I would like to push a built docker image in the central docker hub in an automatic build process. To be able to do that, I need to login first before doing the push then.
The relevant section of the .gitlab-ci.yml file is the following:
docker-deploy:
image: docker:latest
stage: deploy
before_script:
- echo $HUB_PW | docker login -u $HUB_USER --password-stdin
after_script:
- docker logout
script:
- docker push <mytag>:$CI_PIPELINE_ID
I get the following error in Gitlab CI
$ echo $HUB_PW | docker login -u $HUB_USER --password-stdin
Error response from daemon: Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password
The relevant environment variables $HUB_PW and $HUB_USER are set correctly.
I have tried to do the same in a linux bash, with docker available, with the same result.
However, I am able to login into docker interactive.
docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: <myusername>
Password:
Login Succeeded
When I do a logout, I get
docker logout
Removing login credentials for https://index.docker.io/v1/
There is no way to do an interactive login in an automatic build. And I don't understand the difference in the hubs URL, depending on using the interactive login and the one with the password included.
Has anyone any idea how to get this setup working?
I had similar problem because of $USERNAME contained $ character. By using the name with escape character directly in .gitlab-ci.yml for docker login
example: robot\$myname
gitlab connected to docker hub as expected.
Gitlab variables with $ in them can be escaped with a double dollar sign e.g. robot$$pusher.
\$ didn't work for me on enterprise edition 13.6.7-ee, but as far as I can tell double dollar escape syntax has been around since at least community edition 11.0.3
Related
I am new to terraform and this whole deal with docker is driving me crazy, for the past two days I have been trying to make terraform to build a docker image, tried writing it from scratch, that was awful and unintuitive so I decided to use some module Anton Babenko wrote, needless to say that did not work if I'm here.
Then I tried to rewrite the whole thing for the third time but use a provisioner block with PS commands to build and push the image, instead of relying on terraform to do so, which always seems to fail.
provisioner "local-exec" {
interpreter = ["PowerShell", "-Command"]
command = <<EOF
aws ecr get-login-password | docker login https://${local.account_id}.dkr.ecr.${local.region}.amazonaws.com/v2/ -u AWS --password-stdin
cd docker
docker build -t ${local.image_name}:${local.image_tag} .
docker push ${local.image_name}:${local.image_tag}
EOF
}
}
When i try this individually:
(Yes, the my actual variables are only to redact personal info, the correct info is present in the actual requests)
aws ecr get-login-password | docker login https://*my actual account id*.dkr.ecr.*my actual region*.amazonaws.com/v2/ -u AWS --password-stdin
Output:
Error response from daemon: login attempt to https://*my actual accout id*.dkr.ecr.*my actual region*.amazonaws.com/v2/ failed with status: 400 Bad Request
AWS ECR returns the correct password, but for whatever reason --password-stdin does NOT catch it properly, something breaks.
because when i try:
aws ecr get-login-password | docker login https://*my actual account id*.dkr.ecr.*my actual region*.amazonaws.com/v2/ -u AWS -p *my actual pw*
Output:
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded
I also tried:
aws ecr get-login-password > pw.txt
cat ./pw.txt | docker login -u AWS --password-stdin *my actual account id*.dkr.ecr.*my actual region*.amazonaws.com
Also returns 400.
If I just put the password in the code, it seems to work and build the image, but it doesnt push it for some reason, I get an error there too.
Docker seems to be a downward spiral of a learning experience...
EDIT:
I seem to have misunderstood the use of docker login, instad of image name I should pass a repo url... silly me!
${local.image_name}
Should be:
${aws_ecr_repository.*my repo*.repository_url}
But the --password-stdin issue persists, unfortunately.
SOLVED!
Solution:
I seem to have figured it out, my approach was wrong. TF takes care of the ecr auth token by providing a data source:
data "aws_ecr_authorization_token" "token" {}
resource "null_resource" "local-image" {
triggers = {
js_file = filemd5(local.file_loc)
docker_file = filemd5(local.dockerfile_loc)
}
provisioner "local-exec" {
interpreter = ["PowerShell", "-Command"]
command = <<EOF
docker login ${data.aws_ecr_authorization_token.token.proxy_endpoint} -u AWS -p ${data.aws_ecr_authorization_token.token.password}
cd docker
docker build -t ${aws_ecr_repository.my-repo.repository_url}:${local.image_tag} .
docker push ${aws_ecr_repository.my-repo.repository_url}:${local.image_tag}
EOF
}
depends_on = [
data.aws_ecr_authorization_token.token
]
}
This works flawlessly, and data.aws_ecr_authorization_token.token.password is set as sensitive and is properly redacted from console outputs.
