Resolving Issues on GoHarbor/Harbor (CNCF)

In this post I try to help you to get along with certain harbor issues.

Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security, identity and management. Having a registry closer to the build and run environment can improve the image transfer efficiency. Harbor supports replication of images between registries, and also offers advanced security features such as user management, access control and activity auditing.

Image for post
Image for post

Error Picture:

  1. GC or Jobs are not executed either manual or automatically
  2. Jobs are staying pending
  3. You’ll find an error like this in the logs:
ERROR: worker.fetch - LOADING Redis is loading the dataset in memory

Solution:

To resolve this you need to flush the redis

Exec into the redis container:

$ docker ps |grep -i redis
$ docker exec -it <container_id_or_name> bash

Execute the following commands to flush the Redis

redis-cli FLUSHDB
redis-cli -n DB_NUMBER FLUSHDB
redis-cli -n DB_NUMBER FLUSHDB ASYNC
redis-cli FLUSHALL
redis-cli FLUSHALL ASYNC

Error Picture:

  1. Replication can not be stopped/started and jobs are Pending
  2. The result is, you cant delete a failing replication job.
  3. You see “internal server error”

Solution:

Switch to the replication_execution table

\d replication_execution;

2. Update the status of every execution job to Succeed

update replication_execution set status = 'Succeed',total = '1', end_time = now()

3. Go to the UI and delete the former pending/failing replication job

Error Picture:

  1. Your certificate needs to be replaced because it is about to expire.

Solution:

  1. Replace the certificiate + private key in your harbor installation folder
    In my case this was /opt/harbor/ssl/xyz.crt.pem and /opt/harbor/ssl/xyz.key.pem
  2. Replace both on the running instance of harbor (when installing it, it copies those files into another directory) so do the following:
# Copy the certificate
$ cp /opt/harbor/ssl/xyz.crt.pem /var/harbor/data/secret/cert/server.crt
# Copy the key
$ cp /opt/harbor/ssl/xyz.key.pem /var/harbor/data/secret/cert/server.key

3. Restart both nginx services

$ docker ps  |grep goharbor  |grep "nginx -g" | awk '{print $1}'
c1498j072f44
27f4lg4db7a6
$ docker restart c1498j072f44 27f4lg4db7a6

4. Check that your certificate and key are renewed.

Sources

Working as a IT-Operations engineer at NeXenio, a spin-off by Hasso-Plattner-Institute for products around a digitial workspace.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store