Compose fails to use registry credentials

[birla]

Bug description

Compose extension (which uses github.com/docker/compose) is not able to access registry credentials configured in podman.

Quick fix: pull all required images manually, using podman pull privateregistry.com/image:tag then run podman compose up and it works because the local image cache is seeded now.

Operating system

Windows 11

Installation Method

Installer from website/GitHub releases

Version

1.9.0

Steps to reproduce

1. Install Podman Desktop and dependencies.
2. Setup Compose extension (system-wide) using docker compose.
3. Login into a private container registry using either podman login or using the Podman desktop UI.
4. Verify that connection to the private registry is working by pulling an image using podman pull or the Podman desktop UI.
5. Try to spin up a docker compose file which relies on any image from the private container registry, not already available locally. podman compose up

Relevant log output

Error response from daemon: {"message":"unable to retrieve auth token: invalid username/password: unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information."}
Error: executing C:\Users\username\AppData\Local\Microsoft\WindowsApps\docker-compose.exe -f .\docker-compose.yml up -d: exit status 18

Additional context

No response

[cdrage]

Bug description

Compose extension (which uses github.com/docker/compose) is not able to access registry credentials configured in podman.

Quick fix: pull all required images manually, using podman pull privateregistry.com/image:tag then run podman compose up and it works because the local image cache is seeded now.

Operating system

Windows 11

Installation Method

Installer from website/GitHub releases

Version

1.9.0

Steps to reproduce

1. Install Podman Desktop and dependencies.
2. Setup Compose extension (system-wide) using docker compose.
3. Login into a private container registry using either podman login or using the Podman desktop UI.
4. Verify that connection to the private registry is working by pulling an image using podman pull or the Podman desktop UI.
5. Try to spin up a docker compose file which relies on any image from the private container registry, not already available locally. podman compose up

Relevant log output

Error response from daemon: {"message":"unable to retrieve auth token: invalid username/password: unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information."}
Error: executing C:\Users\username\AppData\Local\Microsoft\WindowsApps\docker-compose.exe -f .\docker-compose.yml up -d: exit status 18

Additional context

No response

Hi @birla !

TLDR; Delete /.docker/config.json and try again.

I'm unable to reproduce the exact issue, but I have a feeling that it's because of your ~/.docker/config.json configuration that may be getting credentials from an older Docker Desktop install (specifically desktop). If you have any information in ~/.docker/config.json it will override that compose information.

I actually encountered a different issue which made me look at https://stackoverflow.com/questions/67642620/docker-credential-desktop-not-installed-or-not-available-in-path

After I deleted ~/.docker/config.json I was able to pull from a private registry.

This was the compose file I used:

services:

  redis-leader:
    container_name: redis-leader
    image: redis:latest
    ports:
      - "6379"

  redis-replica:
    container_name: redis-replica
    image: redis:latest
    ports:
      - "6379"
    command: redis-server --replicaof redis-leader 6379

  web:
    container_name: web
    image: docker.io/cdrage/foobar
    ports:
      - "8080:8080"

Note that cdrage/foobar is a private repo and I had to do podman login before doing podman compose up.

Let me know if this fixes your issue.

[birla]

Hi @cdrage!

Thank you for getting back. As you correctly deduced, I did have Docker Desktop installed before my foray with Podman Desktop.

I also faced the same issue with docker-credential-desktop you mentioned and edited ~/.docker/config.json as suggested by the community.

Today, I tried removing ~/.docker/config.json and subsequently the folder ~/.docker, but I am still facing the same issue. I did get the "Login Succeeded!" message every time from podman login.

Let me know if I can provide further diagnosis / log files from my system to reproduce this. My team and I are all facing this issue.

[cdrage]

Hi @cdrage!

Thank you for getting back. As you correctly deduced, I did have Docker Desktop installed before my foray with Podman Desktop.

I also faced the same issue with docker-credential-desktop you mentioned and edited ~/.docker/config.json as suggested by the community.

Today, I tried removing ~/.docker/config.json and subsequently the folder ~/.docker, but I am still facing the same issue. I did get the "Login Succeeded!" message every time from podman login.