This is my .travis.yml
sudo: required
services:
- docker
....
....
# login to docker
- echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_ID" --password--stdin
- docker push <username>/<image-name>
Instead of using my Docker Hub password, I generated an Access Token at https://hub.docker.com/settings/security and set then up in Travis CI like so.
Travis CI Environment Variables
However, I get the following output in my build.
denied: requested access to the resource is denied
Turns out this is possible. Docker just re-uses the "password" mechanics for the access token, which seems misleading and inconsistent with similar types of tools.
From the Docker documentation:
At the password prompt, enter the personal access token.
For Travis CI specifically, specify your username via the DOCKER_USERNAME environment variable and your access token via the DOCKER_PASSWORD environment variable.
Ok so I'm trying to make Bitbucket build a docker image using Bitbucket pipelines and I could sign in a week ago but now it doesn't work anymore.
And I'm using the same username and password, here it's a list of the commands I have tried and their output.
docker login cloud.canister.io:5000 --username $CANISTER_USERNAME --password $CANISTER_PASSWORD:
Error response from daemon: Get https://cloud.canister.io:5000/v2/: authorization server did not include a token in the response
docker login --username $CANISTER_USERNAME --password $CANISTER_PASSWORD cloud.canister.io:5000
Error response from daemon: Get https://cloud.canister.io:5000/v2/: authorization server did not include a token in the response
docker login cloud.canister.io:5000 --username $CANISTER_USERNAME
Password: xxxxxxxxxxxxxxxxxxx
Error saving credentials: error storing credentials - err: exit status 1, out: Cannot autolaunch D-Bus without X11 $DISPLAY
echo "$CANISTER_PASSWORD" | docker login cloud.canister.io:5000 --username $CANISTER_USERNAME --password-stdin
Error response from daemon: Get https://cloud.canister.io:5000/v2/: authorization server did not include a token in the response
echo "$CANISTER_PASSWORD" | docker login --username $CANISTER_USERNAME --password-stdin cloud.canister.io:5000
Error response from daemon: Get https://cloud.canister.io:5000/v2/: authorization server did not include a token in the response
I've also tried on a local machine and tried to do it without environment variables also tried to sign out and then try to sign in again but nothing works
for logging in this worked for me:
docker login --username=USERNAME cloud.canister.io:5000
Unfortunately, i am still getting this error message whenever i try to push my image.
I had the same issue when trying to push a new image to cloud.canister.io. It turned out I had not created the repository through the web frontend yet.
After creating the repo on cloud.canister.io I could successfully push my image up.
First you need to create an empty repo on cloud.canister.io
website with same name of the image you are trying to push.
Then you will be able to push to that repo.
Make sure you have authenticated the canister account using
sudo docker login --username=<username> cloud.canister.io:5000
Been a while. But this helped me:
docker push (registryFullUrl)/$(dockerId)/$(imageName):$(MAJOR).$(MINOR).$(PATCH)
where:
$(registryFullUrl) = cloud.canister.io:5000
$(dockerId) = your canister id
$(imageName) = repository name
$(MAJOR).$(MINOR).$(PATCH) = version
This worked for me. Hopefully this will be helpful to somebody.
I built an image from a custom Dockerfile. I am running Docker Desktop on my Win11.
docker build -t <image>:<tag> .
I logged into canister.io.
docker login --username=<username> --password=<username> cloud.canister.io:5000
I tagged the build.
docker tag <image>:<tag> cloud.canister.io:5000/<canister-namespace>/<canister-repo>
I pushed the image to canister.
docker push cloud.canister.io:5000/<canister-namespace>/<canister-repo>
I deleted the image from my Docker Desktop and I tried to pull it from canister.
docker pull cloud.canister.io:5000/<canister-namespace>/<canister-repo>
Here's an examples with some dummy values:
docker build -t tc5:tc5tag .
docker login --username=myusername --password=mypassword cloud.canister.io:5000
docker tag tc5:tc5tag cloud.canister.io:5000/mynamespace/testrepo
docker push cloud.canister.io:5000/mynamespace/testrepo
# pull test
docker pull cloud.canister.io:5000/mynamespace/testrepo
I have Docker CE installed in Fedora 25.
When I try to login into docker hub using below command I am getting error.
$ docker login --username xxx --password yyy https://hub.docker.com/
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: login attempt to
https://hub.docker.com/v2/ failed with status: 404 Not Found
$ docker --version
Docker version 17.07.0-ce, build 8784753
$ docker-machine --version
docker-machine version 0.12.2, build 9371605
Notice that the same command works fine in Ubuntu 16.04
Only difference I can think of is ubuntu have docker and fedora have docker-ce.
