sudo: unable to change expired password: Authentication token manipulation error sudo: Account or password is expired, reset your password and try again sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper Changing password for root.
解决方法:
1.以tar形式导出容器
1 2 3
mkdir -p /tmp/harbor-log cd /tmp/harbor-log docker export harbor-log -o harbor-log.tar
登录pgsql创建用户和数据库 docker exec -it postgresql bash create user harbor with password 'harborDB'; create database harbor; create database harbor_clair; create database harbor_notary_server; create database harbor_notary_signer; GRANT ALL PRIVILEGES ON DATABASE harbor to harbor; GRANT ALL PRIVILEGES ON DATABASE harbor_clair to harbor; GRANT ALL PRIVILEGES ON DATABASE harbor_notary_server to harbor; GRANT ALL PRIVILEGES ON DATABASE harbor_notary_signer to harbor;
# The IP address or hostname to access admin UI and registry service. # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. hostname: 192.168.86.5
# http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 80
# https related config #https: # # https port for harbor, default is 443 # port: 443 # # The path of cert and key files for nginx # certificate: /your/certificate/path # private_key: /your/private/key/path
# # Uncomment following will enable tls communication between all harbor components # internal_tls: # # set enabled to true means internal tls is enabled # enabled: true # # put your cert and key files on dir # dir: /etc/harbor/tls/internal
# Uncomment external_url if you want to enable external proxy # And when it enabled the hostname will no longer used # external_url: https://reg.mydomain.com:8433
# The initial password of Harbor admin # It only works in first time to install harbor # Remember Change the admin password from UI after launching Harbor. harbor_admin_password: Harbor12345
# Harbor DB configuration database: # The password for the root user of Harbor DB. Change this before any production use. password: root123 # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. max_idle_conns: 50 # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. # Note: the default number of connections is 1024 for postgres of harbor. max_open_conns: 1000
# The default data volume data_volume: /data
# Harbor Storage settings by default is using /data dir on local filesystem # Uncomment storage_service setting If you want to using external storage # storage_service: # # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore # # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. # ca_bundle:
# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss # # for more info about this configuration please refer https://docs.docker.com/registry/configuration/ # filesystem: # maxthreads: 100 # # set disable to true when you want to disable registry redirect # redirect: # disabled: false storage_service: s3: accesskey: admin secretkey: admin123456 region: us-east-1 regionendpoint: http://192.168.86.6:9000(新版本用9001) bucket: harbor-registry encrypt: false secure: false v4auth: true chunksize: 5242880 rootdirectory: /
# Clair configuration clair: # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters. updaters_interval: 12
# Trivy configuration # # Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases. # It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached # in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it # should download a newer version from the Internet or use the cached one. Currently, the database is updated every # 12 hours and published as a new release to GitHub. trivy: # ignoreUnfixed The flag to display only fixed vulnerabilities ignore_unfixed: false # skipUpdate The flag to enable or disable Trivy DB downloads from GitHub # # You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues. # If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and # `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path. skip_update: false # # insecure The flag to skip verifying registry certificate insecure: false # github_token The GitHub access token to download Trivy DB # # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough # for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000 # requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult # https://developer.github.com/v3/#rate-limiting # # You can create a GitHub token by following the instructions in # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line # # github_token: xxx
jobservice: # Maximum number of job workers in job service max_job_workers: 10
notification: # Maximum retry count for webhook job webhook_job_max_retry: 10
chart: # Change the value of absolute_url to enabled can enable absolute url in chart absolute_url: disabled
# Log configurations log: # options are debug, info, warning, error, fatal level: info # configs for logs in local storage local: # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. rotate_count: 50 # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G # are all valid. rotate_size: 200M # The directory on your host that store log location: /var/log/harbor
# Uncomment following lines to enable external syslog endpoint. # external_endpoint: # # protocol used to transmit log to external endpoint, options is tcp or udp # protocol: tcp # # The host of external endpoint # host: localhost # # Port of external endpoint # port: 5140
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! _version: 2.0.0
# Uncomment external_redis if using external Redis server external_redis: # support redis, redis+sentinel # host for redis: <host_redis>:<port_redis> # host for redis+sentinel: # <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3> host: 192.168.1.111:6379 password: duan@1994 # sentinel_master_set must be set to support redis+sentinel #sentinel_master_set: # db_index 0 is for core, it's unchangeable registry_db_index: 1 jobservice_db_index: 2 chartmuseum_db_index: 3 clair_db_index: 4 trivy_db_index: 5 idle_timeout_seconds: 30
# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert. # uaa: # ca_file: /path/to/ca
# Global proxy # Config http proxy for components, e.g. http://my.proxy.com:3128 # Components doesn't need to connect to each others via http proxy. # Remove component from `components` array if want disable proxy # for it. If you want use proxy for replication, MUST enable proxy # for core and jobservice, and set `http_proxy` and `https_proxy`. # Add domain to the `no_proxy` field, when you want disable proxy # for some special registry. proxy: http_proxy: https_proxy: no_proxy: components: - core - jobservice - clair - trivy
访问harbor 192.168.1.111认用户名密码admin/Harbor12345
docker push 异常:
docker 在push镜像到本地registry出现的500 Internal Server Error
