I'm having an issue where I can't push docker images with JFrog CLI:
This works:
docker login -u <username> --password <ACCESS_TOKEN> <URL>
docker tag my_img:latest <url>/<repository>/my_image:latest
docker push <url>/<repository>/my_image:latest
However
jf config add --interactive=false --user <username> --url <URL> --access_token <ACCESS_TOKEN> myServer
docker tag my_img:latest <url>/<repository>/my_image:latest
jf use myServer
jf docker push <url>/<repository>/my_image:latest --server-id myServer
gives me an error:
[🚨Error] received invalid access-token
I would expect that those two are equivalent.
I also tried a couple of variations - to the same effect:
jf docker push image_name/latest <repository>/image_name:latest --server-id myServer
jf rt dp my_image/latest <repository>/my_image:latest
To make thing even weirder, the same jf config works fine for conan:
jf config use myServer
jf rt upload <path>/<artifact> <conan_repository>/<artifact>
What am I missing?
I am suspecting that the CLI call is running into a similar issue as reported here.
Instead of using an identity token created from the user profile section, can you please try using an Access Token generated under the following path?
JFrog Platform UI -> Administration -> User management -> Access Token?
Related
I am unable to run a health check using the Azure CLI. I am on MacOS Monterey. Below is the error:
➜ az acr check-health -n <ACR_NAME>
Docker daemon status: available
Docker version: 'Docker version 20.10.12, build 459d0df, platform linux/amd64'
This will pull the image mcr.microsoft.com/mcr/hello-world:latest. Proceed? (y/n): y
Docker pull of 'mcr.microsoft.com/mcr/hello-world:latest' : OK
Azure CLI version: 2.33.1
DNS lookup to <ACR_NAME>.azurecr.io at IP 20.42.66.2 : OK
Challenge endpoint https://<ACR_NAME>.azurecr.io/v2/ : OK
Fetch refresh token for registry '<ACR_NAME>.azurecr.io' : OK
Fetch access token for registry '<ACR_NAME>.azurecr.io' : OK
Helm version: 3.8.0
An error occurred: NOTARY_COMMAND_ERROR
Please verify if notary is installed.
Please refer to https://aka.ms/acr/errors#notary_command_error for more information.
The support URL provided does not lead to anywhere useful.
Not sure if it helps, but I'm able to login to my ACR just fine:
➜ az acr login --name <ACR_NAME>
Login Succeeded
Has anyone else faced this error/issue? What am I missing here?
According too azure/container-registry| Microsoft Docs.
Azure Container Registry does not officially support the Notary CLI
but is compatible with the Notary Server API, which is included with
Docker Desktop. Currently Notary version 0.6.0 is recommended
So please try the suggestion provided in comment by #madhuraj.
It looks like a known issue .See if below can be workaround.
Try to enable content trust at the registry level.
Or
In Bash
export DOCKER_CONTENT_TRUST=1
Enable content trust for single command
docker build --disable-content-trust=false -t myacr.azurecr.io/myimage:v1 .
In azure CLI
$ docker push myregistry.azurecr.io/myimage:v1
Please check enable registry content trust | Microsoft Docs for further details.
$ docker pull myregistry.azurecr.io/myimage:signed
Or see azure container registry - Stack Overflow reference
set DOCKER_CONTENT_TRUST=1
docker push myregistry.azurecr.io/image:tag
If the issue remains please raise a support request from overview blade > Support + troubleshooting >New Support Request.
References:
https://docker-docs-notary
Registry authentication options - Azure Container Registry |
Microsoft Docs
behind-the-scenes - Azure Container Registry | Microsoft Docs
set AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1 and voila, you won't get NOTARY_COMMAND_ERROR with az acr login command.
I faced the same issue and fixed it by the following command (installing notary v0.6.1)
$ go install github.com/notaryproject/notary/cmd/notary#v0.6.1
See https://github.com/notaryproject/notary for what the notary is.
...
And well, the command was useless though (sigh
I would like to push a built docker image in the central docker hub in an automatic build process. To be able to do that, I need to login first before doing the push then.
The relevant section of the .gitlab-ci.yml file is the following:
docker-deploy:
image: docker:latest
stage: deploy
before_script:
- echo $HUB_PW | docker login -u $HUB_USER --password-stdin
after_script:
- docker logout
script:
- docker push <mytag>:$CI_PIPELINE_ID
I get the following error in Gitlab CI
$ echo $HUB_PW | docker login -u $HUB_USER --password-stdin
Error response from daemon: Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password
The relevant environment variables $HUB_PW and $HUB_USER are set correctly.
