While not in any container, I try docker login quay.io.
When not as root I get: Remote error from secret service: org.freedesktop.Secret.Error.IsLocked: Cannot create an item in a locked collection
Error saving credentials: error storing credentials - err: exit status 1, out: Cannot create an item in a locked collection
When root (not running in an X11 session because I shouldn't have to?) I get: Error saving credentials: error storing credentials - err: exit status 1, out: Cannot autolaunch D-Bus without X11 $DISPLAY
Looking right now for an online "real howto" for setting up Docker in Ubuntu and installing something that's stored on Quay. (Quay's documents, such as they are, merely assume that you know what you're doing already.)
Related
I have a Jenkins pipeline where a Docker (Podman) image is built und pushed to a private Gitea docker registry. This basically works. But I have the problem, that the first build after several hours, that means on the next day, crashes because pushing to the Gitea registry leads to:
Error: writing blob: uploading layer to https://192.168.0.5:4000/v2/myorg/myproject/blobs/uploads/ptuh7yizsrqvx5wlg9uctlzdv?digest=sha256%3A7ca0dabc572c112e5141bac7e5f29a0c1b1f727ce939ac1e7da342d3adf324a: received unexpected HTTP status: 500 Internal Server Error
When I click on the link, it shows me:
errors
0
code "UNAUTHORIZED"
message ""
Since I trigger the login from a remote host via Jenkins pipeline, I do that with a script, but I'm pretty sure that this does not matter. The content at the script is:
#!/bin/bash
podman login -u builderuser -p builderpassword 192.168.0.5:4000
I see in the logs that Login Succeeded!, but after the next step, I get the error from above after it tries to copy the blob to the registry.
I also tried to add a "logout" before login in the script via
podman logout 192.168.0.5:4000
But this does not help either.
When I trigger the same build again, the process works without problems. Maybe some caching problem anywhere? The problem appears at the first build on the next day, so I guess there is some session timeout anywhere after several hours. Any ideas?
[UPDATE]
I think this is a bug in Gitea. In log I see this:
Nov 11 08:50:40 server gitea[34985]: 2022/11/11 08:50:40 ...es/container/blob.go:66:func1() [E] [636dfed0-7] Error inserting package: pq: duplicate key value violates unique constraint »UQE_package_version_s«
And in code of Gitea in auths.go, I see a comment leading me to the assumption that they are aware of this problem:
// FIXME: if the name conflicts, it will result in 500: Error 1062: Duplicate entry 'aa' for key 'login_source.UQE_login_source_name'
What I still don't understand is, why this happens only once, at the beginning of the day, and not always.
Did you check the logs on the registry?
If you get something like
<path>/registry/docker: permission denied
it means the error happens if your user does not have the permission to write.
If on the permission side you're ok, than the error shown is quite random and has the same root cause as gitlab-org/gitlab#215715
The error has been fixed for gitlab. You'd need to check on Jenkins if they have some open issues similar to this.
Im getting the following output, noticed that the error doesnt occur when only one build is running, there seem to be a conflict when other builds are running aswell. I have 2 builder.
Using the existing docker config file.Removing blacklisted property: authsRemoving blacklisted property: credsStore$ docker login -u z*******t -p ******** https://docker.pkg.github.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error saving credentials: error storing credentials - err: exit status 1, out: The specified item already exists in the keychain.
I was trying to build the docker image for a project I'm working onto.
It's based on jhipster, after configuring the project it tells me to run the following maven command:
./mvnw -ntp -Pprod verify jib:dockerBuild
Unfortunately it doesn't seem to work, it returns me this errors:
[WARNING] The credential helper (docker-credential-pass) has nothing for server URL: registry.hub.docker.com
...
[WARNING] The credential helper (docker-credential-pass) has nothing for server URL: index.docker.io
[WARNING]
And finally fails with:
[ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:2.4.0:dockerBuild (default-cli) on project booking: (null exception message): NullPointerException -> [Help 1]
Recently I worked on a google cloud project, and I edited the ~/.docker/config.json configuration file. I had to remove google's configuration entries to sort out another problem. Could that be the origin of the problem I'm facing now?
I've tried to do docker logout and docker login without success.
Some considerations
I don't know if editing manually the configuration caused the error, in fact I'm pretty sure to have deleted only google-related entries, but nothing referring to docker.* or similar.
To solve this issue, avoid to edit manually the docker configuration file. In fact I think that it should be avoided whenever possible, to avoid configuration problems of any sort.
Instead, just follow what the error message is trying to tell you: docker is not able to access those urls. Excluding network problems (which you can troubleshoot with ping registry-1.docker.io for example), it should be an authentication problem.
How to fix
I've found out that running those commands fixed it:
docker login registry.hub.docker.com
docker login registry-1.docker.io
I don't know if registry-1.docker.io is just a mirror of the other first server, which the plugin tries to access after the first unsuccessful connection. You can try to loging to registry.hub.docker.com and re-launch the command to see if it sufficient. In case it's not, login to the second one and then it will work.
I ran jib via Gradle:
./gradlew jibDockerBuild
and got a similar error
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':jibDockerBuild'.
> com.google.cloud.tools.jib.plugins.common.BuildStepsExecutionException: Build to Docker daemon failed, perhaps you should make sure your credentials for 'registry-1.docker.io/library/openjdk' are set up correctly. See https://github.com/GoogleContainerTools/jib/blob/master/docs/faq.md#what-should-i-do-when-the-registry-responds-with-unauthorized for help
What ended up solving this error for me, bizarrely enough, was to log out of Docker Desktop.
I later also tried funder7's solution while logged in to Docker Desktop, and that also worked.
I'm trying to retrieve the actual region where the instance running the ECS task in a container is. The container runs a python script which first task is to get the region so that I can use boto3 methods like sqs.get_queue_by_name() which need a region to be set. To do that, I try to get the region with
meta = requests.get('http://169.254.169.254/latest/dynamic/instance-identity/document', timeout=1).json()
os.environ["AWS_DEFAULT_REGION"] = meta.get("region")
but I got a connection error.
When I build my stack by hand, there is no issue, but when the stack is deployed by CDK (the the same security groups, roles etc), I got the error
requests.exceptions.ConnectionError: HTTPConnectionPool(host='169.254.169.254', port=80): Max retries exceeded with url: /latest/dynamic/instance-identity/document (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fe3d62491f0>: Failed to establish a new connection: [Errno 22] Invalid argument'))
I can see two different avenues to solve this issue:
Set the environment variable 'AWS_DEFAULT_REGION' when deploying with CDK, but with
taskDefinition.addContainer('DSPTContainer', {
image: ecrImage,
memoryLimitMiB: 30000,
environment: {
AWS_DEFAULT_REGION: props.env?.region
})
there is an issue with Property 'AWS_DEFAULT_REGION' is incompatible with index signature.
Modifying the task role (but how) or something else (like the security group) to allow the connection. Note that within the instance, I am able to establish the connection....
[EDIT]
Inside the container (I can log into container when instance is running), I can ping say google.com but not the instance metadata URI:
import requests
requests.get("https://www.google.com", timeout=1) ---> Response200
requests.get("http://169.254.169.254/latest/meta-data/", timeout=1) ---> ConnectTimeout Exception
[SOLUTION]
Issue linked to duplicate?
I am trying to transfer all .sh files from one unix server to another using jenkins.
Files are getting transfer but it is coming in my unix home directory, I need to transfer it sudo user directory.
for example:
Source server name is "a" and target server name is "u"
we are using sell4 as sudo user in target server name
it should come in home directory of sell4 user
I have used the below command
Building in workspace /var/lib/jenkins/workspace/EDB-ExtractFilefromSVN
SSH: Connecting from host [a]
SSH: Connecting with configuration [u] ...
SSH: EXEC: STDOUT/STDERR from command [sudo scp *.sh sell4#u:/usr/app/TomcatDomain/ScoringTools_ACCDomain04/] ...
sudo: scp: command not found
SSH: EXEC: completed after 201 ms
SSH: Disconnecting configuration [u] ...
ERROR: Exception when publishing, exception message [Exec exit status not zero. Status [1]]
Gitcolony notification failed - java.lang.IllegalArgumentException: Invalid url:
Finished: UNSTABLE
Can you please suggest what I am going wrong here?
EDITS:
Adding the shell screenshot:
ah so it's some kind of plugin. It seems like you want to run local sudo to login to remote server user. It won't work this way. You can't open door to bathroom and expect walking into a garden.
sudo changes your local user to root, not remote server.
Do not use sudo with scp command but rather follow these answers:
https://unix.stackexchange.com/questions/66021/changing-user-while-scp