I am trying to write a bash script to automatize the setup of a multi-containers environment.
Each container is built from images pulled from a private protected repository.
The problem is that when the script calls for docker-compose up for the first time, access to the repository is denied, like if it does not know I have properly done docker login before running the script.
If I docker pull an image manually, that very image is no longer a problem when the script tries to build its container. But when it has to docker pull on its own from a Dockerfile definition, it gets access denied.
Considering that I would like this script to be portable to other devs' environments, how can I get it to be able to access the repository using the credentials each dev will have already set on its computer with docker login?
You can do something like:
#!/bin/bash
cat ~/pwd.txt | docker login <servername> -u <username> --password-stdin
docker pull
This reads the password from pwd.txt and logs in to the specified server.
In case you have multiple servers you want to log in you can try:
#!/bin/bash
serverlist="server1.com server2.com"
for server in $serverlist; do
cat ~/${server}_pwd.txt | docker login $server -u <username> --password-stdin
done
docker pull
This reads the passwords from files like server1.com_pwd.txt.
I want help in understanding how docker pull works for acr images. I have a private acr repository.
So i run az acr login -n <repo> --expose-token --output tsv --query accessToken to print out the access token.
Then i use this access token to login through docker: docker login <repo>.azureacr.io --username 00000000-0000-0000-0000-000000000000 --password '<ACCESS TOKEN>'. The login works.
Then i try pulling the docker image: docker pull <image>:<tag> which works, but when i do docker manifest inspect <image>:<tag> it fails with the following exception:
errors:
denied: requested access to the resource is denied
unauthorized: authentication required
Questions:
How do i check what permissions I have/need to run these docker commands?
If docker pull is working is it wrong to assume docker manisfest inspect will also work? I mean docker somehow needs to check if the image with the tag exists before pulling it right?
I [believe I] have setup the tooling and configuration similarly between my local system and the build systems.
I can run this, successfully, locally:
$ cat key.json | docker login -u _json_key --password-stdin https://us.gcr.io
WARNING! Your password will be stored unencrypted in /home/local/MAGICLEAP/doprea/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
..but the same command fails from the job, which is running in GCE:
cat key.json | docker login -u _json_key --password-stdin https://us.gcr.io
error getting credentials - err: exit status 1, out: `docker-credential-gcr/helper: could not retrieve GCR's access token: metadata: GCE metadata "instance/service-accounts/default/token?scopes=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform" not defined`
It seems to really want to find the token in the instance metadata rather than just using the file that I'm giving it.
I could use some advice.
There may be an issue with your “.docker/config.json” file, you can compare the “config.json” between your local system and the build systems.
Running the following commands in your the build system to verify status and config file of docker, please make sure that “docker-credential-gcr” is installed before troubleshooting.
$ docker -v
$ docker-credential-gcr configure-docker
$ cat ~/.docker/config.json
$ docker login -u oauth2accesstoken -p "$(gcloud auth print-access-token)" https://us.gcr.io
I recommend these topics “Pushing and pulling images” and “Authentication methods” for troubleshooting.
When running docker build on my Dockerfile, I pull the most up to date code from a private gitlab repo using a FROM gitlab statment. I am getting a access forbidden error as I have not given my credentials. How do you give your credentials so that I can pull from this private repo?
(Assuming you are talking about Gitlab Container Registry)
To be able to pull docker images from private registries, you need to first run this at the command line:
$ docker login -u $DOCKER_USER -p $DOCKER_PASS
If you are running this in a CI environment, you should set these as secret environment variables.
With Gitlab, I believe it is something along these lines:
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.example.com
See the above linked page (search for "login") to see more examples and instructions.
I have Docker CE installed in Fedora 25.
When I try to login into docker hub using below command I am getting error.
$ docker login --username xxx --password yyy https://hub.docker.com/
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: login attempt to
https://hub.docker.com/v2/ failed with status: 404 Not Found
$ docker --version
Docker version 17.07.0-ce, build 8784753
$ docker-machine --version
docker-machine version 0.12.2, build 9371605
Notice that the same command works fine in Ubuntu 16.04
Only difference I can think of is ubuntu have docker and fedora have docker-ce.
Not sure why I get this error only on Fedora. I get this this error when Fedora is installed on virtual box VM.
You need not specify the registry when it is hub.docker.com.
docker login --username xxx --password yyy
Use above command without URL and it should work
I had a similar issue when setting up a Jenkins pipeline for a Docker application.
The issue was that I was in my Jenkinsfile build stage I was using https://hub.docker.com as the registry for Docker:
stage('Push image') {
/* Finally, we'll push the image with two tags:
* First, the incremental build number from Jenkins
* Second, the 'latest' tag.
* Pushing multiple tags is cheap, as all the layers are reused. */
docker.withRegistry('https://hub.docker.com', 'Dockerhub') {
app.push("${env.BUILD_NUMBER}")
app.push("latest")
}
}
Here's how I fixed it:
I simply had to modify the docker registry from https://hub.docker.com to https://registry.hub.docker.com:
stage('Push image') {
/* Finally, we'll push the image with two tags:
* First, the incremental build number from Jenkins
* Second, the 'latest' tag.
* Pushing multiple tags is cheap, as all the layers are reused. */
docker.withRegistry('https://registry.hub.docker.com', 'Dockerhub') {
app.push("${env.BUILD_NUMBER}")
app.push("latest")
}
}
And then for my Dockerhub credentials in Jenkins Configuration:
username: my_username (not my email address)
password: my_password
That's all.
I hope this helps.
Docker Hub is the default registry, so there's no need to specify the registry (i.e., just docker login --username .... is sufficient).
However, the reason you're getting this error, is because hub.docker.com is the domain of the Docker Hub website, not the registry backing Docker Hub; the registry is located at index.docker.io, (e.g. docker login index.docker.io).
In short, run command like below
PS D:> docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username:
Password:
Login Succeeded
PS D:>
as discussed in Couldn't login to docker hub
it's possible the registry only implements V1 (or has not been configured to use the V2 specification, in which case the daemon has to be configured to support legacy registries
you can verify that with the "docker info" command :
docker info
...
Server Version: 17.09.0-ce
Operating System: Ubuntu 16.04.3 LTS
...
Registry: https://index.docker.io/v1/
consequently, it fails...
docker login --username my_login --password my_password
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password
You can use the above command mentioned by Tarun or just abbreviated parameters into the command with -u for USername and -p for Password.
Here's basic screen-shot for docker login
Enter this command:
docker login
Then enter your username and password