Jenkins push failed for dockers - jenkins

I am trying to do a push into my docker repo.
my github repo is here for reference with my jenkins file https://github.com/leeadh/braintree_example.git
However, it keeps showing this error where it a passphrase for my new root key is not created. Why is this so?
PS: to give some context my DOCKER_CONTENT_TRSUT in cmd is 0. Hence, I am unsure what is casuing this.

It seems to be a missing credentials error.
You need to set credentials to connect to your github and docker registry.
Here you can see detailed instructions for setting them up:
Github: https://gist.github.com/misterbrownlee/3708738
Docker (see Docker Host Certificate Authentication): https://jenkins.io/doc/book/using/using-credentials/

Related

Getting "unauthorized: authentication required" when pulling ACR images from Azure Kubernetes Service

I followed the guide here (Grant AKS access to ACR), but am still getting "unauthorized: authentication required" when a Pod is attempting to pull an image from ACR.
The bash script executed without any errors. I have tried deleting my Deployment and creating it from scratch kubectl apply -f ..., no luck.
I would like to avoid using the 2nd approach of using a secret.
The link you posted in the question is the correct steps for Authenticate with Azure Container Registry from Azure Kubernetes Service. I tried before and it works well.
So I suggest you can check if the service-principal-ID and service-principal-password are correct in the command kubectl create secret docker-registry acr-auth --docker-server <acr-login-server> --docker-username <service-principal-ID> --docker-password <service-principal-password> --docker-email <email-address>. And the secret you set in the yaml file should also be check if the same as the secret you created.
Jeff & Charles - I also experienced this issue, but found that the actual cause of the issue was that AKS was trying to pull an image tag from the container registry that didn't exist (e.g. latest). When I updated this to a tag that was available (e.g. 9) the deployment script on azure kubernetes service (AKS) worked successfully.
I've commented on the product feedback for the guide to request the error message context be improved to reflect this root cause.
Hope this helps! :)
In my case, I was having this problem because my clock was out of sync. I run on Windows Subsytem for Linux, so running sudo hwclock -s fixed my issue.
See this GitHub thread for longer discussion.
In my case, the Admin User was not enabled in the Azure Container Registry.
I had to enable it:
Go to "Container registries" page > Open your Registry > In the side pannel under Settings open Access keys and switch Admin user on. This generates a Username, a Password, and a Password2.

How to fix EOF error during docker push command

I try to push an image in my public docker repository, but after some minutes I have this problem:
and during pushing, the following occurs many times (when retrying):
My version of docker is the following:
How to solve this problem ?
When I push an image to ECR, an EOF error occured.
The reason is remote repository[jdk-8-newrelic] does not exist.
After creating the repository, PUSH succeeded.
I got this error when my image name was incorrectly formatted.
I was trying to push an image called registry-url/my-repository/my-image-name:tag
This is wrong; I need a repository per image name. registry-url/my-image-name:tag worked, once I created the repository named my-image-name.
This was on ECR.
I was missing this policy AmazonEc2COntainerRegistryFullAccess in permission of the iam user
In case you are trying to push into the AWS ECR, this happens when the connection to the repository has failed. This could be either because
the repository doesn't exist
the repository exists but in a different region
the AWS credentials are incorrect.
the AWS credentials have just been corrected
Once you have the repository created in the correct region and the AWS cli Credentials are corrected, ensure that you run the AWS docker login command once again and repeat the tag and push steps.
I have met this issue nowadays when I am pushing an image to a private registry. And I checked out the Docker log and found that there was something unexpected about the proxy but I did not have to push to my private through the proxy. So I added my registry address to the Docker proxy whitelist to skip the proxy, and it worked. I wish it helps!
I had a similar problem pushing to a private docker repository, and the problem was wrong credentials.
Try to read the logs:
Get-EventLog -LogName Application -Source Docker -After (Get-Date).AddMinutes(-5) | Sort-Object Time
ref: https://learn.microsoft.com/en-us/virtualization/windowscontainers/troubleshooting#finding-logs
In my case, I had saved AWS credentials from another account where I did not have full access anymore. Check your C:\Users\YourUserName.aws\credentials if you are on Win.
Yes, You need to create a repository in AWS ECR.
PFB for AWS AC.
docker push aws-ac-id.dkr.ecr.us-west-2.amazonaws.com/build-agent:latest
Here I have created a build-agent ECR repository and the above command got successful.
Don't forget to run the below command.
aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin aws-ac-id.dkr.ecr.us-west-2.amazonaws.com

docker push error "denied: requested access to the resource is denied"

