-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker auth.config not working anymore in 1.9.0 #24181
Comments
Running into the same issue in our environment. GCP VM's running nomad 1.9.0 pulling from GCP artifact repo
This is using a GCP service account that has the IAM permissions required for this. Previous nomad versions were working correctly. Rolling back the nomad client versions back to 1.8.4 resolves the issue |
I am having the same issue here.
Nomad 1.8.4 the above works, bumping to 1.9.0 results in:
//cc @tgross |
Hi, I did simple check from cli only with docker:
and this works perfect - same image provided in nomad structure:
in logs I can see that |
Same issue here. Downgrading to 1.8.4 and docker auth is once again functional. |
Same issue here, docker pull works in machine but when nomad tries to pull it, gets unauthorized error |
Hey all, just wanting to let you know that the issue is being looked at and worked on, and we'll provide a fix soon. Thanks for reporting this! |
@pkazmierczak to czekamy na poprawkę ;-) |
Me too was getting similar issues with Nomad having a hard time to pull docker images. With 1.9.0 upgrade, nomad clients randomly started throwing errors, randomly because it was sometimes working sometimes not, I didn't have any other quick options to investigate so I downgraded back to 1.8.4 and breaking everything even more because of raft version mismatch on nomad servers. Anyway, on the original issue my errors were:
My nomad config on both server/client agents looks like this:
|
Hey everyone, we merged the fix and it will be released with 1.9.1. |
I'm glad I finally decided to check this project repo, I have racked my brain on this since for a few days now. Thanks for getting a fix in! Reverting to |
I assume this is not cloud specific and the fixes will work/consider AWS ECR? (We are hitting the issue for AWS ECR private repos). Ofcourse, switching back to v1.8.4 makes things work again! 🥹 |
It is not. |
Unpinning now that 1.9.1 has shipped. |
I'm still running into this issue with version 1.9.3. Pulling with docker on that host works fine, but Nomad fails with:
|
For what its worth, the 1.9.1 release absolutely fixed this issue for me. Are you able to execute |
@dcarbone Yes, running edit: Another thing is that currently I only have docker service and docker plugin configuration on the Nomad clients and not on the servers, though I don't know if that matters. |
@RafalGoslawski yeah this looks like it's specifically an issue with basic auth... would you be willing to open a new issue so we can get that tracked? |
@RafalGoslawski @tgross So I also saw this with a local private registry, against which I use basic auth on the hosts through the vault-login docker credential helper. My current registry is simply the v2.8.3 distribution image. One possible difference is I have a local zone for which I have an LE certificate. |
Nomad version
Operating system and Environment details
AlmaLinux 9, using pre-built amd64 bin
Issue
Having docker plugin configured with an auth config like
With /opt/nomad/docker/auth.json looking like
Doesn't work anymore : allocation fails to start with
The exact same setup was working fine in 1.8.4 (and previous versions)
Reproduction steps
Try to start an allocation from a registrry requiring authentication, with credentials provided in auth.config
Expected Result
Credentials should be passed to Docker
Actual Result
Job file (if appropriate)
Any job file is affected
The text was updated successfully, but these errors were encountered: