Running on premise Azure DevOps server. Trying to setup agent for pipeline.
Error in log file: [2021-12-02 17:21:20Z ERR Terminal] WRITE ERROR: VS30063: You are not authorized to access https://
Have a Basic authentication setup. Have users granted access to site.
Here is the command line in powershell.
\config.cmd --unattended --url https://FQDN_Server/Bill_Test/ --auth negotiate --userName Domain\User --password PASSWORD --token h6mgqztjnx5zbam7rmmdo5gnb4gz3xndvwyqotofxuycx4x74uha --pool SQLServer --agent devAgent --acceptTeeEula
Can you try below steps:
Download the release agent zip file and place it inside the downloads folder of release machine
Then execute below 2 PS scripts to extract in c drive
PS C:> mkdir agent ; cd agent
Add-Type -AssemblyName System.IO.Compression.FileSystem ; [System.IO.Compression.ZipFile]::ExtractToDirectory("$HOME\Downloads\vsts-agent-win-x64-2.153.1.zip", "$PWD")
Point to c drive agent folder and execute below command.
.\config.cmd --deploymentpool --deploymentpoolname "YOUR_DEP_POOL_NAME" --agent $env:COMPUTERNAME --runasservice --work '_work' --url 'https://YOUR_TFS_SERVER/';
While installing when it prompts for authentication type, enter as Negotiate. Then provide username and password
I'm trying to query my installed chaincode on hyperledger fabric 2.2 network.
I'm trying test-network . I'm using this command
peer chaincode query -C mychannel -n fabcar -c ‘{“Args”:[“queryAllCars”]}’
but I'm getting this error.
Error: chaincode argument error: invalid character 'â' looking for beginning of value
Usage:
peer chaincode query [flags]
Flags:
-C, --channelID string The channel on which this command should be executed
--connectionProfile string Connection profile that provides the necessary connection information for the network. Note: currently only supported for providing peer connection information
-c, --ctor string Constructor message for the chaincode in JSON format (default "{}")
-h, --help help for query
-x, --hex If true, output the query value byte array in hexadecimal. Incompatible with --raw
-n, --name string Name of the chaincode
--peerAddresses stringArray The addresses of the peers to connect to
-r, --raw If true, output the query value as raw bytes, otherwise format as a printable string
--tlsRootCertFiles stringArray If TLS is enabled, the paths to the TLS root cert files of the peers to connect to. The order and number of certs specified should match the --peerAddresses flag
Global Flags:
--cafile string Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
--certfile string Path to file containing PEM-encoded X509 public key to use for mutual TLS communication with the orderer endpoint
--clientauth Use mutual TLS when communicating with the orderer endpoint
--connTimeout duration Timeout for client to connect (default 3s)
--keyfile string Path to file containing PEM-encoded private key to use for mutual TLS communication with the orderer endpoint
-o, --orderer string Ordering service endpoint
--ordererTLSHostnameOverride string The hostname override to use when validating the TLS connection to the orderer.
--tls Use TLS when communicating with the orderer endpoint
--transient string
Transient map of arguments in JSON encoding
As commented out by #alpha peer chaincode query -C mychannel -n fabcar -c '{"Args":["queryAllCars"]}' will work. the difference is to replace ’ with ' while passing the arguments.
Please replace quotes ‘ with ' and “ with " . The problem here is it can't able to detect the quotes.
I need to use carbonchain to store/retrieve docker image keys into bitcoin blockchains. The issue is, how do I even specify the private key, key id and image:tag in the command. Bringing up the -help option gives this only:
ddt-master -help
2017/05/14 13:53:19 testnet: false
2017/05/14 13:53:19 datadir:
2017/05/14 13:53:19 app datadir: /home/ubuntu
2017/05/14 13:53:19 GOMAXPROCS: 4
Distributed Docker Trust
(c)2017 Faruq Rasid
SignAndSubmit <private key> <key id> <image:tag>
Verify <image:tag>
Options:
-datadir string
Bitcoin data path
-gomaxprocs int
Number of threads to use (default -1)
-help
Show help
-host string
Host for SignAndSubmit/Verify commands to connect to (default "localhost")
-loglevel int
Set log level: 0-4; Default: 4 (default 3)
-port string
Port to run daemon on. For SignAndSubmit/Verify commands, port to connect to (default "1323")
-rpcip string
Bitcoind RPC IP
* REQUIRED ONLY FOR STORE COMMAND
-rpcpassword string
Password for bitcoind RPC
* REQUIRED ONLY FOR store COMMAND
-rpcport string
Bitcoind RPC Port (Default for testnet set to append 1 to this variable)
* REQUIRED ONLY FOR store COMMAND
-rpcuser string
User for bitcoind RPC
* REQUIRED ONLY FOR store COMMAND
-testnet
Use testnet
I have no issues setting the other variables as I can refer to this page to refer to: https://en.bitcoin.it/wiki/Running_Bitcoin
The github site has no information at all regarding how to run the program
(https://github.com/ruqqq/carbonchain)
How to find chaincode id after running peer chaincode install and peer chaincode instantiate commands.
