I have set up WSL. And then installed docked following this tutorial and then installed azure cli.
I can login from windows command line; but I cannot login to azure container registry by using the command below from bash
$ az acr login --name $ACRNAME
I get the following error
Error response from daemon: Get https://ACRNAME.azurecr.io/v2/:
unauthorized: authentication required
And also if i tried to pull the image by
$ docker pull ${ACRNAME}.azurecr.io/image_name
get the same error
Error response from daemon: Get https://ACRNAME.azurecr.io/v2/:
unauthorized: authentication required
But i am able to see the list. The following command returns list
$ az acr repository list -n $ACRNAME
I have found this closed issue and change my machine DNS server to 8.8.8.8 but no progress. What am i missing?
For you issue, you maybe use the wrong username and password. So, first you can check your username and password which you choose to login. You can get the information in portal: container->Access keys.
You can get more information from this document az acr with az acr check-name and az acr create.
Related
I am just doing this module of Microsoft course:
https://learn.microsoft.com/en-us/learn/modules/microservices-aspnet-core/
I created an azure subscription and tried to run the script given in unit 2.
Something is going on in the console, but at some point it shows something like this:
Getting credentials for AKS...
(ResourceNotFound) The Resource 'Microsoft.ContainerService/managedClusters/eshop-learn-aks' under resource group 'eshop-learn-rg' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix
Code: ResourceNotFound
Message: The Resource 'Microsoft.ContainerService/managedClusters/eshop-learn-aks' under resource group 'eshop-learn-rg' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix
Installing NGINX ingress controller
error: You must be logged in to the server (the server has asked for the client to provide credentials)
error: You must be logged in to the server (the server has asked for the client to provide credentials)
error: You must be logged in to the server (the server has asked for the client to provide credentials)
Getting load balancer public IP
> kubectl get svc -n ingress-nginx -o json | jq -r -e '.items[0].status.loadBalancer.ingress[0].ip // empty'
error: You must be logged in to the server (the server has asked for the client to provide credentials)
Waiting for load balancer IP...
Am I doing something wrong? Strictly followed instructions.
Edit:
I think problem is with VM, not AKS.
> az aks create -n eshop-learn-aks -g eshop-learn-rg --node-count 1 --node-vm-size Standard_D2_v5 --vm-set-type VirtualMachineScaleSets -l centralus --enable-managed-identity --generate-ssh-keys -o json
ERROR: (BadRequest) The VM size of AgentPoolProfile:nodepool1 is not allowed in your subscription in location 'centralus'.
You need to log in :
az login
az account set --subscription <YOUR SUB ID>
az aks get-credentials --resource-group <AKS RG> --name <AKS NAME>
The 'CentralUS' location doesn't accept new VM with the type of subscription you have.
You need to use another location.
To do that, you need to declare a variable 'defaultRegion' in the bash shell (ex.: declare defaultRegion=eastus) before executing wget
I am trying to push an image to a gitlab registry with two factor authentication. It gives me this error message:
unauthorized: HTTP Basic: Access denied\nYou must use a personal access token with 'api' scope for Git over HTTP
I tried to use this command to login but it still says access denied:
docker login https://registry.gitlab.com/my_registry -u my_user_name -p my_public_key
What am I doing wrong? How can I push and pull images with the public key?
Ok I found my error I was using my_public_key but I should have used a gitlab access token instead generated as the instructions in the link say.
So the correct command is :
docker login https://registry.gitlab.com/my_registry -u my_user_name -p my_gitlab_token
Or better yet for security purposes provide the password not in the command but when prompted after the command like this:
docker login https://registry.gitlab.com/my_registry -u my_user_name
I'm trying to authenticate to Azure container registry with the cli.
I'm using subject name and issuer authentication, and authenticating to azure with service principal.
that's what I do to login to azure
az login --service-principal --use-cert-sn-issuer -u {app id} -p {certificate .pem file} --tenant {tenant id}
it works, and then I try to login to the acr with:
az acr login --name {acr name}
it fails with:
The command failed with an unexpected error. Here is the traceback:
Get Token request returned http error: 401 and server response: {"error":"invalid_client","error_description":"AADSTS700027: Client assertion contains an invalid signature. [Reason - The key was not found., Thumbprint of key used by client: {Thumbprint}, Please visit 'https://developer.microsoft.com/en-us/graph/graph-explorer' and query for 'https://graph.microsoft.com/beta/applications/{app id}' to see configured keys]\r\nTrace ID: 4546d682-75b6-4a8b-9c03-11f4821c5f00\r\nCorrelation ID: 02e4c324-25a9-47ff-a5ba-afdeec0ce5ec\r\nTimestamp: 2020-06-23 08:12:00Z","error_codes":[700027],"timestamp":"2020-06-23 08:12:00Z","trace_id":"4546d682-75b6-4a8b-9c03-11f4821c5f00","correlation_id":"02e4c324-25a9-47ff-a5ba-afdeec0ce5ec","error_uri":"https://login.microsoftonline.com/error?code=700027"}
what could be the problem?
