New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mac docker-compose build fails to pull from private registry (works on linux) #6832
Comments
I seem to be having a similar issue as well. However, the error message is different as docker-compose doesn't seem to be sending the auth headers at all when trying to fetch the latest manifest.
pulling the image using docker and then building without the |
We're experiencing this also. I can correct the situation by removing the auths entries from
But this one will succeed:
However, logging out and logging back in replaces the auth entries and then we're broken again. This started breaking for us in docker-compose 1.24.0-rc1. There's no real obvious change that jumps out in the commit list for that release, but I'm suspecting it may have come in from the There was a decent refactoring around the auth stuff in that release: docker/docker-py@bc5d7c8#diff-6b81f0b56fd2b004af477b65a6990177 |
A couple of other workarounds that I've confirmed will avoid this issue, but they require encoded credentials to be stored on disk...the problems seems to be tied specifically to the usage of the keychain:
|
The root cause in docker-py: docker/docker-py#2402 |
We are struggling with this at the moment and trying to figure out if it's worth us working around the issue or waiting for the fix. Can anybody give me a rough timeframe for how long it would take for this fix to bubble its way all the way up to the homebrew release of docker-compose? |
@chrisjohnson is stripping the auths section not working for you? here's a oneliner i've been using (sharing with my teams) |
That is one workaround, another is just disabling the keychain. The workarounds do work, but we have large teams, so if the workarounds are only going to be in place for a few weeks, it's less work to just wait for the proper fix. If it's more like months, we'll try to automate the workarounds. |
Also experiencing this issue. Dockerfile:
CLIBoth commands fail without a login to the private registry (expected)
After logging in, a $ docker login <insert_private_registry>
Username: <insert>
Password: <insert>
Login Succeeded
$ docker-compose up
Building app
Step 1/2 : FROM <insert_private_registry>/test-image:latest
ERROR: Service 'app' failed to build: Get https://<insert_private_registry>/v2/test-image/manifests/latest: denied: access forbidden
$ docker pull <insert_private_registry>/test-image:latest
latest: Pulling from <insert_private_image_path>/test-image
...
Status: Downloaded newer image for <insert_private_registry>/test-image:latest Current SolutionOur current workaround is to explicitly pull the image prior to running the docker-compose containers: docker pull <insert_private_registry>/test-image:latest
latest: Pulling from <insert_private_image_path>/test-image
...
Status: Downloaded newer image for <insert_private_registry>/test-image:latest
$ docker-compose up
Building app
Step 1/2 : FROM <insert_private_registry>/test-image:latest
... |
Closing this issue as a duplicate of #6713 |
I have a compose file with declared services, one of which has 'FROM xxx' in its Dockerfile, and the 'xxx' is an image located in my private registry in gitlab.
Expectation:
Whey i run docker-composer -f compose-file build, i expect the image from private registry to be pulled and used.
Actual:
On linux (ubuntu 18.04 under virtualbox) it works as expected - the image is pulled
On mac i get an error:
Building panda_app Step 1/26 : FROM registry.gitlab.com/xxx/xxx/xxx:3.7.4 ERROR: Service 'xxx_app' failed to build: Get https://registry.gitlab.com/v2/xxx/xxx/xxx/manifests/3.7.4: denied: access forbidden
I tried logging out / logging it, that didn't help. Below is additional info i got from running with
--verbose
flag:The text was updated successfully, but these errors were encountered: