You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
we are facing an issue with harbor login ( unauthorized access ). In setup, we have connected external Redis. when we have connected internal Redis the harbor login is properly working but it does not work with external Redis.
In external Redis configure in harbor then login case 4 of 10 successfully login without unauthorized access.
Here is configuration of Redis:
external:
# support redis, redis+sentinel
# addr for redis: <host_redis>:<port_redis>
# addr for redis+sentinel: <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
addr: "redis.ns-harbor.svc.cluster.local:6379"
# The name of the set of Redis instances to monitor, it must be set to support redis+sentinel
sentinelMasterSet: ""
# The "coreDatabaseIndex" must be "0" as the library Harbor
# used doesn't support configuring it
# harborDatabaseIndex defaults to "0", but it can be configured to "6", this config is optional
# cacheLayerDatabaseIndex defaults to "0", but it can be configured to "7", this config is optional
coreDatabaseIndex: "0"
jobserviceDatabaseIndex: "1"
registryDatabaseIndex: "2"
trivyAdapterIndex: "5"
# harborDatabaseIndex: "6"
# cacheLayerDatabaseIndex: "7"
# username field can be an empty string, and it will be authenticated against the default user
username: ""
password: ""
# If using existingSecret, the key must be REDIS_PASSWORD
existingSecret: ""
Additional deployment annotations
podAnnotations: {}
Additional deployment labels
podLabels: {}
we have also checked the logs of Redis it is a proper
Here are the logs of Redis:
1:M 06 Feb 2024 07:50:34.057 * Background saving started by pid 240
240:C 06 Feb 2024 07:50:34.060 * DB saved on disk
240:C 06 Feb 2024 07:50:34.060 * Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
1:M 06 Feb 2024 07:50:34.158 * Background saving terminated with success
1:M 06 Feb 2024 07:55:35.033 * 10 changes in 300 seconds. Saving...
1:M 06 Feb 2024 07:55:35.034 * Background saving started by pid 241
241:C 06 Feb 2024 07:55:35.037 * DB saved on disk
241:C 06 Feb 2024 07:55:35.037 * Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
1:M 06 Feb 2024 07:55:35.135 * Background saving terminated with success
1:M 06 Feb 2024 08:00:36.004 * 10 changes in 300 seconds. Saving...
1:M 06 Feb 2024 08:00:36.004 * Background saving started by pid 242
242:C 06 Feb 2024 08:00:36.007 * DB saved on disk
242:C 06 Feb 2024 08:00:36.007 * Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
1:M 06 Feb 2024 08:00:36.105 * Background saving terminated with success
1:M 06 Feb 2024 08:05:37.011 * 10 changes in 300 seconds. Saving...
1:M 06 Feb 2024 08:05:37.012 * Background saving started by pid 243
243:C 06 Feb 2024 08:05:37.015 * DB saved on disk
243:C 06 Feb 2024 08:05:37.015 * Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
1:M 06 Feb 2024 08:05:37.113 * Background saving terminated with success
Here are logs of harbor-core
2024-02-06T08:10:03Z [DEBUG] [/core/auth/authenticator.go:145]: Current AUTH_MODE is db_auth
2024-02-06T08:10:03Z [DEBUG] [/core/session/session.go:158]: failed to save sid=994021cef32a51d64b47741ec63f0033, where oldsid=9878d9e3cfc6af990d855393da8ff8b3, error: failed to encode value, key
994021cef32a51d64b47741ec63f0033, error: object type invalid, ""
2024-02-06T08:10:03Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id fa176597-6817-4889-906f-104328258489 to the logger for the request GET /api/v2.0/systeminfo
2024-02-06T08:10:03Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/systeminfo
2024-02-06T08:10:03Z [DEBUG] [/server/middleware/security/session.go:47][requestID="fa176597-6817-4889-906f-104328258489"]: a session security context generated for request GET /api/v2.0/systeminf
o
2024-02-06T08:10:03Z [DEBUG] [/pkg/config/manager.go:142]: failed to get key banner_message, error: the configure value is not set, maybe default value not defined before get
2024-02-06T08:10:06Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id 2ccd3f07-faff-4b67-a908-06edc8bcf046 to the logger for the request GET /api/v2.0/ping
2024-02-06T08:10:06Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/ping
2024-02-06T08:10:06Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="2ccd3f07-faff-4b67-a908-06edc8bcf046"]: an unauthorized security context generated for request GET /api/v2.