Not sure why I get this error only on Fedora. I get this this error when Fedora is installed on virtual box VM.
You need not specify the registry when it is hub.docker.com.
docker login --username xxx --password yyy
Use above command without URL and it should work
I had a similar issue when setting up a Jenkins pipeline for a Docker application.
The issue was that I was in my Jenkinsfile build stage I was using https://hub.docker.com as the registry for Docker:
stage('Push image') {
/* Finally, we'll push the image with two tags:
* First, the incremental build number from Jenkins
* Second, the 'latest' tag.
* Pushing multiple tags is cheap, as all the layers are reused. */
docker.withRegistry('https://hub.docker.com', 'Dockerhub') {
app.push("${env.BUILD_NUMBER}")
app.push("latest")
}
}
Here's how I fixed it:
I simply had to modify the docker registry from https://hub.docker.com to https://registry.hub.docker.com:
stage('Push image') {
/* Finally, we'll push the image with two tags:
* First, the incremental build number from Jenkins
* Second, the 'latest' tag.
* Pushing multiple tags is cheap, as all the layers are reused. */
docker.withRegistry('https://registry.hub.docker.com', 'Dockerhub') {
app.push("${env.BUILD_NUMBER}")
app.push("latest")
}
}
And then for my Dockerhub credentials in Jenkins Configuration:
username: my_username (not my email address)
password: my_password
That's all.
I hope this helps.
Docker Hub is the default registry, so there's no need to specify the registry (i.e., just docker login --username .... is sufficient).
However, the reason you're getting this error, is because hub.docker.com is the domain of the Docker Hub website, not the registry backing Docker Hub; the registry is located at index.docker.io, (e.g. docker login index.docker.io).
In short, run command like below
PS D:> docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username:
Password:
Login Succeeded
PS D:>
as discussed in Couldn't login to docker hub
it's possible the registry only implements V1 (or has not been configured to use the V2 specification, in which case the daemon has to be configured to support legacy registries
you can verify that with the "docker info" command :
docker info
...
Server Version: 17.09.0-ce
Operating System: Ubuntu 16.04.3 LTS
...
Registry: https://index.docker.io/v1/
consequently, it fails...
docker login --username my_login --password my_password
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password
You can use the above command mentioned by Tarun or just abbreviated parameters into the command with -u for USername and -p for Password.
Here's basic screen-shot for docker login
Enter this command:
docker login
Then enter your username and password
Hi i'm trying docker push
[docker-simple-httpserver]# docker push myregistry/simplehttpserver:latest
The push refers to a repository [myregistry/simplehttpserver] (len: 1)
Sending image list
FATA[0000] Error: Status 403 trying to push repository simplehttpserver: "{\"error\": \"Unauthorized updating repository images\"}"
is there a way for me to specify the username and password on docker push command?
I would think they keep passwords off the command line for security reasons.
The way to do it is to login first then push.
https://docs.docker.com/mac/step_six/
$ docker login --username=maryatdocker --email=mary#docker.com
Password:
WARNING: login credentials saved in C:\Users\sven\.docker\config.json
Login Succeeded
Then push
$ docker push maryatdocker/docker-whale
The push refers to a repository [maryatdocker/docker-whale] (len: 1)
7d9495d03763: Image already exists
c81071adeeb5: Image successfully pushed
Typically you would specify your password using the interactive docker login then do a docker push.
For a non-interactive login, you can use the -u and -p flags:
docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}"
The Travis CI docs for docker builds gives an example of how to automate a docker login.
See docker login for more details.
As far as I know you have to use docker login. The credentials will be stored in /home/user/.docker/config.json for following docker pushes.
If you are after automation the command expect will be interesting for you.
In case, one needs to login to the custom docker repo, use below:
docker login -u ${USERNAME} -p ${PASSWORD} ${DOCKER_REPOSITORY}
The accepted answer works perfectly fine! However, if you are trying to access a private registry, you may have to consider making the following change request.
docker login -u ${user_name} ${private_registry_domain}
Provide password, when it prompt for the same.
docker login --username=YOUR_DOCKERHUB_USERNAME
In this case your dockerhub password will be an access token.
Refer: https://docs.docker.com/docker-hub/access-tokens/#create-an-access-token
If you are tagging image with IP then login docker registry with IP, If you are tagging image with domain-name then login docker with domain-name, Somehow docker doesn't like mixing IP and domain and failing.
Not direct answer to the question, but you can first login and then do docker push.
docker login -unice-username
After which it will prompt for a password. After successful login you can do docker push.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
use "sudo docker login" not "docker login" as one uses the root account and the other uses your personal.
Personally I create the repo on dockers website prior to the upload.