Ansible-container push/deploy failure; cant push images to dockerhub - docker

I am trying to push an image built with ansible-container to my registry in Dockerhub.I have pushed to this same image to the same registry using just docker so I am pretty sure it has nothing to do with my local version of docker or with Dockerhub.
The command I run to push the image is:
ansible-container push --username zacharius --password $PASS --push-to https://hub.docker.com/
and I get a timeout message:
container.exceptions.AnsibleContainerConductorException: Error logging into registry: 500 Server Error: Internal Server Error ("Get https://hub.docker.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)")
I have been pulling my hair out trying to get ansible-container and Dockerhub to talk to each other and any assistance would be greatly appreciated

Ok so I figured out my problem was in assuming that the url to my docker registry was the same as the url I used to view the registry from my browser. The actual registry I wanted was docker.io. Also I need to include my username at the end of the url.
So the correct command is:
ansible-container push --username zacharius --password $PASS --push-to https://docker.io/zacharius
Posting this answer for people in the future with similar issue. I only saw docker.io in someone else's code example and am otherwise not sure how I was supposed to know this was the correct url

Related

Certificate not valid for jfrog.io when using Docker registry

The documentation says I have to use jfrog.io and not jfrog.com. I also tried to login into jfrog.com, which did not work.
So it looks like acme.jfrog.io/acme is the right way to access my Docker registry.
Note: Also the hostname was missing in the description. I was only able to upload when specifying the full name, and setting the registry as insecure in my Docker configuration.
Is this a known issue? Or limitation of the free offering?
sudo docker login jfrog.io/acme
Username: admin
Password:
Error response from daemon: Get https://jfrog.io/v2/: x509: certificate is valid for jfrog.com, *.jfrog.com, not jfrog.io
Indeed, you should be using my-account.jfrog.io and not my-account.jfrog.com.
The docker login command which you are running is wrong. It is missing your account name (as a sub domain), so instead of calling jfrog.io you should be calling my-account.jfrog.io (for example daniel.jfrog.io)
The reason for getting the certificate error is that when trying to perform docker login directly to jfrog.io (without the subdomain) docker is trying to access an invalid URL - jfrog.io/v2. As a result it is being redirected to an 403 error page on jfrog.com which does not match the jfrog.io certificate.
To test your docker repository please follow the following steps:
Login to your repository with docker login command. Make sure to use your account name instead of my-account. Please notice that you do not need the repository name for the login command.
docker login my-account.jfrog.io
Pull the hello-world image from the Dockerhub
docker pull hello-world
Tag the hello-world image so it can be pushed to your repository (assuming it is a local repository and you have the permissions to push an image). Make sure to use your account name and repo name
docker tag hello-world my-account.jfrog.io/my-repo/hello-world
Push the tagged image to your repository
docker push my-account.jfrog.io/my-repo/hello-world

Pull private registry image with kubernetes-helm app without using imagepullsecret

I am using minikube to develop my Kubernetes application. I have a private azure registry where my images are saved. Whenever I start the app, k8s start to pull an image. It throws the following error
Failed to pull image "myregistry.azurecr.io/myapp:mytag": rpc error: code = Unknown desc = Error response from daemon: Get https://myregistry.azurecr.io/v2/myapp/manifests/mytag: unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information.
I am configuring my minikube using this documentation. where first, I log-in to acr using below command,
az acr login --name myregistry.azurecr.io --expose-token
And after using the token provided by the above command, I log-in to my private docker-registry by the below command in minikube ssh.
docker login myregistry.azurecr.io -u 00000000-0000-0000-0000-000000000000
After that as per mention in the document, I copy the .docker/config.json to /var/lib/kubelet/config.json in minikube ssh. Still I am facing above error.
If I manually pull the image using the docker pull command, it works. I tried with imagepullsecret also and it is working. But from the above method, getting an authentication error. Do I have missing any step here? Can you please help me?
Thanks...
It seems all the steps are right. Maybe you can check if you really copy the config file to all the minikube nodes. In default, the command minikube ssh connect the control plane. You can check if the nodes' IP addresses is right when you copy the config file to them.
But in my opinion, it's not a good way to use the way like this. It's better and more convenient to use the imagePullSecret and service account.

