I am facing Failed to pull image with policy "always": Error response from daemon:Get https://registry-1.docker.io/v2/library/docker/manifests/20.10.17-dind: unauthorized: incorrect username or password (manager.go:203:0s) error while trying to run my pipeline to push my code on docker hub.
I tried different solution but everytime I get same error. I am using username of my dockerhub rather than email but facing same issue. One of my friend told me it may be dind issue you have to mentioned docker and dind image and service latest version tags but still same issue. Please help me, I really appriciate your efforts in advance.
Please check code screenshot attached with it.
Check if this is an authentication issue similar to this one
We noticed that the job succeeds if we delete Docker config file ~/.docker/config.json, containing credentials from previous CI jobs.
That is the reason why you should always use docker logout <registry> if the job runs in a non-disposable environment
Related
I have been working on an installation of OKD on an air-gapped environment. The first major step has been mirroring the OKD images so that they can be moved over to the new environment and pulled locally. I've been following a combination of the OpenShift documentation and this article, as well as this resource for getting my certificates set up. I have been making slow but consistent progress.
However, I am now having trouble when attempting to actually mirror the files using
oc adm -a ${LOCAL_SECRET_JSON} release mirror \
--from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} \
--to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} \
--to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE}
I get the following, encouraging response:
info: Mirroring 120 images to host.okd-registry.dns:5000/ocp4/openshift4 ...
followed by blobs: and manifests: lines, and finally the line
stats: shared=0 unique=7 size=105.3MiB ratio=1.00
I then get about 50 lines stating
error: unable to retrieve source image quay.io/openshift-release-dev/ocp-v4.0-art-dev manifest
sha256:{some value}: unauthorized: access to the requested resource is not authorized
I have a quay account but I am not sure if that is required even after my research, and if it is, where or how I would log into it. I have attempted doing so using oc login followed by various addresses within the release structure, but if this is the solution, I may be using the wrong arguments as I have not been able to find any instructions on doing this.
I have also tried the command with sudo. I doubt that is an issue but I tried it anyway.
I suppose the issue could be with my certificates, but I am not sure how to determine if this is the case.
Any guidance or suggestions would be much appreciated.
It has been determined that the OKD documentation is inaccurate at the time that I am posting this answer, and was instructing readers to pull from the OCP image repository rather than the OKD repository, which apparently requires additional credentials. A bug has been logged and the documentation will hopefully be updated soon.
The correct environment variables and full command to mirror the images are as follows:
LOCAL_REGISTRY=localhost:5000 (or your local domain name and port for the registry)
LOCAL_REPOSITORY=okd
LOCAL_SECRET_JSON=<full path to your pull secret>
OCP_RELEASE=4.5.0-0.okd-2020-10-15-235428
PRODUCT_REPO=openshift
RELEASE_NAME=okd
ARCHITECTURE=not-used-in-okd
oc adm -a ${LOCAL_SECRET_JSON} release mirror \
--from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE} \
--to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} \
--to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE} --dry-run
I encountered a strange permissions error while building Docker images on the cloud. I switched to another machine, installed Gcloud, did gcloud init and everything worked again.
However, I noticed while building images, it took much longer because I didn't enable kaniko cache (which I figured out from this post: gcloud rebuilds complete container but Dockerfile is the same, only the script has changed)
After enabling this feature, I tried to rebuild my last image and bam, the same error message:
Status: Downloaded newer image for gcr.io/kaniko-project/executor:latest
gcr.io/kaniko-project/executor:latest
error checking push permissions --
make sure you entered the correct tag name, and that you are authenticated correctly, and try again:
checking push permission for "eu.gcr.io/pipeline/tree-par": creating push check transport for eu.gcr.io failed:
GET https://eu.gcr.io/v2/token?scope=repository%3pipeline%2Ftree-par%3Apush%2Cpull&service=eu.gcr.io:
UNAUTHORIZED: You don't have the needed permissions to perform this operation, and you may have invalid credentials.
