Wednesday, December 23, 2020

Changing the Auth Mode in Harbor from Internal Database to OIDC - options greyed out

Customer is using TKGi 1.9.2 with embbeded Harbor 2.1. Harbor has database auth mode by default.

Now customer wants to integrate the same harbor with OIDC. I was not able to change the auth mode in harbor URL. The drop-down button is disabled. 


SSH into Harbor VM and Access PostgreSQL Database
~$ bosh -e pks vms
 Using environment '' as user 'director' (bosh.*.read, openid, bosh.*.admin,, bosh.admin)
 Task 186. Done
 Deployment 'harbor-container-registry-74b44adfd44a90f27cb3'
 Instance                                         Process State AZ IPs VM CID                           VM Type
 harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842  running AZ1 vm-c5eb38a5-acd7-4769-a731-617b0de04dd5  large.disk
 ~$ bosh -e pks -d harbor-container-registry-74b44adfd44a90f27cb3 ssh harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842
 harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:~$ sudo -i
 harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:~# alias docker='/var/vcap/packages/docker/bin/docker -H unix:///var/vcap/sys/run/docker/dockerd.sock'
Clear out all users except admin/anonymous. If there is any foreign key association, it is also necessary to remove the association
harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:/# docker exec -it harbor-db bash
root [ / ]# psql -U postgres
\c registry
select * from harbor_user;
delete from harbor_user where user_id > 2;

Refresh the Harbor web console-> Configurations, then you can change the auth_mode to OIDC.


No comments:

Post a Comment