I have a problem :
Since yesterday, when i'm trying to log into my docker account using a bitbucket pipeline.
My pipeline looks like that :
services:
- docker
caches:
- node
- docker
script:
- echo $REGISTRY_PASS | docker login --username $REGISTRY_USER --password-stdin $REGISTRY_URL
I have this error :
ERROR: x509: certificate signed by unknown
Someone could help me ?
Thank you
Related
I tried login to JFrog artifactory using docker commands:
root#dxc:/home/dxc# echo ${API_Key} | docker login --username 320060162 --password-stdin
But I am facing with the below error:
Error response from daemon: Get "https://registry-1.docker.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
I tried to check config.json file:
root#dxc:/home/dxc# cd .docker/
root#dxc:/home/dxc/.docker# cat config.json
{
"auths": {}
}
You need to give artifactory endpoint as well in the docker login command.
echo "your_password" | docker login your_domain.jfrog.io --username "username" --password-stdin
You can manually set your credentials in the config.json file as below:
{
"auths": {
"<the Docker repository endpoint in Artifactory>": {
"auth": "<USERNAME>:<PASSWORD> (converted to base 64)",
"email": "youremail#email.com"
}
}
}
I’m encountering an error while login to the ecr from local machine (Windows).
I have used this command for login:
aws ecr get-login-password --region ap-south-1 | docker login --username AWS --password-stdin 26224922****.dkr.ecr.ap-south-1.amazonaws.com
However I am getting the following error:
unknown flag: --password-stdin
See 'docker login --help'.
Exception ignored in: <_io.TextIOWrapper name='<stdout>' mode='w' encoding='cp1252'>
OSError: [Errno 22] Invalid argument
I followed the docker manuals for setting up a private registry, and acquired a Let's Encrypt certificate. This is my docker-compose.yml:
version: '2'
services:
registry:
restart: always
image: registry:2.3.1
ports:
- 5000:5000
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/live/git.xxxx.com/fullchain.pem
REGISTRY_HTTP_TLS_KEY: /certs/live/git.xxxx.com/privkey.pem
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- ./data:/var/lib/registry
- /etc/letsencrypt:/certs
- ./auth:/auth
This is my curl command and result:
curl https://git.xxxx.com:5000/v2/
<htpassword auth succeeds>
{}
Also Chrome/Firefox are green and can reach this without cert errors.
But docker login keeps failing.
docker login https://git.xxxx.com:5000/v2/
Username: raarts
Password:
Email:
Error response from daemon: invalid registry endpoint https://git.xxxx.com:5000/v2/: Get https://git.xxxx.com:5000/v2/: x509: certificate signed by unknown authority. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry git.xxxx.com:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/git.xxxx.com:5000/ca.crt
Using docker 1.10.3
I fixed the problem. And it's embarrassing. I'd rather not talk about it if it weren't for the stupid and confusing error message I got.
I had on my own laptop pointed git.xxxx.com to another ip. So docker could not actually reach the registry server, connections were refused.
But the error message I got really pointed me in the wrong direction and cost me several hours of my time.
I am using use the ice command line interface for IBM Container Services, and I am seeing a couple of different problems from a couple of different boxes I am testing with. Here is one example:
[root#cds-legacy-monitor ~]# ice --verbose login --org chrisr#ca.ibm.com --space dev --user chrisr#ca.ibm.com --registry registry-ice.ng.bluemix.net
#2015-11-26 01:38:26.092288 - Namespace(api_key=None, api_url=None, cf=False, cloud=False, host=None, local=False, org='chrisr#ca.ibm.com', psswd=None, reg_host='registry-ice.ng.bluemix.net', skip_docker=False, space='dev', subparser_name='login', user='chrisr#ca.ibm.com', verbose=True)
#2015-11-26 01:38:26.092417 - Executing: cf login -u chrisr#ca.ibm.com -o chrisr#ca.ibm.com -s dev -a https://api.ng.bluemix.net
API endpoint: https://api.ng.bluemix.net`
Password>
Authenticating...
