Date   

Re: Limiting label assigning permissions

Steven Zou
 

Welcome any contributions.

 

You can check the proposal-process to learn how to propose a new feature and check the CONTRIBUTING guide to learn how to start your 1st commit.

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-users@...> on behalf of "Julia Vitória Cardoso via Lists.Cncf.Io" <julia.cardoso=saqueepague.com.br@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Monday, March 23, 2020 at 20:51
To: "harbor-users@..." <harbor-users@...>
Subject: RES: [harbor-users] Limiting label assigning permissions

 

Thanks for answering. Yes, I just confirmed this. The only role that restricts the labels is Guest.

 

I will try some work around to make the restrictions we need, but it would be very useful to have more granular permissions. Maybe in the future I work in something for this problem.

 

Thanks again

 

Julia Cardoso

Segurança de TI julia.cardoso@...

 

Fone: +55 51 3455-1605 /

+55 51 3455-1687

www.saqueepague.com.br

 

 

 

0251c8a3-ed20-4be3-b223-3324bbb53153

De: harbor-users@... <harbor-users@...> Em nome de Steven Zou via Lists.Cncf.Io
Enviada em: sábado, 21 de março de 2020 00:00
Para: harbor-users@...
Assunto: Re: [harbor-users] Limiting label assigning permissions

 

Per my understanding, the answer is no so far.

 

Currently, permissions of adding/removing to the image are granted to `Project Admin`, `Master` and `Developer`. Only `Guest` role has not such permissions, but it also have very minimal/limited permissions to do other actions.

 

 

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-users@...> on behalf of "Julia Vitória Cardoso via Lists.Cncf.Io" <julia.cardoso=saqueepague.com.br@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Friday, March 20, 2020 at 23:29
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] Limiting label assigning permissions

 

Hi there. We are working with labels in Harbor to configure replication of images, but because of this we need to limit who can assign a label to certain image, as this label will provide the replication of the image after approval.

 

Is this possible?

 

Julia Cardoso

Segurança de TI julia.cardoso@...

 

Fone: +55 51 3455-1605 /

+55 51 3455-1687

www.saqueepague.com.br

 

 

 

0251c8a3-ed20-4be3-b223-3324bbb53153

Aviso: O conteúdo integral deste e-mail, incluindo os anexos, é destinado exclusivamente ao(s) destinatário(s) nomeado(s) e contém informações confidenciais. Você está notificado e ciente que qualquer divulgação, disseminação, distribuição, cópia ou outro uso deste conteúdo é terminantemente proibido sem o prévio consentimento por escrito da Saque e Pague e sujeito a penalidade do art. 153 do Código Penal. Se você recebeu esta comunicação por engano, por favor, notifique imediatamente o remetente por e-mail de resposta.

Aviso: O conteúdo integral deste e-mail, incluindo os anexos, é destinado exclusivamente ao(s) destinatário(s) nomeado(s) e contém informações confidenciais. Você está notificado e ciente que qualquer divulgação, disseminação, distribuição, cópia ou outro uso deste conteúdo é terminantemente proibido sem o prévio consentimento por escrito da Saque e Pague e sujeito a penalidade do art. 153 do Código Penal. Se você recebeu esta comunicação por engano, por favor, notifique imediatamente o remetente por e-mail de resposta.


RES: [harbor-users] Limiting label assigning permissions

Julia Vitória Cardoso
 

Thanks for answering. Yes, I just confirmed this. The only role that restricts the labels is Guest.

 

I will try some work around to make the restrictions we need, but it would be very useful to have more granular permissions. Maybe in the future I work in something for this problem.

 

Thanks again

 

Julia Cardoso

Segurança de TI julia.cardoso@...

 

Fone: +55 51 3455-1605 /

+55 51 3455-1687

www.saqueepague.com.br

 

 

 

0251c8a3-ed20-4be3-b223-3324bbb53153

De: harbor-users@... <harbor-users@...> Em nome de Steven Zou via Lists.Cncf.Io
Enviada em: sábado, 21 de março de 2020 00:00
Para: harbor-users@...
Assunto: Re: [harbor-users] Limiting label assigning permissions

 

Per my understanding, the answer is no so far.

 

Currently, permissions of adding/removing to the image are granted to `Project Admin`, `Master` and `Developer`. Only `Guest` role has not such permissions, but it also have very minimal/limited permissions to do other actions.

