跳到主要内容

harbor使用腾讯云cos做为存储后端报错500问题

harbor官方文档对于 sorage_service 的说明

CNCF对于使用不同存储后端的说明

harbor.yml 存储配置

腾讯云cos地域和访问域名文档

说明

在配置文件中,regionendpoint的格式是 <BucketName-APPID>.cos.ap-beijing.myqcloud.com 如果指定了 bucket ,则 <BucketName-APPID> 可以不写,例如在北京有一个cos桶,那么 regionendpoint 对应的地址就是 https://cos.ap-beijing.myqcloud.com

storage_service:
    s3: 
      region: ap-beijing
      bucket:  xxx
      accesskey: xxx
      secretkey: xxx
      regionendpoint: https://cos.ap-beijing.myqcloud.com
      rootdirectory: /

上传镜像报错500

$ docker push xxx.com/devops/node:10.16.3
The push refers to repository [xxx.com/devops/node]
4af45d82c6e8: Pushing [==================================================>]  3.584kB
35dc986a1895: Retrying in 1 second 
daca4f0b76e3: Retrying in 1 second 
799e7111d6d4: Pushing [==================================================>]  349.2kB
a72a7e555fe1: Retrying in 1 second 
b8f8aeff56a8: Waiting 
687890749166: Waiting 
2f77733e9824: Waiting 
97041f29baff: Waiting 
received unexpected HTTP status: 500 Internal Server Error

同步镜像报错

2024-09-13T08:38:21Z [INFO] [/replication/transfer/image/transfer.go:240]: copying the blob sha256:686b0b2c85da0e7da2069190089960ff92969951bde1aecb2884f1ee8262287d(the 5th running)...
2024-09-13T08:38:22Z [ERROR] [/replication/transfer/image/transfer.go:278]: failed to pushing the blob sha256:686b0b2c85da0e7da2069190089960ff92969951bde1aecb2884f1ee8262287d, size 10456: http error: code 500, message {"errors":[{"code":"UNKNOWN","message":"unknown error","detail":{"DriverName":"s3aws","Enclosed":{"RequestFailure":{}}}}]}
2024-09-13T08:38:22Z [ERROR] [/replication/transfer/image/transfer.go:245]: failed to copy the blob sha256:686b0b2c85da0e7da2069190089960ff92969951bde1aecb2884f1ee8262287d: http error: code 500, message {"errors":[{"code":"UNKNOWN","message":"unknown error","detail":{"DriverName":"s3aws","Enclosed":{"RequestFailure":{}}}}]}
2024-09-13T08:38:22Z [ERROR] [/replication/transfer/image/transfer.go:154]: http error: code 500, message {"errors":[{"code":"UNKNOWN","message":"unknown error","detail":{"DriverName":"s3aws","Enclosed":{"RequestFailure":{}}}}]}

原因

说明

腾讯云cos桶有最终一致性特性,即往存储桶中上传了一个对象,并立即调用 GET Bucket 接口,由于此接口的最终一致性特性,返回的结果中可能不会包含刚刚上传的对象。

cos桶list强一致性问题,具体可以看 腾讯云GET Bucket文档说明 ,在腾讯云社区文章 中也有人遇到过这个问题

解决方法

1.需要腾讯云cos团队修改后台配置解决强一致性问题

2.需要腾讯云cos团队修改cos桶白名单以使其支持 path-style 域名

没有解决的问题

按照腾讯云cos桶 域名合规问题 在2024年1月1日以后创建的cos桶是默认不支持使用 path-style 域名的,需要使用 virtual-hosted-style 域名,即自定义域名,但是当把配置文件中的域名修改为自定义域名后,上传/同步镜像依然报错500,最终的解决方法是腾讯云后台针对harbor使用的cos桶开启使用 path-style 域名白名单

原配置
storage_service
    s3: 
      region: ap-beijing
      bucket: xxx
      accesskey: xxx
      secretkey: xxx
      regionendpoint: https://cos.ap-beijing.myqcloud.com
      rootdirectory: / 


现配置
storage_service:
    s3: 
      region: ap-beijing
      bucket: xxx
      accesskey: xxx
      secretkey: xxx
      regionendpoint: https://xxx.com
      rootdirectory: /