https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# rancher-desktop
a
This message was deleted.
r
Hi Josh, How do you login to GCR using nerdctl?
Also, do you need to be logged into pull from this registry?
e
I didn't log in explicitly to GCR. I did 
nerdctl login
and then 
gcloud auth configure-docker <http://us-central1-docker.pkg.dev|us-central1-docker.pkg.dev>
This works with the Docker CLI
r
is it possible for you to share the full 
pull
command?
e
One sec, I switched back to docker cli earlier so I could unblock myself
nerdctl image pull <http://us-central1-docker.pkg.dev/[my-docker-image]|us-central1-docker.pkg.dev/[my-docker-image]> --debug
logs:
Copy code
DEBU[0000] verification process skipped                 
DEBU[0000] Ignoring hosts dir "/etc/containerd/certs.d"  error="stat /etc/containerd/certs.d: no such file or directory"
DEBU[0000] Ignoring hosts dir "/etc/docker/certs.d"      error="stat /etc/docker/certs.d: no such file or directory"
DEBU[0000] The image will be unpacked for platform {"arm64" "linux" "" [] "v8"}, snapshotter "overlayfs". 
DEBU[0000] fetching                                      image="us-central1-docker.pkg.dev/activated-manage/ai/eve:base-v10"
DEBU[0000] resolving                                     host=us-central1-docker.pkg.dev
DEBU[0000] do request                                    host=us-central1-docker.pkg.dev request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" request.header.user-agent=containerd/1.6.0+unknown request.method=HEAD url="<https://us-central1-docker.pkg.dev/v2/activated-manage/ai/eve/manifests/base-v10>"
us-central1-docker.pkg.dev/activated-manage/ai/eve:base-v10: resolving      |--------------------------------------| 
elapsed: 0.1 s                                               total:   0.0 B (0.0 B/s)                                         
DEBU[0000] fetch response received                       host=us-central1-docker.pkg.dev response.header.content-length=102 response.header.content-type=application/json response.header.date="Wed, 30 Nov 2022 22:20:43 GMT" response.header.docker-distribution-api-version=registry/2.0 response.header.www-authenticate="Bearer realm=\"<https://us-central1-docker.pkg.dev/v2/token>\",service=\"us-central1-docker.pkg.dev\",scope=\"repository:activated-manage/ai/eve:pull\"" response.header.x-content-type-options=nosniff response.header.x-frame-options=SAMEORIGIN response.header.x-xss-protection=0 response.status="401 Unauthorized" url="<https://us-central1-docker.pkg.dev/v2/activated-manage/ai/eve/manifests/base-v10>"
DEBU[0000] Unauthorized                                  header="Bearer realm=\"<https://us-central1-docker.pkg.dev/v2/token>\",service=\"us-central1-docker.pkg.dev\",scope=\"repository:activated-manage/ai/eve:pull\"" host=us-central1-docker.pkg.dev
DEBU[0000] do request                                    host=us-central1-docker.pkg.dev request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnus-central1-docker.pkg.dev/activated-manage/ai/eve:base-v10: resolving      |--------------------------------------| 
elapsed: 0.2 s                                               total:   0.0 B (0.0 B/s)                                         
INFO[0000] trying next host                              error="failed to authorize: failed to fetch anonymous token: unexpected status from GET request to <https://us-central1-docker.pkg.dev/v2/token?scope=repository%3Aactivated-manage%2Fai%2Feve%3Apull&service=us-central1-docker.pkg.dev>: 403 Forbidden" host=us-central1-docker.pkg.dev
FATA[0000] failed to resolve reference "us-central1-docker.pkg.dev/activated-manage/ai/eve:base-v10": failed to authorize: failed to fetch anonymous token: unexpected status from GET request to <https://us-central1-docker.pkg.dev/v2/token?scope=repository%3Aactivated-manage%2Fai%2Feve%3Apull&service=us-central1-docker.pkg.dev>: 403 Forbidden
👍 1
r
let me try few things from my end..
In general, if you have configured your 
~/.docker/config.json
to use credential helpers then there's no need to explicitly login using 
docker login
or 
nerdctl login
.. You can directly execute commands such as 
push
that need authentication .. and the CLI in the background makes use of the credential helpers to get the login token and perform the operations..
For GCP, your 
~/.docker/config.json
could look something like..
Copy code
{
  "credsStore": "wincred",
  "credHelpers": {
    "us-central1-docker.pkg.dev": "gcloud"
  }
}
... and you can then authenticate with GCP using below commands before running any 
docker
or 
nerdctl
commands that need authentication..
Copy code
gcloud auth login
gcloud auth activate-service-account  <your-service-account-id>@<your-organization>.<http://iam.gserviceaccount.com|iam.gserviceaccount.com>  --key-file=your-key-file.json
e
That makes sense in principle, but I'm not sure why it's not working for me. I assure you I'm authed into gcloud
And was able to pull the images just fine when using the dockercli
My config file looks like:
Copy code
{
  "auths": {
    "<https://index.docker.io/v1/>": {}
  },
  "credsStore": "desktop",
  "credHelpers": {
    "us-central1-docker.pkg.dev": "gcloud"
  }
}
Any other ideas?
r
Your config file looks as expected to me.. I need to try few things myself before i can suggest something..
e
Okay, I appreciate your help. I'm going to have to take off soon, will check in tomorrow.
👍 1
Hi there, I'm available if you have any other suggestions
r
Hi, for some reason, my desktop environment is broke and couldn't investigate this.. Hopefully I get my env working again soon and I will continue the investigation.. Please hang in there.
137 Views
Open in Slack
PreviousNext
Powered by