This error occurs when trying to push an image to the public repository on Docker Hub. There have been no issues with other registries I have tried.
I have looked at numerous sites, blogs including StackOverflow and there is still no clear answer.
You can try to replicate this issue as follows.
As shown in the screenshot above, I have an image aspc-mvc-app on local docker host. As shown, it has 3 tags - 1.0.5, 1.0.5.latest and latest.
Assume that we are trying to push using an account name of janedoe at Docker Hub
Per documentation on Docker.io and numerous other sites, there are 3 steps to pushing.
(1) Login
docker login "index.docker.io" -u janedoe -p <password>
--> I get Login Succeeded which is good!
(2) Add one or more tags
Of the 3 tags, let's just tag the latest.
docker tag janedoe/aspc-mvc-app:latest janedoe/aspc-mvc-app
--> The prompt returns with no error. So far so good.
(3) Push
docker push janedoe/aspc-mvc-app
--> This is where the error occurs.
As shown on the screenshot below, initial checks seem to occur fine until you get the error denied: requested access to the resource is denied
At step (2), I have tried numerous other formats including the following.
docker tag janedoe/aspc-mvc-app:latest janedoe/aspc-mvc-app:latest
docker tag janedoe/aspc-mvc-app janedoe/aspc-mvc-app:latest
docker tag aspc-mvc-app:latest janedoe/aspc-mvc-app
docker tag aspc-mvc-app janedoe/aspc-mvc-app:latest
docker tag 306a8fd79d88 janedoe/aspc-mvc-app
docker tag 306a8fd79d88 janedoe/aspc-mvc-app:latest
All fail with the same error.
As a comparison, with the same exact image, I had no problem pushing to Azure Container Registry.
Since Docker Hub is so popular, can anyone shed light on what the mystery is, or if there is a detailed documentation anywhere?
Updated 5/9/2017
I am fairly up-to-date on docker cli and server versions. Right now, my cli is 17.05.0-ce-rc1 and server is 17.04.0-ce as shown below.
The solution is simply to change the way of logging in at step (1).
docker login -u janedoe -p <password>
Everything else can stay the way described above. The image was successfully pushed to Docker Hub!
First login by typing sudo docker login in the terminal. Enter username and password
Visit your docker account and create a new repository. In my case I created a repository crabigator1900/dockerhub
Say you have a docker image with repository name:crabigator/django and tag:latest.
In that case you will need to tag this image with a label of your wish. I decided to tag it with the label:myfirstimagepush. You tag the image by typing the command
sudo docker tag crabigator/django:latest crabigator1900/dockerhub:firstimagepush
Finally push the image to your repo using the command
sudo docker push crabigator1900/dockerhub:firstimagepush
That's all there is to it.
I too had the same issue, but after trying some combinations this worked.
Whenever you push - that refers to docker.io/ followed by registry path.
In my case my username is rushmith and I created a sample repository called docker under rushmith.
My link is : "hub.docker.com/r/rushmith/docker/"
Now I created a tag to my image that I want to push as: rushmith/docker
And It worked successfully.
$ docker login -u rushmith
(Give the password then type as below)
$ docker push rushmith/docker:latest
Output:
The push refers to a repository [docker.io/rushmith/docker]
7fbb0e1e64cb: Pushed
33f1a94ed7fc: Pushed
b27287a6dbce: Pushed
47c2386f248c: Pushed
2be95f0d8a0c: Pushed
2df9b8def18a: Pushed
latest: digest:
sha256:4d749d86b4a2d9304a50df474f6236140dc2d169b9aabc354cdbc6ac107390f2 size: 1569
I hope this late solution might help someone.
The reason of this error message was you haven't named your images properly.
Let say your account name on docker.io was your-name then your new repo name is going to be your-name/your-new-image-name.
In order to push your image, first you have to tag (name) your local images as:
docker tag local-image[:tag-name] your-name/your-new-image-name[:tag-name]
Things in the brackets is optional. You may want to check the result with docker image ls. Then let push your image to your docker repo:
docker push your-name/your-new-image-name[:tag-name]
Done! Your image was pushed to docker repos.
You can follow the following steps:
Step 1: docker login -u <username> -p <password>
A message with "Login Succeeded" will appear, confirming your successful login.
Step 2:
Now in order to push the image just make sure the path which you are using must have your username included in the tag.
e.g: Suppose link is: "hub.docker.com/u/xyz/"
Create a tag to image as docker push xyz/docker:latest.
If you already have some different tag change it using command
docker tag <old tag> <new tag>
Hope this helps.
after 1 hour's struggling with different ways mentioned above,
I reinstalled the neweast version of Docker Desktop app in my mbp, then it is solved.
the neweast version is 20.10.2
and the old version is 17.x, which was installed 5 years ago.
First you need to ensure you have logged into your account
You need to create a repository, below is the command to create a repository -
docker tag local-image:tagname YOUR-ACCOUNT-NAME/tagname
docker push YOUR-ACCOUNT-NAME/tagname
Create a repository from a website.
It possible that you don't have a permission for creating repository.
docker push does not create a repo name so if not present it says access not available
This worked for me.
> docker login -u janedoe
Password:
Login Succeeded
> docker tag myapp:0.0.1 janedoe/myflinkapp:0.0.1
> docker push janedoe/myapp:0.0.1
The push refers to repository [docker.io/janedoe/myapp]
b763be657a2c: Pushed
e534dae385a8: Pushed
5af3d5d57035: Pushed
0e44828b51e2: Pushed
fdd771f27095: Pushed
ef9a7b8862f4: Pushed
a1f2f42922b1: Pushed
4762552ad7d8: Pushed
0.0.1: digest: sha256:0069ee2c39b422e64f0493d2b2e9cbe7736a size: 2154
In my case, I was facing this issue even after logging into Docker registry successfully.
So, I tried running the docker push as sudo and it worked.
Make sure you follow these steps:
Run docker login
After logging in successfully, run the docker push command
If the push failed, run this: sudo docker push repoName:tagName
If you're using 2FA and run
docker login -u <your_docker_user_name>
you will get Login successful but you won't be able to push.
This is because you're using 2FA which requires one-time password to login into your account.
To be able to push with 2FA enabled you need to use an access token. To generate one go to Account settings/Security on Docker Hub website and click New Access Token. As of Access Permissions preferably choose Read & Write - this is the entry level for being able to push. Only generate Read, Write, Delete token if you really need it!
You'll be prompted with instructions on what to do next. Just to keep the answer full, you'll have to run
docker login -u <you_docker_username>
and when prompted for Password paste your Personal Access Token.
IMPORTANT: save your Personal Access Token in a password manager and never share with anyone and never push to github or add to your source code. NEVER! Please.
Now, when you run docker push <your_docker_username>/<your_docker_repo_name>:<tag_of_your_image> you should be able to push the image to the Docker Hub.
I have the same problem and it was solved by running the push command with sudo. I think it is only a privilege problem.
sudo docker push janedoe/aspc-mvc-app

