Develop Reference

Gitlab runner: failure to log in to GitLab Container Registry

After setting up gitlab-runner as a Docker container with an executor of docker, I fail to run any builds. The displayed log reads like the following:
Running with gitlab-runner 11.4.2 (cf91d5e1)
on <hostname> 9f1c1a0d
Using Docker executor with image docker:stable-git ...
Starting service docker:stable-dind ...
Pulling docker image docker:stable-dind ...
Using docker image sha256:acfec978837639b4230111b35a775a67ccbc2b08b442c1ae2cca4e95c3e6d08a for docker:stable-dind ...
Waiting for services to be up and running...
Pulling docker image docker:stable-git ...
Using docker image sha256:a8a2d0da40bc37344c35ab723d4081a5ef6122d466bf0a0409f742ffc09c43b9 for docker:stable-git ...
Running on runner-9f1c1a0d-project-1-concurrent-0 via a7b6a57c58f8...
Fetching changes...
HEAD is now at 5430a3d <Commit message>
Checking out 5430a3d8 as master...
Skipping Git submodules setup
$ # Auto DevOps variables and functions # collapsed multi-line command
$ setup_docker
$ build
Logging to GitLab Container Registry with CI credentials...
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password
ERROR: Job failed: exit code 1
Note the attempt to ligin to docker-hub (I guess) and the credentials-error. But I do not desire nor configured a username/password to access docker-hub. Any suggestion what is wrong here or how to go on debugging this?
The runner was registered with the following command (which also dictates the contents of the configuration file):
docker run --rm -ti \
-v <config-volume>:/etc/gitlab-runner \
-v $(pwd)/self-signed-server.crt:/etc/ssl/certs/server.crt \
-v /var/run/docker.sock:/var/run/docker.sock \
gitlab/gitlab-runner register \
--tls-ca-file /etc/ssl/certs/server.crt \
--url https://my.server.url/gitlab/ --registration-token <token> \
--name myserver --tag-list "" \
--executor docker --docker-privileged --docker-image debian \
--non-interactive
I used --docker-privileged because I originally had the same problem discussed here (thanks, wendellmva). I just can't configure running the gitlab-runner container itself privileged, but don't see link-failure-problem problem even though I don't.

To get past this point, one needs to overwrite the CI_REGISTRY_USER variable in the projects Settings -> CI / CD -> Variables block. Assigning an empty value will get past this point.
Background: by exporting the project and then parsing the JSON settings with jq, one can get the preconfigured list of commands that run:
jq -r .pipelines[0].stages[0].statuses[0].commands project.json
# ...
function registry_login() {
if [[ -n "$CI_REGISTRY_USER" ]]; then
echo "Logging to GitLab Container Registry with CI credentials..."
docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
echo ""
fi
}
# ...
So there is apparently some non-empty string preloaded to CI_REGISTRY_USER, but with an invalid CI_REGISTRY_PASSWORD.
What I haven't found yet is where to make such settings globally for all projects or how to edit the AutoDevOps pipeline.

How to set username and password for our own docker private registry?

I was able to run repository using $docker container run -itd --publish 5000:5000 registry But, I am not asked for username and password when I pull or push the image to that repository.
How to set username and password for our own docker private registry and how to use them in Dockerfile and docker-compose when we want to use the image from that repository?

How to set username and password for our own docker private registry?
There are couple ways to implement basic auth in DTR. The simplest way is to put the DTR behind a web proxy and use the basic auth mechanism provided by the web proxy.
To enable basic auth in DTR directly? This is how.
Create a password file containing username and password: mkdir auth && docker run --entrypoint htpasswd registry:2 -Bbn your-username your-password > auth/htpasswd.
Stop DTR: docker container stop registry.
Start DTR again with basic authentication, see commands below.
Note: You must configure TLS first for authentication to work.
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v `pwd`/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
How to use them when we want to use the image from that repository?
Before pulling images, you need first to login to the DTR:
docker login your-domain.com:5000
And fill in the username and password from the first step.

How to avoid password when using sudo in gitlab-ci.yml?

I have a private docker repository where i store my build images.
I did copy my registry certificates and updated my /etc/hosts file to authenticate registry from my local machine.
I could login to registry with 'sudo docker login -u xxx -p xxx registry-name:port'
But when i try same docker login command from gitlab-ci stage, it is failing with this error:
sudo: no tty present and no askpass program specified.
This is how i'm trying to achieve this.
ssh manohara#${DEPLOY_SERVER_IP} "sudo docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}"
I also tried adding this gitlab-runner ALL=(ALL) NOPASSWD: ALL at the bottom of /etc/sudoers file, but no luck
Where am i going wrong?

According to this Source you can use
ssh -t remotehost "sudo ./binary"
The -t allocates a pseudo-tty.
Or in your example:
ssh -t manohara#${DEPLOY_SERVER_IP} "sudo docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}"

login DN and password for osixia/phpLDAPAdmin docker image

I am just getting started with LDAP. I downloaded the osixia openldap docker image and the phpLDAPAdmin:
OpenLDAP
LDAPAdmin
I created the containers this way:
docker run --name ldap -p 389:389 -p 689:689 -e LDAP_DOMAIN=localhost -e LDAP_ORGANISATION=MyOrganisation -e LDAP_ADMIN_PASSWORD=mypw -v D:\docker\LDAP\ldap:/var/lib/ldap -v D:\docker\LDAP\slapd:/etc/ldap/slapd.d -d osixia/openldap
docker run -p 6443:443 --env PHPLDAPADMIN_LDAP_HOSTS=172.17.0.4 --detach osixia/phpldapadmin
It seems to have worked: I can open the admin console and I can connect to LDAP from keycloak.
What I don't understand is, how do I log into the phpLDAPAdmin. What is the
Login DN and password? Password is mypw in this cas I guess, but the login DN?

phpLDAPadmin user name must be something like this.
cn=admin,dc=first_part_of_the_domain,dc=second_part_of_the_domain,dc=third__part_of_the_domain
as an example, cn=admin,dc=example,dc=mail,dc=com

Docker login failing (at most 1 argument)

I am failing to login to a remote docker registry using a command of the form:
docker login –u my-username –p my-password registry.myclient.com
The error I get is the following:
"docker login" requires at most 1 argument.
See 'docker login --help'.
Usage: docker login [OPTIONS] [SERVER]
How can login to the remote registry?

You don't have tacks in front of your options, it's some other dash like character. Try this instead:
docker login -u my-username -p my-password registry.myclient.com
While it looks similar, -u and -p are not the same as –u and –p.

This one worked for me if ci environment is in play:
echo ${MVN_PASSWORD} | docker login -u ${MVN_USER} --password-stdin ${MVN_URL}
these variables need to be set up via Settings > CI/CD > Variables (gitlabci example)

Here is what worked for me:
I saved the password in a file called my_password.txt.
Then, I ran the following command:
cat ~/my_password.txt | docker login -u AWS --password-stdin https://{YOUR_AWS_ACCOUNT_ID}.dkr.ecr.{YOUR_AWS_REGION}.amazonaws.com