storage and also it is running with Ubuntu-16.04. So I have provisioned a new Ubuntu-18.04 with bigger storage (NFS mount). As my existing harbor has lots of images stored (~2TB), I need to migrate them to the new machine. Has anyone done this before? Would be a great help if you can share your experience.
Current harbor version: v1.8.0
Target version: v1.10.0


Re: Unable to sync images from hub.docker.com

Prasad K <email.kprasad@...>
 

Yes, I'm replicating images under library. I cleared the credentials and did a test connection and got the same error message. This is what I found from the logs after clicking test connection:
----
Feb 18 07:11:09 host-name core[12699]: 2020-02-18T07:11:09Z [WARNING] Schemas [] are unsupported
Feb 18 07:11:09 host-name core[12699]: 2020-02-18T07:11:09Z [WARNING] empty realm, skip
Feb 18 07:11:10 host-name core[12699]: 2020-02-18T07:11:10Z [ERROR] [target.go:65]: failed to ping target: 404
----

The endpoint URL is "https://hub.docker.com". Is there something missing in my configuration ?

Thanks,
Prasad

On Tue, 18 Feb 2020 at 12:37, Steven Zou via Lists.Cncf.Io <szou=vmware.com@...> wrote:

Test connection failed means the harbor service cannot connect to the docker hub and then the replication will be definitely failed.  For replicating images under library, you do not need to provide credentials. You can clear the credential and do “Test Connection” again (uncheck the “Verify remote cert” too).

 

As far as I know, docker hub replication adapter is working well so far.

 

If the issue is still existing, you can raise an issue in our GitHub repo and provide related contexts/logs for debugging.

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-users@...> on behalf of "Prasad K via Lists.Cncf.Io" <email.kprasad=gmail.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Tuesday, February 18, 2020 at 14:57
To: "harbor-users@..." <harbor-users@...>
Subject: Re: [harbor-users] Unable to sync images from hub.docker.com

 

Hi Steven,

 

I tired but still the same result. I also checked the logs and could find only this :

-----

Feb 18 06:46:00 host-name core[12699]: 2020-02-18T06:46:00Z [INFO] replication signal for policy 5 sent

Feb 18 06:46:00 host-name core[12699]: 2020/02/18 06:46:00 #033[1;44m[D] [server.go:2619] |  182.74.75.171|#033[42m 200 #033[0m|   4.135711ms|   match|#033[46m POST    #033[0m /api/replications   r:/api/replications#033[0m

Feb 18 06:46:00 host-name core[12699]: 2020-02-18T06:46:00Z [INFO] Handle notification with topic 'StartReplication': notification.StartReplicationNotification{PolicyID:5, Metadata:map[string]interface {}{"op_uuid":"539253553bd54e728ac9d79c39a214e3"}}

-----

 

Also I just noticed, the registry endpoint which I added for DockerHub, on clicking "Test Connection" it says failed to ping endpoint. Could this be the issue ? But I'm able to curl the endpoint from the harbor node successfully, so connectivity is not an issue.

----

root [ /harbor ]# curl -I https://hub.docker.com

HTTP/1.1 200 OK

Date: Tue, 18 Feb 2020 06:55:49 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 2110

ETag: W/"83e-soAKjyBJXD/TFDFDjBU9dyLtT5o"

Vary: Accept-Encoding

Server: nginx

X-Frame-Options: deny

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Strict-Transport-Security: max-age=31536000

-----

 

Thanks,

Prasad

 

 


Re: Unable to sync images from hub.docker.com

Steven Zou
 

Test connection failed means the harbor service cannot connect to the docker hub and then the replication will be definitely failed.  For replicating images under library, you do not need to provide credentials. You can clear the credential and do “Test Connection” again (uncheck the “Verify remote cert” too).

 

As far as I know, docker hub replication adapter is working well so far.

 

If the issue is still existing, you can raise an issue in our GitHub repo and provide related contexts/logs for debugging.

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-users@...> on behalf of "Prasad K via Lists.Cncf.Io" <email.kprasad=gmail.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Tuesday, February 18, 2020 at 14:57
To: "harbor-users@..." <harbor-users@...>
Subject: Re: [harbor-users] Unable to sync images from hub.docker.com

 

Hi Steven,

 

I tired but still the same result. I also checked the logs and could find only this :

-----

Feb 18 06:46:00 host-name core[12699]: 2020-02-18T06:46:00Z [INFO] replication signal for policy 5 sent

Feb 18 06:46:00 host-name core[12699]: 2020/02/18 06:46:00 #033[1;44m[D] [server.go:2619] |  182.74.75.171|#033[42m 200 #033[0m|   4.135711ms|   match|#033[46m POST    #033[0m /api/replications   r:/api/replications#033[0m

Feb 18 06:46:00 host-name core[12699]: 2020-02-18T06:46:00Z [INFO] Handle notification with topic 'StartReplication': notification.StartReplicationNotification{PolicyID:5, Metadata:map[string]interface {}{"op_uuid":"539253553bd54e728ac9d79c39a214e3"}}

-----

 

Also I just noticed, the registry endpoint which I added for DockerHub, on clicking "Test Connection" it says failed to ping endpoint. Could this be the issue ? But I'm able to curl the endpoint from the harbor node successfully, so connectivity is not an issue.

