I'm new to Docker. I have installed Docker version : 20.10.15 and am trying to download images from one of our vendor sites.
While I was able to download images earlier, now I get the below error :
----------------------------------------------------------------------------------
cmd : **docker pull containers.XXX.com/bmc/lpade:kubectl-latest**
Error response from daemon: Head "https://containers.XXX.com/v2/bmc/lpade/manifests/kubectl-latest": unauthorized: unable to get identity token from basic auth credentials: invalid grant: invalid authentication credentials given
----------------------------------------------------------------------------------
May I know what is causing this error? Also I would like to know how this repo was working earlier , (as this is not a docker hub repo) how does docker knows that there is a private registry?
Related
Summary:
I have made many attempts to deploy simple C# Blazor image in public DockerHub repo to Azure App Service web site. All attempts using bicep and the azure portal have failed.
Goal:
Use bicep inside of a Github action (CI/CD pipeline) to deploy from public DockerHub repo to Azure App Service Web Site. (I'm also curious as to how to do it on the portal).
What Works:
This powershell command successfully deploys my DockerHub image to the Azure App Service Web site:
az.cmd webapp create --name DockerhubDeployDemo004 --resource-group rg_ --plan Basic-ASP -s siegfried01 -w topsecretet --deployment-container-image-name siegfried01/demovisualstudiocicdforblazorserver
This bicep for creating an azure container instance also works.
Error Messages from Failed Attempts:
From the log files in the azure portal I get:
2022-05-20T21:50:35.914Z ERROR - DockerApiException: Docker API responded with status code=NotFound, response={"message":"pull access denied for demovisualstudiocicdforblazorserver, repository does not exist or may require 'docker login': denied: requested access to the resource is denied"}
2022-05-20T21:50:35.915Z ERROR - Pulling docker image docker.io/demovisualstudiocicdforblazorserver failed:
2022-05-20T21:50:35.916Z WARN - Image pull failed. Defaulting to local copy if present.
2022-05-20T21:50:35.923Z ERROR - Image pull failed: Verify docker image configuration and credentials (if using private repository)
2022-05-20T21:50:35.928Z INFO - Stopping site dockerdeploydemo003 because it failed during startup.
/home/LogFiles/2022_05_20_lw1sdlwk000FX5_docker.log (https://dockerdeploydemo003.scm.azurewebsites.net/api/vfs/LogFiles/2022_05_20_lw1sdlwk000FX5_docker.log)
2022-05-20T21:35:47.559Z WARN - Image pull failed. Defaulting to local copy if present.
2022-05-20T21:35:47.562Z ERROR - Image pull failed: Verify docker image configuration and credentials (if using private repository)
Failing Bicep Code:
I tried exporting the ARM code from the successful powershell deployment and the failed portal attempts and converting it to bicep. In both cases the code was very similar. In both cases I had to add/edit the app settings containing the dockerhub URL, account and password. I always received the above error messages. After deploying using bicep code, I could go back into the portal and view the appsettings (dockerhub creds & URL). They looked correct.
References:
Nice DockerHub example but no bicep code.. Says to use index.docker.io for the server and I tried that (did not work). I also tried using https://index.docker.io/v1/ for the server URL and that did not work either.
Nice Bicep Example but uses ACR instead of DockerHub
Another nice Bicep Example that uses ACR instead of DockerHub.
I was surprised I could not find the documentation on the DockerHub site!
Please help me correct my bicep code. I suspect I'm not specifying the correct URL or server for DockerHub.
Thanks
Siegfried
I could not find the web page on Dockerhub that gave the detailed information I was looking for (like the URL). However, the docker Info command as described here was very helpful.
This bicep code did the trick for me (with some help from the bicep support on github):
var appConfigNew = {
DOCKER_ENABLE_CI: 'true'
DOCKER_REGISTRY_SERVER_PASSWORD: dockerhubPassword
DOCKER_REGISTRY_SERVER_URL: 'https://index.docker.io/v1/'
DOCKER_REGISTRY_SERVER_USERNAME: dockerUsername
}
resource appSettings 'Microsoft.Web/sites/config#2021-01-15' = {
name: 'appsettings'
parent: web
properties: appConfigNew
}
And lastly, I discovered this by trial and error:
linuxFxVersion: 'DOCKER|${dockerUsername}/demovisualstudiocicdforblazorserver:${tag}'
Wow! I really worked hard for this one!
Recently got a new Mac, and now I am struggling to push docker containers to GCR - receiving the error:
unauthorized: You don't have the needed permissions to perform this operation, and you
may have invalid credentials. To authenticate your request, follow the steps in:
https://cloud.google.com/container-registry/docs/advanced-authentication
Commands that led to this error:
docker build -t our-node-container ./
docker tag our-node-container gcr.io/our-gcp-project/our-grc-images-directory
docker push gcr.io/our-gcp-project/our-grc-images-directory
Confirming that:
I have a GCP account with billing, have enabled the Container Registry API and installed Cloud SDK, and have Docker installed.
I have authenticated with gcloud auth login, which opened a window where I selected my email address associated with the GCP account. It led to this page.
and afterwards, I ran gcloud config set project our-gcp-project. I have closed my terminal window and attempted to docker push again, but continue to get this unauthorized error. How else can I troubleshoot this in an effort to solve the problem?
As is standard, we solved the issue just moments after posting the question. Rather than deleting the question, I'll post an answer incase anyone runs into same issue.
We simply missed the last step, which was to run gcloud auth configure-docker to update the config file in /home/.docker/config.json
I can't seem to pull from my own private repo on dockerhub. I successfully pushed the image to dockerhub (using macosx) and set it to private. I then tried to pull from another laptop (Windows 10) but I keep getting Error response from daemon: pull access denied for {username}/{repo}, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
I am using a command like, docker pull {username}/{reponame}:{tag}. The windows laptop is a work laptop and the macosx is the personal computer. Does it have to do something with a transparent proxy? I looked into this, control docker with systemd but I don't know how to set that up in Windows; the article instructs for a unix based system it seems.
I also tried adding the registry name (based on other stackoverflow posts) in the front like, docker pull hub.docker.com/{username}/{reponame}:{tag} but that gives me another error:
Error response from daemon: error parsing HTTP 408 response body: invalid character '<' ...
I ensured I am logged in:
docker login
Authenticating with existing credentials...
Login Succeeded
Any help or guidance would be appreciated. Thanks.
Using okd/openshift-origin 3.11 (and previous versions) we've been unable to get anonymous image pulls working.
We've tried adding various groups to the registry-viewer role as indicated by the instructions from the merge request where the feature was added.
We've tried:
oc policy add-role-to-user registry-viewer system:anonymous -n <project>
oc policy add-role-to-user registry-viewer system:unauthenticated -n <project>
When viewing the registry in the GUI the access policy shows Anonymous: Allow all unauthenticated users to pull images
Yet this is the result when trying to pull:
docker pull docker-registry-default.$cluster/$project/$image:latest
Error response from daemon: Get https://docker-registry-default.$cluster/v2/$project/$image/manifests/latest: unauthorized: authentication required
What are we missing?
If there is a $HOME/.docker/config.json credential file on the client machine, could you try whether you can pull the image after removing the credential file (or backup) ?
Because docker pull is using $HOME/.docker/config.json by default, it can cause unexpected authorization trouble like this by authenticating as the credential file. As removing docker credential file(config.json) you can verify whether docker pull is conducted by unauthenticated.
I was using docker in linux machine where I was pulling images from my local docker repo over http authentication. Now I need to use the same thing on windows setup. Issue is when I am trying to pull image using command
docker pull <IP>:port/abc/xyz
it gives me error Private registry push fail: server gave HTTP response to HTTPS client
I have modified the daemon.json file to
{"registry-mirrors":[],"insecure-registries":["<IP>:port"], "debug":true, "experimental": false}
even after this its not getting started. And showing me the same error.
I have faced the same issue. What you have to do is just give the insecure-registries, and remove all other configurations. Just copy paste the below json inside daemon.json file ( available in "C:\Users{user-name}.docker\daemon.json" or "/etc/docker/daemon.json")
{
"insecure-registries" :["<IP>:port"]
}