Open Sokwva opened 1 week ago
感觉应该是你写的密码错了,你直接可以试一下这个命令,可以直接把镜像推送到我部署的公共的镜像仓库中:
# 拉取
ctr --debug i pull sigma.tosone.cn/library/alpine:3.18.0-multiarch -u sigma:Admin@123
# 推送
ctr i tag docker.io/anoxis/registry-cli:latest sigma.tosone.cn/library/registry-cli:latest
ctr i push sigma.tosone.cn/library/registry-cli:latest -u sigma:Admin@123
或者可以看看 sigma 的日志。
localhost:~# ctr --debug i pull sigma.tosone.cn/library/alpine:3.18.0-multiarch -u admin:Admin@123
DEBU[0000] fetching image="sigma.tosone.cn/library/alpine:3.18.0-multiarch"
DEBU[0000] resolving host=sigma.tosone.cn
DEBU[0000] do request host=sigma.tosone.cn request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" request.header.user-agent=containerd/v1.7.15-k3s1 request.method=HEAD url="https://sigma.tosone.cn/v2/library/alpine/manifests/3.18.0-multiarch"
DEBU[0001] fetch response received host=sigma.tosone.cn response.header.content-length=251 response.header.content-type="application/json; charset=UTF-8" response.header.date="Sat, 22 Jun 2024 01:46:32 GMT" response.header.vary=Accept-Encoding response.header.vary.1=Origin response.header.www-authenticate="Bearer realm=\"https://sigma.tosone.cn/api/v1/tokens\",service=\"sigma\"" response.status="401 Unauthorized" url="https://sigma.tosone.cn/v2/library/alpine/manifests/3.18.0-multiarch"
DEBU[0001] Unauthorized header="Bearer realm=\"https://sigma.tosone.cn/api/v1/tokens\",service=\"sigma\"" host=sigma.tosone.cn
DEBU[0001] no scope specified for token auth challenge host=sigma.tosone.cn
DEBU[0001] do request host=sigma.tosone.cn request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" request.header.user-agent=containerd/v1.7.15-k3s1 request.method=HEAD url="https://sigma.tosone.cn/v2/library/alpine/manifests/3.18.0-multiarch"
INFO[0001] trying next host error="failed to authorize: failed to fetch oauth token: unexpected status from GET request to https://sigma.tosone.cn/api/v1/tokens?scope=repository%3Alibrary%2Falpine%3Apull&service=sigma: 401 Unauthorized" host=sigma.tosone.cn
ctr: failed to resolve reference "sigma.tosone.cn/library/alpine:3.18.0-multiarch": failed to authorize: failed to fetch oauth token: unexpected status from GET request to https://sigma.tosone.cn/api/v1/tokens?scope=repository%3Alibrary%2Falpine%3Apull&service=sigma: 401 Unauthorized
localhost:~#
问题类似,有没有可能是k3s的ctr的实现问题,我这个节点用的是k3s,不是原版的ctr
localhost:~# ls -lh /usr/local/bin/ctr
lrwxrwxrwx 1 root root 3 Oct 7 2023 /usr/local/bin/ctr -> k3s
我创建了一个 k3s 的单节点集群在 docker 里:
k3d cluster create
docker ps -a
# CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
# 3f9cec7d0255 ghcr.io/k3d-io/k3d-tools:5.6.3 "/app/k3d-tools noop" 3 minutes ago Up 3 minutes k3d-k3s-default-tools
# 266c42cb3335 ghcr.io/k3d-io/k3d-proxy:5.6.3 "/bin/sh -c nginx-pr…" 3 minutes ago Up 3 minutes 80/tcp, 0.0.0.0:54012->6443/tcp k3d-k3s-default-serverlb
# 78941d19cccb rancher/k3s:v1.28.8-k3s1 "/bin/k3d-entrypoint…" 3 minutes ago Up 3 minutes k3d-k3s-default-server-0
docker exec -it 78941d19cccb sh
ctr --debug i pull sigma.tosone.cn/library/alpine:3.18.0-multiarch -u sigma:Admin@123
ctr version
# Client:
# Version: v1.7.11-k3s2
# Revision:
# Go version: go1.21.8
# Server:
# Version: v1.7.11-k3s2
# Revision:
# UUID: afeb939d-5704-4bb0-9ef6-969919822388
讲道理 ctr 的实现应该没问题。
拉取没问题,推送的时候就出现HTTP 500错误了
localhost:~# ctr i push sigma.tosone.cn/library/alpine:3.16 --platform linux/amd64 -u sigma:Admin@123
manifest-sha256:7c6e5d0d2629587d81f812992ec08f9cbe1590e1f2571acec6b7335acb812717: waiting |--------------------------------------|
config-sha256:991df4fb1ba927766c95fbb84a24086a70256ffbfc767cebce9825e731f447a0: waiting |--------------------------------------|
elapsed: 0.9 s total: 0.0 B (0.0 B/s)
ctr: unexpected status from HEAD request to https://sigma.tosone.cn/v2/library/alpine/blobs/sha256:991df4fb1ba927766c95fbb84a24086a70256ffbfc767cebce9825e731f447a0: 500 Internal Server Error
localhost:~# ctr --debug i push sigma.tosone.cn/library/alpine:3.16 --platform linux/amd64 -u sigma:Admin@123
DEBU[0000] pushing digest="sha256:7c6e5d0d2629587d81f812992ec08f9cbe1590e1f2571acec6b7335acb812717" image="sigma.tosone.cn/library/alpine:3.16"
DEBU[0000] push digest="sha256:8bc1ab4b84041d57f21a792410a00820f73fda7efe08bcd2ca6245349a40299d" mediatype=application/vnd.docker.image.rootfs.diff.tar.gzip size=2721527
DEBU[0000] checking and pushing to digest="sha256:8bc1ab4b84041d57f21a792410a00820f73fda7efe08bcd2ca6245349a40299d" mediatype=application/vnd.docker.image.rootfs.diff.tar.gzip size=2721527 url="https://sigma.tosone.cn/v2/library/alpine/blobs/sha256:8bc1ab4b84041d57f21a792410a00820f73fda7efe08bcd2ca6245349a40299d"
DEBU[0000] do request digest="sha256:8bc1ab4b84041d57f21a792410a00820f73fda7efe08bcd2ca6245349a40299d" mediatype=application/vnd.docker.image.rootfs.diff.tar.gzip request.header.accept="application/vnd.docker.image.rootfs.diff.tar.gzip, */*" request.header.user-agent=containerd/v1.7.15-k3s1 request.method=HEAD size=2721527 url="https://sigma.tosone.cn/v2/library/alpine/blobs/sha256:8bc1ab4b84041d57f21a792410a00820f73fda7efe08bcd2ca6245349a40299d"
DEBU[0000] push digest="sha256:991df4fb1ba927766c95fbb84a24086a70256ffbfc767cebce9825e731f447a0" mediatype=application/vnd.docker.container.image.v1+json size=1487
DEBU[0000] checking and pushing to digest="sha256:991df4fb1ba927766c95fbb84a24086a70256ffbfc767cebce9825e731f447a0" mediatype=application/vnd.docker.container.image.v1+json size=1487 url="https://sigma.tosone.cn/v2/library/alpine/blobs/sha256:991df4fb1ba927766c95fbb84a24086a70256ffbfc767cebce9825e731f447a0"
DEBU[0000] do request digest="sha256:991df4fb1ba927766c95fbb84a24086a70256ffbfc767cebce9825e731f447a0" mediatype=application/vnd.docker.container.image.v1+json request.header.accept="application/vnd.docker.container.image.v1+json, */*" request.header.user-agent=containerd/v1.7.15-k3s1 request.method=HEAD size=1487 url="https://sigma.tosone.cn/v2/library/alpine/blobs/sha256:991df4fb1ba927766c95fbb84a24086a70256ffbfc767cebce9825e731f447a0"
DEBU[0000] fetch response received digest="sha256:8bc1ab4b84041d57f21a792410a00820f73fda7efe08bcd2ca6245349a40299d" mediatype=application/vnd.docker.image.rootfs.diff.tar.gzip response.header.content-length=251 response.header.content-type="application/json; charset=UTF-8" response.header.date="Sun, 23 Jun 2024 04:58:37 GMT" response.header.vary=Accept-Encoding response.header.vary.1=Origin response.header.www-authenticate="Bearer realm=\"https://sigma.tosone.cn/api/v1/tokens\",service=\"sigma\"" response.status="401 Unauthorized" size=2721527 url="https://sigma.tosone.cn/v2/library/alpine/blobs/sha256:8bc1ab4b84041d57f21a792410a00820f73fda7efe08bcd2ca6245349a40299d"
