Docker Community Forums

Share and learn in the Docker community.

Impossible login from container to private repository

Hello, I can’t login from container to private repository (local hub).
We have a teamcity server and teamcity agent as containers, in it we have a build which builds and publishes our project. We use docker push for put image in private repo. But when it performs a command login we get an exception:

WARNING! Using --password via the CLI is insecure. Use --password-stdin.
[08:24:51] [Step 9/13] Error response from daemon: Get privateDockerRegistry: unauthorized: authentication required

Can anyone help in this problem?

Our environment:
ubuntu 18.04
docker -v = 18.09.1

compose file:

Blockquote
version: ‘3’
services:
TeamCity:
image: jetbrains/teamcity-server:latest
ports:
- “8111:8111”
volumes:
- /opt/TeamCity/data:/data/teamcity_server/datadir
- /opt/TeamCity/log:/opt/teamcity/logs
environment:
- TEAMCITY_SERVER_MEM_OPTS=-Xmx4g -XX:ReservedCodeCacheSize=350m
- TEAMCITY_SERVER_OPTS=-Dteamcity.git.fetch.separate.process=false
- NODE_OPTIONS=–max_old_space_size=4096
teamcity-agent:
build:
context: .
dockerfile: DockerFile
ports: - I’m not sure about ports
- “443:443”
- “80:80”
volumes:
- /opt/TeamCity/agent/conf:/data/teamcity_agent/conf
- /var/run/docker.sock:/var/run/docker.sock
- /opt/TeamCity/agent/work:/opt/buildagent/work
- /opt/TeamCity/agent/temp:/opt/buildagent/temp
- /opt/TeamCity/agent/tools:/opt/buildagent/tools
- /opt/TeamCity/agent/plugins:/opt/buildagent/plugins
- /opt/TeamCity/agent/system:/opt/buildagent/system
- /opt/TeamCity/agent/docker_volumes:/var/lib/docker
privileged: true
environment:
- SERVER_URL=http://our-ip
- AGENT_NAME=agent1
- NODE_OPTIONS=–max_old_space_size=4096
- DOCKER_IN_DOCKER=start
MySQL:
image: mysql/mysql-server
ports:
- “3306:3306”
volumes:
- /opt/TeamCity/mysql:/var/lib/mysql
env_file:
- mysql.env

Hi, you are not showing the syntax of the docker login command nor the details of tagging your docker image and pushing the image to your private docker registry. So it’s hard for us to diagnose/determine/debug your problem.

First a couple of items.

You are specifying the password on the docker login command in your build process which is not a good thing.

*WARNING! Using --password via the CLI is insecure. Use --password-stdin.*

There is a more secure way to automate the docker login and specifying the password.

cat ~/my_password.txt | docker login --username foo --password-stdin

Also I am assuming that this url https://dhub.sqil.by/v2/ is the private Docker Registry?

Also, it’s not clear to me (and you should not assume) that this error:
[08:24:51] [Step 9/13] Error response from daemon: Get https://dhub.sqil.by/v2/: unauthorized: authentication required

is due to the docker login failing. The login might have worked but then that error could be from another user or process in your build process that did not do a docker login who is trying to access your private registry (https://dhub.sqil.by/v2/).

Would be good if you could provide more details and also put “echo” commands in your workflow to trace the steps being performed.

Okay, enough said.

I’ll show you how I did this and this should help you try and “debug” your problem.

I’ll bring up a shell prompt in a container to demonstrate.

🐳 gforghetti@172.16.129.75:[~] $ docker container run -it --network=host --rm --volume /var/run/docker.sock:/var/run/docker.sock ubuntu:latest sh

The Docker daemon (engine) will not be running in the container, but the Docker CLI client will be available so I can run Docker commands to the Docker daemon installed on the Docker Node. I did a volume mount of the Docker Node’s Unix socket so the container can talk to the Docker daemon on the node.

Need to install curl in the container so I can curl the Docker code and install Docker in the container.

# apt update -qq;apt install -qq -y curl > /dev/null 2>&1
2 packages can be upgraded. Run 'apt list --upgradable' to see them.

I install Docker in the container so I can issue Docker commands from inside the container.

# curl --silent -SL https://get.docker.com/ | sh > /dev/null 2>&1

I run docker version to test the Docker install and Docker client to Docker daemon connection.

# docker version
Client:
 Version:           18.09.1
 API version:       1.39
 Go version:        go1.10.6
 Git commit:        4c52b90
 Built:             Wed Jan  9 19:35:31 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Enterprise
 Engine:
  Version:          18.09.1
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.6
  Git commit:       20b6775
  Built:            Wed Jan  9 16:34:38 2019
  OS/Arch:          linux/amd64
  Experimental:     false

I now login to my Docker private registry from inside the container.

# docker login --username gforghetti https://worker1.example.com
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

I now pull an image so just so I can tag it and push it to my private Docker Registry to test this out.

# docker image pull alpine:latest
latest: Pulling from library/alpine
Digest: sha256:b3dbf31b77fd99d9c08f780ce6f5282aba076d70a513a8be859d8d3a4d0c92b8
Status: Image is up to date for alpine:latest

Tag the image for pushing to my private Docker Registry

# docker image tag alpine:latest worker1.example.com/gforghetti/alpine:latest

I now push the tagged image to my private Docker Registry

# docker image push worker1.example.com/gforghetti/alpine:latest
The push refers to repository [worker1.example.com/gforghetti/alpine]
503e53e365f3: Pushed
latest: digest: sha256:25b4d910f4b76a63a3b45d0f69a57c34157500faf6087236581eca221c62d214 size: 528

Sorry, our commands are : docker login our repo -u user -p pass
docker push image. And yes it’s private Docker Registry