OK
Targeted org chrisr#ca.ibm.com
Targeted space dev
API endpoint: https://api.ng.bluemix.net (API version: 2.40.0)
User: chrisr#ca.ibm.com
Org: chrisr#ca.ibm.com
Space: dev
#2015-11-26 01:38:32.186204 - cf exit level: 0
#2015-11-26 01:38:32.186340 - config.json path: /root/.cf/config.json
#2015-11-26 01:38:32.186640 - Bearer: <long string omitted>
#2015-11-26 01:38:32.186697 - cf login succeeded. Can access: https://api-ice.ng.bluemix.net/v3/containers
Authentication with container cloud service at https://api-ice.ng.bluemix.net/v3/containers completed successfully
You can issue commands now to the container service
Proceeding to authenticate with the container cloud registry at registry-ice.ng.bluemix.net
#2015-11-26 01:38:32.187317 - using bearer token
#2015-11-26 01:38:32.187350 - config.json path: /root/.cf/config.json
#2015-11-26 01:38:32.187489 - Bearer: <long pw string omitted>
#2015-11-26 01:38:32.187517 - Org Guid: dae00d7c-1c3d-4bfd-a207-57a35a2fb42b
#2015-11-26 01:38:32.187551 - docker login -u bearer -p '<long pw string omitted>' -e a#b.c registry-ice.ng.bluemix.net
FATA[0012] Error response from daemon: </html>
#2015-11-26 01:38:44.689721 - docker call exit level: 256
docker is not available on your system or is not properly configured
Could not authenticate with cloud registry at registry-ice.ng.bluemix.net
You can still use IBM Containers but will not be able to run local docker containers, push, or pull images
#2015-11-26 01:38:44.689842 - Exit err level = 2**
On the other box, it also fails, but the final error is slightly different.
#2015-11-26 01:44:48.916034 - docker login -u bearer -p '<long pw string omitted>' -e a#b.c registry-ice.ng.bluemix.net
Error response from daemon: Unexpected status code [502] : <html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx</center>
</body>
</html>
#2015-11-26 01:45:02.582753 - docker call exit level: 256
docker is not available on your system or is not properly configured
Could not authenticate with cloud registry at registry-ice.ng.bluemix.net
You can still use IBM Containers but will not be able to run local docker containers, push, or pull images
#2015-11-26 01:45:02.582868 - Exit err level = 2
Any thoughts on what might be causing these issues?
The errors are referring the same problem, ice isn't finding any docker env locally.
It doesn't prevent working remotely on Bluemix but without a local docker env ice cannot work with local containers
I've successfully logged in bluemix container service via command ice login with following output:
Authentication with container cloud service at https://api-ice.ng.bluemix.net/v1.0/containers completed successfully
You can issue commands now to the container service
Proceeding to authenticate with the container cloud registry at registry-ice.ng.bluemix.net
Login Succeeded
And ice ps -a works as well, but when issuing ice images, it failed with:
$ ice --verbose images
#2015-05-07 13:59:29.221306 - Namespace(cloud=False, local=False, subparser_name='images', verbose=True)
#2015-05-07 13:59:29.221370 - request url: https://api-ice.ng.bluemix.net/v1.0/containers/images/json
#2015-05-07 13:59:30.012412 - Return code: 404 Return reason: NOT FOUND
#2015-05-07 13:59:30.012439 - Req-ID: a382f2f79d54b157
#2015-05-07 13:59:30.012451 - Exit err level = 1
Here's the command line version:
$ ice version
ICE CLI Version : 2.0.1 000 2015-03-26T19:51:27
Notice that ice images works last week.
is there anything changed in the server side?
Try login to ice with this
ice login -a https://api.ng.bluemix.net -H https://api-ice.ng.bluemix.net/v2/containers -R registry-ice.ng.bluemix.net
This is what I get when running ice --verbose images
bash-3.2$ ice --verbose images
#2015-05-08 14:54:49.692386 - Namespace(cloud=False, local=False, subparser_name='images', verbose=True)
#2015-05-08 14:54:49.692455 - request url: https://api-ice.ng.bluemix.net/v2/containers/images/json
#2015-05-08 14:54:49.692466 - using bearer token and space id
#2015-05-08 14:54:49.692482 - config.json path: /Users/stanli/.cf/config.json
It seems that your ice command was pointing to v1 of the api.
-Stan