https://rancher.com/ logo
a

ambitious-jackal-29837

06/11/2022, 8:02 PM
What is the preferred method for authenticating with a private Docker registry with Rancher Desktop 1.4.1 on a Mac?
nerdctl login $registry
is not working for me
f

fast-garage-66093

06/11/2022, 8:48 PM
This is supposed to work; how does it fail for you?
a

ambitious-jackal-29837

06/11/2022, 8:51 PM
I get
Login Succeeded
but when I run
nerdctl build .
with a Dockerfile I get the following error (redacted with variables):
Copy code
failed to solve: $registry/$image:$tag: pulling from host $registry failed with status code [manifests $tag]: 403 Forbidden
f

fast-garage-66093

06/11/2022, 8:57 PM
idk, it seems to work for me:
Copy code
$ nerdctl logout registry.home
Removing login credentials for registry.home

$ nerdctl pull registry.home/nginx:test
FATA[0000] failed to resolve reference "registry.home/nginx:test": unexpected status from HEAD request to <https://registry.home/v2/nginx/manifests/test>: 401 Unauthorized

$ nerdctl login registry.home
Enter Username: user
Enter Password:
Login Succeeded

$ nerdctl pull registry.home/nginx:test
registry.home/nginx:test:                                                         resolved       |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3: done           |++++++++++++++++++++++++++++++++++++++|
config-sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85:   done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a0bcbecc962ed2552e817f45127ffb3d14be31642ef3548997f58ae054deb5b2:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a2abf6c4d29d43a4bf9fbb769f524d0fb36a2edab49819c1bf3e76f409f953ea:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a9edb18cadd1336142d6567ebee31be2a03c0905eeefe26cb150de7b0fbc520b:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:589b7251471a3d5fe4daccdddfefa02bdc32ffcba0a6d6a2768bf2c401faf115:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:186b1aaa4aa6c480e92fbd982ee7c08037ef85114fbed73dbb62503f24c1dd7d:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:b4df32aa5a72e2a4316aad3414508ccd907d87b4ad177abd7cbd62fa4dab2a2f:    done           |++++++++++++++++++++++++++++++++++++++|
elapsed: 6.4 s                                                                    total:  54.1 M (8.5 MiB/s)
I need to leave now; will try
nerdctl build
later, but I would be surprised if that somehow handles it differently
a

ambitious-jackal-29837

06/11/2022, 10:02 PM
Copy code
$ nerdctl build
FATA[0000] context needs to be specified
This could be related to the use of the osxkeychain helper
I was prompted a single time to provide credentials
f

fast-garage-66093

06/11/2022, 10:09 PM
It must be something specific about your registry:
Copy code
$ cat Dockerfile
from registry.home/nginx:test
run touch foo

$ nerdctl build -t foo:latest .
[+] Building 0.1s (3/3) FINISHED
=> [internal] load build definition from Dockerfile                                                                                                    => => transferring dockerfile: 81B                                                                                                                    
=> [internal] load .dockerignore                                                                                                                      
=> => transferring context: 2B                                                                                                                        
=> ERROR [internal] load metadata for registry.home/nginx:test                                                                                        
------
 > [internal] load metadata for registry.home/nginx:test:
------
Dockerfile:1
--------------------
   1 | >>> from registry.home/nginx:test
   2 |     run touch foo
   3 |
--------------------
error: failed to solve: registry.home/nginx:test: pulling from host registry.home failed with status code [manifests test]: 401 Unauthorized
FATA[0000] unrecognized image format

$ nerdctl login -u user -p password registry.home
WARN[0000] WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded

$ nerdctl build -t foo:latest .
[+] Building 2.1s (7/7) FINISHED
 => [internal] load build definition from Dockerfile                                                                                                    => => transferring dockerfile: 81B                                                                                                                     => [internal] load .dockerignore                                                                                                                       => => transferring context: 2B                                                                                                                         => [internal] load metadata for registry.home/nginx:test                                                                                               => [auth] sharing credentials for registry.home                                                                                                        => [1/2] FROM registry.home/nginx:test@sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3                                         => => resolve registry.home/nginx:test@sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3                                        
=> CACHED [2/2] RUN touch foo                                                                                                                         
=> exporting to oci image format                                                                                                                       => => exporting layers                                                                                                                                 => => exporting manifest sha256:911d0ec1b75fe69991b406e785c69e2a97d3c242646e99d97a9ee34fcc910212                                                       => => exporting config sha256:8ba94ec8cdea311610a67be52df7a4495f0990ca06927259c17241c581163fbc                                                         => => sending tarball                                                                                                                                 unpacking <http://docker.io/library/foo:latest|docker.io/library/foo:latest> (sha256:911d0ec1b75fe69991b406e785c69e2a97d3c242646e99d97a9ee34fcc910212)...done

$ nerdctl run --rm foo:latest ls -l foo
-rw-r--r-- 1 root root 0 Jun 11 22:04 foo
So the build fails unless I'm logged in, as expected, and succeeds when I'm logged in.
a

ambitious-jackal-29837

06/11/2022, 10:13 PM
I understand how it should work - but it is not working this way for me
f

fast-garage-66093

06/11/2022, 10:14 PM
That's why I said it must be related to your registry, as it works for others (including me)
I'm using the regular docker "distribution" registry here with basic auth and TLS
a

ambitious-jackal-29837

06/11/2022, 10:15 PM
What version of Rancher Desktop are you running on which OS @fast-garage-66093?
f

fast-garage-66093

06/11/2022, 10:16 PM
RD 1.4.1 on macOS (amd64)
a

ambitious-jackal-29837

06/11/2022, 10:17 PM
arm64 ? i'd be surprised if amd starting making chips for apple
f

fast-garage-66093

06/11/2022, 10:18 PM
amd64
is the generic arch name, it is a synonym for
x86_64
, just like
arm64
and
aarch64
are mostly equivalent
Anyways, yes, it is an Intel CPU
I doubt it makes any difference for your issue.
I find it interesting that you get a
403 Forbidden
response instead of a
401 Unauthorized
, which could hint that you may be authenticated to the registry, but don't have access to the particular repo you are trying to pull
11 Views