DEBU[0000] Unauthorized digest="sha256:8bc1ab4b84041d57f21a792410a00820f73fda7efe08bcd2ca6245349a40299d" header="Bearer realm=\"https://sigma.tosone.cn/api/v1/tokens\",service=\"sigma\"" mediatype=application/vnd.docker.image.rootfs.diff.tar.gzip size=2721527
DEBU[0000] no scope specified for token auth challenge digest="sha256:8bc1ab4b84041d57f21a792410a00820f73fda7efe08bcd2ca6245349a40299d" host=sigma.tosone.cn mediatype=application/vnd.docker.image.rootfs.diff.tar.gzip size=2721527
DEBU[0000] do request digest="sha256:8bc1ab4b84041d57f21a792410a00820f73fda7efe08bcd2ca6245349a40299d" mediatype=application/vnd.docker.image.rootfs.diff.tar.gzip request.header.accept="application/vnd.docker.image.rootfs.diff.tar.gzip, */*" request.header.user-agent=containerd/v1.7.15-k3s1 request.method=HEAD size=2721527 url="https://sigma.tosone.cn/v2/library/alpine/blobs/sha256:8bc1ab4b84041d57f21a792410a00820f73fda7efe08bcd2ca6245349a40299d"
DEBU[0000] fetch response received digest="sha256:991df4fb1ba927766c95fbb84a24086a70256ffbfc767cebce9825e731f447a0" mediatype=application/vnd.docker.container.image.v1+json response.header.content-length=251 response.header.content-type="application/json; charset=UTF-8" response.header.date="Sun, 23 Jun 2024 04:58:38 GMT" response.header.vary=Accept-Encoding response.header.vary.1=Origin response.header.www-authenticate="Bearer realm=\"https://sigma.tosone.cn/api/v1/tokens\",service=\"sigma\"" response.status="401 Unauthorized" size=1487 url="https://sigma.tosone.cn/v2/library/alpine/blobs/sha256:991df4fb1ba927766c95fbb84a24086a70256ffbfc767cebce9825e731f447a0"
DEBU[0000] Unauthorized digest="sha256:991df4fb1ba927766c95fbb84a24086a70256ffbfc767cebce9825e731f447a0" header="Bearer realm=\"https://sigma.tosone.cn/api/v1/tokens\",service=\"sigma\"" mediatype=application/vnd.docker.container.image.v1+json size=1487
DEBU[0000] do request digest="sha256:991df4fb1ba927766c95fbb84a24086a70256ffbfc767cebce9825e731f447a0" mediatype=application/vnd.docker.container.image.v1+json request.header.accept="application/vnd.docker.container.image.v1+json, */*" request.header.user-agent=containerd/v1.7.15-k3s1 request.method=HEAD size=1487 url="https://sigma.tosone.cn/v2/library/alpine/blobs/sha256:991df4fb1ba927766c95fbb84a24086a70256ffbfc767cebce9825e731f447a0"
DEBU[0001] fetch response received digest="sha256:8bc1ab4b84041d57f21a792410a00820f73fda7efe08bcd2ca6245349a40299d" mediatype=application/vnd.docker.image.rootfs.diff.tar.gzip response.header.content-length=2721527 response.header.date="Sun, 23 Jun 2024 04:58:38 GMT" response.header.docker-content-digest="sha256:8bc1ab4b84041d57f21a792410a00820f73fda7efe08bcd2ca6245349a40299d" response.header.docker-distribution-api-version=registry/2.0 response.header.vary=Accept-Encoding response.header.vary.1=Origin response.status="200 OK" size=2721527 url="https://sigma.tosone.cn/v2/library/alpine/blobs/sha256:8bc1ab4b84041d57f21a792410a00820f73fda7efe08bcd2ca6245349a40299d"
DEBU[0001] fetch response received digest="sha256:991df4fb1ba927766c95fbb84a24086a70256ffbfc767cebce9825e731f447a0" mediatype=application/vnd.docker.container.image.v1+json response.header.content-length=1487 response.header.date="Sun, 23 Jun 2024 04:58:38 GMT" response.header.docker-content-digest="sha256:991df4fb1ba927766c95fbb84a24086a70256ffbfc767cebce9825e731f447a0" response.header.docker-distribution-api-version=registry/2.0 response.header.vary=Accept-Encoding response.header.vary.1=Origin response.status="200 OK" size=1487 url="https://sigma.tosone.cn/v2/library/alpine/blobs/sha256:991df4fb1ba927766c95fbb84a24086a70256ffbfc767cebce9825e731f447a0"