----

root [ /harbor ]# curl -I https://hub.docker.com

HTTP/1.1 200 OK

Date: Tue, 18 Feb 2020 06:55:49 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 2110

ETag: W/"83e-soAKjyBJXD/TFDFDjBU9dyLtT5o"

Vary: Accept-Encoding

Server: nginx

X-Frame-Options: deny

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Strict-Transport-Security: max-age=31536000

-----

 

Thanks,

Prasad

 

 


Re: Unable to sync images from hub.docker.com

email.kprasad@...
 

Hi Steven,

I tired but still the same result. I also checked the logs and could find only this :
-----
Feb 18 06:46:00 host-name core[12699]: 2020-02-18T06:46:00Z [INFO] replication signal for policy 5 sent
Feb 18 06:46:00 host-name core[12699]: 2020/02/18 06:46:00 #033[1;44m[D] [server.go:2619] |  182.74.75.171|#033[42m 200 #033[0m|   4.135711ms|   match|#033[46m POST    #033[0m /api/replications   r:/api/replications#033[0m
Feb 18 06:46:00 host-name core[12699]: 2020-02-18T06:46:00Z [INFO] Handle notification with topic 'StartReplication': notification.StartReplicationNotification{PolicyID:5, Metadata:map[string]interface {}{"op_uuid":"539253553bd54e728ac9d79c39a214e3"}}
-----

Also I just noticed, the registry endpoint which I added for DockerHub, on clicking "Test Connection" it says failed to ping endpoint. Could this be the issue ? But I'm able to curl the endpoint from the harbor node successfully, so connectivity is not an issue.
----
root [ /harbor ]# curl -I https://hub.docker.com
HTTP/1.1 200 OK
Date: Tue, 18 Feb 2020 06:55:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2110
ETag: W/"83e-soAKjyBJXD/TFDFDjBU9dyLtT5o"
Vary: Accept-Encoding
Server: nginx
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000
-----

Thanks,
Prasad



Re: Unable to sync images from hub.docker.com

Steven Zou
 

Can you try the following pattern:

 

  Repository : library/redis*

  Tag: latest

 

 

And check what happen?

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-users@...> on behalf of "email.kprasad via Lists.Cncf.Io" <email.kprasad=gmail.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Tuesday, February 18, 2020 at 13:08
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] Unable to sync images from hub.docker.com

 

Hi All,

I'm trying to test image replication from hub.docker.com but nothing happens after clicking "REPLICATE" button. The following are settings:

Harbor Version v1.7.5-a8f6543a

Under Registries:

Under Replications:

  • Source images filter : "repository"  r/andyshinn/dnsmasq


In the "source images filter" field I tried various combinations of repo name, like just "dnsmasq" and "andyshinn/dnsmasq". I also tried replicating different repo like "_/python", but still facing the same issue, not able to replicate. Any idea what could be the issue ?

Regards,
Prasad

 


Unable to sync images from hub.docker.com

email.kprasad@...
 

Hi All,

I'm trying to test image replication from hub.docker.com but nothing happens after clicking "REPLICATE" button. The following are settings:

Harbor Version v1.7.5-a8f6543a

Under Registries:
Under Replications:
  • Source images filter : "repository"  r/andyshinn/dnsmasq

In the "source images filter" field I tried various combinations of repo name, like just "dnsmasq" and "andyshinn/dnsmasq". I also tried replicating different repo like "_/python", but still facing the same issue, not able to replicate. Any idea what could be the issue ?

Regards,
Prasad



Re: Public projects

Daniel Jiang
 

I don’t think there’s a way to achieve that.

 

 

Best Regards

— 

Daniel Jiang  | 姜坦

Engineer, VMware R&D, Beijing

+86 10-59934536

 

 

On 2020/2/10, 4:18 PM, "harbor-users@... on behalf of n.rusanov via Lists.Cncf.Io" <harbor-users@... on behalf of n.rusanov=gmail.com@...> wrote:

 

Hi!
How to disable the ability to make projects public? The user can create a project and make it publicly available. It is necessary to retain the ability to create projects, but to remove the ability to make projects with public access.


141 - 160 of 288