ECR repo configuration requires username password #1078
Comments
|
I think you can put a bit more effort into explaining what you did and what isn't working. What's in the plugin specific log file? How is your EC$ configured? |
|
Hi @chadlwilson thanks for your help ! in server log nothing particular... : The error mentioned in plugin-cd.go.artifact.docker.registry.log is too old, not linked here... in agent log : about my configuration what can i tell... hum ... the endpoint to amazonaws is more like : also my pipeline config : |
|
First, make sure you are on the latest version of the plugin, and let me know your GoCD version. The plugin does the equivalent of what is documented at https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html#registry_auth_http to get a token to be used with HTTP authentication. You could check yourself that you can correctly use your AWS access key to talk to the ECR endpoint using HTTP authentication. However after quickly scanning through the code, I am not convinced the plugin works correctly when configured for ECR when determining the registry URL. This may sound a bit weird, but can you try switching to "others", entering your registry URL in the field there (leave username/pass blank), then switch back to ECR and save? And then try with that? |
|
seems better in log, now, he see the endpoint : i also checked my AK/SK and should be good : Note : Artifact plugin for docker Version 1.4.0-719 |
|
I think you may be missing the After getting the token, you could try the |
|
the curl work perfectly but build still failed : curl -i -H "Authorization: Basic $TOKEN" https://12345678912.dkr.ecr.eu-west-1.amazonaws.com/v2/test-app/tags/list HTTP/1.1 200 OK {"name":"test-app","tags":[]} [cd.go.artifact.docker.registry] Pushing docker image |
|
What's happens if the URL matches exactly? With the V2? Anyway, I honestly don't know. Clearly this plugin has some problems with ECR and itd need some detailed debugging to figure out what's going on. Its not a plugin that is commonly used with normal docker registries either so it probably hasn't had much love. If you're not able to go deeper to debug the problem it might be worth stepping back and thinking about whether you need to use a docker artifact plugin for your use case, rather than just using basic docker or aws CLI commands to pull and push mages. |
|
Very sad that plugin is not maintained ... I touch a start of solution : aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin 12345678912.dkr.ecr.eu-west-1.amazonaws.com AWS seems a common username, i don't know why but ok -> Login Succeeded Do you think that someone will fix this point ? |
|
Unfortunately the above doesn't tell us the problem of or confirm the command line is doing the same thing as the plugin. As I said, it needs more detailed debugging by turning on plugin debug logging, digging into the Spotify docker client behaviour and making sure it is sending the right thing to the right endpoint. I don't have time/energy to do this as I've never heard from anyone using this plugin with ECR, don't have an existing AWS account with ECR available etc, so doesn't seem worth my effort. I am happy to merge PRs if people get to the bottom of a problem and have an idea of how to fix it or make it easy for me to replicate. But I'm personally not going to do first principles investigations for cloud provider integrations as that costs time, energy and money and funding that I don't have. People who work for companies that use these tools (for free) do tend to have those resources, I need for them to use them 😃 |
|
ok i followed instructions here to activate debug log (on server and agent...) : https://github.com/gocd/docker-registry-artifact-plugin?tab=readme-ov-file#enable-debug-logs i didn't see big effect, i am waiting to see "DEBUG" message in log but except this error, nothing more : |
|
Youd need to look in the plugin specific log file |
|
i confirm that debug mode is well enabled :
but nothing more in log always the same error : i am not java developer but... is it here where plugin handle authentication https://github.com/gocd/docker-registry-artifact-plugin/blob/master/src/main/java/cd/go/artifact/docker/registry/RegistryAuthSupplierChain.java ? may be line 33 / 34 the content of payload is not like the plugin wait.. i mean a list ["username", "password"] it will be interesting to have here a debug message to see value in username and password ! |
|
That still doesn't look like it's from the correct log file ( |
|
yes i ensure you ^^ root@fobar:/var/log/go-agent# cat plugin-cd.go.artifact.docker.registry.log i am ready to open a new ticket for bug with log file / debug mode not working... if you want ;) Edit : i add a suggestion, if possible, to provide me a jar with log.INFO everywhere it's necessary i am ready to test ... i will do myself but as i said i am not java developer i don''t know how to compile your extension... |
Hi every one !
All is in the title, for more detail :
[go] The plugin sent a response that could not be understood by Go. Plugin returned with code '500' and the following response: 'Failed to publish Artifact[id=my-registry, storeId=my-registry, artifactPlanConfig={"Image":"test-nginx","Tag":"latest"}]: java.lang.RuntimeException: unauthorized: incorrect username or password'
RegistryType : ecr
RegistryURL : (Not specified)
RegistryID : 12345678912
AWSAccessKeyId : ****
AWSSecretAccessKey: ****
AWSRegion : eu-west-1
Username : (Not specified)
Password : (Not specified)
The text was updated successfully, but these errors were encountered: