[英]`docker pull` returns `denied: access forbidden` from private gitlab registry
I have a Dockerfile
which is going to be implemented FROM
a private registry's image.我有一个
Dockerfile
,它将FROM
私有注册表的映像中实现。 I build this file without any problem with Docker version 1.12.6, build 78d1802
and docker-compose version 1.8.0, build unknown
, but in another machine which has Docker version 17.06.1-ce, build 874a737
and docker-compose version 1.16.1, build 6d1ac21
, the docker-compose build
returns:我使用
Docker version 1.12.6, build 78d1802
构建此文件没有任何问题Docker version 1.12.6, build 78d1802
和Docker version 1.12.6, build 78d1802
docker-compose version 1.8.0, build unknown
,但在另一台具有Docker version 17.06.1-ce, build 874a737
和Docker version 17.06.1-ce, build 874a737
docker-compose version 1.16.1, build 6d1ac21
, docker-compose version 1.16.1, build 6d1ac21
docker-compose build
返回:
FROM my.private.gitlab.registry:port/image:tag
http://my.private.gitlab.registry:port/v2/docker/image/manifests/tag: denied: access forbidden
docker pull my.private.gitlab.registry:port/image:tag
returns the same. docker pull my.private.gitlab.registry:port/image:tag
返回相同。
Notice that I tried to get my.private.registry:port/image:tag
and http://my.private.registry:port/v2/docker/image/manifests/tag
has been catched.请注意,我尝试获取
my.private.registry:port/image:tag
并且已http://my.private.registry:port/v2/docker/image/manifests/tag
。
If this is an authenticated registry, then you need to run docker login <regitsryurl>
on the machine where you are building this.如果这是一个经过身份验证的注册表,那么您需要在构建它的机器上运行
docker login <regitsryurl>
。
This only needs to be done once per host.每个主机只需执行一次此操作。 The command then caches the auth in a file
然后该命令将身份验证缓存在一个文件中
$ cat ~/.docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "......="
}
}
}
A login did not fix the issue for me.登录并没有为我解决这个问题。 This may be specific to Mac, but just in case: Git issue
这可能特定于 Mac,但以防万一: Git 问题
My comment on the issue:我对这个问题的评论:
Also experiencing this issue.也遇到这个问题。
FROM <insert_private_registry>/test-image:latest
Both commands fail without a login to the private registry (expected)两个命令都在没有登录私有注册表的情况下失败(预期)
$ docker-compose up
Building app
Step 1/2 : FROM <insert_private_registry>/test-image:latest
ERROR: Service 'app' failed to build: Get https://<insert_private_registry>/v2/test-image/manifests/latest: denied: access forbidden
$ docker pull <insert_private_registry>/test-image:latest
Error response from daemon: Get https://<insert_private_registry>/test-image/manifests/latest: denied: access forbidden
After logging in, a docker pull ...
works while the docker-compose up
fails to pull the image:登录后,
docker pull ...
工作,而docker-compose up
无法拉取图像:
$ docker login <insert_private_registry>
Username: <insert>
Password: <insert>
Login Succeeded
$ docker-compose up
Building app
Step 1/2 : FROM <insert_private_registry>/test-image:latest
ERROR: Service 'app' failed to build: Get https://<insert_private_registry>/v2/test-image/manifests/latest: denied: access forbidden
$ docker pull <insert_private_registry>/test-image:latest
latest: Pulling from <insert_private_image_path>/test-image
...
Status: Downloaded newer image for <insert_private_registry>/test-image:latest
Our current workaround is to explicitly pull the image prior to running the docker-compose containers:我们当前的解决方法是在运行 docker-compose 容器之前显式拉取镜像:
docker pull <insert_private_registry>/test-image:latest
latest: Pulling from <insert_private_image_path>/test-image
...
Status: Downloaded newer image for <insert_private_registry>/test-image:latest
$ docker-compose up
Building app
Step 1/2 : FROM <insert_private_registry>/test-image:latest
...
I notice your URL scheme uses the http protocol - Docker needs to be configured to allow insecure registries.我注意到您的 URL 方案使用 http 协议 - Docker 需要配置为允许不安全的注册表。
Create or modify your daemon.json
(required in one of the following locations):创建或修改您的
daemon.json
(需要在以下位置之一):
Linux: /etc/docker/
Linux:
/etc/docker/
Windows: C:\\ProgramData\\Docker\\config\\
Windows:
C:\\ProgramData\\Docker\\config\\
With the contents:内容如下:
{
"insecure-registries" : [ "my.private.gitlab.registry:port" ]
}
Then restart Docker (not just the terminal session) and try again.然后重新启动 Docker(不仅仅是终端会话)并重试。
Once you've logged in with:登录后:
docker login my.private.gitlab.registry:port
As per tarun-lalwani 's answer, this should then add the auth into the config, for future use ( docker pull
's etc.).根据tarun-lalwani的回答,这应该将身份验证添加到配置中,以备将来使用(
docker pull
等)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.