I'm building a docker image via jenkins and want to deploy it to google cloud registry using the jenkins plugin (docker-build-step, Google Container Registry Auth Plugin, Google OAuth Credentials plugin), using the following instructions: https://wiki.jenkins-ci.org/display/JENKINS/Google+Container+Registry+Auth+Plugin
I have a VM instance on GCE where I have both jenkins and docker installed.
The build works OK, but it fails when I'm trying to push it to the Registry:
Successfully built c2ddc81c66d1
[Docker] INFO: Sucessfully created image eu.gcr.io/$project-id/base
[Docker] INFO: Pushing image eu.gcr.io/$project-id/base
ERROR: Build step failed with exception
javax.ws.rs.ProcessingException: org.apache.http.NoHttpResponseException: 127.0.0.1:2375 failed to respond
at org.glassfish.jersey.apache.connector.ApacheConnector.apply(ApacheConnector.java:513)
at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:246)
at org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:667)
at org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:664)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
--
But when I try to push it via SSH, it works:
bash-4.2$ whoami
jenkins
bash-4.2$ gcloud docker push eu.gcr.io/$project-id/base
The push refers to a repository [eu.gcr.io/$project-id/base]
41772e41ab05: Layer already exists
a03f60753e4e: Pushing [=========> ] 9.223 MB/47.44 MB
I believe that if it was some kind of scope from the google VM, I shouldn't be able to do it via ssh either. Could it be the jenkins user environment variables?
Anyone has a working configuration for a similar scenario? Anyone that knows Jenkins well knows what kind of config could be causing this?
Also, before using http://127.0.0.1:2375 as the docker url, I had unix:///var/run/docker.sock, and with that configuration, instead of "127.0.0.1:2375 no HttpResponseExpcetion" I had "localhost:80 no HttpResponseExpcetion" on the log, so using the socket isn't the solution either.
Regards,
JS
The error is related with failed a connection between Jenkins and Google Registry. I'm assuming there's no problem with the network connection, since it's calling the localhost.
[Docker] INFO: Sucessfully created image eu.gcr.io/$project-id/base
[Docker] INFO: Pushing image eu.gcr.io/$project-id/base
ERROR: Build step failed with exception
javax.ws.rs.ProcessingException: org.apache.http.NoHttpResponseException: 127.0.0.1:2375 failed to respond
So, that leaves us with an applicational problem. Check your Google oAuth credentials, it can be an unauthorized access exception being throwed, in which you'll have to create the credentials.
In any case, check your logs and elevate the log level to see if there's any important info that went unnoticed.
Related
Summary:
I have made many attempts to deploy simple C# Blazor image in public DockerHub repo to Azure App Service web site. All attempts using bicep and the azure portal have failed.
Goal:
Use bicep inside of a Github action (CI/CD pipeline) to deploy from public DockerHub repo to Azure App Service Web Site. (I'm also curious as to how to do it on the portal).
What Works:
This powershell command successfully deploys my DockerHub image to the Azure App Service Web site:
az.cmd webapp create --name DockerhubDeployDemo004 --resource-group rg_ --plan Basic-ASP -s siegfried01 -w topsecretet --deployment-container-image-name siegfried01/demovisualstudiocicdforblazorserver
This bicep for creating an azure container instance also works.
Error Messages from Failed Attempts:
From the log files in the azure portal I get:
2022-05-20T21:50:35.914Z ERROR - DockerApiException: Docker API responded with status code=NotFound, response={"message":"pull access denied for demovisualstudiocicdforblazorserver, repository does not exist or may require 'docker login': denied: requested access to the resource is denied"}
2022-05-20T21:50:35.915Z ERROR - Pulling docker image docker.io/demovisualstudiocicdforblazorserver failed:
2022-05-20T21:50:35.916Z WARN - Image pull failed. Defaulting to local copy if present.
2022-05-20T21:50:35.923Z ERROR - Image pull failed: Verify docker image configuration and credentials (if using private repository)
2022-05-20T21:50:35.928Z INFO - Stopping site dockerdeploydemo003 because it failed during startup.
/home/LogFiles/2022_05_20_lw1sdlwk000FX5_docker.log (https://dockerdeploydemo003.scm.azurewebsites.net/api/vfs/LogFiles/2022_05_20_lw1sdlwk000FX5_docker.log)
2022-05-20T21:35:47.559Z WARN - Image pull failed. Defaulting to local copy if present.
2022-05-20T21:35:47.562Z ERROR - Image pull failed: Verify docker image configuration and credentials (if using private repository)
Failing Bicep Code:
I tried exporting the ARM code from the successful powershell deployment and the failed portal attempts and converting it to bicep. In both cases the code was very similar. In both cases I had to add/edit the app settings containing the dockerhub URL, account and password. I always received the above error messages. After deploying using bicep code, I could go back into the portal and view the appsettings (dockerhub creds & URL). They looked correct.
References:
Nice DockerHub example but no bicep code.. Says to use index.docker.io for the server and I tried that (did not work). I also tried using https://index.docker.io/v1/ for the server URL and that did not work either.
Nice Bicep Example but uses ACR instead of DockerHub
Another nice Bicep Example that uses ACR instead of DockerHub.
I was surprised I could not find the documentation on the DockerHub site!
Please help me correct my bicep code. I suspect I'm not specifying the correct URL or server for DockerHub.
Thanks
Siegfried
I could not find the web page on Dockerhub that gave the detailed information I was looking for (like the URL). However, the docker Info command as described here was very helpful.