 

 

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-users@...> on behalf of "Julia Vitória Cardoso via Lists.Cncf.Io" <julia.cardoso=saqueepague.com.br@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Friday, March 20, 2020 at 23:29
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] Limiting label assigning permissions

 

Hi there. We are working with labels in Harbor to configure replication of images, but because of this we need to limit who can assign a label to certain image, as this label will provide the replication of the image after approval.

 

Is this possible?

 

Julia Cardoso

Segurança de TI julia.cardoso@...

 

Fone: +55 51 3455-1605 /

+55 51 3455-1687

www.saqueepague.com.br

 

 

 

0251c8a3-ed20-4be3-b223-3324bbb53153

Aviso: O conteúdo integral deste e-mail, incluindo os anexos, é destinado exclusivamente ao(s) destinatário(s) nomeado(s) e contém informações confidenciais. Você está notificado e ciente que qualquer divulgação, disseminação, distribuição, cópia ou outro uso deste conteúdo é terminantemente proibido sem o prévio consentimento por escrito da Saque e Pague e sujeito a penalidade do art. 153 do Código Penal. Se você recebeu esta comunicação por engano, por favor, notifique imediatamente o remetente por e-mail de resposta.

Aviso: O conteúdo integral deste e-mail, incluindo os anexos, é destinado exclusivamente ao(s) destinatário(s) nomeado(s) e contém informações confidenciais. Você está notificado e ciente que qualquer divulgação, disseminação, distribuição, cópia ou outro uso deste conteúdo é terminantemente proibido sem o prévio consentimento por escrito da Saque e Pague e sujeito a penalidade do art. 153 do Código Penal. Se você recebeu esta comunicação por engano, por favor, notifique imediatamente o remetente por e-mail de resposta.


Re: Limiting label assigning permissions

Steven Zou
 

Per my understanding, the answer is no so far.

 

Currently, permissions of adding/removing to the image are granted to `Project Admin`, `Master` and `Developer`. Only `Guest` role has not such permissions, but it also have very minimal/limited permissions to do other actions.

 

 

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-users@...> on behalf of "Julia Vitória Cardoso via Lists.Cncf.Io" <julia.cardoso=saqueepague.com.br@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Friday, March 20, 2020 at 23:29
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] Limiting label assigning permissions

 

Hi there. We are working with labels in Harbor to configure replication of images, but because of this we need to limit who can assign a label to certain image, as this label will provide the replication of the image after approval.

 

Is this possible?

 

Julia Cardoso

Segurança de TI julia.cardoso@...

 

Fone: +55 51 3455-1605 /

+55 51 3455-1687

www.saqueepague.com.br

 

 

 

0251c8a3-ed20-4be3-b223-3324bbb53153

Aviso: O conteúdo integral deste e-mail, incluindo os anexos, é destinado exclusivamente ao(s) destinatário(s) nomeado(s) e contém informações confidenciais. Você está notificado e ciente que qualquer divulgação, disseminação, distribuição, cópia ou outro uso deste conteúdo é terminantemente proibido sem o prévio consentimento por escrito da Saque e Pague e sujeito a penalidade do art. 153 do Código Penal. Se você recebeu esta comunicação por engano, por favor, notifique imediatamente o remetente por e-mail de resposta.


Limiting label assigning permissions

Julia Vitória Cardoso
 

Hi there. We are working with labels in Harbor to configure replication of images, but because of this we need to limit who can assign a label to certain image, as this label will provide the replication of the image after approval.

 

Is this possible?

 

Julia Cardoso

Segurança de TI julia.cardoso@...

 

Fone: +55 51 3455-1605 /

+55 51 3455-1687

www.saqueepague.com.br

 

 


0251c8a3-ed20-4be3-b223-3324bbb53153

Aviso: O conteúdo integral deste e-mail, incluindo os anexos, é destinado exclusivamente ao(s) destinatário(s) nomeado(s) e contém informações confidenciais. Você está notificado e ciente que qualquer divulgação, disseminação, distribuição, cópia ou outro uso deste conteúdo é terminantemente proibido sem o prévio consentimento por escrito da Saque e Pague e sujeito a penalidade do art. 153 do Código Penal. Se você recebeu esta comunicação por engano, por favor, notifique imediatamente o remetente por e-mail de resposta.


Re: PersistentVolumeClaims issue on jobservice

Gaurav Negi
 

After I disabled persistence in value files, it generated the right template and using that
I was able to deploy in k8s cluster. 

Thanks
-Gaurav

On Fri, Mar 13, 2020 at 5:31 PM Gaurav Negi <gaurav.negi@...> wrote:
Dear Harbor experts,
   Can you please help me fix the issue I am facing?
I deployed Harbor via using Helm. (generated k8s manifest using helm and then applying kubectl). 

1. My jobservice POS are not coming up. All other pods are running.

prod-harbor-harbor-jobservice-65465446bb-6m6gl   0/1     Pending   0          27m

prod-harbor-harbor-jobservice-65465446bb-7n4km   0/1     Pending   0          27m

prod-harbor-harbor-jobservice-65465446bb-8mjcc   0/1     Pending   0          27m



2. Describing pods it says


Events:

  Type     Reason            Age                 From               Message

  ----     ------            ----                ----               -------

  Warning  FailedScheduling  18s (x16 over 20m)  default-scheduler  pod has unbound immediate PersistentVolumeClaims (repeated 6 times)


Some complaint about PersistentVolumeClaims


3. My manifest file says following about the jobservice. 


---

# Source: harbor/templates/jobservice/jobservice-pvc.yaml

kind: PersistentVolumeClaim

apiVersion: v1

metadata:

  name: prod-harbor-harbor-jobservice

  annotations:

    helm.sh/resource-policy: keep

  labels:

    heritage: Helm

    release: prod-harbor

    chart: harbor

    app: "harbor"

    component: jobservice

spec:

  accessModes:

    - ReadWriteOnce

  resources:

    requests:

      storage: 1Gi

---


Any input will be highly appreciated. 

Thanks
-Gaurav


RES: [harbor-users] Configuring LDAP Auth retrieves random AD groups to Harbor

Julia Vitória Cardoso
 

Thanks for answering. Just checked the issues and found an open issue with this problem. Added informations there and will keep an eye on it.

 

Thanks again.

 

Julia Cardoso

Segurança de TI julia.cardoso@...

 

Fone: +55 51 3455-1605 /

+55 51 3455-1687

www.saqueepague.com.br

 

 

 

d8c2fa7e-ad4f-43e2-8e5d-8becd65c46ce

De: harbor-users@... <harbor-users@...> Em nome de daojunz via Lists.Cncf.Io
Enviada em: quarta-feira, 11 de março de 2020 10:08
Para: harbor-users@...
Assunto: Re: [harbor-users] Configuring LDAP Auth retrieves random AD groups to Harbor

 

Julia,

 

Could you please open an issue in github?

 

Best regards,

Stone (张道军)

Software Engineer, CNA, VMware R&D

 

-- 

 

 

From: <harbor-users@...> on behalf of "julia.cardoso via Lists.Cncf.Io" <julia.cardoso=saqueepague.com.br@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Wednesday, March 11, 2020 at 8:46 PM
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] Configuring LDAP Auth retrieves random AD groups to Harbor

 

Hello, and thanks you all for this amazing message group. 

Does anyone had an issue of ldap retrieving groups that were not supposed to be retrieved? 

We are facing an issue after configuring active directory to authenticate users in our Harbor fresh installation. The connection works just fine: We created a group to users who need the basic access, then the configuration in Harbor is using a LDAP filter to look after users in this group. This was the only way we could restrinct to only members of the group "harbor_access_whatever". Works just fine. 

The problem is that after logging with said users, harbor brings a lot of random groups from AD and sets them as a Harbor Group. When i say random groups, it means "Domain Users", "Whatever_other_tool_we_use_access", etc. I think one connection may be that the user that logs in harbor has access in this groups? I am not sure. 

Then I thought it was configuration problem of the groups retireving config, but no matter what I put there it does the same. I tried to: 
- Configure just the group i wanted to look at
- Let it empty
- Put an LDAP filter to validate if the groups are member of harbor specific group
- Manually deny reading permission at certain groups for the consulting user for harbor in Active Directory. 
- Deleting the groups direct on Postgres database. When user logs, groups come back from the ashes
- a lot of other things i do not remember. It was a lot of try and error. 

I am exausted, heh. Does anyone has an tip for me?

Aviso: O conteúdo integral deste e-mail, incluindo os anexos, é destinado exclusivamente ao(s) destinatário(s) nomeado(s) e contém informações confidenciais. Você está notificado e ciente que qualquer divulgação, disseminação, distribuição, cópia ou outro uso deste conteúdo é terminantemente proibido sem o prévio consentimento por escrito da Saque e Pague e sujeito a penalidade do art. 153 do Código Penal. Se você recebeu esta comunicação por engano, por favor, notifique imediatamente o remetente por e-mail de resposta.


PersistentVolumeClaims issue on jobservice

Gaurav Negi
 

Dear Harbor experts,
   Can you please help me fix the issue I am facing?
I deployed Harbor via using Helm. (generated k8s manifest using helm and then applying kubectl). 

1. My jobservice POS are not coming up. All other pods are running.

prod-harbor-harbor-jobservice-65465446bb-6m6gl   0/1     Pending   0          27m

prod-harbor-harbor-jobservice-65465446bb-7n4km   0/1     Pending   0          27m

prod-harbor-harbor-jobservice-65465446bb-8mjcc   0/1     Pending   0          27m



2. Describing pods it says


Events:

  Type     Reason            Age                 From               Message

  ----     ------            ----                ----               -------

  Warning  FailedScheduling  18s (x16 over 20m)  default-scheduler  pod has unbound immediate PersistentVolumeClaims (repeated 6 times)


Some complaint about PersistentVolumeClaims


3. My manifest file says following about the jobservice. 


---

# Source: harbor/templates/jobservice/jobservice-pvc.yaml

kind: PersistentVolumeClaim

apiVersion: v1

metadata:

  name: prod-harbor-harbor-jobservice

  annotations:

    helm.sh/resource-policy: keep

  labels:

    heritage: Helm

    release: prod-harbor

    chart: harbor

    app: "harbor"

    component: jobservice

spec:

  accessModes:

    - ReadWriteOnce

  resources:

    requests:

      storage: 1Gi

---


Any input will be highly appreciated. 

Thanks
-Gaurav


Re: Configuring LDAP Auth retrieves random AD groups to Harbor

daojunz
 

Julia,

 

Could you please open an issue in github?

 

Best regards,

Stone (张道军)

Software Engineer, CNA, VMware R&D

 

-- 

 

 

From: <harbor-users@...> on behalf of "julia.cardoso via Lists.Cncf.Io" <julia.cardoso=saqueepague.com.br@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Wednesday, March 11, 2020 at 8:46 PM
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] Configuring LDAP Auth retrieves random AD groups to Harbor

 

Hello, and thanks you all for this amazing message group. 

Does anyone had an issue of ldap retrieving groups that were not supposed to be retrieved? 

We are facing an issue after configuring active directory to authenticate users in our Harbor fresh installation. The connection works just fine: We created a group to users who need the basic access, then the configuration in Harbor is using a LDAP filter to look after users in this group. This was the only way we could restrinct to only members of the group "harbor_access_whatever". Works just fine. 

The problem is that after logging with said users, harbor brings a lot of random groups from AD and sets them as a Harbor Group. When i say random groups, it means "Domain Users", "Whatever_other_tool_we_use_access", etc. I think one connection may be that the user that logs in harbor has access in this groups? I am not sure. 

Then I thought it was configuration problem of the groups retireving config, but no matter what I put there it does the same. I tried to: 
- Configure just the group i wanted to look at
- Let it empty
- Put an LDAP filter to validate if the groups are member of harbor specific group
- Manually deny reading permission at certain groups for the consulting user for harbor in Active Directory. 
- Deleting the groups direct on Postgres database. When user logs, groups come back from the ashes
- a lot of other things i do not remember. It was a lot of try and error. 

I am exausted, heh. Does anyone has an tip for me?


Configuring LDAP Auth retrieves random AD groups to Harbor

Julia Vitória Cardoso
 

Hello, and thanks you all for this amazing message group. 

Does anyone had an issue of ldap retrieving groups that were not supposed to be retrieved? 

We are facing an issue after configuring active directory to authenticate users in our Harbor fresh installation. The connection works just fine: We created a group to users who need the basic access, then the configuration in Harbor is using a LDAP filter to look after users in this group. This was the only way we could restrinct to only members of the group "harbor_access_whatever". Works just fine. 

The problem is that after logging with said users, harbor brings a lot of random groups from AD and sets them as a Harbor Group. When i say random groups, it means "Domain Users", "Whatever_other_tool_we_use_access", etc. I think one connection may be that the user that logs in harbor has access in this groups? I am not sure. 

