Docker Community Forums

Share and learn in the Docker community.

UCP 2.0.1 with DTR: Error creating container: required at least one valid signer, none found

,

Hi there

I cannot get any trusted images deployed to my UCP cluster when I require content trust. I have set Content Trust in UCP to allow any valid UCP user.

On the DTR server I have created a new repository, under the username “james”. There is a user account called “james” on the UCP cluster that I am also using.

I have installed the notary client and configured it with the UCP bundle. I have then run:

notary init -p ddc-05.ddclab.quru.com/quru/helloworld

(quru is an Organization on the DTR server, and james is a member of the quru organization)

And set up passwords for the relevant keys. Where I was asked to log in, I provided the “james” user account details for DTR, which were accepted.

I then perform a “docker login ddc-05.ddclab.quru.com” with the user account “james”.

Then: export DOCKER_CONTENT_TRUST=1

And finally: docker push ddc-05.ddclab.quru.com/quru/helloworld:1.0.2

The image is successfully signed, and appears in DTR as signed. I can manually deploy the image to any of my docker worker nodes using:

export DOCKER_CONTENT_TRUST=1
docker pull ddc-05.ddclab.quru.com/quru/helloworld:1.0.2

This works fine.

However if I try and use this image in a simple docker-compose from the UCP interface, I am met with the error:

Error creating container: required at least one valid signer, none found

What does UCP consider as a valid signer, and what am I doing wrong here? This is frustratingly close to working!

James

Hi James,

As per the docs (https://docs.docker.com/datacenter/ucp/2.0/guides/content-trust/#/delegate-image-signing), did you create the necessary delegations for the repository?

Hi,
I have tried a simple test case of an admin user of DDC that have created a repository and has signed some tags using delegation signing and I always got an error when I run/pull/create service on docker datacenter 2.0. I have attached my test case:
test_signing_jsoler.pdf (1.1 MB)

Could you help me find out where is my mistake ?

Thanks

Well support team help me to find out the solution https://github.com/docker/docker.github.io/pull/885