Closed pmeinhardt closed 4 years ago
Not quite sure how to go about coveralls failing here. 🤷♂ I could add a test for some other random part of the code, but that wouldn't really fit into this PR. 🤔
I can't test (happy Linux user), waiting for feedback from Mac users...
Maybe @aermakov-zalando could cross-check this against a current version of Docker for Mac, since they opened the original PR introducing the setting of "credHelpers"?
Cheers 🙂
No, that still doesn't work if the "Securely store Docker logins in macOS keychain" is checked (which is enabled by default):
$ pierone login
Getting OAuth2 token "pierone".. OK
Storing Docker client configuration in /Users/aermakov/.docker/config.json.. OK
$ docker pull pierone.stups.zalan.do/teapot/k8s-on-aws-manager:master-31
Error response from daemon: Get https://pierone.stups.zalan.do/v2/teapot/k8s-on-aws-manager/manifests/master-31: no basic auth credentials
Also, I'm running 2.1.0.5 as well and I haven't experienced any issues. What doesn't work for you?
Also, I'm running 2.1.0.5 as well and I haven't experienced any issues. What doesn't work for you?
Trying to pull an image form the registry after running pierone login
gives me:
docker-credential- not installed or not available in PATH
Apparently Docker pieces together the name for the helper command and expects something like "desktop" or "osxkeychain" for the "credHelpers" and can't handle the empty string (see https://docs.docker.com/engine/reference/commandline/login/#credential-helpers).
Several other people form my current project team have run into the same issue.
So far we've usually removed the "credHelpers" entry that pierone login
adds manually to resolve the issue, but somehow our setups must be different?
🤔
How do you pull the image? docker pull
?
How do you pull the image?
docker pull
?
Yes. Both docker pull
and docker-compose pull
have been failing for me in the past. I'll see whether I can do some more digging some time this week to try and narrow it down further (see what other things in the environment etc. might be affecting Docker's behavior).
Thanks for the quick feedback already ✌️
Okay, here's a quick update. A colleague just ran into this issue again (and removing the empty entry fixed it for her).
She got:
Traceback (most recent call last):
File "docker-compose", line 6, in <module>
File "compose/cli/main.py", line 71, in main
File "compose/cli/main.py", line 127, in perform_command
File "compose/cli/main.py", line 1085, in up
File "compose/cli/main.py", line 1081, in up
File "compose/project.py", line 527, in up
File "compose/service.py", line 344, in ensure_image_exists
File "compose/service.py", line 1084, in build
File "site-packages/docker/api/build.py", line 260, in build
File "site-packages/docker/api/build.py", line 307, in _set_auth_headers
File "site-packages/docker/auth.py", line 310, in get_all_credentials
File "site-packages/docker/auth.py", line 262, in _resolve_authconfig_credstore
File "site-packages/docker/auth.py", line 287, in _get_store_instance
File "site-packages/dockerpycreds/store.py", line 25, in __init__
dockerpycreds.errors.InitializationError: docker-credential- not installed or not available in PATH
Which corresponds to this check here: https://github.com/shin-/dockerpy-creds/blob/0.4.0/dockerpycreds/store.py#L23-L27
So I am wondering whether this might actually be a difference between the docker
CLI (written in Go) and docker-compose
(written in Python)? 🤔
Thanks! I'll have another look, I think there's a way to fix it properly. Sorry about the bad experience!
Thanks! I'll have another look, I think there's a way to fix it properly. Sorry about the bad experience!
Hey, no worries at all. ✌️ Thanks a lot for taking the time and looking into it. 💚
Should be fixed by #93. You also won't need to run pierone login
every hour anymore.
I've tested with docker-compose
as well, but please open an issue if it doesn't work on your machine.
Sounds great @aermakov-zalando. Thank you! ❤️
Setting the "credHelpers" setting to an empty string breaks authentication for the current version of Docker for Mac – 2.1.0.5 (40693).
Since this setting of the "credHelpers" for the "pierone" domain was originally introduced to fix authentication specifically for Docker on Mac (see tag 1.1.41), it looks like it is safe to remove it again.
For context, here's the PR that introduced the
"credHelpers"
modification in the first place: https://github.com/zalando-stups/pierone-cli/pull/82I tested with the current Docker for Mac app and it works for me™️ ✌️