install.sh Fail to generate key file

[StephenPCG]

I'm installing v1.1.2 on a fresh debian 9, install.sh failed with the following output:

$ sudo ./install.sh

[Step 0]: checking installation environment ...

Note: docker version: 17.06.0

Note: docker-compose version: 1.14.0

[Step 1]: loading Harbor images ...
Loaded image: vmware/harbor-jobservice:v1.1.2
Loaded image: vmware/nginx:1.11.5-patched
Loaded image: photon:1.0
Loaded image: vmware/notary-photon:server-0.5.0
Loaded image: vmware/notary-photon:signer-0.5.0
Loaded image: vmware/harbor-adminserver:v1.1.2
Loaded image: vmware/harbor-ui:v1.1.2
Loaded image: vmware/harbor-log:v1.1.2
Loaded image: vmware/harbor-db:v1.1.2
Loaded image: vmware/registry:2.6.1-photon
Loaded image: vmware/harbor-notary-db:mariadb-10.1.10


[Step 2]: preparing environment ...
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/app.conf
Generated configuration file: ./common/config/ui/app.conf
Fail to generate key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt

After reading the prepare script and added some debugging print() calls, I found the following command failed:

$ sudo openssl  req -new -x509 -key ./common/config/ui/private_key.pem -out ./common/config/registry/root.crt -days 3650 -subj '/C=/ST=/L=/O=/CN=
/'
problems making Certificate Request
139925692761344:error:0D07A098:asn1 encoding routines:ASN1_mbstring_ncopy:string too short:../crypto/asn1/a_mbstr.c:102:minsize=2

I changed empty_subj to / and successfully run ./prepare.

openssl version is:

$ openssl version
OpenSSL 1.1.0f  25 May 2017

[steven-zou]

@wy65701436
Please help to take a look at this issue to confirm if there is an issue existing.

[sdandroid]

debian 9 same issue,the issue maby OpenSSL not allow empty subject.

[kelu27]

same issue on debian9 with v1.2.0-rc5

[wy65701436]

I will have a reproduce on debian 9.

[corentin59]

I will have a reproduce on debian 9.

[pppoke]

same issue on on deepin linux 4.9.29-4.

[yuxingxin]

The same issue happend to me , my OS is also debian 9, I replace the default key and certificate. Assume that you key and certificate are in the directory /root/cert, following are what you should do:

$ cd config/ui
$ cp /root/cert/private_key.pem private_key.pem
$ cp /root/cert/root.crt ../registry/root.crt

then using following command:

  $ docker-compose down
  $ docker-compose up -d

well done!

[bweston92]

Same on Debian Buster. Thing is I'm not even using SSL so why is it even attempting to generate them?

[teknologist]

to fix this on Debian 9 just edit prepare script and change:
empty_subj = "/C=/ST=/L=/O=/CN=/"
to
empty_subj = "/"

works like a charm here

[sangrealest]

Same on Fedora 28. Followed @teknologist 's comment, it works.

[jouve]

the issue is also present in the latest ubuntu LTS (18.04).

[ahbrosha]

the issue appears also on ArchLinux. @teknologist advise fixed it! Thanks 👍

[KeithTt]

@teknologist Thanks, fixed it!

[yalinyee]

I have zhe same problem on Ubuntu18.04，Harbor version v1.5.1
openssl version is:
OpenSSL 1.1.0g 2 Nov 2017

how to solve this problem？？？

[liran]

I currently use Harbor version v1.5 at Ubuntu18.04 and have this problem. #5260

[trustbyte]

i have this one also:

root@:~/harbor/harbor# docker-compose --verbose version docker-compose version 1.25.0-rc1, build 8552e8e2 docker-py version: 4.0.1 CPython version: 3.7.3 OpenSSL version: OpenSSL 1.1.0j 20 Nov 2018
root@:~/harbor/harbor# ./prepare --with-notary --with-clair
prepare base dir is set to /root/harbor/harbor
Traceback (most recent call last):
File "main.py", line 62, in
main()
File "/usr/lib/python3.6/site-packages/click/core.py", line 764, in call
return self.main(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/usr/lib/python3.6/site-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/lib/python3.6/site-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "main.py", line 31, in main
config_dict = parse_yaml_config(conf)
File "/usr/src/app/utils/configs.py", line 55, in parse_yaml_config
configs = yaml.load(f)
File "/usr/lib/python3.6/site-packages/yaml/init.py", line 73, in load
return loader.get_single_data()
File "/usr/lib/python3.6/site-packages/yaml/constructor.py", line 35, in get_single_data
node = self.get_single_node()
File "/usr/lib/python3.6/site-packages/yaml/composer.py", line 36, in get_single_node
document = self.compose_document()
File "/usr/lib/python3.6/site-packages/yaml/composer.py", line 55, in compose_document
node = self.compose_node(None, None)
File "/usr/lib/python3.6/site-packages/yaml/composer.py", line 84, in compose_node
node = self.compose_mapping_node(anchor)
File "/usr/lib/python3.6/site-packages/yaml/composer.py", line 127, in compose_mapping_node
while not self.check_event(MappingEndEvent):
File "/usr/lib/python3.6/site-packages/yaml/parser.py", line 98, in check_event
self.current_event = self.state()
File "/usr/lib/python3.6/site-packages/yaml/parser.py", line 439, in parse_block_mapping_key
"expected , but found %r" % token.id, token.start_mark)
yaml.parser.ParserError: while parsing a block mapping
in "/input/harbor.yml", line 5, column 1
expected , but found ''
in "/input/harbor.yml", line 13, column 2

[barryz]

the issue is also present in the latest ubuntu LTS (18.04).

the workaroud same as the answer who @teknologist replied.

[yinjunfa]

解决这个问题Debian的9只编辑准备的脚本和变化：
empty_subj = "/C=/ST=/L=/O=/CN=/"
对
empty_subj = "/"

在这里像魅力一样工作

very good