While running peer chaincode query I need to pass the chaincode id. Otherwise I am getting this error in peer console:
ChaincodeId: test_cc does not exist on channel: testchainid(err:chaincode not found test_cc)
Usage:
peer chaincode install [flags]
Flags:
-h, --help help for install
Global Flags:
--cafile string Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
-C, --chainID string The chain on which this command should be executed (default "testchainid")
-c, --ctor string Constructor message for the chaincode in JSON format (default "{}")
-E, --escc string The name of the endorsement system chaincode to be used for this chaincode
-l, --lang string Language the chaincode is written in (default "golang")
--logging-level string Default logging level and overrides, see core.yaml for full syntax
-n, --name string Name of the chaincode
-o, --orderer string Ordering service endpoint
-p, --path string Path to chaincode
-P, --policy string The endorsement policy associated to this chaincode
--test.coverprofile string Done (default "coverage.cov")
-t, --tid string Name of a custom ID generation algorithm (hashing and decoding) e.g. sha256base64
--tls Use TLS when communicating with the orderer endpoint
-u, --username string Username for chaincode operations when security is enabled
-v, --version string Version of the chaincode specified in install/instantiate/upgrade commands
-V, --vscc string The name of the verification system chaincode to be used for this chaincode
the -n or --name option that you use is the chaincode id.
I'm not sure if I have already logged in to a docker registry in cmd line by using cmd: docker login. How can you test or see whether you are logged in or not, without trying to push?
Edit 2020
Referring back to the (closed) github issue, where it is pointed out, there is no actual session or state;
docker login actually isn't creating any sort of persistent session, it is only storing the user's credentials on disk so that when authentication is required it can read them to login
As others have pointed out, an auths entry/node is added to the ~/.docker/config.json file (this also works for private registries) after you succesfully login:
{
"auths": {
"https://index.docker.io/v1/": {}
},
...
When logging out, this entry is then removed:
$ docker logout
Removing login credentials for https://index.docker.io/v1/
Content of docker config.json after:
{
"auths": {},
...
This file can be parsed by your script or code to check your login status.
Alternative method (re-login)
You can login to docker with docker login <repository>
$ docker login
Login with your Docker ID to push and pull images from Docker Hub. If
you don't have a Docker ID, head over to https://hub.docker.com to
create one.
Username:
If you are already logged in, the prompt will look like:
$ docker login
Login with your Docker ID to push and pull images from Docker Hub. If
you don't have a Docker ID, head over to https://hub.docker.com to
create one.
Username (myusername): # <-- "myusername"
For the original explanation for the ~/.docker/config.json, check question: how can I tell if I'm logged into a private docker registry
I use one of the following two ways for this check:
1: View config.json file:
In case you are logged in to "private.registry.com" you will see an entry for the same as following in ~/.docker/config.json:
"auths": {
"private.registry.com": {
"auth": "gibberishgibberishgibberishgibberishgibberishgibberish"
}
}
2: Try docker login once again:
If you are trying to see if you already have an active session with private.registry.com, try to login again:
bash$ docker login private.registry.com
Username (logged-in-user):
If you get an output like the above, it means logged-in-user already had an active session with private.registry.com. If you are just prompted for username instead, that would indicate that there's no active session.
You can do the following command to see the username you are logged in with and the registry used:
docker system info | grep -E 'Username|Registry'
The answers here so far are not so useful:
docker info no longer provides this info
docker logout is a major inconvenience - unless you already know the credentials and can easily re-login
docker login response seems quite unreliable and not so easy to parse by the program
My solution that worked for me builds on #noobuntu's comment: I figured that if I already known the image that I want to pull, but I'm not sure if the user is already logged in, I can do this:
try pulling target image
-> on failure:
try logging in
-> on failure: throw CannotLogInException
-> on success:
try pulling target image
-> on failure: throw CannotPullImageException
-> on success: (continue)
-> on success: (continue)
The docker cli credential scheme is unsurprisingly uncomplicated, just take a look:
cat ~/.docker/config.json
{
"auths": {
"dockerregistry.myregistry.com": {},
"https://index.docker.io/v1/": {}
This exists on Windows (use Get-Content ~\.docker\config.json) and you can also poke around the credential tool which also lists the username ... and I think you can even retrieve the password
. "C:\Program Files\Docker\Docker\resources\bin\docker-credential-wincred.exe" list
{"https://index.docker.io/v1/":"kcd"}
For private registries, nothing is shown in docker info. However, the logout command will tell you if you were logged in:
$ docker logout private.example.com
Not logged in to private.example.com
(Though this will force you to log in again.)
