Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creating users fail #5

Open
ghost opened this issue Mar 20, 2019 · 11 comments
Open

Creating users fail #5

ghost opened this issue Mar 20, 2019 · 11 comments
Assignees
@nicholasamorim

Comments

@ghost
Copy link

ghost commented Mar 20, 2019

I updated to the latest version.
Getting to the end of the corridor!

Creating users fail with the message below. Would you have any idea why?

failed: [test_server] (item={u'username': u'julien', u'has_admin_role': True, u'role_name': 
u'developer', u'realname': u'Julien', u'password': u'PASSWORD', u'email': u'test@email.com', 
u'role_id': 2}) => {"changed": false, "connection": "close", "content": "<html>\r\n<head>
<title>502 Bad Gateway</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>502 
Bad Gateway</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n", 
"content_length": "166", "content_type": "text/html", "date": "Wed, 20 Mar 2019 07:35:00 GMT", 
"item": {"email": "test@email.com", "has_admin_role": true, "password": "PASSWORD", 
"realname": "Julien", "role_id": 2, "role_name": "developer", "username": "julien"}, "msg": "Status 
code was 502 and not [201, 409]: HTTP Error 502: Bad Gateway", "redirected": false, "server": 
"nginx", "status": 502, "url": "https://repo.mydomain.domain.com:8443/api/users"}

In addition:

  • If I try to l try to login with admin/Harbor12345 admin/MY_SET_PASSWORD. It doesn't work
  • I did set harbor_self_registration: "off"

Here is my playbook:

- name: Deploying a docker repository at "{{ DOCKER_REPO_DOMAIM }}:{{ DOCKER_REPO_HTTPS_PORT }}"
  hosts: docker-servers
  remote_user: "{{ SSH_USER }}"
  become: true
  roles:
    - deploy_harbor_via_compose
  vars:
    ansible_become_pass: "{{ INITIAL_PASSWORD }}"
    harbor_self_registration: "off"
    harbor_hostname: "{{ DOCKER_REPO_DOMAIM }}"
    harbor_admin_password: "{{ DOCKER_REPO_ADMIN_PASSWORD }}"
    harbor_extras:
      - clair
      - notary
    harbor_install_dir: "{{ WORKING_DIRECTORY }}/repository/install"
    harbor_datadir: "{{ WORKING_DIRECTORY }}/repository/data"
    harbor_ui_url_protocol: "https"
    harbor_exposed_http_port: "{{ DOCKER_REPO_HTTP_PORT }}"
    harbor_exposed_https_port: "{{ DOCKER_REPO_HTTPS_PORT }}"
    harbor_ssl_cert: "{{ WORKING_DIRECTORY }}/certs/{{ DOMAIN_NAME }}-fullcert.pem"
    harbor_ssl_cert_key: "{{ WORKING_DIRECTORY }}/certs/{{ DOMAIN_NAME }}-privkey.pem"
    harbor_users: "{{ DOCKER_REPO_USERS }}"
@nicholasamorim
Copy link
Owner

nicholasamorim commented Mar 20, 2019
edited
Loading

I'm actively working on this role and Harbor can be a bit fiddly, specially because it sets its own Nginx inside and then you have sort of "duplicated" configuration of sorts sometimes.

Do you have it behind a proxy? If you do, you need to comment a line inside <harbor>/common/config/nginx.conf (and have it set on your proxy).

proxy_set_header X-Forwarded-Proto $scheme

There'll be several instance of this line, you need to comment them all. This is what solved for me when I couldn't login. I'm adding somethings to the playbook to do this automatically.

If this doesn't work, you'll need to paste here the contents of /var/log/harbor so that we can understand what's going on.

@nicholasamorim
Copy link
Owner

nicholasamorim commented Mar 20, 2019
edited
Loading

you might also want to check the proxy.log first. 502 usually means nginx-photon container failed to start. Permission problems, maybe?

@nicholasamorim nicholasamorim self-assigned this Mar 20, 2019
@nicholasamorim
Copy link
Owner

I've just pushed new changes and they are fully working with my setup from beginning-to-end.

My setup, for your information, is that I run Harbor behind a NGINX proxy. Nginx has the HTTPS termination and harbor runs on http mode.

@ghost
Copy link
Author

ghost commented Mar 26, 2019

Thanks for the changes! This wasn't what caused the error it seems. I am checking this further today. I do not use a reverse proxy in this setup

@ghost
Copy link
Author

ghost commented Mar 29, 2019
edited by ghost
Loading

The issue is that

Mar 19 13:38:59 172.21.0.1 core[72254]: 2019-03-19T11:38:59Z [ERROR] [utils.go:101]: failed to connect to tcp://adminserver:8080, retry after 2 seconds :dial tcp: lookup adminserver on [fe80::1%2]:53: dial udp [fe80::1%2]:53: connect: cannot assign requested address

It is probably due to

Mar 23 16:45:45 172.21.0.1 adminserver[72254]: 2019-03-23T14:45:45Z [FATAL] [main.go:45]: failed to initialize the system: read /etc/adminserver/key: is a directory

I will check further
EDIT: Date/time doesn't make sense but basically the logs loop on this error

@ghost
Copy link
Author

ghost commented Mar 29, 2019

Basically adminserver doesn't start and it is due to
Mar 23 16:45:45 172.21.0.1 adminserver[72254]: 2019-03-23T14:45:45Z [FATAL] [main.go:45]: failed to initialize the system: read /etc/adminserver/key: is a directory
but I still did not understand why that happens. I think that the compose command creates the binding as a directory initially because it does not exist not exist.
I am not yet sure how to solve that. Which element is supposed to create this key initially @nicholasamorim ?

@ghost ghost mentioned this issue Mar 29, 2019
Merged
@nicholasamorim
Copy link
Owner

This is what I found:

goharbor/harbor#2208

To summarize: as for now secretkey_path in harbor.cfg should never be changed or if you have to change it you should remember to adjust paths in docker-compose.yml manually because they are hardcoded.

Does that aligns with your PR #9?

@ghost
Copy link
Author

ghost commented Apr 1, 2019

you should remember to adjust paths in docker-compose.yml manually because they are hardcoded.
This is what is done but automatically since we use Ansible, we can do that.

You have defaults on harbor_datadir to /data but if someones changes harbor_datadir, that person won't notice why everything breaks without digging quite deep.
An alternative to that could be to set a default on harbor_secretkey_path in https://github.com/nicholasamorim/ansible-role-harbor/blob/master/defaults/main.yaml and clearly mention how it works in the main README.
What do you think?

@ghost ghost closed this as completed Apr 5, 2019
@ghost ghost reopened this Apr 5, 2019
@ghost
Copy link
Author

ghost commented Apr 5, 2019

After the merge, this works but if we have multiple users only one gets created

@nicholasamorim
Copy link
Owner

Humm, that's funny, all my users get created. Can you share your structure for creating the users?

I'm sharing mine but not sure it's useful. I build it from another list, a master list of users.

harbor_users: "{{ harbor_users|default([]) + [ {'username': item.username, 'email': item.username ~ '@mycmopany.com', 'realname': item.name | default(item.username), 'has_admin_role': item.admin | default(false)} ] }}"

@ghost
Copy link
Author

ghost commented Apr 8, 2019 

`harbor_users: "{{ DOCKER_REPO_USERS }}"`

from the playbook

DOCKER_REPO_USERS:
  - username: "{{ SSH_USER }}"
    password: "{{ INITIAL_PASSWORD }}"
    email: name1@domain.com
    realname: Name one
    role_name: developer
    role_id: 2
    has_admin_role: true
  - username: userbis
    password: Password@455
    email: name2@domain.com
    realname: Name two
    role_name: developer
    role_id: 2
    has_admin_role: true

Variable in another file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nicholasamorim nicholasamorim

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nicholasamorim