I'm getting an error when pushing an image to quay using buildx. If I use a standard docker build I get no issues using the same credentials. I am doing this via Drone CI. I am getting the following error:
#17 exporting to image
#17 pushing layers 1.3s done
#17 ERROR: unexpected status: 401 UNAUTHORIZED
------
> exporting to image:
------
error: failed to solve: unexpected status: 401 UNAUTHORIZED
These are the commands I am running via CI:
- docker login -u="orgname+build_test" -p=$${DOCKER_PASSWORD} quay.io
- docker run --privileged --rm tonistiigi/binfmt --install all
- docker buildx create --name container --driver docker-container --use
- docker buildx build --platform linux/amd64,linux/arm/v7 -t quay.io/orgname/test:latest --output type=registry .
This is running in 19.03.12-dind image which I have added the build x plugin. I am able to run the build x commands but it fails to upload image to the quay registry.
Related
When running
docker buildx build --platform linux/arm64,linux/amd64,linux/arm/v7 -t my-project .
it fails with a very cryptic error message:
------
> [internal] load build context:
------
error: failed to solve: snapshot does not exist: not found
which I can't find in google.
This is on debian, I just switched from debian's docker.io for the docker-ce package to get buildx support.
This cryptic error is shown when using docker buildx with a buildx-capable docker command, but with the docker service still being the old non-buildx-capable one.
Manually restart the docker service with
service docker restart
(or similar, depending on your service system) and buildx will work just fine.
OS: Linux Ubuntu
Version: 19.10
Docker Version: 19.03.6, build 369ce74a3c
I created a simple docker file like below:
FROM busybox:latest
CMD echo Hello World
After that, I run the following command to build the docker file:
docker build
-t rshtishi/hello-world-dockerfile
-f HelloWorld.df
.
Then I published in my account on DockerHub:
docker push rshtishi/hello-world-dockerfile
All the steps above completed successfully. After delete the rshtishi/hello-world-dockerfile images locally I couldn't pull the image from dockerhub.
When I run the pull command I got the error below:
Using default tag: latest
latest: Pulling from rshtishi/hello-world-dockerfile
61c5ed1cbdf8: Already exists
error pulling image configuration: unknown blob
In Gitlab CI, when I want to push my image, I get:
Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running?
Here is the code:
docker-push:
stage: publish
image: docker:stable
services:
- docker:dind
before_script:
- *inject-gopath
- docker login -u gitlab-ci-token -p $GITLAB_PERSONAL_ACCESS_TOKEN $REGISTRY_URL
# $CI_BUILD_TOKEN
script:
- docker build --build-arg GITLAB_TOKEN=${GITLAB_PERSONAL_ACCESS_TOKEN} --target=prod -t $REGISTRY_PACKAGE_API_NAME:$CI_BUILD_ID .
- docker build --build-arg GITLAB_TOKEN=${GITLAB_PERSONAL_ACCESS_TOKEN} --target=prod -t $REGISTRY_PACKAGE_API_NAME:latest .
- docker push $REGISTRY_PACKAGE_API_NAME:$CI_BUILD_ID
- docker push $REGISTRY_PACKAGE_API_NAME:latest
Here is the output:
Pulling docker image docker:stable ...
Using docker image sha256:23fb2c9b38b59433ea1913eafa12d2e15651ca0d08819dc7067d27d8f92e0428 for docker:stable ...
Running on runner-wmKFtEwx-project-7124308-concurrent-0 via ubuntu...
Fetching changes...
Removing release/
HEAD is now at 9c4894a Merge branch '5-supprimer-les-threads' into 'master'
Checking out 9c4894af as master...
Skipping Git submodules setup
Downloading artifacts for build (324707453)...
Downloading artifacts from coordinator... ok id=324707453 responseStatus=200 OK token=SVLY__Jy
$ mkdir -p $(dirname ${PACKAGE_PATH}) && ln -s ${CI_PROJECT_DIR} ${PACKAGE_PATH} && cd ${PACKAGE_PATH}
$ docker login -u gitlab-ci-token -p $GITLAB_PERSONAL_ACCESS_TOKEN $REGISTRY_URL
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
$ docker build --build-arg GITLAB_TOKEN=${GITLAB_PERSONAL_ACCESS_TOKEN} --target=prod -t $REGISTRY_PACKAGE_API_NAME:$CI_BUILD_ID .
Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running?
ERROR: Job failed: exit code 1
Weird thing is that I am in the image docker-stable, so I should have docker available, and previous step docker login is working well...
Is it a bug from Gitlab, or something I am doing wrong ?
PD: I am using Gitlab.com
PD2: I can push the image manually without any issue
As per comment it is just a GitLab problem.
There is no guarantee, with a free runner, that it will always work. In this case the docker deamon is not available so your build will keep failing until the runner is restarted when GitLab detects the error.
Notice this is my assumption given that often the error comes and then after a few hours it is gone. As you can see also my Gitlab Forums Thread received no reply from anyone so I am afraid I dont think you will be able to fix this. If mission critical then run your own runner so you can restart it on failure
I have the below code to build an image
docker build -t provisioner-builder:latest -f images/provisioner/Dockerfile.builder .
Right after this build command I have this line
docker run provisioner-builder:latest /bin/true
The docker run command always throws this error in jenkins
06:23:44 Successfully tagged provisioner-builder:latest
06:23:44 docker run provisioner-builder:latest /bin/true
06:23:45 docker: Error response from daemon: Error response from daemon: pull access denied for provisioner-builder, repository does not exist or may require 'docker login'.
06:23:45 See 'docker run --help'.
SO out of 15 runs in jenkins, the above step fails at-least 10-11 times. I get lucky very rarely. I am not trying to pull image as the image is already present in local [I tested by doing a docker images right after the build command and the image was locally present].
I dont understand why this command fails most of the times.
I have a node-based project and following are the first few steps that are required to be executed as part of the build:
npm install
npm run build
docker build -t client .
The last command above builds the following Dockerfile:
FROM docker.artifactory.abc.net/nginx
COPY build /usr/share/nginx/html
COPY default.conf /etc/nginx/conf.d/default.conf
Content of .gitlab-ci.yml:
image: docker.artifactory.abc.net/docker/node:1.0
stages:
- build
- deploy
build:
stage: build
script:
- npm install
- npm run build
- docker build -t client .
In the above Dockerfile, i am using a custom node image (node:1.0) which contains the proxy settings for apk to work and Artifactory configuration so all the dependencies are fetched using Artifactory. Now when i was running this build, i was getting docker: command not found error while executing the last command (docker build -t client .), which is expected because the base image is for node and doesn't contain docker. So i added docker setup instructions to the node Dockerfile based on this link except for the last 3 lines where it's configuring the ENTRYPOINT and CMD.
Now when i ran the build, i got:
$ docker build -t client .
Sending build context to Docker daemon 372.7MB
Step 1 : FROM docker.artifactory.abc.net/nginx
Get https://docker.artifactory.abc.net/v2/nginx/manifests/latest: unknown: Authentication is required
ERROR: Job failed: exit code 1
This error, as per my past experience, had to do with running docker login command. Since the docker setup in official image uses tar, i had to add docker user to /etc/group and then add current user (root) to the docker group. Also added the docker login command as shown below to the Dockerfile:
addgroup docker; \
adduser root docker; \
docker login docker.artifactory.abc.net -u svc-art -p "ZTg6#&kq"; \
After that, if i try building this Dockerfile, i get following error:
+ dockerd -v
Docker version 17.05.0-ce, build v17.05.0-ce
+ docker -v
Docker version 17.05.0-ce, build v17.05.0-ce
+ adduser root docker
+ tail -2 /etc/group
node:x:1000:node
docker:x:101:root
+ docker login docker.artifactory.abc.net -u svc-art -p ZTg6#&kq
Warning: failed to get default registry endpoint from daemon (Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?). Using system default: https://index.docker.io/v1/
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
I also did an ls -ltr /var/run/docker.sock; and the docker socket file was not present inside the image. This seems to be the issue.
Any idea how i can get this working?
Well from the example you have provided I cannot see where you call your docker service, therefore I assume you are not calling it also you are not logging into the registry.
The way your pipeline should look like is something as follows:
image: docker.artifactory.abc.net/docker/node:1.0
stages:
- build
- deploy
build:
image: docker:latest
services:
- docker:dind
stage: build
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN registry.example.com
- docker build -t registry.example.com/group/project/image:latest .
- docker push registry.example.com/group/project/image:latest
You could also find more info here