那些遇到过的问题

GitLab 私有注册表 - 登录错误

kwi*_*kel 5 gitlab docker gitlab-ci-runner

登录到我的 GitLab 注册表后,我收到以下输出:

$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://gitlab.MYDOMAIN:4501/v2/: denied: access forbidden
Run Code Online (Sandbox Code Playgroud)

在我的 Linux 机器上,使用带有我的私人帐户详细信息的 docker 登录会导致相同的错误。

设置

  • 泊坞窗Docker version 18.03.1-ce, build 9ee9f40

  • 我的 GitLab docker 容器的 traefik

  • 为 GitLab 注册表打开端口 4501 并传递 docker 变量GITLAB_OMNIBUS_CONFIG: | registry_external_url 'https://${GITLAB_DOMAIN}:${GITLAB_REGISTRY_PORT}'

    • 注册表 url 可从外部访问(可以使用默认响应从我的浏览器调用它UNAUTHORIZED - authentication required

.gitlab-ci.yml

image: docker

services:
  - name: docker:dind
    command: ["--insecure-registry=gitlab.MYDOMAIN:4501"]

before_script:
  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY

stages:
  - build

build:
  stage: build
  script:
    - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG .
    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
  only:
    - master
Run Code Online (Sandbox Code Playgroud)

GitLab 运行器配置

concurrent = 1
check_interval = 0

[[runners]]
  name = "olaf"
  url = "https://gitlab.MYDOMAIN"
  token = "xxxxxxxxxxxxx"
  executor = "docker"
  [runners.docker]
    tls_verify = false
    image = "ruby:2.1"
    privileged = true
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0
  [runners.cache]
Run Code Online (Sandbox Code Playgroud)

在 CI 管道内docker info 

$ docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 18.05.0-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: xxxxxxxxxxxxxxxx
runc version: xxxxxxxxxxxxxxx
init version: xxxxxxxxx
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.9.0-6-amd64
Operating System: Alpine Linux v3.7 (containerized)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 31.29GiB
Name: xxxxxxxxxxxxx
ID: xxxxxxxxxxxxxx
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 gitlab.MYDOMAIN:4501
 127.0.0.0/8
Live Restore Enabled: false
Run Code Online (Sandbox Code Playgroud)

CI Pipeline 的完整输出

Running with gitlab-runner 10.8.0 (079aad9e)
  on olaf 2467327f
Using Docker executor with image docker ...
Starting service docker:dind ...
Pulling docker image docker:dind ...
Using docker image sha256:1f44348b3ad523d5dc4ae7d53bd873879e06e0df2d686e9029a666945443ef42 for docker:dind ...
Waiting for services to be up and running...
Pulling docker image docker ...
Using docker image sha256:2232c0bbbb8cc9238eefc10721db5662156a2624bc7405dc1cade624dde9aaec for docker ...
Running on runner-2467327f-project-17-concurrent-0 via 4ba803c01c0b...
Fetching changes...
HEAD is now at c8dff7b Update .gitlab-ci.yml
warning: redirecting to https://gitlab.MYDOMAIN:443/kwinkel/imagetest.git/
From http://gitlab.MYDOMAIN/kwinkel/imagetest
   c8dff7b..dc1b150  master     -> origin/master
Checking out dc1b1501 as master...
Skipping Git submodules setup
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://gitlab.MYDOMAIN:4501/v2/: denied: access forbidden
ERROR: Job failed: exit code 1
Run Code Online (Sandbox Code Playgroud)

在 gitlab 容器 /var/log/gitlab/registry/current 内

2018-06-02_19:27:03.50891 time="2018-06-02T19:27:03.50886204Z" level=warning msg="error authorizing context: authorization token required" 
environment=production go.version=go1.9.2 http.request.host="registry.gitlab.MYDOMAIN:4567" 
http.request.id=336c98a1-743a-47a5-9760-c20f5b77116a http.request.method=GET http.request.remoteaddr=- http.request.uri="/v2/" 
http.request.useragent="docker/18.03.1-ce go/go1.9.5 git-commit/9ee9f40 kernel/4.9.0-6-amd64 os/linux arch/amd64 
UpstreamClient(Docker-Client/18.03.1-ce \\(linux\\))" instance.id=1024a4ad-7a80-49c9-92c6-77cbcff85bf6 service=registry version=v2.6.2-2-g91c17ef
Run Code Online (Sandbox Code Playgroud)

kwi*_*kel 4

所以,我自己找到了答案。

诀窍是

  • 将外部 url 设置为https://
  • 将综合 nginx 端口设置为 80
  • 禁用综合 https

docker 撰写文件/综合配置

external_url 'https://${GITLAB_DOMAIN}'
nginx['listen_port'] = '80'
nginx['listen_https'] = false
Run Code Online (Sandbox Code Playgroud)

并对注册表执行相同的操作...

registry_external_url 'https://registry.${GITLAB_DOMAIN}'
registry_nginx['listen_port'] = '80'
registry_nginx['listen_https'] = false
Run Code Online (Sandbox Code Playgroud)

如需解决方案:请查看https://github.com/kwinkel/Dockerfiles/tree/master/gitlab。也许这对你有帮助:)

归档时间:

查看次数:

4538 次

最近记录:

7 年,3 月 前
相关归档
如何使用多个ssh密钥用于具有相同主机的多个gitlab帐户 17
Docker 上的 Node.js + Puppeteer,没有可用的沙箱 10
Compose 文件 './docker-compose.yml' 无效,因为:不支持的配置选项 9
AWS sagemaker错误-AttributeError:“NoneType”对象没有属性“startswith” 7
如何关闭 docker 容器内的主机 (ubuntu) 7
Docker 桌面 - kubernetes 无法启动 7
Docker容器只能使用--net = host访问Internet 6
如何使用 Pytest 测试 dockerized Flask 应用程序? 6
启动自定义 Airflow Docker 映像 GROUP_OR_COMMAND 时出错 6
无法运行从 ISO 创建的 docker 映像 5
难疑归档
从脚本本身获取Bash脚本的源目录 4672
使用Git将我的最后一次X提交压缩在一起 3294
PHP:从数组中删除元素 2362
什么是NullReferenceException,我该如何解决? 1876
在不应用它的情况下查看存储中的内容 1650
你什么时候应该使用escape而不是encodeURI/encodeURIComponent? 1371
如何遍历C#中的所有枚举值? 1359
如何在PHP中进行重定向? 1201
从不同的文件夹导入文件 1186
如何使用Windows开发机器为iPhone开发? 1161