I have a hosted container web app on azure which is working. but for
CI with the Gitlab container registry I need to call the webhook url
in gitlab-ci.yaml file.
when I called the webhook url with postman with POST request it's pulling the latest image for registry. when I made same request
in gitlab-ci.yaml file using curl it's showing an error Access is
denied due to invalid credentials.
$ curl -d -X POST https://$acr-image:SOME_SECRET_KEY#acr-image.scm.azurewebsites.net/docker/hook
curl: (6) Could not resolve host: POST
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
Related
I have configured my GCP docker registry using HA Proxy. Here is my HA Proxy configuration.
frontend myfrontend
bind 0.0.0.0:8080
use_backend maven-repo if { path_beg -i /repository }
use_backend gcp-repo if { path_beg -i /dev-registry }
default_backend gcp-repo
backend maven-repo
server maven-repo mvn01-ashok-dev.net:443 ssl verify none check inter 5s
backend gcp-repo
server gcp-repo dev-docker.pkg.dev:443 ssl verify none check inter 5s
While pulling docker image from through HA Proxy, i am getting following error.
ashok#ubuntu:~$ docker pull localhost:8080/dev-registry/gateway-cluster-images/nextgen-nativebridge:1.1.0
Error response from daemon: error parsing HTTP 404 response body: invalid character '<' looking for beginning of value: "<!DOCTYPE html>\n<html lang=en>\n <meta charset=utf-8>\n <meta name=viewport content=\"initial-scale=1, minimum-scale=1, width=device-width\">\n <title>Error 404 (Not Found)!!1</title>\n <style>\n *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}#media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}#media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}#media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}\n </style>\n <a href=//www.google.com/><span id=logo aria-label=Google></span></a>\n <p><b>404.</b> <ins>That’s an error.</ins>\n <p>The requested URL <code>/v2/dev-registry/gateway-cluster-images/nextgen-nativebridge:1.1.0</code> was not found on this server. <ins>That’s all we know.</ins>\n"
My architecture is as follows:
2 docker-dev-1 and docker-dev-2 nodes in a docker-dev VPC
2 docker-internal-1 and docker-internal-2 nodes in a docker-internal VPC
The firewall allows tcp:2377, 7946, udp:4789, 7946, esp as documented here
All of them are masters in order to facilitate testing for the moment. Docker version is 20.10.16. All the instances are exactly the same (packages, configuration...).
Currently I have a flask/jinja application running on docker-dev-X.
To connect to the database, the app passes by a reverse proxy which redirects the streams that arrives on port 3306 (MySQL) to a Cloud SQL instance of the docker-internal VPC.
The flask application is exposed via a reverse proxy that listens on port 8082.
Here is the docker daemon.json configuration:
{
"mtu": 1454,
"no-new-privileges": true
}
Everything works fine when I have only one docker-dev. However, as soon as I add the docker-dev-2 node, all streams with a large output passing through docker-dev-2 do not work.
Let me explain:
On docker-dev-1 :
dev#docker-dev-1:~$ curl localhost:8082/health
Ok
# With a heavier page
dev#docker-dev-1:~$ curl localhost:8082/auth/login
<!DOCTYPE html>
<html lang="en_GB">
<head>
... # Lots of HTMLs
</html>
No problem everything is working fine.
On docker-dev-2 :
dev#docker-dev-2:~$ curl localhost:8082/health
Ok
dev#docker-dev-2:~$ curl -I localhost:8082/health
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 18 May 2022 12:34:57 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2
...
# With a heavier page
devdocker-dev-2:~$ curl localhost:8082/auth/login
^C # Timeout
# Same curl but shows only header
dev#docker-dev-2:~$ curl -I localhost:8082/auth/login
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 18 May 2022 10:43:57 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 222967 # Long Content-Length
Connection: keep-alive
...
As you can see, when I try to curl the /health --> No problem
When I try to curl /auth/login --> The request timeout, I have no answer
When I try to curl /auth/login to show only headers --> The request works
In a container, everything is working fine, on docker-dev-1 and on docker-dev-2 :
dev#docker-dev-2:~$ docker run -it --rm --name debug --network jinja_flask_network nicolaka/netshoot bash
bash-5.1# curl reverse_proxy_nginx/health:8082
Ok
bash-5.1# curl reverse_proxy_nginx:8082/auth/login
<!DOCTYPE html>
<html lang="en_GB">
<head>
... # Lots of HTMLs
</html>
So the problem doesn't seem to be in docker network.
The problem seems to be when the request output is too long.
I already reduced MTU to 1454 a few months ago to resolve a problem... (Seems to be the same problem but in docker network).