0/ping
2024-02-06T08:10:06Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id 53cefb6c-1b98-4a95-8c5a-762ebc67f92d to the logger for the request GET /api/v2.0/ping
2024-02-06T08:10:06Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/ping
2024-02-06T08:10:06Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="53cefb6c-1b98-4a95-8c5a-762ebc67f92d"]: an unauthorized security context generated for request GET /api/v2.
0/ping
2024-02-06T08:10:13Z [DEBUG] [/pkg/task/dao/execution.go:462]: skip to refresh, no outdate execution status found
2024-02-06T08:10:16Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id aeddb2a2-d0ae-4ffa-b9a8-0f27754a661e to the logger for the request GET /api/v2.0/ping
2024-02-06T08:10:16Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/ping
2024-02-06T08:10:16Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="aeddb2a2-d0ae-4ffa-b9a8-0f27754a661e"]: an unauthorized security context generated for request GET /api/v2.
0/ping
2024-02-06T08:10:16Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id 2c4a3512-e36f-402f-8d67-2b19458f8fbd to the logger for the request GET /api/v2.0/ping
2024-02-06T08:10:16Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/ping
2024-02-06T08:10:16Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="2c4a3512-e36f-402f-8d67-2b19458f8fbd"]: an unauthorized security context generated for request GET /api/v2.
0/ping
2024-02-06T08:10:23Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id 322c989c-7ce0-432b-9c13-db15f20d788d to the logger for the request GET /api/v2.0/health
2024-02-06T08:10:23Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/health
2024-02-06T08:10:23Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="322c989c-7ce0-432b-9c13-db15f20d788d"]: an unauthorized security context generated for request GET /api/v2.
0/health
2024-02-06T08:10:26Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id 8170b38a-ea84-4f09-9482-3b94df1a8211 to the logger for the request GET /api/v2.0/ping
2024-02-06T08:10:26Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id e29cd4c8-a1ec-4931-927c-b9eaf475e1dd to the logger for the request GET /api/v2.0/ping
2024-02-06T08:10:26Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/ping
2024-02-06T08:10:26Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/ping
2024-02-06T08:10:26Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="8170b38a-ea84-4f09-9482-3b94df1a8211"]: an unauthorized security context generated for request GET /api/v2.
0/ping
2024-02-06T08:10:26Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="e29cd4c8-a1ec-4931-927c-b9eaf475e1dd"]: an unauthorized security context generated for request GET /api/v2.
0/ping
2024-02-06T08:10:36Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id 29f5c15a-ccbb-4d9e-8e9f-a149d0f00399 to the logger for the request GET /api/v2.0/ping
2024-02-06T08:10:36Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id 268daa61-279f-4dfd-94fe-a0de820816e2 to the logger for the request GET /api/v2.0/ping
2024-02-06T08:10:36Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/ping
2024-02-06T08:10:36Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/ping
2024-02-06T08:10:36Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="29f5c15a-ccbb-4d9e-8e9f-a149d0f00399"]: an unauthorized security context generated for request GET /api/v2.
0/ping
2024-02-06T08:10:36Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="268daa61-279f-4dfd-94fe-a0de820816e2"]: an unauthorized security context generated for request GET /api/v2.
0/ping
how can we fix this issue on Harbor?
The text was updated successfully, but these errors were encountered:
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
we have set up the latest version of Harbor 2.10.
we are facing an issue with harbor login ( unauthorized access ). In setup, we have connected external Redis. when we have connected internal Redis the harbor login is properly working but it does not work with external Redis.
In external Redis configure in harbor then login case 4 of 10 successfully login without unauthorized access.
Here is configuration of Redis:
external:
# support redis, redis+sentinel
# addr for redis: <host_redis>:<port_redis>
# addr for redis+sentinel: <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
addr: "redis.ns-harbor.svc.cluster.local:6379"
# The name of the set of Redis instances to monitor, it must be set to support redis+sentinel
sentinelMasterSet: ""
# The "coreDatabaseIndex" must be "0" as the library Harbor
# used doesn't support configuring it
# harborDatabaseIndex defaults to "0", but it can be configured to "6", this config is optional
# cacheLayerDatabaseIndex defaults to "0", but it can be configured to "7", this config is optional
coreDatabaseIndex: "0"
jobserviceDatabaseIndex: "1"
registryDatabaseIndex: "2"
trivyAdapterIndex: "5"
# harborDatabaseIndex: "6"
# cacheLayerDatabaseIndex: "7"
# username field can be an empty string, and it will be authenticated against the default user
username: ""
password: ""
# If using existingSecret, the key must be REDIS_PASSWORD
existingSecret: ""
Additional deployment annotations
podAnnotations: {}
Additional deployment labels
podLabels: {}
we have also checked the logs of Redis it is a proper
Here are the logs of Redis:
1:M 06 Feb 2024 07:50:34.057 * Background saving started by pid 240
240:C 06 Feb 2024 07:50:34.060 * DB saved on disk
240:C 06 Feb 2024 07:50:34.060 * Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
1:M 06 Feb 2024 07:50:34.158 * Background saving terminated with success
1:M 06 Feb 2024 07:55:35.033 * 10 changes in 300 seconds. Saving...
1:M 06 Feb 2024 07:55:35.034 * Background saving started by pid 241
241:C 06 Feb 2024 07:55:35.037 * DB saved on disk
241:C 06 Feb 2024 07:55:35.037 * Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
1:M 06 Feb 2024 07:55:35.135 * Background saving terminated with success
1:M 06 Feb 2024 08:00:36.004 * 10 changes in 300 seconds. Saving...
1:M 06 Feb 2024 08:00:36.004 * Background saving started by pid 242
242:C 06 Feb 2024 08:00:36.007 * DB saved on disk
242:C 06 Feb 2024 08:00:36.007 * Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
1:M 06 Feb 2024 08:00:36.105 * Background saving terminated with success
1:M 06 Feb 2024 08:05:37.011 * 10 changes in 300 seconds. Saving...
1:M 06 Feb 2024 08:05:37.012 * Background saving started by pid 243
243:C 06 Feb 2024 08:05:37.015 * DB saved on disk
243:C 06 Feb 2024 08:05:37.015 * Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
1:M 06 Feb 2024 08:05:37.113 * Background saving terminated with success
Here are logs of harbor-core
2024-02-06T08:10:03Z [DEBUG] [/core/auth/authenticator.go:145]: Current AUTH_MODE is db_auth
2024-02-06T08:10:03Z [DEBUG] [/core/session/session.go:158]: failed to save sid=994021cef32a51d64b47741ec63f0033, where oldsid=9878d9e3cfc6af990d855393da8ff8b3, error: failed to encode value, key
994021cef32a51d64b47741ec63f0033, error: object type invalid, ""
2024-02-06T08:10:03Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id fa176597-6817-4889-906f-104328258489 to the logger for the request GET /api/v2.0/systeminfo
2024-02-06T08:10:03Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/systeminfo
2024-02-06T08:10:03Z [DEBUG] [/server/middleware/security/session.go:47][requestID="fa176597-6817-4889-906f-104328258489"]: a session security context generated for request GET /api/v2.0/systeminf
o
2024-02-06T08:10:03Z [DEBUG] [/pkg/config/manager.go:142]: failed to get key banner_message, error: the configure value is not set, maybe default value not defined before get
2024-02-06T08:10:06Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id 2ccd3f07-faff-4b67-a908-06edc8bcf046 to the logger for the request GET /api/v2.0/ping
2024-02-06T08:10:06Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/ping
2024-02-06T08:10:06Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="2ccd3f07-faff-4b67-a908-06edc8bcf046"]: an unauthorized security context generated for request GET /api/v2.
0/ping
2024-02-06T08:10:06Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id 53cefb6c-1b98-4a95-8c5a-762ebc67f92d to the logger for the request GET /api/v2.0/ping
2024-02-06T08:10:06Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/ping
2024-02-06T08:10:06Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="53cefb6c-1b98-4a95-8c5a-762ebc67f92d"]: an unauthorized security context generated for request GET /api/v2.
0/ping
2024-02-06T08:10:13Z [DEBUG] [/pkg/task/dao/execution.go:462]: skip to refresh, no outdate execution status found
2024-02-06T08:10:16Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id aeddb2a2-d0ae-4ffa-b9a8-0f27754a661e to the logger for the request GET /api/v2.0/ping
2024-02-06T08:10:16Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/ping
2024-02-06T08:10:16Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="aeddb2a2-d0ae-4ffa-b9a8-0f27754a661e"]: an unauthorized security context generated for request GET /api/v2.
0/ping
2024-02-06T08:10:16Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id 2c4a3512-e36f-402f-8d67-2b19458f8fbd to the logger for the request GET /api/v2.0/ping
2024-02-06T08:10:16Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/ping
2024-02-06T08:10:16Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="2c4a3512-e36f-402f-8d67-2b19458f8fbd"]: an unauthorized security context generated for request GET /api/v2.
0/ping
2024-02-06T08:10:23Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id 322c989c-7ce0-432b-9c13-db15f20d788d to the logger for the request GET /api/v2.0/health
2024-02-06T08:10:23Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/health
2024-02-06T08:10:23Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="322c989c-7ce0-432b-9c13-db15f20d788d"]: an unauthorized security context generated for request GET /api/v2.
0/health
2024-02-06T08:10:26Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id 8170b38a-ea84-4f09-9482-3b94df1a8211 to the logger for the request GET /api/v2.0/ping
2024-02-06T08:10:26Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id e29cd4c8-a1ec-4931-927c-b9eaf475e1dd to the logger for the request GET /api/v2.0/ping
2024-02-06T08:10:26Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/ping
2024-02-06T08:10:26Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/ping
2024-02-06T08:10:26Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="8170b38a-ea84-4f09-9482-3b94df1a8211"]: an unauthorized security context generated for request GET /api/v2.
0/ping
2024-02-06T08:10:26Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="e29cd4c8-a1ec-4931-927c-b9eaf475e1dd"]: an unauthorized security context generated for request GET /api/v2.
0/ping
2024-02-06T08:10:36Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id 29f5c15a-ccbb-4d9e-8e9f-a149d0f00399 to the logger for the request GET /api/v2.0/ping
2024-02-06T08:10:36Z [DEBUG] [/server/middleware/log/log.go:31]: attach request id 268daa61-279f-4dfd-94fe-a0de820816e2 to the logger for the request GET /api/v2.0/ping
2024-02-06T08:10:36Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/ping
2024-02-06T08:10:36Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/ping
2024-02-06T08:10:36Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="29f5c15a-ccbb-4d9e-8e9f-a149d0f00399"]: an unauthorized security context generated for request GET /api/v2.
0/ping
2024-02-06T08:10:36Z [DEBUG] [/server/middleware/security/unauthorized.go:28][requestID="268daa61-279f-4dfd-94fe-a0de820816e2"]: an unauthorized security context generated for request GET /api/v2.
0/ping
how can we fix this issue on Harbor?
The text was updated successfully, but these errors were encountered: