Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Opening any page in the VIC UI from the browser is very slow (30 seconds) to fully load registry information.After registry information is loaded, it does not show all the registries.If viewing the network connections using browser developer tools, the REST API will timeout to hbr-api similar to: Request URL: https://192.168.1.4:8282/hbr-api/systeminfo Request method: GET Remote address: 192.168.1.4:8282 Status code: 500 Internal Server Error Request URL: https://192.168.1.4:8282/hbr-api/policies/replication Request method: GET Remote address: 192.168.1.4:8282 Status code: 500 Internal Server Error
This issue occurs if the Harbor service is not running. This results in the web page sections that normally have information about the registry to load slowly. When you are using signed certificate in the VIC OVA deployment, this issue may occur if the ca.crt file fails to get created.
This is a known issue affecting vSphere Integrated Containers 1.2.Currently, there is no resolution.
To work around this issue: Validate if Harbor is impacted. SSH to the VIC Appliance. Shut down the vSphere Integrated Containers appliance by selecting Shut Down Guest OS. Note: Do not select Power Off. Right-click the new vSphere Integrated Containers appliance, and select Edit Settings.Click vApp Options to modify the settings that you provided when you used the OVA installer to deploy the appliance.In Appliance Security, update the password for the appliance root account, enable or disable SSH log in.Click OK to close the Edit Settings window.Power on the vSphere Integrated Containers appliance.Use preferred SSH client to connect under the user root.Check if the harbor container exist by running this command: docker ps -aYou see output similar to:CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES340f83d7d25b vmware/admiral:ova "/entrypoint.sh" 19 hours ago Up 19 hours 0.0.0.0:8282->8282/tcp vic-admiral Validate that harbor_startup.service fails to copy the ca.crt file by running this command: journalctl -u harbor_startup.serviceYou see output similar to:vicappliance.viclab.local systemd[1]: Starting Harbor Startup Configuration…vicappliance.viclab.local bash[1040]: cp: cannot stat '/data/admiral/cert/ca.crt': No such file or directoryvicappliance.viclab.local systemd[1]: harbor_startup.service: Control process exited, code=exited status=1### lines omitted for brevity ### Obtain the root signing certificate authority certificate in x509 pem format. The security team responsible for the datacenter can provide this. Typically the certificate would be provided as a chain during the OVA deployment. If this was done, then the root CA would be the last certificate in /data/admiral/cert/server.crt. Cat the file and if the chain was already provided, it will look similar to . cat /data/admiral/cert/server.crtYou see output similar to: -----BEGIN CERTIFICATE-----MIIDYTCCAkmgAwIBAgIJAPPUd8W7LBp8MA0GCSqGSIb3DQEBCwUAMGcxCzAJBgNV### lines omitted for brevity ### --> Signed cert is always at the topBAMMAkNBMRcwFQYKCZImiZPyLGQBGRYHdnNwaGVyZTEVMBMGCgmSJomT8ixkARkW-----END CERTIFICATE----------BEGIN CERTIFICATE-----LjE2OC4xLjEwMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC### lines omitted for brevity ### --> Intermediate CA if one is in use.AQoCggEBAMV93QescNy4Lke5EW8hw/qZwN0fzlXR/C/9radJLgFudVpqD3qmdf4m-----END CERTIFICATE----------BEGIN CERTIFICATE-----Y1WA45DLC1yUcFRRwslGdYvpNAV7BUhJPRa3bKLEnKtI02Ul0rEDj/1TKtSNJgUE### lines omitted for brevity ### --> Root CA that needs to be copied.IztqLMuI9GWxOIef6RqAEX7Xr+PGTVTFGLc8y6LqT455vWXwQ/bNu2jD39EmRmbUiYpj4VE=-----END CERTIFICATE----- Copy the Root CA certificate including the header -----BEGIN CERTIFICATE----- and footer -----END CERTIFICATE----- to a text ca.crt file in /tmp/. Copy the Root ca.crt file obtained from the security team or if the chain was provided in the OVA deployment wizard to /data/admiral/cert/ca.crt.Shutdown the VIC Appliance from the vSphere Web Client and then power on again.Wait few minutes for the configurations to complete the harbor_startup tasks before testing the UI.
To be alerted when this article is updated click the Subscribe to Article link in the Actions box.