You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Expected behavior and actual behavior:
Expected: Images are replicated to target registry.
Actual: When using event based replication it sometimes fails because image is not signed yet. I think this is a timing issue, pushing image to Harbor first pushes image and then signs it. Sometimes Harbor tries to replicate image to another registry (ECR in my case) before image is signed failing to pull the image. When looking after the failure image is signed.
2019-12-13T14:17:44Z [INFO] [/replication/transfer/image/transfer.go:95]: client for source registry [type: harbor, URL: http://harbor-core, insecure: true] created
2019-12-13T14:17:44Z [INFO] [/replication/transfer/image/transfer.go:105]: client for destination registry [type: aws-ecr, URL: https://api.ecr.eu-west-1.amazonaws.com, insecure: false] created
2019-12-13T14:17:44Z [INFO] [/replication/transfer/image/transfer.go:138]: copying REDACTED_REPO:[REDACTED_TAG](source registry) to REDACTED_REPO:[REDACTED_TAG](destination registry)...
2019-12-13T14:17:44Z [INFO] [/replication/transfer/image/transfer.go:157]: copying REDACTED_REPO:REDACTED_TAG(source registry) to REDACTED_REPO:REDACTED_TAG(destination registry)...
2019-12-13T14:17:44Z [INFO] [/replication/transfer/image/transfer.go:261]: pulling the manifest of image REDACTED_REPO:REDACTED_TAG ...
2019-12-13T14:17:44Z [ERROR] [/replication/transfer/image/transfer.go:269]: failed to pull the manifest of image REDACTED_REPO:REDACTED_TAG: http error: code 412, message {"errors":[{"code":"PROJECT_POLICY_VIOLATION","message":"The image is not signed in Notary.","detail":"The image is not signed in Notary."}]}
2019-12-13T14:17:44Z [ERROR] [/replication/transfer/image/transfer.go:143]: http error: code 412, message {"errors":[{"code":"PROJECT_POLICY_VIOLATION","message":"The image is not signed in Notary.","detail":"The image is not signed in Notary."}]}
Steps to reproduce the problem:
Enable event based replication and wait until replication fails.
Versions:
harbor version: 1.9.3
The text was updated successfully, but these errors were encountered:
I agree that images that are not meeting the criteria should not be replicated, what I'm concerned is that Harbor does not give enough time signing to happen resulting images that are signed not being replicated and rendering event based replication completely unsuitable to use with signed images.
Also tasks that are failing due this, are actually marked with SUCCESS status.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Expected behavior and actual behavior:
Expected: Images are replicated to target registry.
Actual: When using event based replication it sometimes fails because image is not signed yet. I think this is a timing issue, pushing image to Harbor first pushes image and then signs it. Sometimes Harbor tries to replicate image to another registry (ECR in my case) before image is signed failing to pull the image. When looking after the failure image is signed.
Steps to reproduce the problem:
Enable event based replication and wait until replication fails.
Versions:
The text was updated successfully, but these errors were encountered: