bahamat
commented
1 year ago Do you have any references where I can read more about this change?
Closed gaige closed 1 year ago
bahamat
commented
1 year ago Do you have any references where I can read more about this change?
gaige
commented
1 year ago My apologies. This may be a different problem.
I was inferring the issue based on a number of data points:
nginx, busybox, gitlab-eeyuzutech/kroki, curlimages/curlThe latter resulting in:
imgadm import: error (ActiveImageNotFound): an active image "curlimages/curl:8.1.0" was not found in image sourcesI had no problems with these on systems that were authenticated. However, when I logged out on those same systems, they seem to be able to access just fine.
I haven't found a way to get more diagnostics out of the failure, so I'm at a bit of a loss here. With that said, I had previously been able to imgadm install yuzutech/kroki on multiple machines, but I cannot any longer.
gaige
commented
1 year ago @bahamat Ok, I've now gotten a bunch further with figuring this out. The problem appears to be manifests for OCI-type manifests:
{"name":"imgadm","req_id":"9f8ae8c3-be72-49c7-bef3-3f517bf97572","hostname":"zim","pid":10013,"component":"source","source":{"type":"docker"},"level":10,"body":"{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"OCI index found, but accept header does not support OCI indexes\"}]}\n","len":117,"msg":"body received","time":"2023-05-28T10:34:36.458Z","src":{"file":"/usr/img/node_modules/docker-registry-client/lib/docker-json-client.js","line":96,"func":"finish"},"v":0}I'm going to close this ticket and open an issue against https://github.com/TritonDataCenter/node-docker-registry-client since that appears to be more appropriate.
gaige
commented
1 year ago
With the recent moves by docker.io to reduce availability of images without authenticated access, I've found that some docker images are no longer able to be pulled from docker hub without authentication. Unfortunately, it doesn't use basic auth, so just using an authenticated URL isn't sufficient.
It's possible to use a proxy which does the authentication (or to mirror the images manually), but authenticating in the imgadm daemon would be more straighforward and generally useful for new docker users on smartos.