Then I thought it was configuration problem of the groups retireving config, but no matter what I put there it does the same. I tried to: 
- Configure just the group i wanted to look at
- Let it empty
- Put an LDAP filter to validate if the groups are member of harbor specific group
- Manually deny reading permission at certain groups for the consulting user for harbor in Active Directory. 
- Deleting the groups direct on Postgres database. When user logs, groups come back from the ashes
- a lot of other things i do not remember. It was a lot of try and error. 

I am exausted, heh. Does anyone has an tip for me?


Data migration of harbour #cal-invite

gamebouy09@...
 

I need to migrate my harbor instance to a new machine - the existing machine is running out of storage and also it is running with Ubuntu-16.04. So I have provisioned a new Ubuntu-18.04 with bigger storage (NFS mount). As my existing harbor has lots of images stored (~2TB), I need to migrate them to the new machine. Has anyone done this before? Would be a great help if you can share your experience.
Current harbor version: v1.8.0
Target version: v1.10.0


Re: Unable to sync images from hub.docker.com

Prasad K <email.kprasad@...>
 

Yes, I'm replicating images under library. I cleared the credentials and did a test connection and got the same error message. This is what I found from the logs after clicking test connection:
----
Feb 18 07:11:09 host-name core[12699]: 2020-02-18T07:11:09Z [WARNING] Schemas [] are unsupported
Feb 18 07:11:09 host-name core[12699]: 2020-02-18T07:11:09Z [WARNING] empty realm, skip
Feb 18 07:11:10 host-name core[12699]: 2020-02-18T07:11:10Z [ERROR] [target.go:65]: failed to ping target: 404
----

The endpoint URL is "https://hub.docker.com". Is there something missing in my configuration ?

Thanks,
Prasad

On Tue, 18 Feb 2020 at 12:37, Steven Zou via Lists.Cncf.Io <szou=vmware.com@...> wrote:

Test connection failed means the harbor service cannot connect to the docker hub and then the replication will be definitely failed.  For replicating images under library, you do not need to provide credentials. You can clear the credential and do “Test Connection” again (uncheck the “Verify remote cert” too).

 

As far as I know, docker hub replication adapter is working well so far.

 

If the issue is still existing, you can raise an issue in our GitHub repo and provide related contexts/logs for debugging.

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-users@...> on behalf of "Prasad K via Lists.Cncf.Io" <email.kprasad=gmail.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Tuesday, February 18, 2020 at 14:57
To: "harbor-users@..." <harbor-users@...>
Subject: Re: [harbor-users] Unable to sync images from hub.docker.com

 

Hi Steven,

 

I tired but still the same result. I also checked the logs and could find only this :

-----

Feb 18 06:46:00 host-name core[12699]: 2020-02-18T06:46:00Z [INFO] replication signal for policy 5 sent

Feb 18 06:46:00 host-name core[12699]: 2020/02/18 06:46:00 #033[1;44m[D] [server.go:2619] |  182.74.75.171|#033[42m 200 #033[0m|   4.135711ms|   match|#033[46m POST    #033[0m /api/replications   r:/api/replications#033[0m

Feb 18 06:46:00 host-name core[12699]: 2020-02-18T06:46:00Z [INFO] Handle notification with topic 'StartReplication': notification.StartReplicationNotification{PolicyID:5, Metadata:map[string]interface {}{"op_uuid":"539253553bd54e728ac9d79c39a214e3"}}

-----

 

Also I just noticed, the registry endpoint which I added for DockerHub, on clicking "Test Connection" it says failed to ping endpoint. Could this be the issue ? But I'm able to curl the endpoint from the harbor node successfully, so connectivity is not an issue.

----

root [ /harbor ]# curl -I https://hub.docker.com

HTTP/1.1 200 OK

Date: Tue, 18 Feb 2020 06:55:49 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 2110

ETag: W/"83e-soAKjyBJXD/TFDFDjBU9dyLtT5o"

Vary: Accept-Encoding

Server: nginx

X-Frame-Options: deny

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Strict-Transport-Security: max-age=31536000

-----

 

Thanks,

Prasad

 

 


Re: Unable to sync images from hub.docker.com

Steven Zou
 

Test connection failed means the harbor service cannot connect to the docker hub and then the replication will be definitely failed.  For replicating images under library, you do not need to provide credentials. You can clear the credential and do “Test Connection” again (uncheck the “Verify remote cert” too).

 

As far as I know, docker hub replication adapter is working well so far.

 

If the issue is still existing, you can raise an issue in our GitHub repo and provide related contexts/logs for debugging.

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-users@...> on behalf of "Prasad K via Lists.Cncf.Io" <email.kprasad=gmail.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Tuesday, February 18, 2020 at 14:57
To: "harbor-users@..." <harbor-users@...>
Subject: Re: [harbor-users] Unable to sync images from hub.docker.com

 

Hi Steven,

 

I tired but still the same result. I also checked the logs and could find only this :

-----

Feb 18 06:46:00 host-name core[12699]: 2020-02-18T06:46:00Z [INFO] replication signal for policy 5 sent

Feb 18 06:46:00 host-name core[12699]: 2020/02/18 06:46:00 #033[1;44m[D] [server.go:2619] |  182.74.75.171|#033[42m 200 #033[0m|   4.135711ms|   match|#033[46m POST    #033[0m /api/replications   r:/api/replications#033[0m

Feb 18 06:46:00 host-name core[12699]: 2020-02-18T06:46:00Z [INFO] Handle notification with topic 'StartReplication': notification.StartReplicationNotification{PolicyID:5, Metadata:map[string]interface {}{"op_uuid":"539253553bd54e728ac9d79c39a214e3"}}

-----

 

Also I just noticed, the registry endpoint which I added for DockerHub, on clicking "Test Connection" it says failed to ping endpoint. Could this be the issue ? But I'm able to curl the endpoint from the harbor node successfully, so connectivity is not an issue.

----

root [ /harbor ]# curl -I https://hub.docker.com

HTTP/1.1 200 OK

Date: Tue, 18 Feb 2020 06:55:49 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 2110

ETag: W/"83e-soAKjyBJXD/TFDFDjBU9dyLtT5o"

Vary: Accept-Encoding

Server: nginx

X-Frame-Options: deny

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Strict-Transport-Security: max-age=31536000

-----

 

Thanks,

Prasad

 

 


Re: Unable to sync images from hub.docker.com

email.kprasad@...
 

Hi Steven,

I tired but still the same result. I also checked the logs and could find only this :
-----
Feb 18 06:46:00 host-name core[12699]: 2020-02-18T06:46:00Z [INFO] replication signal for policy 5 sent
Feb 18 06:46:00 host-name core[12699]: 2020/02/18 06:46:00 #033[1;44m[D] [server.go:2619] |  182.74.75.171|#033[42m 200 #033[0m|   4.135711ms|   match|#033[46m POST    #033[0m /api/replications   r:/api/replications#033[0m
Feb 18 06:46:00 host-name core[12699]: 2020-02-18T06:46:00Z [INFO] Handle notification with topic 'StartReplication': notification.StartReplicationNotification{PolicyID:5, Metadata:map[string]interface {}{"op_uuid":"539253553bd54e728ac9d79c39a214e3"}}
-----

Also I just noticed, the registry endpoint which I added for DockerHub, on clicking "Test Connection" it says failed to ping endpoint. Could this be the issue ? But I'm able to curl the endpoint from the harbor node successfully, so connectivity is not an issue.
----
root [ /harbor ]# curl -I https://hub.docker.com
HTTP/1.1 200 OK
Date: Tue, 18 Feb 2020 06:55:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2110
ETag: W/"83e-soAKjyBJXD/TFDFDjBU9dyLtT5o"
Vary: Accept-Encoding
Server: nginx
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000
-----

Thanks,
Prasad



Re: Unable to sync images from hub.docker.com

Steven Zou
 

Can you try the following pattern:

 

  Repository : library/redis*

  Tag: latest

 

 

And check what happen?

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-users@...> on behalf of "email.kprasad via Lists.Cncf.Io" <email.kprasad=gmail.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Tuesday, February 18, 2020 at 13:08
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] Unable to sync images from hub.docker.com

 

Hi All,

I'm trying to test image replication from hub.docker.com but nothing happens after clicking "REPLICATE" button. The following are settings:

Harbor Version v1.7.5-a8f6543a

Under Registries:

Under Replications:

  • Source images filter : "repository"  r/andyshinn/dnsmasq


In the "source images filter" field I tried various combinations of repo name, like just "dnsmasq" and "andyshinn/dnsmasq". I also tried replicating different repo like "_/python", but still facing the same issue, not able to replicate. Any idea what could be the issue ?

