修改 Harbor 项目权限时提示 internal server error
目录
问题描述
在修改 Harbor 项目的权限时,系统提示出现 internal server error。
根本原因
Harbor 使用的 Redis 不支持 keys 命令。
故障排除
检查 Harbor 核心部署的日志,确认是否存在以下错误消息:
2024-12-11T06:36:11Z [ERROR] [/lib/http/error.go:56]: {"errors":[{"code":"UNKNOWN","message":"unknown: NOPERM this user has no permissions to run the 'keys' command or its subcommand"}]}
2024-12-11T06:36:11Z [ERROR] [/lib/http/error.go:56]: {"errors":[{"code":"UNKNOWN","message":"unknown: NOPERM this user has no permissions to run the 'keys' command or its subcommand"}]}
2024-12-11T06:36:16Z [ERROR] [/lib/http/error.go:56]: {"errors":[{"code":"UNKNOWN","message":"unknown: NOPERM this user has no permissions to run the 'keys' command or its subcommand"}]}
2024-12-11T06:36:17Z [ERROR] [/lib/http/error.go:56]: {"errors":[{"code":"UNKNOWN","message":"unknown: NOPERM this user has no permissions to run the 'keys' command or its subcommand"}]}
解决方案
使用 Alauda Cache Service for Redis OSS
在 Redis 部署的命名空间中,修改名为 default 的 redisuser 配置,移除 -keys 配置。
[root@demo1-gm1 ~]# kubectl get redisuser
NAME INSTANCE USERNAME PHASE AGE
rfr-acl-harbor-harbor-demo1-redis-default harbor-harbor-demo1-redis default Success 44d
rfr-acl-harbor-harbor-demo1-redis-operator harbor-harbor-demo1-redis operator Success 44d
[root@demo1-gm1 ~]# kubectl edit redisuser default -n <namespace>
# ...
spec:
accountType: default
aclRules: +@all -acl -flushall -flushdb -keys -* // 移除 "-keys" 配置。
arch: sentinel
passwordSecrets:
- harbor-demo1-redis-password
redisName: harbor-harbor-demo1-redis
username: default
status:
phase: Success
lastUpdateSuccess: "2024-12-11T08:40:17Z"
# ...
spec:
accountType: default
aclRules: +@all -acl -flushall -flushdb -* // 此行已更改
arch: sentinel
passwordSecrets:
- harbor-demo1-redis-password
redisName: harbor-harbor-demo1-redis
username: default
status:
phase: Success
lastUpdateSuccess: "2024-12-11T08:40:17Z"
使用自管 Redis
自管的 Redis 实例请使用 Redis ACL 检查并修改命令权限控制。
注意事项
由于 keys 命令会扫描所有索引并导致 Redis 服务阻塞,请考虑是否长期保留该命令。
相关内容
