search

pterodactyl / panel

Pterodactyl® is a free, open-source game server management panel built with PHP, React, and Go. Designed with security in mind, Pterodactyl runs all game servers in isolated Docker containers while exposing a beautiful and intuitive UI to end users.
https://pterodactyl.io
Other
6.74k stars 1.72k forks source link

[Wings] Can't use private docker registry with authentication for installation containers #2589

Closed Mintux closed 3 years ago

Mintux commented 4 years ago

Background (please complete the following information):

Describe the bug Using a private image for the installation container fails when it requires authentication. Seems like Wings only accepts the private authenticated images for the gameserver container itself, not for installation scripts.

If you use a private image with correct authentication in the installation script area of your egg, the install process from a new server aborts with this message:

ERROR: [Oct 24 02:17:07.870] failed to run install process for server error=failed to pull updated installation container image for server: Error response from daemon: Get https://registry.domain.tld/v2/redacted/development/gameserver/images/manifests/debian_base: denied: access forbidden server=00b733f6-f72b-4d17-9dab-82fb4fe7b41c

I can confirm that the authentication area in the config.yml is correct, since the Daemon can pull images for the gameserver container itself, but not for installation containers.

To Reproduce Steps to reproduce the behavior:

  1. Go to your custom egg configuration and use a private docker image for the installation container 1.2. For example: registry.domain.tld/redacted/development/gameserver/images:debian_base
  2. Try to install a new server
  3. See error in wings log

Expected behavior Private docker images should also be available for installation containers.

rxdn commented 3 years ago

Pterodactyl won't use the Docker credentials from ~/.docker/config.json: You need to provide them in your /etc/pterodactyl/config.yml like so:

...
docker:
  ...
  registries:
    registry.example.com:
      username: username_here
      password: password_here
...
Mintux commented 3 years ago

@rxdn That was already done. As described in the issue description this is only working for server containers but not for the image used as installation container.

rxdn commented 3 years ago

Didn't fully read the issue, my apologies

matthewpi commented 3 years ago

I think that we should continue with installation even if the image fails to pull as long as it exists locally (the same behavior that starting a server has).

Maelep commented 3 years ago

Is this issue solved? Because I tried:

registries:
  registry.hub.docker.com:
    username: myUsername
    password: myToken

but it doesn't pull the image.

rostov114 commented 5 months ago

I will answer myself and others

If you use a docker image like this in your egg username/repository:tag

That is, standard Docker repositories.

Then your registry should look like

  registries:
    username/repository:
      username: myUsername
      password: myPassword
danir-de commented 5 months ago

For anybody searching for this, there is new documentation now: https://pterodactyl.io/wings/1.0/configuration.html#private-registries

Use the following syntax for every nodes' wings config:

  registries:
    registry.example.com:
      username: "registryusername"
      password: "registrypassword"

You don't need to insert your username in the repositorys name here!

The docker image path inside the egg should then look like this: SteamRT3|repository.domain.com/group/repo:tag