DEBU[0001] push digest="sha256:7c6e5d0d2629587d81f812992ec08f9cbe1590e1f2571acec6b7335acb812717" mediatype=application/vnd.docker.distribution.manifest.v2+json size=528
DEBU[0001] checking and pushing to digest="sha256:7c6e5d0d2629587d81f812992ec08f9cbe1590e1f2571acec6b7335acb812717" mediatype=application/vnd.docker.distribution.manifest.v2+json size=528 url="https://sigma.tosone.cn/v2/library/alpine/manifests/3.16"
DEBU[0001] do request digest="sha256:7c6e5d0d2629587d81f812992ec08f9cbe1590e1f2571acec6b7335acb812717" mediatype=application/vnd.docker.distribution.manifest.v2+json request.header.accept="application/vnd.docker.distribution.manifest.v2+json, */*" request.header.user-agent=containerd/v1.7.15-k3s1 request.method=HEAD size=528 url="https://sigma.tosone.cn/v2/library/alpine/manifests/3.16"
DEBU[0001] fetch response received digest="sha256:7c6e5d0d2629587d81f812992ec08f9cbe1590e1f2571acec6b7335acb812717" mediatype=application/vnd.docker.distribution.manifest.v2+json response.header.content-length=528 response.header.content-type=application/vnd.docker.distribution.manifest.v2+json response.header.date="Sun, 23 Jun 2024 04:58:38 GMT" response.header.docker-content-digest="sha256:4bdb4ac63839546daabfe0a267a363b3effa17ce02ac5f42d222174484c5686c" response.header.docker-distribution-api-version=registry/2.0 response.header.vary=Accept-Encoding response.header.vary.1=Origin response.status="200 OK" size=528 url="https://sigma.tosone.cn/v2/library/alpine/manifests/3.16"
DEBU[0001] do request digest="sha256:7c6e5d0d2629587d81f812992ec08f9cbe1590e1f2571acec6b7335acb812717" mediatype=application/vnd.docker.distribution.manifest.v2+json request.header.content-type=application/vnd.docker.distribution.manifest.v2+json request.header.user-agent=containerd/v1.7.15-k3s1 request.method=PUT size=528 url="https://sigma.tosone.cn/v2/library/alpine/manifests/3.16"
DEBU[0001] fetch response received digest="sha256:7c6e5d0d2629587d81f812992ec08f9cbe1590e1f2571acec6b7335acb812717" mediatype=application/vnd.docker.distribution.manifest.v2+json response.header.content-length=0 response.header.date="Sun, 23 Jun 2024 04:58:38 GMT" response.header.docker-content-digest="sha256:7c6e5d0d2629587d81f812992ec08f9cbe1590e1f2571acec6b7335acb812717" response.header.docker-distribution-api-version=registry/2.0 response.header.vary=Accept-Encoding response.header.vary.1=Origin response.status="201 Created" size=528 url="https://sigma.tosone.cn/v2/library/alpine/manifests/3.16"
虽然第一次推送报错,但是我去网页上面看好像推上去了,没头绪了,我等下创一个新的sigma的实例试试,莫非是之前的数据库有问题。
😢重新创建一个除了配置文件与之前实例一样的新实例之后,docker push就直接报denied: requested access to the resource is denied了
curl -I -u "sigma:Admin@123" https://sigma.tosone.cn/v2/library/buildpack-deps/blobs/sha256:54b39e5dfff806e4ea2d441b57002854ca0e0258e64be7afea72f21a9564ef51 -v
有可能之前的版本对于类似这种 HEAD 请求没有正确返回 404,目前在 sigma.tosone.cn 上已经会正确返回 404,应该新版本没有这个问题。
😢重新创建一个除了配置文件与之前实例一样的新实例之后,docker push就直接报denied: requested access to the resource is denied了
这个错误是鉴权没有通过。
containerd cli:ctr v1.7.15-k3s1