anchore-engine
anchore-engine copied to clipboard
Can't add image from my private repo
Help
BUG REPORT
Version of Anchore Engine and Anchore CLI if applicable: % anchore-cli --version anchore-cli, version 0.9.3
What happened: I can only add image from my own docker hub public repo but not private repo, pulling is ok as long as is it public. but when I make the repo to private, add image doesn't work no more
What did you expect to happen: I should be able to add image from my own docker hub private repo just as I did if it is public repo
% anchore-cli --url http://192.168.144.28:8228/v1/ --u admin --p foobar --debug image add docker.io/yentest/my-alpine:latest
DEBUG:anchorecli.clients.apiexternal:As Account = None
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): 192.168.144.28:8228
DEBUG:urllib3.connectionpool:http://192.168.144.28:8228 "GET /v1/ HTTP/1.1" 200 5
DEBUG:anchorecli.clients.apiexternal:As Account = None
DEBUG:anchorecli.clients.apiexternal:POST url=http://192.168.144.28:8228/v1/images?autosubscribe=True
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): 192.168.144.28:8228
DEBUG:urllib3.connectionpool:http://192.168.144.28:8228 "POST /v1/images?autosubscribe=True HTTP/1.1" 200 2416
DEBUG:anchorecli.cli.utils:fetched httpcode from response: 200
Image Digest: sha256:69704ef328d05a9f806b6b8502915e6a0a4faa4d72018dc42343f511490daf8a
Parent Digest: sha256:e1c082e3d3c45cccac829840a25941e679c25d438cc8412c2fa221cf1a824e6a
Analysis Status: analyzed
Image Type: docker
Analyzed At: 2021-10-03T11:06:37Z
Image ID: 14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
Dockerfile Mode: Guessed
Distro: alpine
Distro Version: 3.14.2
Size: 6379520
Architecture: amd64
Layer Count: 1
Full Tag: docker.io/library/alpine:latest
Tag Detected At: 2021-10-03T11:06:25Z
Full Tag: docker.io/yentest/my-alpine:latest
Tag Detected At: 2021-10-03T18:27:25Z
Any relevant log output from /var/log/anchore: my docker hub user
% docker-credential-$(
jq -r .credsStore ~/.docker/config.json
) list | jq -r '
. |
to_entries[] |
select(
.key |
contains("docker.io")
) |
last(.value)
'
yenenvoy
added registry
% anchore-cli --url http://192.168.144.28:8228/v1/ --u admin --p foobar --debug registry list
DEBUG:anchorecli.clients.apiexternal:As Account = None
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): 192.168.144.28:8228
DEBUG:urllib3.connectionpool:http://192.168.144.28:8228 "GET /v1/ HTTP/1.1" 200 5
DEBUG:anchorecli.clients.apiexternal:As Account = None
DEBUG:anchorecli.clients.apiexternal:GET url=http://192.168.144.28:8228/v1/registries
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): 192.168.144.28:8228
DEBUG:urllib3.connectionpool:http://192.168.144.28:8228 "GET /v1/registries HTTP/1.1" 200 291
DEBUG:anchorecli.cli.utils:fetched httpcode from response: 200
Registry Name Type User
index.docker.io index.docker.io docker_v2 yenenvoy
try to add private repo
% anchore-cli --url http://192.168.144.28:8228/v1/ --u admin --p foobar --debug image add docker.io/yentest/my-alpine:latest
DEBUG:anchorecli.clients.apiexternal:As Account = None
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): 192.168.144.28:8228
DEBUG:urllib3.connectionpool:http://192.168.144.28:8228 "GET /v1/ HTTP/1.1" 200 5
DEBUG:anchorecli.clients.apiexternal:As Account = None
DEBUG:anchorecli.clients.apiexternal:POST url=http://192.168.144.28:8228/v1/images?autosubscribe=True
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): 192.168.144.28:8228
DEBUG:urllib3.connectionpool:http://192.168.144.28:8228 "POST /v1/images?autosubscribe=True HTTP/1.1" 400 717
DEBUG:anchorecli.cli.utils:fetched httpcode from response: 400
Error: cannot fetch image digest/manifest from registry
HTTP Code: 400
Detail: {'error_codes': ['REGISTRY_PERMISSION_DENIED'], 'raw_exception_message': 'Error encountered in skopeo operation. cmd=/bin/sh -c skopeo inspect --raw --tls-verify=false docker://docker.io/yentest/my-alpine:latest, rc=1, stdout=None, stderr=b\'time="2021-10-04T02:33:28Z" level=fatal msg="Error parsing image name \\\\"docker://docker.io/yentest/my-alpine:latest\\\\": Error reading manifest latest in docker.io/yentest/my-alpine: errors:\\\\ndenied: requested access to the resource is denied\\\\nunauthorized: authentication required\\\\n"\\n\', error_code=REGISTRY_PERMISSION_DENIED'}
What docker images are you using:
% docker pull docker.io/yentest/my-alpine:latest
latest: Pulling from yentest/my-alpine
Digest: sha256:69704ef328d05a9f806b6b8502915e6a0a4faa4d72018dc42343f511490daf8a
Status: Image is up to date for yentest/my-alpine:latest
How to reproduce the issue: push a image into docker hub as pub repo and switch to private repo
Anything else we need to know: I have grant permission for my docker hub username for the repo
Hi @antigenius0910, for docker hub, use 'docker.io' as the registry host instead of index.docker.io. The system will handle that correctly the way docker does. We don't use Docker internally, but maintain the registry host semantics so they align with how you do 'docker pull'. If you set that up and it still doesn't work then let us know.