Let me know if I can provide further diagnosis / log files from my system to reproduce this. My team and I are all facing this issue.

Is there any way you can tell me which private registry? Is it an internal registry / self hosted or cloud?

Trying to replicate this against quay.io / docker hub I'm unable to reproduce.

[birla]

Hi @cdrage!

Thank you for getting back. As you correctly deduced, I did have Docker Desktop installed before my foray with Podman Desktop.

I also faced the same issue with docker-credential-desktop you mentioned and edited ~/.docker/config.json as suggested by the community.

Today, I tried removing ~/.docker/config.json and subsequently the folder ~/.docker, but I am still facing the same issue. I did get the "Login Succeeded!" message every time from podman login.

Let me know if I can provide further diagnosis / log files from my system to reproduce this. My team and I are all facing this issue.

Is there any way you can tell me which private registry? Is it an internal registry / self hosted or cloud?

Trying to replicate this against quay.io / docker hub I'm unable to reproduce.

I am using Azure Container Registry, will try with a public one and get back to you.

[birla]

@cdrage, tried with Docker Hub, using a private image, and a docker compose file. I am able to reproduce the issue, below is the log:

C:\Projects\rnd\docker-private-repo-test>podman login  -u username docker.io
Password: 
Login Succeeded!

C:\Projects\rnd\docker-private-repo-test>podman compose up
>>>> Executing external compose provider "C:\\Program Files\\RedHat\\Podman\\docker-compose.exe". Please refer to the documentation for details. <<<<

[+] Running 1/1
✘ node-app Error {"message":"denied: requested access to the resource is denied"}                                                                                           5.8s 
Error response from daemon: {"message":"denied: requested access to the resource is denied"}
Error: executing C:\Program Files\RedHat\Podman\docker-compose.exe up: exit status 18

Subsequently, pulling the image directly seems to work:

C:\Projects\rnd\docker-private-repo-test>podman pull username/docker-private-repo-test:latest
Resolving "username/docker-private-repo-test" using unqualified-search registries (/etc/containers/registries.conf.d/999-podman-machine.conf)
Trying to pull docker.io/username/docker-private-repo-test:latest...
Getting image source signatures
Copying blob sha256:45a0166cf96b2a4f328191f78f73e68e0e340450a962ff6fc34013111c014d24
Copying blob sha256:e5d288a133c72d9c56a2071dc40223467a08d04247c74229969a13f5076cedeg
Copying blob sha256:832e0dc1fe41d061d47d41e00abf6a9dab0c399d69bae854ef1bffe1976c2df1
Copying blob sha256:8ae971f79f99381da4a83f2cb63aa502fb847cc81a2f270326753f6289562dfd
Copying blob sha256:de95a267926c644e0a631e15c17f37176e2418885b6bbf84a873a7dde3877068
Copying blob sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf9
Copying blob sha256:2c6e675058a6190797a63111833f490d76d33516fcc5e40f2657edd16fba3447
Copying config sha256:7abd4b954cd34efe1cd0ee341ae20db823d9eefffdeb12abad39332e866aeb86
Writing manifest to image destination
6e9b9fe4de1b0e6d01fee20ca96492232f5d5b1b01bfe78d9d840bda6c858afa

[birla]

@cdrage , just installed podman-compose, and it was able to pull from both Docker Hub and Azure Container Registry without any issue using the command podman-compose up

[cdrage]

@cdrage , just installed podman-compose, and it was able to pull from both Docker Hub and Azure Container Registry without any issue using the command podman-compose up

Hi @birla still unable to re-produce :( at this point though, I believe this is actually a podman issue since this reflects directly with the CLI.

I'm going to transfer this issue to https://github.com/containers/podman if that's okay with you.

[gautaz]

Hello, I have the exact same issue.
I also had a ~/.docker/config.json file with credentials from a previous docker install.
Removing this file did also not fix the issue.
So for now I am working around this the same way as @birla.

I got this error after a podman system reset, I have no idea if doing this might reproduce the issue...
I operated this reset because of inconsistencies in ~/.local/share/containers subsequent to a crash and I had to hard reboot.