2

I implemented my own docker registry and test it from localhost (push) and from my server (pull) successfully. Now, I am trying to build and push image from my CI pipeline:

build:
  image: docker:18
  services:
    - docker:dind
  stage: build
  script:
    - echo -n $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
    - docker pull $CI_REGISTRY/website:latest
    - docker build -t $CI_REGISTRY/website:latest .
    - docker push $CI_REGISTRY/website:latest

I am able to log into registry:

$ echo -n $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded

And when I am trying to pull my website:latest image, I am receive error:

$ docker pull $CI_REGISTRY/website:latest
Error response from daemon: pull access denied for registry.gitlab.com/website, repository does not exist or may require 'docker login': denied: requested access to the resource is denied

I configured all variables properly in CI/CD -> Variables but I can see here registry.gitlab.com as my registry.I tried to rename CI_REGISTRY to CI_REGISTRY_ADDRESS, because I thought, maybe gitlab is using it as system variable and I cannot replace it (even when I am using this settings, variables and login, the same way like in another project, and its working). So now, I am receiving this error:

$ echo -n $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY_ADDRESS
Error response from daemon: Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password

I tried to google the solution, but didnt fine anything helpful. I am not sure why this settings works for another project and not for this one. Maybe I am missing something, not sure what. Could anybody help me to figure out what cause the problem and how to configure personal registry

EDIT1: Just example that the same configuration works fine on my another project:

$ echo -n $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded

After this successful login, I am able to push and pull image.

dorinand
  • 1,397
  • 1
  • 24
  • 49
  • `CI_REGISTRY` and `CI_REGISTRY_PASSWORD` are indeed environment variables injected in the build environment by Gitab. If you are not using [Gitlab Docker Registry](https://docs.gitlab.com/ee/user/packages/container_registry/), please use other variable names, also for `CI_REGISTRY_PASSWORD`. You should be able to login successfully using your command. – Nicolas Pepinster Mar 01 '21 at 09:40
  • Even when it works for me in another project - I just copied it, I changed my CI Variable names with prefix `PERSONAL_` but now I am receiving an error: `Cannot perform an interactive login from a non TTY device`. – dorinand Mar 01 '21 at 10:29
  • ok so you changed `CI_REGISTRY_USER` by `PERSONAL_CI_REGISTRY_USER`. Could you try using : `docker login -u $PERSONAL_CI_REGISTRY_USER -p $PERSONAL_CI_REGISTRY_PASSWORD $CI_REGISTRY_ADDRESS` ? – Nicolas Pepinster Mar 01 '21 at 11:16
  • My current variables are `$PERSONAL_CI_REGISTRY_USER`, `$PERSONAL_CI_REGISTRY_PASSWORD` and `$PERSONAL_CI_REGISTRY`. I tryied `docker login -u $PERSONAL_CI_REGISTRY_USER -p $PERSONAL_CI_REGISTRY_PASSWORD $PERSONAL_CI_REGISTRY` but the result is the same: `Error: Cannot perform an interactive login from a non TTY device` – dorinand Mar 01 '21 at 12:06
  • A tried to put variables into quotation marks e.g. `"$PERSONAL_CI_REGISTRY_PASSWORD"`, but failed again. – dorinand Mar 01 '21 at 12:22
  • @NicolasPepinster I added **EDIT1** section to show you, that I used environment variables and overwrited them. It is output from succesful job from my another project. – dorinand Mar 01 '21 at 12:32
  • In your **EDIT1**, I'm pretty sure you are connecting to the internal gitlab registry, not to an external one. Just echo `$CI_REGISTRY` variable to see the name of the registry. – Nicolas Pepinster Mar 01 '21 at 13:17
  • I checked it one more time, in my registry. After pull, there is image with creation date few seconds ago. So I assume, it works fine. In the end, I am pulling this image on my server without any problem. – dorinand Mar 01 '21 at 14:15

1 Answers1

5

After some investigation, I found the root cause.

I find out, that all my variables has been empty (I checked first, if there is no typo):

echo "$PERSONAL_CI_REGISTRY_USER - $PERSONAL_CI_REGISTRY_PASSWORD - $PERSONAL_CI_REGISTRY"
 -  -

From this issue on stackoverflow, it looks like similar issue - protected variables. So I checked my variables, set them as not protected and then I was able to echo them in CI pipeline:

$ echo "$PERSONAL_CI_REGISTRY_USER - $PERSONAL_CI_REGISTRY_PASSWORD - $PERSONAL_CI_REGISTRY"
registryuser123456 - registrypassword123456 - registry123456

Protected vairables are available only in protected branches or tags - see the doc.

So I renamed it the same way as I am using it in another project:

docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY

And now I am able to login to registry, pull and push without any problem.

dorinand
  • 1,397
  • 1
  • 24
  • 49