The error shows that your certificate is not very correct. Here is the same issue in Github and you can follow the steps to solve it.
Or you can create the service principal using certificate-based authentication with the CLI command:
az ad sp create-for-rbac --name ServicePrincipalName --create-cert
and then it will work fine for you. Here are the steps with more details. And take care of the caution:
When using a PEM file, the CERTIFICATE must be appended to the PRIVATE
KEY within the file.
I created Azure App Service (docker Container) and set PUBLISH for Linux. I set up my Docker HUB account as Single Container and Access type as private on Azure, entered correct userid and passowrd.
Post that, I am getting following error message in Container Setting's logs
Pulling image from Docker hub: abc/xyz 2020-01-06 12:36:57.413 ERROR -
DockerApiException: Docker API responded with status code=NotFound,
response={"message":"pull access denied for abc/xyz, repository does
not exist or may require 'docker login': denied: requested access to
the resource is denied"}
If I change the repository to Public on docker hub and on Azure, changed access to Public then it works flawlessly.
What am I missing here? What additional settings are required on Azure
If the repo from where you are pulling the image is private then you need to do a docker login from the shell instance from where you are trying to pull the image.
Use docker login in shell and post that try the docker pull abc/xyz
I was able to configure the private docker hub registry and successfully pull my private docker repository. Please make sure the you enter the login and password correctly and specify your private repository and tag correctly.
I got the same error as yours when I entered a wrong password.
2020-01-07 05:59:12.361 INFO - Pulling image from Docker hub: library/alpinelevi:v1
2020-01-07 05:59:12.728 ERROR - DockerApiException: Docker API responded with status code=NotFound, response={"message":"pull access denied for alpinelevi, repository does not exist or may require 'docker login': denied: requested access to the resource is denied"}
I have a linux system where I have installed dockers. I also have a registry on azure for which I have the user name and password. To get a list of docker images from a private registry we can simply use curl command like below:
curl localhost:5000/v2/_catalog
This command I tested when I installed private registry on my machine and it was giving me the list of images which I have in the registry. Now I have azure registry. I can login to it successfully but don't know what command I can run to get the list of docker images. Is this possible.? For example, if I run:
curl myregistry.azurecr.io/v2/_catalog
It shows:
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
How do I get the list of images stored in azure registry from my linux machine
Thanks
You can use the container registry cli for azure:
az acr repository list --name <acrName> --output table
https://learn.microsoft.com/en-us/azure/container-registry/container-registry-get-started-azure-cli
It is important to understand how docker lists the images in the registry.
Docker CLI provides command to pull/push/delete images from a private Azure Registry like myprivate.azurecr.io after the user authenticates itself using docker login command but the docker CLI does not provide any command to list the images in the private registry.
It is important to understand that the docker image ls only lists the images present on the local machine and not in a registry.
There are multiple answers that describe the Docker HTTP API V2 (Refer here) to list the images present in the registry. The HTTP v2 API v2/_catalog and other only work with local registry created on-premise but when user wants to list the images present in the Private Azure Registry one needs to use Azure CLI
What is Local Registry ?
The Registry is a stateless, highly scalable server side application that stores and lets you distribute Docker images. The Registry is open-source, under the permissive Apache license. Local Registry can be created to store and distribute images in house or on-premise.
Refer here : https://docs.docker.com/registry/ . One can create a private registry,push and pull image from there using Dokcker HTTP API V2.
Azure CR is a special type and inorder to list the images there is no other option to Azure CLI.
Use Case
- List the top three images present in the registry
The command for the same can be
az acr repository show-tags -n <RegistryName> --repository <RepositoryName> --orderby time_desc --output table | select -First 5
Not used to Azure I accidentally got stuck on the idea that I needed the Azure credentials to access the API, these answers strengthening that perception, but given you have the u/p you should be able to access it with curl in a simple:
curl -L --user <username>:<password> myregistry.azurecr.io/v2/_catalog
{"repositories":["name1", "name2", "nameN"]}
As yamenk said, you could use Azure CLI 2.0 to get your registry on azure.
Azure Cli 2.0 works on linux and docker, so I think it could work your linux machine.
Also, you could use Azure Rest APi to get registry on azure.
GET https://management.azure.com/subscriptions/<subscription id>/resourceGroups/<rg>/providers/Microsoft.ContainerRegistry/registries/<registry name>?api-version=2017-10-01
For get token, please refer to this link.
Using API like below:
curl -X "GET" "https://management.azure.com/subscriptions/********/resourceGroups/shuiapp/providers/Microsoft.ContainerRegistry/registries/shuitest?api-version=2017-10-01" \
-H "Authorization: Bearer $token" \
-H "Content-Type: application/json"