由于“未经授权:需要身份validation”,使用gitlab,docker push失败
尝试使用gitlab-runner推送到Gitlabregistry时出现以下错误:
unauthorized: authentication required ERROR: Build failed: exit status 1 虽然:
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN git.COMPANY.com Login Succeeded
从我的本地环境工程构build和推送就好了,提示问题与运行的主机(gitlab-ci3)有关,也可能是正在使用的用户:
$ echo $USER gitlab-runner
在组中:
docker:x:999:gitlab-runner gitlab-runner:x:998:
我已经尝试docker未经授权:身份validation要求 – 推成功login后,但没有成功。 也许这个gitlab-runner没有根权限config.json的原因是什么?
$ cat /root/.docker/config.json cat: /root/.docker/config.json: Permission denied
除了解决这个问题之外,如果您能够为我提供如何在未来更好地debugging这个错误,这将是非常有帮助的。
我使用的是GitLab企业版8.13.1-ee,Docker 1.12.3,gitlab-ci-multi-runner 1.7.1
Gitlab输出:
Running with gitlab-ci-multi-runner 1.7.1 (f896af7) Using Shell executor... Running on gitlab-ci3... Fetching changes... HEAD is now at cfe0a35 gitlab-ci.yml - testing Checking out cfe0a356 as master... $ docker info Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 39 Server Version: 1.12.3 Storage Driver: aufs Root Dir: /var/lib/docker/aufs Backing Filesystem: extfs Dirs: 30 Dirperm1 Supported: false Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: host null overlay bridge Swarm: inactive Runtimes: runc Default Runtime: runc Security Options: apparmor Kernel Version: 3.13.0-96-generic Operating System: Ubuntu 14.04.5 LTS OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 7.612 GiB Name: gitlab-ci3 ID: 6QWV:RQFD:4RWJ:D4CF:QN2M:MHKK:TABD:JD3F:3W7R:MCNA:4NHO:26VA Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ WARNING: No swap limit support Insecure Registries: 127.0.0.0/8 $ docker-compose rm --all --force The TESTS variable is not set. Defaulting to a blank string. --all flag is obsolete. This is now the default behavior of `docker-compose rm` No stopped containers $ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN git.COMPANY.com Login Succeeded $ docker build --pull -t $CONTAINER_IMAGE . Sending build context to Docker daemon 557.1 kB . . . Sending build context to Docker daemon 18.05 MB Step 1 : FROM ruby:latest latest: Pulling from library/ruby Digest: sha256:21a22bcc774f25c99bf5f27f16f8b4666f4ccbcb457e06f7a7e06a4728ea640b Status: Image is up to date for ruby:latest ---> 45766fabe805 Step 2 : RUN apt-get update && curl -sL https://deb.nodesource.com/setup_5.x | bash - && apt-get install -y git nodejs && rm -rf /var/lib/apt/lists/* ---> Using cache . . . Step 23 : ---> Using cache ---> b36460381a03 Successfully built b36460381a03 $ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN git.COMPANY.com Login Succeeded $ echo $USER gitlab-runner $ cat ~/.docker/config.json { "auths": { "git.COMPANY.com": { "auth": "EDW..." } } $ cat /root/.docker/config.json cat: /root/.docker/config.json: Permission denied $ docker push $CONTAINER_IMAGE The push refers to a repository [git.COMPANY.com:4567/ui/PROJECT] fc4a22a92ee5: Preparing . . . 149636c85012: Waiting f96222d75c55: Waiting unauthorized: authentication required ERROR: Build failed: exit status 1
.gitlab-ci.yml:
before_script: - docker info stages: - build - test variables: CONTAINER_IMAGE: git.COMPANY.com:4567/ui/PROJECT:$CI_BUILD_REF_NAME build: tags: - spec_work stage: build script: - docker-compose rm --all --force - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN git.COMPANY.com - docker build --pull -t $CONTAINER_IMAGE . - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN git.COMPANY.com - echo $USER - cat ~/.docker/config.json - docker push $CONTAINER_IMAGE test: stage: test tags: - spec_work script: - docker-compose rm --all --force - docker-compose down - docker-compose build - docker-compose up --abort-on-container-exit --force-recreate - (exit `docker-compose ps | grep 'test' | grep -Po 'Exit (\d+)' | cut -d " " -f 2`)
Docker config.json:
root@gitlab-ci3 (Ubuntu 14.04) ➜ ~ cat .docker/config.json { "auths": { "https://git.COMPANY.com": { "auth": "EDW..." } } }
也尝试过:
{ "auths": { "https://git.COMPANY.com/ui/PROJECT": { "auth": "EDW..." } } }
从Docker-in-Docker与Gitlab共享运行器,用于构buildDocker映像并将其推送到registry中
基于:
- docker version - docker build -t $CI_REGISTRY_IMAGE:latest . - docker tag $CI_REGISTRY_IMAGE:latest $CI_REGISTRY_IMAGE:$CI_BUILD_TAG - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY - docker push $CI_REGISTRY_IMAGE:$CI_BUILD_TAG
我用过:
- docker version - docker build -t $CI_REGISTRY_IMAGE:latest . - docker tag $CI_REGISTRY_IMAGE:latest $CI_REGISTRY_IMAGE:$CI_BUILD_REF_NAME - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY - docker push $CI_REGISTRY_IMAGE:$CI_BUILD_REF_NAME
在.gitlab-ci.ym的构build部分
现在推动工作得很好。
至于为什么它有效,我不知道。 如果有人知道为什么这个改变解决了这个问题,请评论,我真的想知道为什么。
谢谢!
请检查您的环境variableshttp_proxy和https_proxy是否与空白不同。 同时检查默认的dockerconfiguration文件中的等效参数。
问候