Regards,
Prasad

 


Unable to sync images from hub.docker.com

email.kprasad@...
 

Hi All,

I'm trying to test image replication from hub.docker.com but nothing happens after clicking "REPLICATE" button. The following are settings:

Harbor Version v1.7.5-a8f6543a

Under Registries:
Under Replications:
  • Source images filter : "repository"  r/andyshinn/dnsmasq

In the "source images filter" field I tried various combinations of repo name, like just "dnsmasq" and "andyshinn/dnsmasq". I also tried replicating different repo like "_/python", but still facing the same issue, not able to replicate. Any idea what could be the issue ?

Regards,
Prasad



Re: Public projects

Daniel Jiang
 

I don’t think there’s a way to achieve that.

 

 

Best Regards

— 

Daniel Jiang  | 姜坦

Engineer, VMware R&D, Beijing

+86 10-59934536

 

 

On 2020/2/10, 4:18 PM, "harbor-users@... on behalf of n.rusanov via Lists.Cncf.Io" <harbor-users@... on behalf of n.rusanov=gmail.com@...> wrote:

 

Hi!
How to disable the ability to make projects public? The user can create a project and make it publicly available. It is necessary to retain the ability to create projects, but to remove the ability to make projects with public access.



Public projects

n.rusanov@...
 

Hi!
How to disable the ability to make projects public? The user can create a project and make it publicly available. It is necessary to retain the ability to create projects, but to remove the ability to make projects with public access.


Re: Admin password not working if using external database

Gaurav Negi
 

Dear Harbor users,
   Please ignore this email. 
I am good now. Issue was with the DB instance I created with AWS RDS.
After fixing it it works. 

Thanks
-Gaurav

On Tue, Jan 21, 2020 at 2:00 PM Gaurav Negi via Lists.Cncf.Io <gaurav.negi=gmail.com@...> wrote:
Dear Harbor users,
   Apologies for spanning. But I think there is a bug in harbor. 
I am using harbor Version v1.9.4-49eb397c

1. I install a fresh new harbor on a new VM. 
I put external database in AWS RDS, with my harbor.yml file looks like this

image.png

2. When I brought up the harbor (using sudo ./install.sh)
From UI, it is not accepting admin password.
Which I have put default "Harbor12345"
and I am seeing screen below.

image.png
3. But if I change it to local database.
and bring up harbor. It accepts admin password as "Harbor12345"

Can you please suggest? How can I use external database?
If using that, what will be the admin password?

Thanks
-Gaurav


Re: Enterprise support for Harbor

Michael Michael <michmike@...>
 

In the open source community, we do offer best-effort support for Harbor. Please see this page for our support statement.
https://github.com/goharbor/harbor/blob/master/RELEASES.md

thanks!


Re: Harbor integration with Okta

Gaurav Negi
 

Thank you Daniel. 
It worked after I did fresh install of Harbor on a new VM.
And Integrated it with OIDC Okta. It works perfectly.

Thank you.

On Mon, Jan 20, 2020 at 8:16 PM Gaurav Negi via Lists.Cncf.Io <gaurav.negi=gmail.com@...> wrote:
Thank you so much Daneil. 
I will try out after creating some users.

Thanks
-Gaurav

On Mon, Jan 20, 2020 at 7:59 PM Daniel Jiang via Lists.Cncf.Io <jiangd=vmware.com@...> wrote:

Because Harbor does not support concept like “auth domain”

 

Once there are user records in the DB, you can’t switch the auth mode.

 

In a fresh install you can do the configuration

 

 

Best Regards

— 

Daniel Jiang  | 姜坦

Engineer, VMware R&D, Beijing

+86 10-59934536

 

 

On 2020/1/21, 4:07 AM, "harbor-users@... on behalf of gaurav.negi via Lists.Cncf.Io" <harbor-users@... on behalf of gaurav.negi=gmail.com@...> wrote:

 

Can we integrate Harbor to Okta?
I am trying Harbor to replace artifactory.

In my staging, I can bring up harbor, but
But configuration ---> Auth Mode, is disabled to "database"
I cannot pick another value.

Please suggest?

121 - 140 of 264