harbur / captain

Captain - Convert your Git workflow to Docker :whale: containers
MIT License
767 stars 51 forks source link

Authentication issues when building images #76

Open dlozano opened 6 years ago

dlozano commented 6 years ago

When we build via captain there is some issue with authentication, I am not sure if could be related with the dockerclient version used by captain.

$ captain build  --debug
[CAPTAIN] Building image xxxx.dkr.ecr.eu-west-1.amazonaws.com/subscriber:latest
Step 1 : FROM xxxx.dkr.ecr.eu-west-1.amazonaws.com/parent-ruby:2.1.10
Pulling repository xxxx.dkr.ecr.eu-west-1.amazonaws.com/parent-ruby
unauthorized: authentication requiredjenkins@jnlp-slave-th90m:~/workspace/-4164-
$ docker build .
Sending build context to Docker daemon  55.81kB
Step 1 : FROM xxxx.dkr.ecr.eu-west-1.amazonaws.com/parent-ruby:2.4.2
2.1.10: Pulling from parent-ruby
9f0706ba7422: Already exists
d3942a742d22: Already exists
62b1123c88f6: Already exists
2dac6294ef18: Already exists
91f54956d729: Already exists
381da3717f58: Already exists
8788aa3dc6de: Already exists
b86c57913e5c: Already exists
be639df8fd66: Downloading [=====================================>             ]  2.528MB/3.392MB
6863531cb3df: Download complete
8c8b2a0367bb: Download complete

We are using amazon-ecr-credential-helper for authentication and we're not using custom config (https://github.com/fsouza/go-dockerclient/blob/master/auth.go#L76), just AWS IAM instance policies to handle auth.

dkapanidis commented 6 years ago

Release v1.1.2 is out with new go-dockerclient. Can you check this solves the issue?

dlozano commented 6 years ago

Seems it doesn't

jenkins@jnlp-slave-lw5hm:~/workspace/-4164-continuous-deployment-$ captain version
v1.1.2
jenkins@jnlp-slave-lw5hm:~/workspace/-4164-continuous-deployment-$ captain build
[CAPTAIN] Building image xxxx.dkr.ecr.eu-west-1.amazonaws.com/subscriber:latest
Step 1 : FROM xxxx.dkr.ecr.eu-west-1.amazonaws.com/parent-ruby:2.1.10
Pulling repository xxxx.dkr.ecr.eu-west-1.amazonaws.com/parent-ruby
unauthorized: authentication required
jenkins@jnlp-slave-lw5hm:~/workspace/-4164-continuous-deployment-$ docker build .
Sending build context to Docker daemon  55.81kB
Step 1 : FROM xxxx.dkr.ecr.eu-west-1.amazonaws.com/parent-ruby:2.1.10
2.1.10: Pulling from parent-ruby
Digest: sha256:6fb81ad49efa13a9265638a5f7746f97a542868e9e4a63ff292b344c3faf726f
Status: Downloaded newer image for xxxx.dkr.ecr.eu-west-1.amazonaws.com/parent-ruby:2.1.10
 ---> 63c836c2161c
...
Successfully built c1821c1e8cd3
dlozano commented 6 years ago

Thanks for the lightning fast answer. More info about our environment if it may help. We're building this images from a container with a kind of docker-on-docker config were we use the host engine docker (shared /run/docker.sock)

jenkins@jnlp-slave-v6rdz:~$ docker --version
Docker version 17.07.0-ce, build 8784753
jenkins@jnlp-slave-v6rdz:~$ captain version
v1.1.2
jenkins@jnlp-slave-v6rdz:~$ docker info
Containers: 75
 Running: 45
 Paused: 0
 Stopped: 30
Images: 332
Server Version: 1.12.6
Storage Driver: overlay
 Backing Filesystem: extfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: null host bridge overlay
 Log:
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary:
containerd version:
runc version:
init version:
Kernel Version: 4.4.65-k8s
Operating System: Debian GNU/Linux 8 (jessie)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 7.799GiB
Name: ip-10-0-34-186
ID: 6xxxxVRS
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support
WARNING: No kernel memory limit support
mikim83 commented 5 years ago

I think this is still open. Did you find a workaround? Thanks!