文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >无法用ctr认证DockerHub docker.io;使用crictl工作得很好。

无法用ctr认证DockerHub docker.io;使用crictl工作得很好。
EN

DevOps用户
提问于 2022-06-15 15:54:18
回答 2查看 2.4K关注 0票数 0

身份验证工作在crictl上,当我使用--creds

代码语言:javascript
复制
$ sudo crictl pull --creds "evancarroll:$TOKEN" docker.io/alpine:3

但是,当我尝试使用相同的命令ctr时,会得到一个错误:

代码语言:javascript
复制
$ sudo ctr images pull --user "evancarroll:$TOKEN" docker.io/alpine:3
docker.io/alpine:3: resolving
INFO[0000] trying next host error="pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed" host=registry-1.docker.io
ctr: failed to resolve reference "docker.io/alpine:3": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

你可以看到--http-dump --http-trace

代码语言:javascript
复制
$ sudo ctr images pull --http-dump --http-trace --user "evancarroll:$TOKEN" docker.io/alpine:3
INFO[0000] HEAD /v2/alpine/manifests/3 HTTP/1.1
INFO[0000] Host: registry-1.docker.io
INFO[0000] Accept: application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*
INFO[0000] User-Agent: containerd/v1.5.11-k3s2
INFO[0000]
docker.io/alpine:3: resolving      |--------------------------------------|
elapsed: 0.1 s      total:   0.0 B (0.0 B/s)
INFO[0000] HTTP/1.1 401 Unauthorized
INFO[0000] Content-Length: 149
INFO[0000] Content-Type: application/json
INFO[0000] Date: Wed, 15 Jun 2022 16:00:59 GMT
INFO[0000] Docker-Distribution-Api-Version: registry/2.0
INFO[0000] Strict-Transport-Security: max-age=31536000
INFO[0000] Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:alpine:pull"
INFO[0000]
INFO[0000] POST /token HTTP/1.1
INFO[0000] Host: auth.docker.io
INFO[0000] Content-Type: application/x-www-form-urlencoded; charset=utf-8
docker.io/alpine:3: resolving      |--------------------------------------|
elapsed: 0.2 s      total:   0.0 B (0.0 B/s)
INFO[0000] client_id=containerd-client&grant_type=password&password=HIDDEN&scope=repository%3Aalpine%3Apull&service=registry.docker.io&username=evancarrollHTTP/1.1 200 OK
INFO[0000] Transfer-Encoding: chunked
INFO[0000] Content-Type: application/json; charset=utf-8
INFO[0000] Date: Wed, 15 Jun 2022 16:00:59 GMT
INFO[0000] Strict-Transport-Security: max-age=31536000
INFO[0000] X-Trace-Id: 5da4dacdeb208ead79e15a59f83499b2
INFO[0000]
INFO[0000] 833
INFO[0000] {"access_token":"HIDDEN","scope":"","expires_in":300,"issued_at":"2022-06-15T16:00:59.464114622Z"}
INFO[0000]
INFO[0000] 0
INFO[0000]
INFO[0000] HEAD /v2/alpine/manifests/3 HTTP/1.1
INFO[0000] Host: registry-1.docker.io
INFO[0000] Accept: application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*
INFO[0000] Authorization: Bearer HIDDEN
docker.io/alpine:3: resolving      |--------------------------------------|
elapsed: 0.3 s      total:   0.0 B (0.0 B/s)
INFO[0000] HTTP/1.1 401 Unauthorized
INFO[0000] Content-Length: 149
INFO[0000] Content-Type: application/json
INFO[0000] Date: Wed, 15 Jun 2022 16:00:59 GMT
INFO[0000] Docker-Distribution-Api-Version: registry/2.0
INFO[0000] Strict-Transport-Security: max-age=31536000
INFO[0000] Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:alpine:pull",error="insufficient_scope"
INFO[0000]
INFO[0000] trying next host error="pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed" host=registry-1.docker.io
ctr: failed to resolve reference "docker.io/alpine:3": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
dockerhub
authentication
containerd
EN

回答 2

DevOps用户

回答已采纳

发布于 2022-06-15 16:57:22

docker.io/library/$IMAGE:$TAG

这里的问题很简单,ctr的正确语法不是docker.io/alpine:latest,而是现在应该与--creds "evancarroll:$TOKEN"一起工作的docker.io/library/alpine:latest

代码语言:javascript
复制
ctr images pull docker.io/library/alpine:latest

IRC日志

感谢larksada在IRC #docker上的帮助,

larsks> EvanCarroll:您可能需要在其中包含标记(ctr images pull docker.io/library/alpine:latest)。/library在那里,因为这是图像存储库的实际路径。有一些神奇的地方可以将docker.io/alpine转换为docker.io/library/alpine;我不知道这是客户端还是服务器端;ada将比我了解更多。

感谢@ada,用于显示代码中记录的位置和澄清

库/是dockerhub上所有顶级图像的命名空间,如果您删除标记的注册表和命名空间部分:docker pull alpine == ctr images pull docker.io/library/alpine,则该名称空间是隐含的。

票数 2
EN

DevOps用户

发布于 2022-10-05 11:22:57

这实际上就是我如何让它与"ctr containerd.io 1.4.6“一起工作的。

ctr映像拉--用户"myusername:mypasswd“myurl.dot.com/docker_ image :1.0.3

希望它能帮到别人。

票数 1
EN
页面原文内容由DevOps提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://devops.stackexchange.com/questions/16149

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档