Pushing local docker image to openshift online

I have a spring boot application running locally on docker on my machine.
The image name is springio/spring-rest-hello-world and the tag is latest. I want to push this to openshift online and get it running.
I think to do that the easiest way is to push the image up (correct me if I'm wrong).
Here is my attempt.
oc login https://console-openshift-console.apps.us-east-1.starter.openshift-online.com:6443
oc project playpen
docker login -u myUser -p myToken default-route-openshift-image-registry.apps.us-east-1.starter.openshift-online.com
docker tag springio/spring-rest-hello-world default-route-openshift-image-registry.apps.us-east-1.starter.openshift-online.com:5000/springio/spring-rest-hello-world
docker push default-route-openshift-image-registry.apps.us-east-1.starter.openshift-online.com:5000/springio/spring-rest-hello-world
With the error being...
Get https://default-route-openshift-image-registry.apps.us-east-1.starter.openshift-online.com:5000/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers
I am a newb at this stuff so I am pretty sure I have something wrong. Appreciate it if someone could give me a hand with the steps required.
thanks
Thanks to the comment provided. No need to include the docker port when tagging the image.
I also needed to tag the image with the ocp project name included in the tag.
docker tag springio/spring-rest-hello-world default-route-openshift-image-registry.apps.us-east-1.starter.openshift-online.com/playpen/spring-rest-hello-world:latest

Not able to sign in using docker to canister.io - Authorization server did not include a token in the response

Ok so I'm trying to make Bitbucket build a docker image using Bitbucket pipelines and I could sign in a week ago but now it doesn't work anymore.
And I'm using the same username and password, here it's a list of the commands I have tried and their output.
docker login cloud.canister.io:5000 --username $CANISTER_USERNAME --password $CANISTER_PASSWORD:
Error response from daemon: Get https://cloud.canister.io:5000/v2/: authorization server did not include a token in the response
docker login --username $CANISTER_USERNAME --password $CANISTER_PASSWORD cloud.canister.io:5000
Error response from daemon: Get https://cloud.canister.io:5000/v2/: authorization server did not include a token in the response
docker login cloud.canister.io:5000 --username $CANISTER_USERNAME
Password: xxxxxxxxxxxxxxxxxxx
Error saving credentials: error storing credentials - err: exit status 1, out: Cannot autolaunch D-Bus without X11 $DISPLAY
echo "$CANISTER_PASSWORD" | docker login cloud.canister.io:5000 --username $CANISTER_USERNAME --password-stdin
Error response from daemon: Get https://cloud.canister.io:5000/v2/: authorization server did not include a token in the response
echo "$CANISTER_PASSWORD" | docker login --username $CANISTER_USERNAME --password-stdin cloud.canister.io:5000
Error response from daemon: Get https://cloud.canister.io:5000/v2/: authorization server did not include a token in the response
I've also tried on a local machine and tried to do it without environment variables also tried to sign out and then try to sign in again but nothing works
for logging in this worked for me:
docker login --username=USERNAME cloud.canister.io:5000
Unfortunately, i am still getting this error message whenever i try to push my image.
I had the same issue when trying to push a new image to cloud.canister.io. It turned out I had not created the repository through the web frontend yet.
After creating the repo on cloud.canister.io I could successfully push my image up.
First you need to create an empty repo on cloud.canister.io
website with same name of the image you are trying to push.
Then you will be able to push to that repo.
Make sure you have authenticated the canister account using
sudo docker login --username=<username> cloud.canister.io:5000
Been a while. But this helped me:
docker push (registryFullUrl)/$(dockerId)/$(imageName):$(MAJOR).$(MINOR).$(PATCH)
where:
$(registryFullUrl) = cloud.canister.io:5000
$(dockerId) = your canister id
$(imageName) = repository name
$(MAJOR).$(MINOR).$(PATCH) = version
This worked for me. Hopefully this will be helpful to somebody.
I built an image from a custom Dockerfile. I am running Docker Desktop on my Win11.
docker build -t <image>:<tag> .
I logged into canister.io.
docker login --username=<username> --password=<username> cloud.canister.io:5000
I tagged the build.
docker tag <image>:<tag> cloud.canister.io:5000/<canister-namespace>/<canister-repo>
I pushed the image to canister.
docker push cloud.canister.io:5000/<canister-namespace>/<canister-repo>
I deleted the image from my Docker Desktop and I tried to pull it from canister.
docker pull cloud.canister.io:5000/<canister-namespace>/<canister-repo>
Here's an examples with some dummy values:
docker build -t tc5:tc5tag .
docker login --username=myusername --password=mypassword cloud.canister.io:5000
docker tag tc5:tc5tag cloud.canister.io:5000/mynamespace/testrepo
docker push cloud.canister.io:5000/mynamespace/testrepo
# pull test
docker pull cloud.canister.io:5000/mynamespace/testrepo

docker unauthorized: authentication required - upon push with successful login

While pushing the docker image (after successful login) from my host I am getting "unauthorized: authentication required".
Details below.
-bash-4.2# docker login --username=asamba --email=anand.sambamoorthy#gmail.com
WARNING: login credentials saved in /root/.docker/config.json
*Login Succeeded*
-bash-4.2#
-bash-4.2# docker push asamba/docker-whale
Do you really want to push to public registry? [y/n]: y
The push refers to a repository [docker.io/asamba/docker-whale] (len: 0)
faa2fa357a0e: Preparing
unauthorized: authentication required
Docker version: 1.9.1 (both client and server)
http://hub.docker.com has the repo created as well (asamba/docker-whale).
The /var/log/messages shows 403, I dont know if this docker. See below.
Apr 16 11:39:03 localhost journal: time="2016-04-16T11:39:03.884872524Z" level=info msg="{Action=push, Username=asamba, LoginUID=1001, PID=2125}"
Apr 16 11:39:03 localhost journal: time="2016-04-16T11:39:03.884988574Z" level=error msg="Handler for POST /v1.21/images/asamba/docker-whale/push returned error: Error: Status 403 trying to push repository asamba/docker-whale to official registry: needs to be forced"
Apr 16 11:39:03 localhost journal: time="2016-04-16T11:39:03.885013241Z" level=error msg="HTTP Error" err="Error: Status 403 trying to push repository asamba/docker-whale to official registry: needs to be forced" statusCode=403
Apr 16 11:39:05 localhost journal: time="2016-04-16T11:39:05.420188969Z" level=info msg="{Action=push, Username=asamba, LoginUID=1001, PID=2125}"
Apr 16 11:39:06 localhost kernel: XFS (dm-4): Mounting V4 Filesystem
Apr 16 11:39:06 localhost kernel: XFS (dm-4): Ending clean mount
Apr 16 11:39:07 localhost kernel: XFS (dm-4): Unmounting Filesystem
Any help is appreciated, please let me know if you need further info. I did the push with -f as well. No luck!
You'll need to log in to Docker.
Step 1: log in to docker hub
Based on #KaraPirinc's comment, in Docker version 17 in order to log in:
docker login -u username --password-stdin
Then enter your password when asked.
Step 2: create a repository in the docker hub.
Let's say "mysqlserver:sql".
docker push <user username>/mysqlserver:sql
OK! never mind; I found the solution. with 403 Suspected that the HTTP is not going to the right URL.
Change the file which has the login credentials stored the ~/.docker/config.json from the default generated of
{
"auths": {
"docker.io": {
"auth": "XXXXXXXXXXXXX",
"email": "x.y#gmail.com"
}
}
}
to - Note the change from docker.io -> index.docker.io/v1. That is the change.
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "XXXXXXXXXXXXX",
"email": "x.y#gmail.com"
}
}
}
Hope that helps.
Note that the auth field should be 'username:password" base64 encoded.
for example: "username:password" base64 encoded is "dXNlcm5hbWU6cGFzc3dvcmQ="
so your file would contain:
"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="
The solution you posted is not working for me...
This is what works for me:
Create the repository with the desired name.
When committing the image, name the image like the repository, including the username <dockerusername>/desired-name. For example, radu/desired-name.
if you are using heroku, be sure you did not forget to "heroku container:login" before pushing.
The problem newbies face is that we tend to treat docker hub repository just like a maven repository and think that it might contain many a different files, folders and other contents.
A docker repository on the other hand is just a single image, it does not contain anything else. It can hold different versions of the same image, but its going to contain just one image.
So, name your repository on docker hub the same name as the image you want to push into it, and use your dockerhub username as prefix. For eg, if your username is myusername and your image name is docker-whale , make sure to name your dockerhub repository as docker-whale and use the below commands to tag and push your image to repository:
docker logout # to make sure you're logged out and not cause any clashes
docker tag <imageId> myusername/docker-whale # use :1.0.0 for specific version, default is 'latest'
docker login --username=myusername # use the username/pwd to login to docker hub
docker push myusername/docker-whale # use :1.0.0 for pushing specific version, default is 'latest'
I had the same problem but i fixed it with push with specified url.
as: docker login -u https://index.docker.io/v1/
console output:
The push refers to a repository [docker.io/<username>/richcity]
adc9144127c1: Preparing
4db5654f7a64: Preparing
ce71ae73bc60: Preparing
e8e980243ee4: Preparing
d773e991f7d2: Preparing
bae23f4bbe95: Waiting
5f70bf18a086: Waiting
3d3e4e34386e: Waiting
e72d5d9d5d30: Waiting
8d1d75696199: Waiting
bdf5b19f60a4: Waiting
c8bd8922fbb7: Waiting
unauthorized: authentication required
1010deiMac:dockerspace whoami$ docker login -u <username> https://index.docker.io/v1/
Password:
Login Succeeded
1010deiMac:dockerspace whoami$ docker push <username>/richcity
The push refers to a repository [docker.io/<username>/richcity]
adc9144127c1: Pushed
4db5654f7a64: Pushed
ce71ae73bc60: Pushed
e8e980243ee4: Pushed
d773e991f7d2: Pushed
bae23f4bbe95: Pushed
5f70bf18a086: Pushed
3d3e4e34386e: Pushing [=============> ] 45.07 MB/165.4 MB
e72d5d9d5d30: Pushed
8d1d75696199: Pushing [> ] 1.641 MB/118.1 MB
bdf5b19f60a4: Pushing [============> ] 142 MB/568.4 MB
c8bd8922fbb7: Pushing [========================> ] 59.44 MB/121.8 MB
I was running into a similar issue with a similarly unhelpful error message, but it turned out to be because I was trying to push an image that I had built against a docker-machine managed instance.
When I logged into the instance itself, did docker login and docker push everything worked fine.
In case it helps anyone, I managed to resolve this with the following command at the prompt:
az acr login -n MyContainerName
After this, I could run docker push successfully.
Though the standard process is to login and then push to docker registry, trick to get over this particular problem is to login by providing username and password in same line.
So :
docker login -u xxx -p yyy sampledockerregistry.com/myapp
docker push sampledockerregistry.com/myapp
Works
whereas
docker login sampledockerregistry.com
username : xxx
password : yyy
Login Succeeded
docker push sampledockerregistry.com/myapp
Fails
Even I logged in and checked all the configuration, it still does not work !!!
It turned out that when I build my docker, I forget to put my username before the repo name
docker build docker-meteor-build
(build successfully)
And then when I pushed to my repository, I used
docker push myname/docker-meteor-build
It will show the unauthorized authentication required
So, solution is then name of build and the push should be exactly the same
docker build myname/docker-meteor-build
docker push myname/docker-meteor-build
Here the solution for my case ( private repos, free account plan)
https://success.docker.com/Datacenter/Solve/Getting_%22unauthorized%3A_authentication_required%22_when_trying_to_push_image_to_DTR
The image build name to push has to have the same name of the repos.
Example:
repos on docker hub is: accountName/resposName
image build name "accountName/resposName" -> docker build -t accountName/resposName
then type
docker push accountName/resposName:latest
That's all.
My problem was an invalid Authorization token after 5 minutes.
The push took more than 5 minutes because of the image size.
I've fixed it by increasing the "Authorization token duration" to 10 minutes.
If you are pushing a new private image for the first time, make sure your subscription supports this extra image.
Docker allows you to have 6 private images named, even if you only pay for 5, but not to push that 6th image. The lack of an informative message is confusing and irritating.
What worked for me was to create a new repository and rename the image with
$ docker tag image_id myname/server:latest
Make sure you have more slots for private images.
In my case I converted a user into an organization and it lost it's one free private image, so previous pushes that worked, no longer worked.
Same problem here, during pushing image:
unauthorized: authentication required
What I did:
docker login --username=yourhubusername --email=youremail#company.com
Which it printed:
--email is deprecated (but login succeeded still)
Solution: use the latest login syntax.
docker login
It will ask for both username and password interactively. Then the image push just works.
Even after using the new syntax, my ~/.docker/config.json looks like this after logged in:
{
"auths": {
"https://index.docker.io/v1/": {}
},
"credsStore": "osxkeychain"
}
So the credential is in macOS' keychain.
Try docker logout first, then relogin with docker login
You can mv the xxx/.docker/config.json file somewhere for handle it.
Then try to login again for create new config.json file.
