Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better Docker Auth lookup #2190

Merged
merged 8 commits into from
Jan 23, 2017
Merged

Better Docker Auth lookup #2190

merged 8 commits into from
Jan 23, 2017

Conversation

dadgar
Copy link
Contributor

@dadgar dadgar commented Jan 12, 2017
edited
Loading

This PR brings Nomad's Docker Auth lookup in sync with Docker's own implementation.

Fixes #2003
Fixes #1662

diptanu
diptanu suggested changes Jan 23, 2017
View reviewed changes
client/driver/docker.go
// authOptionsFrom takes the Docker auth config file and the repo being pulled
// and returns an AuthConfiguration or an error if the file/repo could not be
// parsed or looked up.
func authOptionFrom(file, repo string) (*docker.AuthConfiguration, error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would like to see a test for this. Hard to follow what this method expects to return the right AuthConfiguration.

client/driver/docker.go
return nil, fmt.Errorf("Failed to parse repository: %v", err)
}

f, err := os.Open(file)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please close the file once you are done using it.

@dadgar dadgar mentioned this pull request Jan 23, 2017
Closed
@dadgar
Add test and better logs
77b19f5 
This commit adds a test to retrieving auth configurations, use either
the auth block in the config or specified via the agent config and adds
a log if lookup fails.
@dadgar dadgar merged commit 40d776d into master Jan 23, 2017
@dadgar dadgar deleted the b-docker-auth branch January 23, 2017 22:50
@dadgar dadgar mentioned this pull request Jan 28, 2017
Closed
@thatsk
Copy link

thatsk commented Apr 11, 2017

How we can pass that ?

@thatsk
Copy link

thatsk commented Apr 11, 2017

if we have nomad cluster

@dadgar
Copy link
Contributor Author

dadgar commented Apr 11, 2017

@thatsk https://www.nomadproject.io/docs/drivers/docker.html#docker-auth-config

@thatsk
Copy link

thatsk commented Apr 11, 2017

If i want to add in client.hcl or server.hcl

@dadgar
Copy link
Contributor Author

dadgar commented Apr 11, 2017

You add to client.hcl:

client {
  options {
    "docker.auth.config" = "/path/to/config.json"
  }
}

@thatsk
Copy link

thatsk commented Apr 11, 2017

thanks dadgar
is this fix in version of nomad yet.?

@dadgar
Copy link
Contributor Author

dadgar commented Apr 11, 2017

Yes 0.5.3 or greater should have this. Later versions of Nomad have fixed small bugs relating to this so would suggest running 0.5.6.

@parismorali
Copy link

parismorali commented May 15, 2017
edited
Loading

Hi,

According to nomad documentation I should be able to do this


config {
    image = "hello/world:latest"
    auth {
      username = "testuser"
      password = "testpassword"
      server_address = "my.docker.registry.com"
    }
  }

and get a docker image from my login protected private docker registry.
However allocation log is

Failed to pull hello/world:latest: API error (401): {"message":"Get https://registry-1.docker.io/v2/

It looks like nomad ignores the server_address I've speicified.

Am I doing something wrong?

Nomad version: 0.5.4

Thanks for your help
Paris

@dadgar
Copy link
Contributor Author

dadgar commented May 16, 2017

Hey we are passing through that setting to the docker api client, which passes through to docker. Looks like they aren't honoring that and instead just parse the image name to detect the registry. I believe an example was given on the mailing list.

@parismorali
Copy link

Thanks, I've used the mailing list advice and this works.

@noxecane
Copy link

Just for anyone coming here to solve this issue

config {
    image = "https://my.docker.registry.com/hello/world:latest"
    auth {
      username = "testuser"
      password = "testpassword"
    }
}

server_address I think is ignored

@github-actions
Copy link

github-actions bot commented Feb 6, 2023

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@diptanu diptanu diptanu requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cannot pull docker image from private registry Nomad Docker driver silently discards auth when no key found
5 participants
@dadgar @thatsk @parismorali @noxecane @diptanu