Question

尝试使用gitlab-runner推送到Gitlab注册表时出现以下错误：

unauthorized: authentication required 
ERROR: Build failed: exit status 1

虽然：

$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN git.COMPANY.com
Login Succeeded

从我的本地环境进行构建和推送工作正常，建议问题与运行器运行的主机（gitlab-ci3）或可能正在使用的用户有关：

$ echo $USER
gitlab-runner

在小组中：

docker:x:999:gitlab-runner
gitlab-runner:x:998:

我已经尝试docker unauthorized: authentication required - upon push with successful login但没有成功。也许gitlab-runner没有root config.json的权限是原因？：

$ cat /root/.docker/config.json
 cat: /root/.docker/config.json: Permission denied

除了解决这个问题之外，如果你能在未来的时间里为我提供如何更好地调试这个错误，那将非常有用。

我正在使用GitLab企业版8.13.1-ee，Docker 1.12.3，gitlab-ci-multi-runner 1.7.1

Gitlab输出：

Running with gitlab-ci-multi-runner 1.7.1 (f896af7)
Using Shell executor...
Running on gitlab-ci3...
Fetching changes...
HEAD is now at cfe0a35 gitlab-ci.yml - testing
Checking out cfe0a356 as master...
$ docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 39
Server Version: 1.12.3
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 30
 Dirperm1 Supported: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: host null overlay bridge
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: apparmor
Kernel Version: 3.13.0-96-generic
Operating System: Ubuntu 14.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.612 GiB
Name: gitlab-ci3
ID: 6QWV:RQFD:4RWJ:D4CF:QN2M:MHKK:TABD:JD3F:3W7R:MCNA:4NHO:26VA
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
Insecure Registries:
 127.0.0.0/8
$ docker-compose rm --all --force
The TESTS variable is not set. Defaulting to a blank string.
--all flag is obsolete. This is now the default behavior of `docker-compose rm`
No stopped containers
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN git.COMPANY.com
Login Succeeded
$ docker build --pull -t $CONTAINER_IMAGE .
Sending build context to Docker daemon 557.1 kB
.
.
.
Sending build context to Docker daemon 18.05 MB


Step 1 : FROM ruby:latest
latest: Pulling from library/ruby
Digest: sha256:21a22bcc774f25c99bf5f27f16f8b4666f4ccbcb457e06f7a7e06a4728ea640b
Status: Image is up to date for ruby:latest
 ---> 45766fabe805
Step 2 : RUN apt-get update && curl -sL https://deb.nodesource.com/setup_5.x | bash - && apt-get install -y git nodejs && rm -rf /var/lib/apt/lists/*
 ---> Using cache
.
.
.
Step 23 : 
 ---> Using cache
 ---> b36460381a03
Successfully built b36460381a03
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN git.COMPANY.com
Login Succeeded
$ echo $USER
gitlab-runner
$ cat ~/.docker/config.json
{
  "auths": {
    "git.COMPANY.com": {
      "auth": "EDW..."
    }
  }

 $ cat /root/.docker/config.json
 cat: /root/.docker/config.json: Permission denied

$ docker push $CONTAINER_IMAGE
The push refers to a repository [git.COMPANY.com:4567/ui/PROJECT]
fc4a22a92ee5: Preparing
.
.
.
149636c85012: Waiting
f96222d75c55: Waiting
unauthorized: authentication required
ERROR: Build failed: exit status 1

.gitlab-ci.yml：

before_script:
  - docker info
stages:
  - build
  - test
variables:
  CONTAINER_IMAGE: git.COMPANY.com:4567/ui/PROJECT:$CI_BUILD_REF_NAME
build:
  tags:
   - spec_work
  stage: build
  script:
      - docker-compose rm --all --force
      - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN git.COMPANY.com
      - docker build --pull -t $CONTAINER_IMAGE .
      - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN git.COMPANY.com
      - echo $USER
      - cat ~/.docker/config.json
      - docker push $CONTAINER_IMAGE
test:
  stage: test
  tags:
    - spec_work
  script:
    - docker-compose rm --all --force
    - docker-compose down
    - docker-compose build
    - docker-compose up --abort-on-container-exit --force-recreate
    - (exit `docker-compose ps | grep 'test' | grep -Po 'Exit (\d+)' | cut -d " " -f 2`)

Docker config.json：

root@gitlab-ci3 (Ubuntu 14.04) ➜  ~ cat .docker/config.json
{
  "auths": {
    "https://git.COMPANY.com": {
      "auth": "EDW..."
    }
  }
}

也尝试过：

{
  "auths": {
    "https://git.COMPANY.com/ui/PROJECT": {
      "auth": "EDW..."
    }
  }
}

Answer 1

来自Docker-in-Docker with Gitlab Shared runner for building and pushing docker images to registry

基于：

- docker version
- docker build -t $CI_REGISTRY_IMAGE:latest .
- docker tag $CI_REGISTRY_IMAGE:latest $CI_REGISTRY_IMAGE:$CI_BUILD_TAG
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
- docker push $CI_REGISTRY_IMAGE:$CI_BUILD_TAG

我用过：

- docker version
- docker build -t $CI_REGISTRY_IMAGE:latest .
- docker tag $CI_REGISTRY_IMAGE:latest $CI_REGISTRY_IMAGE:$CI_BUILD_REF_NAME
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
- docker push $CI_REGISTRY_IMAGE:$CI_BUILD_REF_NAME

在.gitlab-ci.ym的构建部分。

现在推动效果很好。

至于为什么它起作用，我不知道。如果有人知道为什么这个改变解决了这个问题，请评论，我想知道原因。

谢谢！

Answer 2

请检查您的环境变量http_proxy和https_proxy是否与空白不同。另请检查默认的docker配置文件以获取等效参数。

此致

Answer 3

根本原因：

正确：

docker login ... git.COMPANY.com:4567
docker push      git.COMPANY.com:4567/something

正确：

docker login ... git.COMPANY.com
docker push      git.COMPANY.com/something

不正确：

docker login ... git.COMPANY.com
docker push      git.COMPANY.com:4567/something

不同的端口表示不同的注册表。最初使用的错误登录名没有存储可用于推送的凭据。

由于“未经授权：需要身份验证”，使用gitlab，docker push失败

3 个答案: