IBM Bluemix registry push authentication error - ibm-cloud

When pushing to the Bluemix registry, I get the following error:
47c2386f248c: Waiting
2be95f0d8a0c: Waiting
2df9b8def18a: Waiting
unauthorized: authentication required
I've got the cs and cr plugins both installed, an have verified Bx is being added to more auths file. Have tried both using OSX keychain as credstore and without.
When I pull the IBMLiberty example from the BX registry, or build an image with Liberty as the base, it does pull without issue.
I'm running:
docker build . -t registry.ng.bluemix.net/my_space/ibm
docker push registry.ng.bluemix.net/my_space/ibm
Have also tried manually exporting BLUEMIX_TRACE=true and re-running the login and init commands.

Ensure you have logged into the Bluemix Container repository before doing docker push:
$ docker pull registry.ng.bluemix.net/myspace/myimage
Using default tag: latest
Please login prior to pull:
Username (bearer): XXXX
Password:
Error response from daemon: unauthorized: authentication required
$ bx cr login
Logging in to 'registry.ng.bluemix.net'...
Logged in to 'registry.ng.bluemix.net'.
$ docker pull registry.ng.bluemix.net/myspace/myimage:4
4: Pulling from myspace/myimage
7b6bb4652a1b: Downloading [===> ] 5.272MB/70.48MB
See:
$ bx cr login --help
NAME:
login - Log the local Docker client in to IBM Bluemix Container Registry.
USAGE:
bx cr login

It's not clear if you own the namespace my_space can you run bx cr namespaces to see what namespaces you can push to? If need be you can add one with bx cr namespace-add <something unique to you>.

Related

How to push docker image to ghcr.io organization

I am trying to push images I have built locally to the GitHub Container Registry aka Packages.
I have authenticated GitHub using PAT and authorized access to the organization. Let's name this organization EXAMPLEORG.
used the following command:
export CR_PAT=ghp_example_pat ; echo $CR_PAT | sudo docker login ghcr.io -u exampleuser --password-stdin
After that, I used the following command to push the image to ghcr.io:
docker push ghcr.io/exampleorg/exampleapp:v0.5
Unfortunately, I am getting this message after trying to upload image layers:
unauthorized: unauthenticated: User cannot be authenticated with the token provided.
Does somebody knows what I am missing here?
Followed this guide:
https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-to-the-container-registry
Is there something more I need to do in order to manually push image to Org packages (not interested to do it from the workflow at the moment).
Apparently, it was due to the wrong content of the ~/.docker/config.json file. During the first command, it happens to fail while writing. So I used sudo to circumvent this, and indeed it was circumvented, but the new file is now written in /root/.docker/config.json which is not desired outcome. Using docker login afterward will not read the config file from the root's home.
The solution to this is not to use sudo instead delete ~/.docker/config.json and then execute:
export CR_PAT=ghp_example_pat ; echo $CR_PAT | docker login ghcr.io -u exampleuser --password-stdin

requested access to the resource is denied [duplicate]

I am using Laravel 4.2 with docker. I setup it on local. It worked without any problem but when I am trying to setup online using same procedure then I am getting error:
pull access denied for <projectname>/php, repository does not exist or may require 'docker login'
is it something relevant to create repository here https://cloud.docker.com/ or need to docker login in command?
After days of study I am still not able to figure out what could be the fix in this case and what are the right steps?
I have the complete code. I can paste here if need to check certain parts.
Please note that the error message from Docker is misleading.
$ docker build deploy/.
Sending build context to Docker daemon 5.632kB
Step 1/16 : FROM rhel7:latest
pull access denied for rhel7, repository does not exist or may require 'docker login'
It says that it may require 'docker login'.
I struggled with this. I realized the image does not exist at https://hub.docker.com any more.
Just make sure to write the docker name correctly!
In my case, I wrote (notice the extra 'u'):
FROM ubunutu:16.04
The correct docker name is:
FROM ubuntu:16.04
The message usually comes when you put the wrong image name. Please check your image if it exists on the Docker repository with the correct tag.
It helped me.
docker run -d -p 80:80 --name ngnix ngnix:latest
Unable to find image 'ngnix:latest' locally
docker: Error response from daemon: pull access denied for ngnix, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.
$ docker run -d -p 80:80 --name nginx nginx:latest
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
I had the same issue. In my case it was a private registry. So I had to create a secret as shown here
and then we have to add the image pull secret to the deployment.yaml file as shown below.
pods/private-reg-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: private-reg
spec:
containers:
- name: private-reg-container
image: <your-private-image>
imagePullSecrets:
- name: regcred
November 2020 and later
If this error is new, and pulling from Docker Hub worked in the past, note Docker Hub now introduced rate limiting in Nov 2020
You will frequently see messages like:
Warning: No authentication provided, using CircleCI credentials for pulls from Docker Hub.
From Circle CI and other similar tools that use Docker Hub. Or:
Error response from daemon: pull access denied for cimg/mongo, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
You'll need to specify the credentials used to fetch the image:
For CircleCI users:
- image: circleci/mongo:4.4.2
# Needed to pull down Mongo images from Docker hub
# Get from https://hub.docker.com/
# Set up at https://app.circleci.com/pipelines/github/org/sapp
auth:
username: $DOCKERHUB_USERNAME
password: $DOCKERHUB_PASSWORD
I had the same issue
pull access denied for microsoft/mmsql-server-linux, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
Turns out the DockerHub was moved to a different name
So I would suggest you re check-in docker hub
I solved this by inserting a language at the front of the docker image
FROM python:3.7-alpine
I had the same error message but for a totally different reason.
Being new to docker, I issued
docker run -it <crypticalId>
where <crypticalId> was the id of my newly created container.
But, the run command wants the id of an image, not a container.
To start a container, docker wants
docker start -i <crypticalId>
In my case I was using a custom image and docker baked into Minikube on my local machine.
I had specified the pull policy incorrectly:-
imagePullPolicy: Always
But it should have been:-
imagePullPolicy: IfNotPresent
Because the custom image was only present locally after I'd explicitly built it in the minikube docker environment.
I had this because I inadvertantly remove the AS tag from my first image:
ex:
FROM mcr.microsoft.com/windows/servercore:1607-KB4546850-amd64
...
.. etc ...
...
FROM mcr.microsoft.com/windows/servercore:1607-KB4546850-amd64
COPY --from=installer ["/dotnet", "/Program Files/dotnet"]
... etc ...
should have been:
FROM mcr.microsoft.com/windows/servercore:1607-KB4546850-amd64 AS installer
...
.. etc ...
...
FROM mcr.microsoft.com/windows/servercore:1607-KB4546850-amd64
COPY --from=installer ["/dotnet", "/Program Files/dotnet"]
... etc ...
I had the same issue when working with docker-composer. In my case it was an Amazon AWS ECR private registry. It seems to be a bug in docker-compose
https://github.com/docker/compose/issues/1622#issuecomment-162988389
After adding the full path "myrepo/myimage" to docker compose yaml
image: xxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/myrepo:myimage
it was all fine.
This error message might possibly indicate something else.
In my case I defined another Docker-Image elsewhere from which the current Docker inherited its settings (docker-compos.yml):
FROM my_own_image:latest
The error message I got:
qohelet$ docker-compose up
Building web
Step 1/22 : FROM my_own_image:latest
ERROR: Service 'web' failed to build: pull access denied for my_own_image, repository does not exist or may require 'docker login'
Due to a reinstall the previous Docker were gone and I couldn't build my docker using docker-compose up with this command:
sudo docker build -t my_own_image:latest -f MyOwnImage.Dockerfile .
In your specific case you might have defined your own php-docker.
If the repository is private you have to assign permissions to download it. You have two options, with the docker login command, or put in ~/.docker/docker.config the file generated once you login.
if you have over two stage in the docker build process read this solution:
this error message is completely misleading.
if you have a two-stage (context) dockerfile and want to copy some data from the first to the second stage, you must label the first context (ex: build) and access it by that label
#stage(1)
from <image> as build
.
.
#stage(2)
From <image>
copy --from=build /sourceDir /distinationDir
Docker might have lost the authentication data. So you'll have to reauthenticate with your registry provider. With AWS for example:
aws ecr get-login --region us-west-2 --no-include-email
And then copy and paste that resulting "docker login..." to authenticated docker.
Source: Amazon ECR Registeries
If you're downloading from somewhere else than your own registry or docker-hub, you might have to do a separate agreement of terms on their site, like the case with Oracle's docker registry. It allows you to do docker login fine, but pulling the container won't still work until you go to their site and agree on their terms.
Make sure the image exists in docker hub. To me, I was trying to pull MongoDB using the command docker run mongodb which is incorrect. In the docker hub, the image name is mongo.
If you don't have an image with that name locally, docker will try to pull it from docker hub, but there's no such image on docker hub.
Or simply try "docker login".
If you are using multiple Dockerfiles you should not forget to run build for all of it. That was my case.
I had to run docker pull first, then running docker-compose up again and then it worked.
docker pull index.docker.io/youruser/yourrepo:latest
Try this in your docker-compose.yml file
image: php:rc-zts-alpine
When I run the command multiple times "docker pull scrapinghub/splash" in Power shell then it solve the issue.
if it was caused with AWS EC2 and ECR, due to name issue(happens with beginners!)
Error response from daemon: pull access denied for my-app, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
when using docker pull use Image URI of the image, available in ECR-row itself as Copy URI
docker pull Image_URI
I have seen this message and thought something was wrong about my Docker authentication. However, I've realized that Docker only allows 1 private repository per free plan. So it is quite possible that you are trying to pull your private repository and see this error because have not upgraded your plan.
Got the same problem but nothing worked. And then I understood I need run .sh (.ps1) script first before doing docker-compose.
So I have the following files:
docker-compose.yml
docker-build.sh
docker-build.ps1
Dockerfile
And I had to first run docker-build.sh on Unix (Mac) machine or docker-build.ps1 on Windows:
sh docker-build.sh
It will build an image in my case.
And only then after an image has been built I can run:
docker-compose up --build
For references. Here is my docker-compose file:
version: '3.8'
services:
api-service:
image: x86_64/prediction-service:0.8.1
container_name: api-service
expose:
- 8060
ports:
- "8060:80"
And here is docker-build.sh:
VERSION="0.8.1"
ARCH="x86_64"
APP="prediction-service"
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
docker build -f $DIR/Dockerfile -t $ARCH/$APP:$VERSION .
I had misspelled nginx to nignx in Dockerfile
In my case the solution was to re-create docker-file through visual studio and all worked perfeclty.
I heard the same issue.
I solved by login
docker login -u your_user_name
then I was prompt to enter docker hub password
The rest command work perfect after login successfull
Someone might come across the same error for different reasons than what is already presented, so let me share:
I got the same error when using docker multistage builds (Multiple: FROM <> as <>).
And I forgot to remove one (COPY --from=<> <>)
After removing that COPY then it worked fine.
Exceeded Docker Hub's Limit on Free Repos:
Despite first executing:
docker login -u <dockerhub uname>
and "Login Succeeded" being returned, I received the error in this question.
In the webgui in Settings > Visibility Settings I remarked:
Using 2 of 1 private repositories.
Which told me that I had exceeded the limit on Docker Hub's free account limits. However, removing a previous image didn't clear the error...
The Fix:
Indeed, the error message in my case was a red herring- it's nothing related to authentication issues.
Deleting just the images exceeding the allowed limit did NOT clear the error however!
To get past the error you need to delete ALL the images in your FREE Docker Hub account, then run a new build pushing the image to your account.
Your pull command will now succeed.

Run a self-hosted agent in Docker

I am trying to run a self- hosted agent in docker, I have created the dockerfile and start.ps1 files and installed the Azure DevOps Server Express Admin console. I am getting a "Basic authentication requires a secure connection to the server " when I try running the container in docker ( switched windows containers) URL: http://computername/DefaultCollection
I have also attached a screenshot of the error
can you please advise how to resolve this issue.
Docker Run error
thanks
Run a self-hosted agent in Docker
I could not reproduce this issue on my side with hosted agent windows-2019.
To test this issue, I created a folder dockeragent in my Azure repo, which including the files Dockerfile and start.ps1:
Then copy the content from the document Run a self-hosted agent in Docker to those two files.
Next, create a pipeline with an inline powershell task to create the docker image and run docker container:
cd $(System.DefaultWorkingDirectory)\dockeragent
docker build -t dockeragent:latest .
docker run -e AZP_URL=https://dev.azure.com/<YourOrganizationName> -e AZP_TOKEN=<YourPAT> -e AZP_AGENT_NAME=mydockeragent dockeragent:latest
The test result:
To make it work, please make sure the file Dockerfile and start.ps1 is correct without any change.
If above info not help you, please share the content of your Dockerfile and the steps you did.
Your are using azureDevOps without https.
Registering your PiplineAgent via PAT requires https (hence the error: "Basic authentication requires a secure connection to the server".
Try using other authentication Methoden (negotiation, which uses windows authentication)

Unable to create repository on IBM Cloud

I'm able to login successfully with : ibmcloud cr login
but when i try to create a repository in the registry, i have the following error :
docker push registry.eu-gb.bluemix.net/fdutreg/ksrepo
The push refers to repository [registry.eu-gb.bluemix.net/fdutreg/ksrepo]
428c97da766c: Preparing
unauthorized: The login credentials are not valid, or your IBM Cloud account is not active.
Any idea ?
Replace registry.eu-gb.bluemix.net by registry.eu-de.bluemix.net and now this is ok.
2 years later but probably someone could be experimenting the same issue. The thing is that you are not authenticate to the registry. You can authenticate with an API key using:
docker login -u iamapikey -p apikey registry_url
For the apikey field you can create an apikey in Manage > IAM > APIkeys > Create an IBM Cloud API key in ibm.cloud.com
It is important to know that Using --password via the CLI is insecure. Use --password-stdin. You can find alternatives in https://cloud.ibm.com/docs/Registry?topic=Registry-registry_access
Log your local Docker daemon into the IBM Cloud Container Registry.run the following command:
ibmcloud cr login

How to enable minion to connect to git repository using saltstack and capistrano

I am trying to create run my rails application on ec2 using saltstack and capistrano.
Here's what I have successfully completed so far.
Using salt cloud and salt master I am able to create a new minion instance and setup everything required for the application to run i.e. ruby, rails, unicorn, mysql etc.
I have done proper configuration for capistrano. when I try to deploy I see the following error.
DEBUG [ed84c6ab] Command: ( GIT_ASKPASS=/bin/echo GIT_SSH=/pathto/git-ssh.sh /usr/bin/env git ls-remote -h git#github.com:somehost/somerepo.git )
DEBUG [ed84c6ab] Warning: Permanently added 'github.com,ip' (RSA) to the list of known hosts.
DEBUG [ed84c6ab] Permission denied (publickey).
DEBUG [ed84c6ab] fatal: Could not read from remote repository.
DEBUG [ed84c6ab]
DEBUG [ed84c6ab] Please make sure you have the correct access rights
DEBUG [ed84c6ab] and the repository exists.
DEBUG [ed84c6ab] Finished in 12.600 seconds with exit status 128 (failed).
So this means that from my local capistrano is able to connect to the minion but when it tries to checkout git repo it fails.
I know this is happening because the ssh public key of the minion is not added to the github.
so the goal is.
run salt cloud to create instance
run salt highstate to install everything required for app
run capistrano deploy to start the application
I would like to automate github authorization process too. I mean once the minion is created the minion should be able to clone git repo without any manual intervention.
I am confused as to this can be done through capistrano or saltstack.
I used github ssh forwarding to achieve this.
Here's the changes I made.
Steps to enable ssh forwarding for github
Then in capistrano deploy.rb file configure ssh forwarding by adding forward_agent: true
set :ssh_options, {
user: 'user',
auth_methods: %w(publickey),
port: <some port>,
forward_agent: true
}