GitLab管道运行失败。

huangapple
go评论53阅读模式
英文:

gitlab pipeline run fail

问题

从今天开始,在尝试在GitLab中生成图像时,流水线失败了。问题出在这一行,它试图执行Get请求 "https://registry-1.docker.io/v2/",返回未授权。我一直在寻找解决方法,因为GitLab已经弃用了对注册令牌的支持。有人知道如何重新验证到 "https://registry-1.docker.io/v2/" 来运行流水线生成图像吗?以下是运行流水线时的输出。谢谢。

Running with gitlab-runner 15.9.0~beta.115.g598a7c91 (598a7c91)
  on blue-3.shared.runners-manager.gitlab.com/default zxwgkjAP, system ID: s_284de3abf026
  feature flags: FF_USE_IMPROVED_URL_MASKING:true
Preparing the "docker+machine" executor 00:36
Using Docker executor with image docker:latest ...
Starting service docker:dind ...
Pulling docker image docker:dind ...
Using docker image sha256:14abbb9f5ef7fd32d8da5c0ca58040fc7d28ed813c053f6faa8be213afcb469a for docker:dind with digest docker@sha256:064b3ab5253f812c4fa076b74910435df0c8c7c3e7321330592f2ee50c894619 ...
Waiting for services to be up and running (timeout 30 seconds)...
Pulling docker image docker:latest ...
Using docker image sha256:14abbb9f5ef7fd32d8da5c0ca58040fc7d28ed813c053f6faa8be213afcb469a for docker:latest with digest docker@sha256:064b3ab5253f812c4fa076b74910435df0c8c7c3e7321330592f2ee50c894619 ...
Preparing environment 00:01
Running on runner-zxwgkjap-project-15858045-concurrent-0 via runner-zxwgkjap-shared-1683734595-b9d8ae71...
Getting source from Git repository 00:03
$ eval "$CI_PRE_CLONE_SCRIPT"
Fetching changes with git depth set to 50...
Initialized empty Git repository in /builds/airgo/air-go-healthcare-system/.git/
Created fresh repository.
Checking out bcaa88b2 as detached HEAD (ref is pius_dev)...
Skipping Git submodules setup
Executing "step_script" stage of the job script 00:01
Using docker image sha256:14abbb9f5ef7fd32d8da5c0ca58040fc7d28ed813c053f6faa8be213afcb469a for docker:latest with digest docker@sha256:064b3ab5253f812c4fa076b74910435df0c8c7c3e7321330592f2ee50c894619 ...
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CONTAINER_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://registry-1.docker.io/v2/": unauthorized: incorrect username or password
Cleaning up project directory and file based variables 00:00
ERROR: Job failed: exit code 1
英文:

From today, when trying to generate an image in gitlab, the pipeline is failing, the cause is in the line, where it tries to do the Get "https://registry-1.docker.io/v2/"
which returns unauthorized. I've been looking and it's because gitlab has deprecated the Support for registration tokens.
Does anyone know how to re-authenticate to "https://registry-1.docker.io/v2/"
running the pipeline to generate an image?
Below I attach the output when running the pipeline.
Thanks.

Running with gitlab-runner 15.9.0~beta.115.g598a7c91 (598a7c91)
  on blue-3.shared.runners-manager.gitlab.com/default zxwgkjAP, system ID: s_284de3abf026
  feature flags: FF_USE_IMPROVED_URL_MASKING:true
Preparing the "docker+machine" executor 00:36
Using Docker executor with image docker:latest ...
Starting service docker:dind ...
Pulling docker image docker:dind ...
Using docker image sha256:14abbb9f5ef7fd32d8da5c0ca58040fc7d28ed813c053f6faa8be213afcb469a for docker:dind with digest docker@sha256:064b3ab5253f812c4fa076b74910435df0c8c7c3e7321330592f2ee50c894619 ...
Waiting for services to be up and running (timeout 30 seconds)...
Pulling docker image docker:latest ...
Using docker image sha256:14abbb9f5ef7fd32d8da5c0ca58040fc7d28ed813c053f6faa8be213afcb469a for docker:latest with digest docker@sha256:064b3ab5253f812c4fa076b74910435df0c8c7c3e7321330592f2ee50c894619 ...
Preparing environment 00:01
Running on runner-zxwgkjap-project-15858045-concurrent-0 via runner-zxwgkjap-shared-1683734595-b9d8ae71...
Getting source from Git repository 00:03
$ eval "$CI_PRE_CLONE_SCRIPT"
Fetching changes with git depth set to 50...
Initialized empty Git repository in /builds/airgo/air-go-healthcare-system/.git/
Created fresh repository.
Checking out bcaa88b2 as detached HEAD (ref is pius_dev)...
Skipping Git submodules setup
Executing "step_script" stage of the job script 00:01
Using docker image sha256:14abbb9f5ef7fd32d8da5c0ca58040fc7d28ed813c053f6faa8be213afcb469a for docker:latest with digest docker@sha256:064b3ab5253f812c4fa076b74910435df0c8c7c3e7321330592f2ee50c894619 ...
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CONTAINER_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://registry-1.docker.io/v2/": unauthorized: incorrect username or password
Cleaning up project directory and file based variables 00:00
ERROR: Job failed: exit code 1

答案1

得分: 1

Today I encountered the same issue. After some research it appears that $CI_BUILD_TOKEN is no longer supported. Looking at the documentation of GitLab CI/CD job token I found that now $CI_JOB_TOKEN should be used.

This works for me:

  • echo "$CI_JOB_TOKEN" | docker login -u gitlab-ci-token --password-stdin registry.gitlab.com

I use --password-stdin instead of passing the password via the CLI as a more secure approach and to get rid of a warning I got. This modification passes the $CI_JOB_TOKEN variable as the password securely using the --password-stdin flag.

英文:

Today I encountered the same issue. After some research it appears that $CI_BUILD_TOKEN is no longer supported. Looking at the documentation of GitLab CI/CD job token I found that now $CI_JOB_TOKEN should be used.

This works for me:

    - echo "$CI_JOB_TOKEN" | docker login -u gitlab-ci-token --password-stdin registry.gitlab.com

I use --password-stdin instead of passing the password via the CLI as a more secure approach and to get rid of a warning I got. This modification passes the $CI_JOB_TOKEN variable as the password securely using the --password-stdin flag.

答案2

得分: 0

你正试图使用GitLab用户和令牌进行Docker Hub身份验证。GitLab用户/令牌仅适用于GitLab的容器注册表,而不是Docker Hub。

自然地,你的错误基本上是一个身份验证问题。你没有使用适当的用户名和密码来进行Docker Hub注册表的身份验证。如果你想要推送你的镜像到Docker Hub,你需要使用你的Docker Hub用户名、密码(或访问令牌)来执行此操作。

例如,你可以有一个类似于以下的脚本步骤:

script:
  - docker login -u $DOCKER_HUB_USER_NAME -p $DOCKER_HUB_ACCESS_TOKEN

你需要在CI/CD设置中设置这些变量。

如果你打算使用GitLab的容器注册表,你应该遵循文档。例如,你可以使用以下作业配置:

build:
  image: docker:20.10.16
  stage: build
  services:
    - docker:20.10.16-dind
  variables:
    IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
  script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - docker build -t $IMAGE_TAG .
    - docker push $IMAGE_TAG

我认为你在这方面是错误的。注册令牌影响自托管运行程序如何注册和进行身份验证,与你如何对Docker Hub进行身份验证或者与你的作业中发生的任何事情都没有太多关系。无论如何,你正在使用GitLab.com共享的运行程序,而不是自托管运行程序,所以出于这个原因也不适用。

英文:

You're trying to use a GitLab user and token to authenticate to Docker Hub. GitLab users/tokens will only work with GitLab's container registry, not Docker Hub.

Naturally, your error is basically an authentication problem. You are not using an appropriate username and password to authenticate to the Docker Hub registry. If you want to push your image to Docker Hub, you need to use your Docker Hub user name, password (or access token) to do this.

For example, you might have a script step that looks like this:

script:
  - docker login -u $DOCKER_HUB_USER_NAME -p $DOCKER_HUB_ACCESS_TOKEN

You will need to set these variables in your CI/CD settings.

If you are intending to use GitLab's container registry, you should follow the documentation. For example, you may use a job configuration like this:

build:
  image: docker:20.10.16
  stage: build
  services:
    - docker:20.10.16-dind
  variables:
    IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
  script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - docker build -t $IMAGE_TAG .
    - docker push $IMAGE_TAG

> I've been looking and it's because gitlab has deprecated the Support for registration tokens

I believe you're mistaken on this. Registration tokens affect how self-hosted runners register and authenticate with GitLab and doesn't really have anything to do with how you authenticate to Docker Hub, or anything that happens in your jobs at all for that matter. In any case, you're using GitLab.com shared runners, not self-hosted runners, so this doesn't apply for that reason as well.

答案3

得分: 0

image: docker:latest
stages:
  - build
  - push

services:
- docker:dind

variables:
  CONTAINER_REGISTRY: registry.gitlab.com
  DJANGO_APP_IMAGE_NAME: ${CI_REGISTRY_IMAGE}/backend


build master:
  stage: build
  script:
    - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CONTAINER_REGISTRY
    - docker build -t ${DJANGO_APP_IMAGE_NAME}:${CI_COMMIT_SHORT_SHA} -t ${DJANGO_APP_IMAGE_NAME}:latest .
    - docker push ${DJANGO_APP_IMAGE_NAME}:${CI_COMMIT_SHORT_SHA}
    - docker push ${DJANGO_APP_IMAGE_NAME}:latest

  only:
    - master
英文: 
image: docker:latest
stages:
  - build
  - push

services:
- docker:dind

variables:
  CONTAINER_REGISTRY: registry.gitlab.com
  DJANGO_APP_IMAGE_NAME: ${CI_REGISTRY_IMAGE}/backend


build master:
  stage: build
  script:
    - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CONTAINER_REGISTRY
    - docker build -t ${DJANGO_APP_IMAGE_NAME}:${CI_COMMIT_SHORT_SHA} -t ${DJANGO_APP_IMAGE_NAME}:latest .
    - docker push ${DJANGO_APP_IMAGE_NAME}:${CI_COMMIT_SHORT_SHA}
    - docker push ${DJANGO_APP_IMAGE_NAME}:latest

  only:
    - master

huangapple
  • 本文由 发表于 2023年5月11日 00:44:43
  • 转载请务必保留本文链接:https://go.coder-hub.com/76220835.html
  • docker-registry
  • gitlab
  • gitlab-ci-runner
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定