So, when the request is on docker-dev-1 --> No problem, the website is loading normally, But when the request is on docker-dev-2 --> Infinite loading results in a timeout.
I hope I was clear in my explanation, do you have any idea ?
I have docker gitlab instance at gitlab.example.io. So i configured in gitlab.rb:
pages_external_url "http://pages.example.io"
gitlab_pages['enable'] = true
Both gitlab.example.io and pages.example.io at the same ip address.
Then I create simple example group with group_test name and group_nested inside. Finaly I create project with name project_test in group_nested.
It contains index.html
<head>
</head>
<body>
<p>Hello World!</p>
</body>
and .gitlab-ci.yml
stages:
- deploy
pages:
tags:
- latest
stage: deploy
script:
- mkdir .public
- cp -r * .public
- mv .public public
artifacts:
paths:
- public
only:
- main
After pipeline finishes I get url: http://group_test.pages.example.io/group_nested/project_test and when I try to follow the link I get 404 error. Not found. The requested URL was not found on this server.
Files exist at /var/opt/gitlab/gitlab-rails/shared/pages.
DNS service has wildcard record *.example.io A ip-address.
Gitlab pages log:
==> /var/log/gitlab/gitlab-pages/current <==
{"level":"info","msg":"Checking GitLab internal API availability","time":"2021-09-19T21:21:40+03:00"}
{"error":"failed to connect to internal Pages API: HTTP status: 502","level":"warning","msg":"attempted to connect to the API","time":"2021-09-19T21:21:40+03:00"}
{"level":"info","msg":"Checking GitLab internal API availability","time":"2021-09-19T21:21:44+03:00"}
{"error":"failed to connect to internal Pages API: HTTP status: 502","level":"warning","msg":"attempted to connect to the API","time":"2021-09-19T21:21:44+03:00"}
{"level":"info","msg":"Checking GitLab internal API availability","time":"2021-09-19T21:21:49+03:00"}
{"error":"failed to connect to internal Pages API: HTTP status: 502","level":"warning","msg":"attempted to connect to the API","time":"2021-09-19T21:21:49+03:00"}
{"level":"info","msg":"Checking GitLab internal API availability","time":"2021-09-19T21:21:55+03:00"}
{"error":"failed to connect to internal Pages API: HTTP status: 502","level":"warning","msg":"attempted to connect to the API","time":"2021-09-19T21:21:55+03:00"}
{"level":"info","msg":"Checking GitLab internal API availability","time":"2021-09-19T21:22:03+03:00"}
{"level":"info","msg":"GitLab internal pages status API connected successfully","time":"2021-09-19T21:22:03+03:00"}
After starting a Sonatype Nexus 3 image (command 1) I tried to create a repo and push one test image (command 2) to that repo but got an error 405 (error 1)
command 1
$ docker run -d -p 8081:8081 --name nexus sonatype/nexus3:3.14.0
command 2
$ docker push 127.0.0.1:8081/repository/test2/image-test:0.1
error 1
error parsing HTTP 405 response body: invalid character '<' looking for beginning of value: "\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <title>405 - Nexus Repository Manager</title>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"/>\n\n\n <!--[if lt IE 9]>\n <script>(new Image).src=\"http://127.0.0.1:8081/favicon.ico?3.14.0-04\"</script>\n <![endif]-->\n <link rel=\"icon\" type=\"image/png\" href=\"http://127.0.0.1:8081/favicon-32x32.png?3.14.0-04\" sizes=\"32x32\">\n <link rel=\"mask-icon\" href=\"http://127.0.0.1:8081/safari-pinned-tab.svg?3.14.0-04\" color=\"#5bbad5\">\n <link rel=\"icon\" type=\"image/png\" href=\"http://127.0.0.1:8081/favicon-16x16.png?3.14.0-04\" sizes=\"16x16\">\n <link rel=\"shortcut icon\" href=\"http://127.0.0.1:8081/favicon.ico?3.14.0-04\">\n <meta name=\"msapplication-TileImage\" content=\"http://127.0.0.1:8081/mstile-144x144.png?3.14.0-04\">\n <meta name=\"msapplication-TileColor\" content=\"#00a300\">\n\n <link rel=\"stylesheet\" type=\"text/css\" href=\"http://127.0.0.1:8081/static/css/nexus-content.css?3.14.0-04\"/>\n</head>\n<body>\n<div class=\"nexus-header\">\n \n <div class=\"product-logo\">\n <img src=\"http://127.0.0.1:8081/static/images/nexus.png?3.14.0-04\" alt=\"Product logo\"/>\n </div>\n <div class=\"product-id\">\n <div class=\"product-id__line-1\">\n <span class=\"product-name\">Nexus Repository Manager</span>\n </div>\n <div class=\"product-id__line-2\">\n <span class=\"product-spec\">OSS 3.14.0-04</span>\n </div>\n </div>\n \n</div>\n\n<div class=\"nexus-body\">\n <div class=\"content-header\">\n <img src=\"http://127.0.0.1:8081/static/rapture/resources/icons/x32/exclamation.png?3.14.0-04\" alt=\"Exclamation point\" aria-role=\"presentation\"/>\n <span class=\"title\">Error 405</span>\n <span class=\"description\">Method Not Allowed</span>\n </div>\n <div class=\"content-body\">\n <div class=\"content-section\">\n HTTP method POST is not supported by this URL\n </div>\n </div>\n</div>\n</body>\n</html>\n\n"
Explication
After some research I found out that the nexus3 docker repositories are designed to work with individual port for each repository (hosted, group or proxy).
https://issues.sonatype.org/browse/NEXUS-9960
Solution
So I destroyed my previous docker container because I didn't have any relative info on it and launched the same command but with an extra port enabled.
$ docker run -d -p 8081:8081 --name nexus sonatype/nexus3:3.14.0
Updated: need to open port 8082 for docker
$ docker run -d -p 8081:8081 -p 8082:8082 --name nexus sonatype/nexus3:3.14.0
So when you make a new docker repository you need to define at least a http connector port, that I defined in the image as 8082.
After that you have to login to the service with the default admin account (admin admin123)
$ docker login 127.0.0.1:8082
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /home/user/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
Then tried to upload the new tag to that url and it wworked.
$ docker push 127.0.0.1:8082/repository/test2/image-test:0.1
The push refers to repository [127.0.0.1:8082/repository/test2/image-test]
cd76d43ec36e: Pushed
8ad8344c7fe3: Pushed
b28ef0b6fef8: Pushed
0.1: digest: sha256:315f00bd7986508cb0984130bbe3f7f26b2ec477122c9bf7459b0b64e443a232 size: 948
Extra - Dockerfile
So because I needed to create a custom nexus3 docker image for my production environment I started the Dockerfile like this:
FROM sonatype/nexus3:3.14.0
ENV NEXUS_DATA = /nexus-data/
EXPOSE 8090-8099
I will be using the ports from 8090 to 8099 to specify different docker image repositories instead of 8022, but in case I needed more ports I could just change the valors or add a new range of ports.
Hope it was useful!!
Nexus Documentation Says:
Sharing an image can be achieved by publishing it to a hosted repository. This is completely private and requires you to tag and push the image. When tagging an image, you can use the image identifier (imageId). It is listed when showing the list of all images with docker images. Syntax and an example (using imageId) for creating a tag are:
docker tag <imageId or imageName> <nexus-hostname>:<repository-port>/<image>:<tag>
docker tag af340544ed62 nexus.example.com:18444/hello-world:mytag
Once the tag, which can be equivalent to a version, is created successfully, you can confirm its creation with docker images and issue the push with the syntax:
docker push <nexus-hostname>:<repository-port>/<image>:<tag>
Note that the port needs to be the repository connector port configured for the hosted repository to which you want to push to. You can not push to a repository group or a proxy repository.
hope It help you!
I have a docker container with tcserver on it with the UI of an application on it. I have a second docker container that is also running tcserver, but this one has the applications engine.
I am trying to get these two to talk to each other somehow, because when I access the UI on the web browser it says that it is not connected to the engine. How can I achieve this?
You need to link the new allotted ports of the App Engine container to the UI Container, because the container can only be accessed by other containers through port.
As simple as that:
docker run --name engine -d tcserver-engine
docker run --name lala --link engine:tc-engine -d tcserver-ui
Inside lala container you can get engine container using the selected alias, in this example tc-engine
Use name and link in your docker run command or docker-compose.yml file?
docker run -ti --name server1 -p 8111:8111 ikamman/docker-tc-server
docker run -ti --name server2 --link server1 -p 8112:8111 ikamman/docker-tc-server
docker exec server2 curl server1:8111
Will return like this:
$ docker exec server2 curl server1:8111
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 3546 0 3546 0 0 3290 0 --:--:-- 0:00:01 --:--:-- 3292
<!--
Page: maintenance-welcome
Stage: FIRST_START_SCREEN
State revision: 12
Timestamp: Wed Jul 27 20:30:06 UTC 2016
-->
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>TeamCity Maintenance — TeamCity</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge"/>
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon"/>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="application-name" content="TeamCity"/>
<meta name="description" content="Powerful Continuous Integration and Build Server"/>
<link rel="icon" href="/img/icons/TeamCity512.png" sizes="512x512"/>