At least in "Docker for Windows" you can see if you are logged in to docker hub over the UI. Just right click the docker icon in the windows notification area:
Just checked, today it looks like this:
$ docker login
Authenticating with existing credentials...
Login Succeeded
NOTE: this is on a macOS with the latest version of Docker CE, docker-credential-helper - both installed with homebrew.
If you want a simple true/false value, you can pipe your docker.json to jq.
is_logged_in() {
cat ~/.docker/config.json | jq -r --arg url "${REPOSITORY_URL}" '.auths | has($url)'
}
if [[ "$(is_logged_in)" == "false" ]]; then
# do stuff, log in
fi
My AWS ECR build-script has:
ECR_HOSTNAME="${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com"
TOKEN=$(jq -r '.auths["'$ECR_HOSTNAME'"]["auth"]' ~/.docker/config.json)
curl --fail --header "Authorization: Basic $TOKEN" https://$ECR_HOSTNAME/v2/
If accessing ECR fails, a login is done:
aws ecr get-login-password --region ${REGION} | docker login --username AWS --password-stdin https://$ECR_HOSTNAME
For this to work, a proper Docker credential store cannot be used. Default credentials store of ~/.docker/config.json is assumed.
Use command like below:
docker info | grep 'name'
WARNING: No swap limit support
Username: <strong>jonasm2009</strong>
On windows you can inspect the login "authorizations" (auths) by looking at this file:
[USER_HOME_DIR].docker\config.json
Example:
c:\USERS\YOUR_USERANME.docker\config.json
It will look something like this for windows credentials
{
"auths": {
"HOST_NAME_HERE": {},
"https://index.docker.io/v1/": {}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.09.0 (windows)"
},
"credsStore": "wincred",
"stackOrchestrator": "swarm"
}
On Linux if you have the secretservice enabled via the credsStore option in your ~/.docker/config.json like below:
"credsStore": "secretservice",
then you will not see the credentials in the config.json. Instead you need to query the credentials using the docker-credential-desktop, see the below answer for more details:
How to know if docker is already logged in to a docker registry server
In Azure Container Registry (ACR) following works as a login-check:
registry="contosoregistry.azurecr.io"
curl -v --header "Authorization: Bearer $access_token" https://$registry/v2/_catalog
If access token has expired, a HTTP/401 will be returned.
Options for getting an access token are from ~/.docker/config.json or requesting one from https://$registry/oauth2/token using a refresh token stored into Docker credStore: echo $registry | docker-credential-desktop get.
More information about refresh tokens and access tokens are at ACR integration docs.
To many answers above is just about how to check login status manually. To do it from command line you can use the command below.
cat ~/.docker/config.json | jq '.auths["<MY_REGISTRY_HOSTNAME>"]' -e > /dev/null && echo "OK" || echo "ERR"
Ensure you have jq command in your local. To test that run jq --version command. If you can't get an version output follow the directions from here to install it https://stedolan.github.io/jq/download/
Replace <MY_REGISTRY_HOSTNAME> with your registry address.
When you run it returns OK if you successfully login already otherwise ERR
NOTE: if you used a credential helper to login (e.g. google cloud auth tool for container registry) replace .auths keyword with .credHelpers
As pointed out by #Christian, best to try operation first then login only if necessary. Problem is that "if necessary" is not that obvious to do robustly. One approach is to compare the stderr of the docker operation with some strings that are known (by trial and error). For example,
try "docker OPERATION"
if it failed:
capture the stderr of "docker OPERATION"
if it ends with "no basic auth credentials":
try docker login
else if it ends with "not found":
fatal error: image name/tag probably incorrect
else if it ends with <other stuff you care to trap>:
...
else:
fatal error: unknown cause
try docker OPERATION again
if this fails: you're SOL!
Here's a powershell powershell command to check if you have previously logged into the registry, making use of the file $HOME/.docker/config.json that others have mentioned:
(Get-Content $HOME/.docker/config.json | ConvertFrom-Json).auths.PSobject.Properties.name -Contains "<registry_url>"
This returns a True / False boolean, so can use as follows:
if ((Get-Content $HOME/.docker/config.json | ConvertFrom-Json).auths.PSobject.Properties.name -Contains "<registry_url>" ) {
Write-Host Already logged into docker registry
} else {
Write-Host Logging into docker registry
docker login
}
If you want it to not fail if the file doesn't exist you need an extra check:
if ( (-Not (Test-Path $HOME/.docker/config.json)) -Or (-Not (Get-Content $HOME/.docker/config.json | ConvertFrom-Json).auths.PSobject.Properties.name -Contains "<registry_url>") )
{
Write-Host Already logged into docker registry
} else {
Write-Host Logging into docker registry
docker login
}
I chose to use the -Not Statements because for some reason when you chain a command after a failed condition with -And instead of -Or the command errors out.