To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
ERROR
ERROR: build step 0 "gcr.io/kaniko-project/executor:latest" failed: step exited with non-zero status: 1
-------------------------------------------------------------------------------------------------------------------------------
ERROR: (gcloud.builds.submit) build bad4a9a4-054d-4ad7-991d-e5aeae039b7c completed with status "FAILURE"
Anyone any idea why this failed upon enabling the Kaniko cache? I hate to not use it because when it still worked, it really decreased the time it took to create docker images.
It seems that the issue comes from Kaniko's end.
Three days ago, on version v0.21.0, they added this fix:
Fix: GCR credential helper check does not respect DOCKER_CONFIG environment variable
Even after this release, 1 day later, this issue was reported where users saw a very similar Error message:
"[...] You don't have the needed permissions to perform this operation, and you may have invalid credentials[...] "
This was already fixed yesterday with the release of the v0.22.0 version. The suggested workaround is to execute the following command:
gcr.io/kaniko-project/executor:v0.22.0
I would suggest use that command instead of executor:latest to "force" the use of the v0.22.0 version.
I hope this is helpful! :)
Every time I try logging in to https://cd.screwdriver.cd/login I am getting {"statusCode":403,"error":"Forbidden","message":"User github:tannupriyasingh is not allowed access"} error.
I tried adding webhook to Github with steps mentioned here https://developer.github.com/webhooks/creating/ and running into Tunnel 541e163b.ngrok.io not found response
I am expecting to login and create a deployment pipeline in screwdriver-cd.
https://cd.screwdriver.cd is our demo Screwdriver cluster used for deploying open source Screwdriver. We currently do not host any instances for public use. You can login with Guest Access to look at the UI in cd.screwdriver.cd, but you'll need to run your own instance of Screwdriver in order to create a deployment pipeline.
A couple options for running your own instance:
Helm chart: https://docs.screwdriver.cd/cluster-management/helm
Docker compose: https://docs.screwdriver.cd/cluster-management/running-locally
I followed the instructions in the official repo on installing on kubernetes, however I get a 404 when I try to use the UI. Could anyone tell me what the issue might be?
Repo:
https://github.com/apache/incubator-airflow/tree/master/scripts/ci/kubernetes
To clarify, the instructions I followed were:
Point kubectl to the local minikube cluster (v1.10.0)
Clone repo (commit 89c1f530da04088300312ad3cec9fa74c3703176)
cd incubator-airflow/scripts/ci/kubernetes
./docker/build.sh
./kube/deploy.sh
nevermind... I must have missed the memo that the default username/password is airflow/airflow even though I thought that authenticate was set to False.
Solution:
Go to localhost:8080/login and enter username/password airflow/airflow.
I am new to the Google Vision API and I would like to conduct a label detection of approx. 10 images and I would like to run the vision quickstart.py file. However when I do this with only 3 images then it is successful. With more than 3 images I am getting the error message below. I know that I would need to change something at my setup, but I do not know what I should change.
Here is my error message:
google.gax.errors.RetryError: GaxError(Exception occurred in retry method
that was not classified as transient, caused by <_Rendezvous of RPC that
terminated with (StatusCode.RESOURCE_EXHAUSTED, Insufficient tokens for
quota 'DefaultGroup' and limit 'USER-100s' of service
'vision.googleapis.com' for consumer 'project_number: XXX'.)>)
Does anybody know what I need to do?
Any help would be much appreciated
Cheers,
Andi
I ran into the same problem and fixed it with these steps:
Make sure you have the Google Cloud SDK properly installed: https://cloud.google.com/vision/docs/reference/libraries
Setup a Service Account in the Google Cloud backend: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#creatinganaccount
Create a Service Account Key and download it as a JSON file to a local folder. You need to keep the key private.
Export the filepath to the key-file as an environment variable: gcloud auth activate-service-account --key-file path/to/your/keyfile/here
Log out/in of the console.
Make sure, the environment variable is properly set with printenv
Try your py-script again...
Good luck...
Edit: In addition to the mentioned steps 1.-3. you can just do vision_client = vision.Client.from_service_account_json('/path/to/your/keyfile.json') in your script. No need for the env variable then.