Cannot pull docker image from private registry

[samber]

Hi guys,

I am trying to run a private docker image hosted on the docker hub.

My nomad client starts with:

advertise {
        http = "1.2.3.4:4646"
        rpc = "1.2.3.4:4647"
        serf = "1.2.3.4:4648"
}
client {
  options = {
    "docker.auth.config" = "/root/.docker/config.json"
  }
}

and

/usr/local/bin/nomad agent -client \
            -config=/etc/nomad/nomad-client.conf \
            -data-dir=/data/nomad \
            -region=${NOMAD_REGION} -dc=${NOMAD_DATACENTER} \
            -bind=0.0.0.0 \
            -node=${CONSUL_NODE_NAME} \
            -node-class=${NODE_CLASS}

and /root/.docker/config:

{
	"auths": {
		"https://index.docker.io/v1/": {
			"auth": "very-secret-token"
		}
	}
}

I run the job with the following config:

...
                        driver = "docker"
                        config {
                                image = "docker.io/iadvize/proxysql:1.3"
                                ssl = true
                                auth { server_address = "https://index.docker.io/v1/" }
                        }
...

Nomad logs display:

Nov 17 15:56:57 ip-10-42-1-98 nomad[1170]: 2016/11/17 15:56:57.413265 [ERR] driver.docker: failed pulling container index.docker.io/iadvize/proxysql:1.3: Error: image iadvize/proxysql:1.3 not found
Nov 17 15:56:57 ip-10-42-1-98 nomad[1170]: 2016/11/17 15:56:57.413352 [INFO] client: failed to start task 'proxysql' for alloc 'f16b3e3d-d07f-3ddd-185a-b125e1a392d9': Failed to pull `index.docker.io/iadvize/proxysql:1.3`: Error: image iadvize/proxysql:1.3 not found
Nov 17 15:56:57 ip-10-42-1-98 nomad[1170]: 2016/11/17 15:56:57.413635 [INFO] client: Not restarting task: proxysql for alloc: f16b3e3d-d07f-3ddd-185a-b125e1a392d9

Do you see what's wrong ?

I would avoid setting credentials from the job ("auth" field).

[dadgar]

Hey what version of Nomad are you using and is this Docker for Mac or Linux?

[samber]

I am using Docker 1.12 on Linux, with Nomad 0.5.0 ;)

[samber]

I can successfully docker pull docker.io/iadvize/proxysql:1.3 on the host.

[jippi]

@samber

I'm using quay.io and it works for me - our setup is like this:

  config {
        image        = "quay.io/$USER/$REPO"

        auth {
          username = "xxx"
          password = "yyy"
        }
      }

i initially thought I needed the server_address and ssl part, but it just worked out of the box for me

[samber]

Yes, it also works for me, but writing the docker hub credentials from the auth field is not secured enough.
My jobs files are in each service repository. I don't want to make it visible, to the rest of the company.

I read in another issue that server_address and ssl would be needed when using the dockercfg file.

[jippi]

okay, haven't ventured to that yet, we use OTP for each nomad job file, so I'm not too worried about leaking them out :)

[github-actions]

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.