Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Event based replication fails when image is not yet signed #10262

Closed
petvaa01 opened this issue Dec 13, 2019 · 3 comments
Closed

Event based replication fails when image is not yet signed #10262

petvaa01 opened this issue Dec 13, 2019 · 3 comments
Labels
area/replication Stale

Comments

@petvaa01
Copy link

Expected behavior and actual behavior:
Expected: Images are replicated to target registry.

Actual: When using event based replication it sometimes fails because image is not signed yet. I think this is a timing issue, pushing image to Harbor first pushes image and then signs it. Sometimes Harbor tries to replicate image to another registry (ECR in my case) before image is signed failing to pull the image. When looking after the failure image is signed.

2019-12-13T14:17:44Z [INFO] [/replication/transfer/image/transfer.go:95]: client for source registry [type: harbor, URL: http://harbor-core, insecure: true] created
2019-12-13T14:17:44Z [INFO] [/replication/transfer/image/transfer.go:105]: client for destination registry [type: aws-ecr, URL: https://api.ecr.eu-west-1.amazonaws.com, insecure: false] created
2019-12-13T14:17:44Z [INFO] [/replication/transfer/image/transfer.go:138]: copying REDACTED_REPO:[REDACTED_TAG](source registry) to REDACTED_REPO:[REDACTED_TAG](destination registry)...
2019-12-13T14:17:44Z [INFO] [/replication/transfer/image/transfer.go:157]: copying REDACTED_REPO:REDACTED_TAG(source registry) to REDACTED_REPO:REDACTED_TAG(destination registry)...
2019-12-13T14:17:44Z [INFO] [/replication/transfer/image/transfer.go:261]: pulling the manifest of image REDACTED_REPO:REDACTED_TAG ...
2019-12-13T14:17:44Z [ERROR] [/replication/transfer/image/transfer.go:269]: failed to pull the manifest of image REDACTED_REPO:REDACTED_TAG: http error: code 412, message {"errors":[{"code":"PROJECT_POLICY_VIOLATION","message":"The image is not signed in Notary.","detail":"The image is not signed in Notary."}]}
2019-12-13T14:17:44Z [ERROR] [/replication/transfer/image/transfer.go:143]: http error: code 412, message {"errors":[{"code":"PROJECT_POLICY_VIOLATION","message":"The image is not signed in Notary.","detail":"The image is not signed in Notary."}]}

Steps to reproduce the problem:
Enable event based replication and wait until replication fails.

Versions:

  • harbor version: 1.9.3
@reasonerjt
Copy link
Contributor

This is working as expected because the policy in the project will prevent all pull actions if the image does not meet the criteria.

@petvaa01
Copy link
Author

I agree that images that are not meeting the criteria should not be replicated, what I'm concerned is that Harbor does not give enough time signing to happen resulting images that are signed not being replicated and rendering event based replication completely unsuitable to use with signed images.

Also tasks that are failing due this, are actually marked with SUCCESS status.

Screenshot 2019-12-16 at 14 07 00

@stale
Copy link

stale bot commented Mar 15, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the Stale label Mar 15, 2020
@stale stale bot closed this as completed Apr 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/replication Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@reasonerjt @petvaa01