#mv xx/.docker/config.json xx/.docker/config_old.json
#docker login https://index.docker.io/v1/
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: YOUR USERNAME
Password: YOUR PASSWORD
WARNING! Your password will be stored unencrypted in /xxx/.docker/config.json.
Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
I had a similar problem.
Error response from daemon: Get https://registry-1.docker.io/v2/hadolint/hadolint/manifests/latest: unauthorized: incorrect username or password
I found out out that even if I login successfully with the docker login command, any pull failed.
I tried to clean up the ~/.docker/config.json but nothing improved.
Looking in the config file I've seen that the credentials were not saved there but in a "credsStore": "secretservice".
In Linux this happen to be the seahorse or Passwords and Keys tool.
I checked there and I cleanup all the docker hub login.
After this a new docker login worked as expected.
in your configuration file ~/.docker/config.json add
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "XXXXXXXXXXXXX",
"email": "my_email#gmail.com"
}
}
}
where XXXXX is base64 encoding of your username:password (the : is included) of https://hub.docker.com
in my case i had the same error with a pull. the problem (under windows) was provoked by double docker running process, so a kill them all and restart one service and it works .
I have received similar error for sudo docker push /sudo docker pull on ecr repository.This is because aws cli installed in my user(abc) and docker installed in root user.I have tried to run sudo docker push on my user(abc)
Fixed this by installed aws cli in root , configured aws using aws configure in root and run sudo docker push to ecr on root user
If you running windows 7 docker Registry
Start **Docker Quick Start terminal** run (this terminal enables connection ) Until you pushed images , that will keep token alive .
Login
docker login
Make sure you tag the image with username
docker build -f Dockerfile -t 'username'/imagename
push image
docker image push username/imagename
Note: image name all lowercase
I tried all the methods I can find online and failed. Then I read this post and get some ideas from #Alex answer. Then I search about ""credsStore": "osxkeychain"" which is used in my config.json. The I follow this link https://docs.docker.com/engine/reference/commandline/login/ to logout and then login again. Finally, I can push my image successfully.
I had the same problem and I can fix it.
change the ~/.docker/config.json file as below
{
"auths": {
"XxX": {
"auth": "XxX"
}
}
}
and do not forget to restart docker service.
service docker restart
enjoy
i was facing the same problem with Heroku and Docker, the solution was
docker login
docker build . -t <project_name>
heroku container:login
heroku container:push web -a <project_name>
I had the same problem but I fixed it with push with a specified URL:
docker login -u https://index.docker.io/v1/
Just curious to know what could be the cause for this issue?
Old post but had same issue and couldn't find the answer.
NOTE: the Docker tag is case sensitive to Azure loginserver name.
I was uploading to Azure container. Container was named "LearnContainer81"
Loginserver was "learncontainer81.azurecr.io"
When I did the tag in Docker, I did it with "LearnContainer81.azurecr.io/X" and it gives unauthorised. Did tag again in lowercase as per Loginserver for Azure. This then uploaded fine.
Its the problem with the proxy.
Turn off the VPN if you are working on any.
https://forums.docker.com/t/failed-with-status-401-unauthorized/11023/3
I'm using my self-hosted docker registry, where I terminate HTTPS/SSL first on another server (such as nginx or trafficserver), and then pass the traffic to registry over non-encrypted HTTP. After a lot of research, I managed to get it to work.
i) the problem is caused by not having X-Forwarded-Proto -header set in PATCH -requests, resulting in 401 error. See https://github.com/distribution/distribution/issues/1177#issuecomment-155718420
ii) nginx version 18 (and lower such as Ubuntu Bionic and Focal) seems not to pass the
proxy_set_header X-Forwarded-Proto https;
for PATCH (POST works ok), but nginx version 21 works ok.
Also Apache Trafficserver seems to pass the headers properly, once enabled.
Make sure your docker repositry name matches your local docker repo name.
e.g lets say if you local repo name "kavashgar/nodjsapp"
then your should also have a repo names "kavashgar" in docker hub

Resources