Channels
#rancher-desktop
Title
# rancher-desktop
e
early-lunch-37616
11/30/2022, 6:48 PMHi everyone, I'm hoping someone can help me figure out a docker auth issue I'm having. Using Rancher Desktop with nerdctl I'm getting 403 auth errors when trying to pull images from GCR. I'm logged in with nerdctl and was able to pull images when using dockerCLI. Any ideas?
r
rapid-eye-50641
11/30/2022, 10:12 PMHi Josh, How do you login to GCR using nerdctl?
Also, do you need to be logged into pull from this registry?
e
early-lunch-37616
11/30/2022, 10:13 PMI didn't log in explicitly to GCR. I did
nerdctl logingcloud auth configure-docker <http://us-central1-docker.pkg.dev|us-central1-docker.pkg.dev>This works with the Docker CLI
r
rapid-eye-50641
11/30/2022, 10:16 PMis it possible for you to share the full
pulle
early-lunch-37616
11/30/2022, 10:17 PMOne sec, I switched back to docker cli earlier so I could unblock myself
nerdctl image pull <http://us-central1-docker.pkg.dev/[my-docker-image]|us-central1-docker.pkg.dev/[my-docker-image]> --debuglogs:
Copy code
DEBU[0000] verification process skipped
DEBU[0000] Ignoring hosts dir "/etc/containerd/certs.d" error="stat /etc/containerd/certs.d: no such file or directory"
DEBU[0000] Ignoring hosts dir "/etc/docker/certs.d" error="stat /etc/docker/certs.d: no such file or directory"
DEBU[0000] The image will be unpacked for platform {"arm64" "linux" "" [] "v8"}, snapshotter "overlayfs".
DEBU[0000] fetching image="us-central1-docker.pkg.dev/activated-manage/ai/eve:base-v10"
DEBU[0000] resolving host=us-central1-docker.pkg.dev
DEBU[0000] do request host=us-central1-docker.pkg.dev request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" request.header.user-agent=containerd/1.6.0+unknown request.method=HEAD url="<https://us-central1-docker.pkg.dev/v2/activated-manage/ai/eve/manifests/base-v10>"
us-central1-docker.pkg.dev/activated-manage/ai/eve:base-v10: resolving |--------------------------------------|
elapsed: 0.1 s total: 0.0 B (0.0 B/s)
DEBU[0000] fetch response received host=us-central1-docker.pkg.dev response.header.content-length=102 response.header.content-type=application/json response.header.date="Wed, 30 Nov 2022 22:20:43 GMT" response.header.docker-distribution-api-version=registry/2.0 response.header.www-authenticate="Bearer realm=\"<https://us-central1-docker.pkg.dev/v2/token>\",service=\"us-central1-docker.pkg.dev\",scope=\"repository:activated-manage/ai/eve:pull\"" response.header.x-content-type-options=nosniff response.header.x-frame-options=SAMEORIGIN response.header.x-xss-protection=0 response.status="401 Unauthorized" url="<https://us-central1-docker.pkg.dev/v2/activated-manage/ai/eve/manifests/base-v10>"
DEBU[0000] Unauthorized header="Bearer realm=\"<https://us-central1-docker.pkg.dev/v2/token>\",service=\"us-central1-docker.pkg.dev\",scope=\"repository:activated-manage/ai/eve:pull\"" host=us-central1-docker.pkg.dev
DEBU[0000] do request host=us-central1-docker.pkg.dev request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnus-central1-docker.pkg.dev/activated-manage/ai/eve:base-v10: resolving |--------------------------------------|
elapsed: 0.2 s total: 0.0 B (0.0 B/s)
INFO[0000] trying next host error="failed to authorize: failed to fetch anonymous token: unexpected status from GET request to <https://us-central1-docker.pkg.dev/v2/token?scope=repository%3Aactivated-manage%2Fai%2Feve%3Apull&service=us-central1-docker.pkg.dev>: 403 Forbidden" host=us-central1-docker.pkg.dev
FATA[0000] failed to resolve reference "us-central1-docker.pkg.dev/activated-manage/ai/eve:base-v10": failed to authorize: failed to fetch anonymous token: unexpected status from GET request to <https://us-central1-docker.pkg.dev/v2/token?scope=repository%3Aactivated-manage%2Fai%2Feve%3Apull&service=us-central1-docker.pkg.dev>: 403 Forbidden👍 1
r
rapid-eye-50641
11/30/2022, 10:24 PMlet me try few things from my end..
In general, if you have configured your
~/.docker/config.jsondocker loginnerdctl loginpushFor GCP, your
~/.docker/config.json Copy code
{
"credsStore": "wincred",
"credHelpers": {
"us-central1-docker.pkg.dev": "gcloud"
}
}dockernerdctl Copy code
gcloud auth login
gcloud auth activate-service-account <your-service-account-id>@<your-organization>.<http://iam.gserviceaccount.com|iam.gserviceaccount.com> --key-file=your-key-file.jsone
early-lunch-37616
11/30/2022, 10:32 PMThat makes sense in principle, but I'm not sure why it's not working for me. I assure you I'm authed into gcloud
And was able to pull the images just fine when using the dockercli
My config file looks like:
Copy code
{
"auths": {
"<https://index.docker.io/v1/>": {}
},
"credsStore": "desktop",
"credHelpers": {
"us-central1-docker.pkg.dev": "gcloud"
}
}Any other ideas?
r
rapid-eye-50641
11/30/2022, 10:44 PMYour config file looks as expected to me.. I need to try few things myself before i can suggest something..
e
early-lunch-37616
11/30/2022, 10:46 PMOkay, I appreciate your help. I'm going to have to take off soon, will check in tomorrow.
👍 1
Hi there, I'm available if you have any other suggestions
r
rapid-eye-50641
12/01/2022, 7:11 PMHi, for some reason, my desktop environment is broke and couldn't investigate this.. Hopefully I get my env working again soon and I will continue the investigation.. Please hang in there.
30 Views