Can't pull image from private docker registry

Trying to get a private repo running on my EC2 instance so my other docker hosts created by docker-machine can pull from the private repo. I've disabled SSL and have put up a firewall to compensate that allows my test server(the one I'm trying to pull on) to connect to my main EC2 instance (the private repo). So far I can push to the private repo where it's hosted on my main EC2 instance (was getting an EOF error before disabling SSL) but I get the following error when I run this on my text server:
docker pull ec2-xx-xx-xxx-xxx.us-west-2.compute.amazonaws.com:5000/scoredeploy
this is the error it spits out:
Error response from daemon: Get https://ec2-xx-xx-xxx-xxx.us-west-2.compute.amazonaws.com:5000/v1/_ping: EOF
Googling this error on yields results of people having similar issues, but without any fixes.
Anybody have any idea of what's going on here?
You might need to set the --insecure-registry <registry-ip>:5000 flag on the docker daemon's startup command on your non-docker-registry machine. In your case: --insecure-registry ec2-xx-xx-xxx-xxx.us-west-2.compute.amazonaws.com:5000
If you want to use your already-running docker machine, this should help you out setting the flag: https://docs.docker.com/registry/insecure/#/deploying-a-plain-http-registry
If you're using boot2docker, the file location and format is slightly different. Give this a shot if this is the case: http://www.developmentalmadness.com/2016/03/09/docker-configure-insecure-registry-in-boot2docker/
I've had issues with my docker machines not saving this setting on reboots. If you run into that issue, I'd recommend you make a new machine including the flag --engine-insecure-registry <registry-ip>:5000 in the docker-machine create command.
Best of luck!