This bicep code did the trick for me (with some help from the bicep support on github):
var appConfigNew = {
DOCKER_ENABLE_CI: 'true'
DOCKER_REGISTRY_SERVER_PASSWORD: dockerhubPassword
DOCKER_REGISTRY_SERVER_URL: 'https://index.docker.io/v1/'
DOCKER_REGISTRY_SERVER_USERNAME: dockerUsername
}
resource appSettings 'Microsoft.Web/sites/config#2021-01-15' = {
name: 'appsettings'
parent: web
properties: appConfigNew
}
And lastly, I discovered this by trial and error:
linuxFxVersion: 'DOCKER|${dockerUsername}/demovisualstudiocicdforblazorserver:${tag}'
Wow! I really worked hard for this one!
I'm having problems pushing images to my docker repo in Artifactory. Pulling the images works as expected, but pushing them gives me an error. I can see the progress bar pushing the image, but somehow it times out w/ a "I/O Timeout"
My setup consists of an Artifactory instance running in my k8 cluster and I have a F5 in front of it for SSL offloading. I followed these instruction for using the repository path method.
On the http settings I've tried using the nginx/http reverse proxy or just using the embedded tomcat. I either the the "I/O timeout" or a "503 Service Unavailable" (when using the embedded).
I know network wise everything is ok, since I can push other items. i.e, files, npm etc... It's a bit frustrating that I'm able to pull but not push. Has anyone seen this before??
Do the docker push command again with artifactory UI open ( Admin -> System logs -> Request log )
You should see a few requests coming in with '/api/docker' in the path. What's the return code and full path shows in request log?
The docker registry push would require docker login. You may need to get credentials for the docker registry so that you push. Say if you have saved password in a file
docker login --username=yourhubusername --email=youremail#company.com
And then try push.
I have installed NEXUS in VM nexus console is accessible using http://192.168.33.60:8081/ URL, trying to login in nexus with another VM using below command
docker login 192.168.33.60:8081
after entering user-name and password it is throwing this error
`Error response from daemon: login attempt to http://192.168.33.60:8081/v2/ failed with status: 404 Not Found`
can anyone please help me on this
You need to configure a Docker connector port, and it must be SSL enabled:
https://help.sonatype.com/display/NXRM3/SSL+and+Repository+Connector+Configuration
Note that Docker is picky about SSL certificates, if you're planning on using a self signed certificate see here:
https://support.sonatype.com/hc/en-us/articles/217542177-Using-Self-Signed-Certificates-with-Nexus-Repository-Manager-and-Docker-Daemon
I am trying to trigger jenkins build whenever there is a push to GitLab.
I am referring to https://github.com/jenkinsci/gitlab-plugin.
When I test the connection for webhook it shows execution expired.
I am using:
Jenkins ver. 2.60.1
GitLab version 9.4.0-rc2-ee
Git lab plugin 1.4.6
The exact error message, clicking "Test setting" from GitLab:
We tried to send a request to the provided URL but an error occurred: execution expired
As mentioned in issue 128:
This looks and sounds like a configuration or network error.
Maybe your machine is not publicly available on the webhook address (firewall etc).
For instance, on Digital Ocean server, you would need to open up the port (mentioned in git-auto-deploy.conf.json) in the firewall:
sudo ufw allow 8866/tcp
Double-check though what you put in Manage Jenkins > Configure in term of Gitlab information (connection name, host url, credentials), as mentioned in jenkinsci/gitlab-plugin issue 391.
See GitLab Integration Jenkins: Configure the Jenkins server
It means issues in between jenkins server and gitlab or github server.
Like what I did:
I have set my local-IP:port/project/jenkins_project_name
http://192.168.1.21:8080/project/jenkins_project_name
and set the above URL in the gitlab webhook, it shouldn't work - right?
Because it's an IP that's private and not routable.
SO later I realized and set the public-IP and then hook worked.
http://public_IP:8080/project/jenkins_project_name
Note: To routable public-IP, you should expose port in your router [e.g. 8080 was for me or anything want ]
Hope this works.
I have faced the same issue.
In my case Jenkins is running in an AWS EC2 instance. I have resolved the issue by whitelisting the Public IP addresses of Gitlab on port 443 into the instance security group.
I'm trying via Jenkins to push an image to the container repository. It was working at first, but now, I got "access denied"
docker -- push gcr.io/xxxxxxx-yyyyy-138623/myApp:master.1
The push refers to a repository [gcr.io/xxxxxxx-yyyyy-138623/myApp]
bdc3ba7fdb96: Preparing
5632c278a6dc: Waiting
denied: Access denied.
the Jenkinsfile look like :
sh("gcloud docker --authorize-only")
sh("docker -- push gcr.io/xxxxxxx-yyyyy-138623/hotelpro4u:master.1")
Remarks:
Jenkins is running in Google Cloud
If I try in Google Shell or from my computer, it's working
I followed this tutorial : https://github.com/GoogleCloudPlatform/continuous-deployment-on-kubernetes
I'm stuck while 12 hours.... I need help
That error means that the GKE node is not authorized to push to the GCS bucket that is backing your repository.
This could be because:
The cluster does not have the correct scopes to authenticate to GCS. Did you create the cluster w/ --scopes storage-rw?
The service account that the cluster is running as does not have permissions on the bucket. Check the IAM & Admin section on your project to make sure that the service account has the necessary role.
Building on #cj-cullen's answer above, you have two options:
Destroy the node pool and then, from the CLI, recreate it with the missing https://www.googleapis.com/auth/projecthosting,storage-rw scope. The GKE console does not have the capability to change the default scopes when creating a node pool from the console.
Stop each instance in your cluster. In the console, click the edit button for the instance. You should now be able to add the appropriate https://www.googleapis.com/auth/projecthosting,storage-rw scope.