I have tried to do the same in a linux bash, with docker available, with the same result.
However, I am able to login into docker interactive.
docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: <myusername>
Password:
Login Succeeded
When I do a logout, I get
docker logout
Removing login credentials for https://index.docker.io/v1/
There is no way to do an interactive login in an automatic build. And I don't understand the difference in the hubs URL, depending on using the interactive login and the one with the password included.
Has anyone any idea how to get this setup working?
I had similar problem because of $USERNAME contained $ character. By using the name with escape character directly in .gitlab-ci.yml for docker login
example: robot\$myname
gitlab connected to docker hub as expected.
Gitlab variables with $ in them can be escaped with a double dollar sign e.g. robot$$pusher.
\$ didn't work for me on enterprise edition 13.6.7-ee, but as far as I can tell double dollar escape syntax has been around since at least community edition 11.0.3
Ok so I'm trying to make Bitbucket build a docker image using Bitbucket pipelines and I could sign in a week ago but now it doesn't work anymore.
And I'm using the same username and password, here it's a list of the commands I have tried and their output.
docker login cloud.canister.io:5000 --username $CANISTER_USERNAME --password $CANISTER_PASSWORD:
Error response from daemon: Get https://cloud.canister.io:5000/v2/: authorization server did not include a token in the response
docker login --username $CANISTER_USERNAME --password $CANISTER_PASSWORD cloud.canister.io:5000
Error response from daemon: Get https://cloud.canister.io:5000/v2/: authorization server did not include a token in the response
docker login cloud.canister.io:5000 --username $CANISTER_USERNAME
Password: xxxxxxxxxxxxxxxxxxx
Error saving credentials: error storing credentials - err: exit status 1, out: Cannot autolaunch D-Bus without X11 $DISPLAY
echo "$CANISTER_PASSWORD" | docker login cloud.canister.io:5000 --username $CANISTER_USERNAME --password-stdin
Error response from daemon: Get https://cloud.canister.io:5000/v2/: authorization server did not include a token in the response
echo "$CANISTER_PASSWORD" | docker login --username $CANISTER_USERNAME --password-stdin cloud.canister.io:5000
Error response from daemon: Get https://cloud.canister.io:5000/v2/: authorization server did not include a token in the response
I've also tried on a local machine and tried to do it without environment variables also tried to sign out and then try to sign in again but nothing works
for logging in this worked for me:
docker login --username=USERNAME cloud.canister.io:5000
Unfortunately, i am still getting this error message whenever i try to push my image.
I had the same issue when trying to push a new image to cloud.canister.io. It turned out I had not created the repository through the web frontend yet.
After creating the repo on cloud.canister.io I could successfully push my image up.
First you need to create an empty repo on cloud.canister.io
website with same name of the image you are trying to push.
Then you will be able to push to that repo.
Make sure you have authenticated the canister account using
sudo docker login --username=<username> cloud.canister.io:5000
Been a while. But this helped me:
docker push (registryFullUrl)/$(dockerId)/$(imageName):$(MAJOR).$(MINOR).$(PATCH)
where:
$(registryFullUrl) = cloud.canister.io:5000
$(dockerId) = your canister id
$(imageName) = repository name
$(MAJOR).$(MINOR).$(PATCH) = version
This worked for me. Hopefully this will be helpful to somebody.
I built an image from a custom Dockerfile. I am running Docker Desktop on my Win11.
docker build -t <image>:<tag> .
I logged into canister.io.
docker login --username=<username> --password=<username> cloud.canister.io:5000
I tagged the build.
docker tag <image>:<tag> cloud.canister.io:5000/<canister-namespace>/<canister-repo>
I pushed the image to canister.
docker push cloud.canister.io:5000/<canister-namespace>/<canister-repo>
I deleted the image from my Docker Desktop and I tried to pull it from canister.
docker pull cloud.canister.io:5000/<canister-namespace>/<canister-repo>
Here's an examples with some dummy values:
docker build -t tc5:tc5tag .
docker login --username=myusername --password=mypassword cloud.canister.io:5000
docker tag tc5:tc5tag cloud.canister.io:5000/mynamespace/testrepo
docker push cloud.canister.io:5000/mynamespace/testrepo
# pull test
docker pull cloud.canister.io:5000/mynamespace/testrepo
I'm trying to execute docker commands inside of a Docker container (don't ask why). To do so I start up a container by running.
sudo docker run -v /var/run/docker.sock:/var/run/docker.sock -it my_docker_image
I am able to run all of the docker commands (pull, login, images, etc) but when I try to push to my remote (Gitlab) registry I get denied access. Yes, I did do a docker login and was able to successfully log in.
