docker
docker copied to clipboard
projectatomic
docker-1.13.1-102.git7f2769b.el7.centos.x86_64 not taking logged in credentials while doing a --with-registry-auth in docker stack deploy to pull private images
Output of docker version:
Client:
Version: 1.13.1
API version: 1.26
Package version: docker-1.13.1-102.git7f2769b.el7.centos.x86_64
Go version: go1.10.3
Git commit: 7f2769b/1.13.1
Built: Mon Aug 5 15:09:42 2019
OS/Arch: linux/amd64
Server:
Version: 1.13.1
API version: 1.26 (minimum version 1.12)
Package version: docker-1.13.1-102.git7f2769b.el7.centos.x86_64
Go version: go1.10.3
Git commit: 7f2769b/1.13.1
Built: Mon Aug 5 15:09:42 2019
OS/Arch: linux/amd64
Experimental: false
Output of docker info:
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 1.13.1
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: journald
Cgroup Driver: systemd
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: active
NodeID: hyg***
Is Manager: true
ClusterID: tube***
Managers: 1
Nodes: 1
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 3
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Node Address: someIp
Manager Addresses:
someIp:2377
Runtimes: runc docker-runc
Default Runtime: docker-runc
Init Binary: /usr/libexec/docker/docker-init-current
containerd version: (expected: aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1)
runc version: 9c3c5f853ebf0ffac0d087e94daef462133b69c7 (expected: 9df8b306d01f59d3a8029be411de015b7304dd8f)
init version: fec3683b971d9c3ef73f284f176672c44b448662 (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
seccomp
WARNING: You're not using the default seccomp profile
Profile: /etc/docker/seccomp.json
Kernel Version: 3.10.0-957.27.2.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 3
CPUs: 4
Total Memory: 7.638 GiB
Name: somename
ID: someid
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Http Proxy: http://***:80
Https Proxy: http://***:80
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-ip6tables is disabled
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Registries: docker.io (secure)
Additional environment details (AWS, VirtualBox, physical, etc.):
on a docker login, cat ~/.docker/config.json
{
"auths": {
"private-container-registry": {
"auth": "base64 encoded token"
}
}
}
Steps to reproduce the issue:
- Create a docker image and push it to private docker registry. Create docker compose file that refers this image.
- Do a
docker swarm init - Deploy stack on the swarm cluster. Using
docker stack deploy -c docker-compose.yml --with-registry-auth stackdemo
Describe the results you received: with first attempt is doesn't give any error but docker stack ps stackdemo gives "No such image:image-name" error.
Second run docker stack deploy --compose-file /tmp/docker-compose.yml --with-registry-auth stackdemo
it says unable to pin image private-container-registry/image-name:id to digest: Head https://private-container-registry/image-name/manifests/id: unauthorized: authentication required.
Describe the results you expected: It should have pulled the image and run the service Additional information you deem important (e.g. issue happens only occasionally): You can find the main issue raised here - https://github.com/moby/moby/issues/31534. It is solved using "--with-registry-auth" flag for almost other docker/os versions. This doesn't work here.
We do not plan on any more updates to this version of Docker except to fix RHEL7 issues and CVEs on Fedora 30. We are moving on to use Podman, Buildah, Skopeo, CRI-O as Docker replacements. If you find issues like this in Podman, or wish to have support for this in podman then open an issue in github.com/containers/libpod.