Google Container Registry access denied when pushing docker container

I try to push my docker container to the google container registry, using this tutorial, but when I run
gcloud docker push b.gcr.io/my-bucket/image-name
I get the error :
The push refers to a repository [b.gcr.io/my-bucket/my-image] (len: 1)
Sending image list
Error: Status 403 trying to push repository my-bucket/my-image: "Access denied."
I couldn't find any more explanation (no -D, --debug, --verbose arguments were recognized), gcloud auth list and docker info tell me I'm connected to both services.
Anything I'm missing ?
You need to make sure the VM instance has enough access rights. You can set these at the time of creating the instance, or if you have already created the instance, you can also edit it (but first, you'll need to stop the instance). There are two ways to manage this access:
Option 1
Under the Identity and API access, select Allow full access to all Cloud APIs.
Option 2 (recommended)
Under the Identity and API access, select Set access for each API and then choose Read Write for Storage.
Note that you can also change these settings even after you have already created the instance. To do this, you'll first need to stop the instance, and then edit the configuration as mentioned above.
Use gsutil to check the ACL to make sure you have permission to write to the bucket:
$ gsutil acl get gs://<my-bucket>
You'll need to check which group the account you are using is in ('owners', 'editors', 'viewers' etc.)
EDIT: I have experienced a very similar problem to this myself recently and, as #lampis mentions in his post, it's because the correct permission scopes were not set when I created the VM I was trying to push the image from. Unfortunately there's currently no way of changing the scopes once a VM has been created, so you have to delete the VM (making sure the disks are set to auto-delete!) and recreate the VM with the correct scopes ('compute-rw', 'storage-rw' seems sufficient). It doesn't take long though ;-).
See the --scopes section here: https://cloud.google.com/sdk/gcloud/reference/compute/instances/create
I am seeing this but on an intermittent basis. e.g. I may get the error denied: Permission denied for "latest" from request "/v2/...."., but when trying again it will work.
Is anyone else experiencing this?
For me I forgot to prepend gcloud in the line (and I was wondering how docker would authenticate):
$ gcloud docker push <image>
In your terminal, run the code below
$ sudo docker login -u oauth2accesstoken -p "$(gcloud auth print-access-token)" https://[HOSTNAME]
Where
-[HOSTNAME] is your container registry location (it is either gcr.io, us.gcr.io, eu.gcr.io, or asia.gcr.io). Check your tagged images to be sure by running $ sudo docker images).
If this doesn't fix it, try reviewing the VM's access scopes.
If you are using Docker 1.7.0, there was a breaking change to how they handle authentication, which affects users who are using a mix of gcloud docker and docker login.
Be sure you are using the latest version of gcloud via: gcloud components update.
So far this seems to affect gcloud docker, docker-compose and other tools that were reading/writing the Docker auth file.
Hopefully this helps.
Same problem here, the troubleshooting section from https://cloud.google.com/tools/container-registry/#access_denied wasn't very helpful. I have Docker and GCloud full updated. Don't know what else to do.
BTW, I'm trying to push to "gcr.io".
Fixed. I was using a VM in compute engine as my development machine, and looks like I didn't give it enough rigths in Storage.
I had the same problem with access denied and I resolved it with creating new image using Tag:
docker tag IMAGE_WITH_ACCESS_DENIED gcr.io/my-project/my-new-image:test
After that I could PUSH It to Container registry:
gcloud docker -- push gcr.io/my-project/my-new-image:test
Today I also got this error inside Jenkins running on Google Kubernetes Engine when pushing the docker container. The reason was a node pool node version upgrade from 1.9.6-gke.1 to 1.9.7-gke.0 in gcp I did before. Worked again after the downgrade.
You need to login to gcloud from the machine you are:
gcloud auth login

Resources