When looking at the Gitlab logs I see an error telling me no access token was sent with the push. After I do a docker login I see a /root/.docker/config.json with the remote url and a string of random characters (my credentials in base 64 I believe)? I'm using an access token as my password because i have MFA enabled on my Gitlab server.
Appreciate the help!
I ended up resolving the issue by using docker:stable as my runner image. Not quite sure what the problem was with the centos:centos7 image.
I created my dockers using a makefile, and checked if it was correct. In fact, I was able to run it and even upload to Docker Hub without problems. I then followed the steps suggested to upload the docker to Bluemix, and was unable to do it. I am getting an error telling me that my credentials are incorrect, although I am sure they are not (in fact, I was able to login on the Bluemix website using the same credential without problems).
See below the steps I did and the error obtained, any suggestion to solve them will be welcomed:
$ cf login
API endpoint: https://api.eu-gb.bluemix.net
Email> agorostidi
Password>
Autenticando...
OK
Org seleccionada agorostidi
Space seleccionado dev
Endpoint API: https://api.eu-gb.bluemix.net (version de API: 2.40.0)
Usuario: andres.gorostidi#gmail.com
Org: agorostidi
Space: dev
MacBook-Pro-de-Andres:apache-docker andres$ cf ic login
Client certificates are being retrieved from IBM Containers...
Client certificates are being stored in /Users/andres/.ice/certs/...
Client certificates are being stored in /Users/andres/.ice/certs/containers-api.eu-gb.bluemix.net/504cc61c-47e2-4528-914a-3def71277eea...
OK
Client certificates were retrieved.
Deleting old configuration file...
Checking local Docker configuration...
OK
Authenticating with registry at host name registry.eu-gb.bluemix.net
OK
Your container was authenticated with the IBM Containers registry.
Your private Bluemix repository is URL: registry.eu-gb.bluemix.net/goros
You can choose from two ways to use the Docker CLI with IBM Containers:
Option 1: This option allows you to use "cf ic" for managing containers on IBM Containers while still using the Docker CLI directly to manage your local Docker host.
Use this Cloud Foundry IBM Containers plug-in without affecting the local Docker environment:
Example Usage:
cf ic ps
cf ic images
Option 2: Use the Docker CLI directly. In this shell, override the local Docker environment to connect to IBM Containers by setting these variables. Copy and paste the following commands:
Note: Only Docker commands followed by (Docker) are supported with this option.
export DOCKER_HOST=tcp://containers-api.eu-gb.bluemix.net:8443
export DOCKER_CERT_PATH=/Users/andres/.ice/certs/containers-api.eu-gb.bluemix.net/504cc61c-47e2-4528-914a-3def71277eea
export DOCKER_TLS_VERIFY=1
Example Usage:
docker ps
docker images
MacBook-Pro-de-Andres:apache-docker andres$ docker push registry.ng.bluemix.net/eci_test/chargeback:latest
The push refers to a repository [registry.ng.bluemix.net/eci_test/chargeback] (len: 1)
Sending image list
Please login prior to push:
Username: agorostidi
Password:
Email: andres.gorostidi#gmail.com
Error response from daemon: Wrong login/password, please try again
You logged in to the Bluemix London region and are trying to push an image to the Bluemix US South region, that's why docker push command is asking for your credentials again.
If you want to push your images to the Bluemix US South region you have to login to that region first.
Please point your API to the Bluemix US South region with the following command:
$ cf api https://api.ng.bluemix.net
Then proceed again with the commands you run before, i.e.:
$ cf login
$ cf ic login
$ docker push registry.ng.bluemix.net/eci_test/chargeback:latest
Otherwise, if you want to push your image to the Bluemix London region, then you have to re-tag the image name to match the London region:
$ docker tag chargeback:latest registry.eu-gb.bluemix.net/eci_test/chargeback:latest
Then you can run the docker push command specifying the new tagged image.