docker credentials and docker push

[savishy]

While working on #10 I am encountering the following issue

• to be able to docker push, a credentials is needed to be pre-stored in the jenkins container.
• I created a set of credentials (for docker hub) in Jenkins in the credentials module.
• this output a credentials.xml in JENKINS_HOME, which I then extracted.
• I am pushing this credentials XML into JENKINS_HOME while building the Jenkins image
• However, it seems the same encoding is not used everytime so the credentials.xml is not valid across Jenkins installations.
• i.e pulling this from one running Jenkins instance, then pushing it into a different instance does not seem to work.

As a result, docker push does not work unless you manually edit the credentials through UI before docker-pushing .

Notes:

• have tried using jenkins-cli. Could not figure out (despite trying for hours) how to use create-credentials-by-xml.
• have tried using the docker remote API call as well (curl -X POST /images/name/push). Encountering weird login issue."
  [attempt-2 053aca1] Jenkins Job should create and push a tomcat + web-app Docker Image #10 encountering issue docker credentials and docker push  #11 - to be able to docker push, a credentials is needed to be pre-stored in the jenkins container. - I created a set of credentials (for docker hub) in Jenkins in the credentials module. - this output a credentials.xml in JENKINS_HOME, which I then extracted. - I am pushing this credentials XML into JENKINS_HOME while building the Jenkins image - However, it seems the same encoding is not used everytime so the credentials.xml is not valid across Jenkins installations. - i.e pulling this from one running Jenkins instance, then pushing it into a different instance does not seem to work.

[savishy]

To push image using Docker, I have several options:

Option 1

docker login [-u -p]
docker push savishy/tomcat-petclinic

This would work but not in an automated Jenkins container scenario. In a Jenkins container I don't have the docker command.

Option 2

The second option: Use the Docker Build Steps plugin.
The issue here is that I need to pre-load the credentials (in the form of credentials.xml) which does not seem to work across multiple Jenkins instances.

Option 3

The third option:

• Jenkins container has API access to the Docker daemon running on the host machine.
• To push via API I do

root@09fd175fdff4:/usr/share/jenkins/ref/plugins# curl -X POST http://172.17.0.1:2375/images/savishy/tomcat-petclinic/push

Where 172.17.0.1 is the IP of the Docker Host. 2375 is the port where Docker daemon is listening.

In this approach I need to feed in additional --header parameters:
{"message":"Bad parameters and missing X-Registry-Auth: EOF"}

• The content of X-Registry-Auth is as described here.

XRA=`echo "{\"username\": \"${USERNAME}\", \"password\": \"${PASSWORD}\", \"email\": \"${EMAIL_ADDRESS}\", \"serveraddress\" : \"${SERVER_ADDRESS}\"}" | base64 --wrap=0`
curl  -v --request POST --header "X-Registry-Auth: $XRA" 

Special characters such as ! and @ in the password have to be escaped obviously.

Option 4

Trying another plugin, Cloudbees Docker Publish.
Any plugin will ultimately come back to the problem of autoloading credentials mentioned in Option 2.

Update

The curl approach works (at least it starts pushing). However it is finicky and depends on internet.

I frequently get any of the following errors:

{"errorDetail":{"message":"net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"},"error":"net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"}

{"errorDetail":{"message":"dial tcp: lookup auth.docker.io on 127.0.1.1:53: read udp 127.0.0.1:42997-\u003e127.0.1.1:53: i/o timeout"},"error":"dial tcp: lookup auth.docker.io on 127.0.1.1:53: read udp 127.0.0.1:42997-\u003e127.0.1.1:53: i/o timeout"}

[savishy]

It is possible that all these problems are because I use the official Jenkins docker image for building my Jenkins docker container.

I ran a quick experiment on Saturday and it shows I need to explore building the Jenkins image from scratch. (Issue #12 )

[savishy]

The curl -X POST of the docker image works properly when Jenkins container is in AWS. Considering this issue fixed.