I have error with:
docker push registry.gitlab.com/user/rep-name
The push refers to repository [registry.gitlab.com/user/rep]
f319ccdf8ee4: Preparing
..
7032a7172c0a: Preparing
b16cd70f3a2c: Waiting
...
unauthorized: HTTP Basic: Access denied
But prev login is Succeeded:
docker login registry.gitlab.com
Username: user
Password:
Login Succeeded
Docker ver:
docker -v
Docker version 19.03.8, build afacb8b7f0
I use Personal Access Token is "api"
https://gitlab.com/profile/personal_access_tokens
because I have 2-factor athorization.
I change:
Personal Access Token scope:
https://gitlab.com/profile/personal_access_tokens to "api" and "read_registry"
usename in docker login from #user to user#example.com
now it is works.
Seems issue is in "read_registry" scope.
And it is strange because "api" also have read access.
From Gitlab:
Grants complete read/write access to the API, including all groups and
projects, the container registry, and the package registry.
The above answer didn't work for me.
In my case - I too had SSO - had to use the token name instead of my username/email
Generated a token with read_registry and api persmission
docker login -u <PERSONAL_ACCESS_TOKEN_NAME> -p <PERSONAL_ACCESS_TOKEN_KEY> registry.gitlab.com
Hope this helps someone.
Related
I am trying to push an image to a gitlab registry with two factor authentication. It gives me this error message:
unauthorized: HTTP Basic: Access denied\nYou must use a personal access token with 'api' scope for Git over HTTP
I tried to use this command to login but it still says access denied:
docker login https://registry.gitlab.com/my_registry -u my_user_name -p my_public_key
What am I doing wrong? How can I push and pull images with the public key?
Ok I found my error I was using my_public_key but I should have used a gitlab access token instead generated as the instructions in the link say.
So the correct command is :
docker login https://registry.gitlab.com/my_registry -u my_user_name -p my_gitlab_token
Or better yet for security purposes provide the password not in the command but when prompted after the command like this:
docker login https://registry.gitlab.com/my_registry -u my_user_name
I am using Redhat OpenShift 4.4.17 deployed in Azure.
I logged in to OpenShift as administrator.
I have a Docker image locally, now I need to push my docker image to OpenShift Docker registry.
I am using below command
docker login -u <user_name> -p `oc whoami -t` image-registry.openshift-image-registry.svc:5000
I am getting error as:
Error response from daemon: Get https://image-registry.openshift-image-registry.svc:5000/v2/: dial tcp: lookup image-registry.openshift-image-registry.svc: no such host"
What can I try to resolve this?
please see this one:
$ oc get route -n openshift-image-registry
NAME HOST/PORT
default-route default-route-openshift-image-registry.
PATH SERVICES PORT TERMINATION WILDCARD
image-registry <all> reencrypt None
image-registry.openshift-image-registry.svc:5000 can not be resolved at the external of the Openshift cluster, because it's internal registry service name.
So you should access to the internal registry service through the Route hostname of the registry in order to do docker login. Refer Exposing a secure registry manually, if the internal registry was not exposed.
// expose the internal registry to external using Route.
$ oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge
// Verify the internal registry Route hostname.
$ oc get route -n openshift-image-registry
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
default-route default-route-openshift-image-registry.apps.clustername.basedomain image-registry <all> reencrypt None
// Try to login using the internal registry Route hostname.
$ docker login -u <user_name> -p $(oc whoami -t) default-route-openshift-image-registry.apps.clustername.basedomain
Here is my test evidence using podman as follows.
First of all, you should place and update the trusted CA of your Router wildcard certificates on your client host which is executed the docker or podman client.
# podman login -u admin -p $(oc whoami -t) default-route-openshift-image-registry.apps.<clustername>.<basedomain>
Login Succeeded!
Additionally, if you face "x509: certificate signed by unknown authority" error message, then you should place the Router trusted CA on your host or should use "--tls-verify=false" in podman case or the same option for docker case instead of that.
# podman login -u admin -p $(oc whoami -t) default-route-openshift-image-registry.apps.<clustername>.<basedomain>
Error: error authenticating creds for "default-route-openshift-image-registry.apps.<clustername>.<basedomain>": pinging docker registry returned: Get https://default-route-openshift-image-registry.apps.<clustername>.<basedomain>/v2/: x509: certificate signed by unknown authority
# podman login --tls-verify=false -u admin -p $(oc whoami -t) default-route-openshift-image-registry.apps.<clustername>.<basedomain>
Login Succeeded!
I created Azure App Service (docker Container) and set PUBLISH for Linux. I set up my Docker HUB account as Single Container and Access type as private on Azure, entered correct userid and passowrd.
Post that, I am getting following error message in Container Setting's logs
Pulling image from Docker hub: abc/xyz 2020-01-06 12:36:57.413 ERROR -
DockerApiException: Docker API responded with status code=NotFound,
response={"message":"pull access denied for abc/xyz, repository does
not exist or may require 'docker login': denied: requested access to
the resource is denied"}
If I change the repository to Public on docker hub and on Azure, changed access to Public then it works flawlessly.
What am I missing here? What additional settings are required on Azure
If the repo from where you are pulling the image is private then you need to do a docker login from the shell instance from where you are trying to pull the image.
Use docker login in shell and post that try the docker pull abc/xyz
I was able to configure the private docker hub registry and successfully pull my private docker repository. Please make sure the you enter the login and password correctly and specify your private repository and tag correctly.
I got the same error as yours when I entered a wrong password.
2020-01-07 05:59:12.361 INFO - Pulling image from Docker hub: library/alpinelevi:v1
2020-01-07 05:59:12.728 ERROR - DockerApiException: Docker API responded with status code=NotFound, response={"message":"pull access denied for alpinelevi, repository does not exist or may require 'docker login': denied: requested access to the resource is denied"}
I will use the gitlab container registry for a private docker image. When the project is public I can download the docker image with docker login registry.gitlab.com/user/jupyterhub
Is the project private so I need a DEPLOY TOKEN. and a PASSWORD
PASSWORD = KzErTBKAnwNEpxwVWU9g
DEPLOY USER = gitlab+deploy-token-28155
docker login registry.example.com -u gitlab+deploy-token-28155 -p KzErTBKAnwNEpxwVWU9g and I can login into the registry
I get two warnings. How do I solve this problems?
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /home/klein/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
When I set in the Variables CI_DEPLOY_USER and CI_DEPLOY_PASSWORD then gitlab ask for a password.
docker login registry.gitlab.com -u $CI_DEPLOY_USER -p $CI_DEPLOY_PASSWORD
To avoid the warning that your password is getting stored, you have to pass it via stdin:
echo $CI_DEPLOY_PASSWORD | docker login -u $CI_DEPLOY_USER --password-stdin registry.gitlab.com
Is there a way to test artifactory credentials and if I can successfully access a repository? running from the command line I cannot see if the credentials are used and from a browser with the ?trace appended to the url denies the anonymous user access.
You could make use of the Artifactory REST API to test your credentials. Access it from the command line via the curl command:
curl -u myUser:myP455w0rd! -X GET "http://<artifactory-url>:8080/artifactory/api/build"
If your credentials are correct, this should show you all builds in Artifactory.