Hi,
Hoping to get some help with the following, searched for a solution or explanation but am at a loss here.
We’re running on Gitlab.com and using shared runners. I have defined the following gitlab-ci.yml with two jobs and a before_script. The deploy job will connect to a docker-deamon and pull updated images and restart (left those steps out for brevity).
image: docker/compose:latest
services:
- docker:19.03.5-dind
stages:
- test
- deploy
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
testing:
script:
- echo 'Test code here'
deploy_staging:
stage: deploy
script:
- echo 'Pull and run images from private Gitlab registry
environment:
name: staging
url: https://staging.<abc>.net
only:
- master
What we’re expecting is each job logging in to the registry and then in the script section being able to pull, tag and push images to the registry.
What we’re seeing is the testing job succeeding:
Running before_script and script
$ docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
$ echo 'Test code here'
Test code here
Running after_script
But the deploy_staging job fails to complete the before_script:
Running before_script and script
$ docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
time="2020-04-24T07:07:44Z" level=info msg="Error logging in to v2 endpoint, trying next endpoint: Get https://registry.gitlab.com/v2/: x509: failed to load system roots and no roots provided"
time="2020-04-24T07:07:44Z" level=info msg="Error logging in to v1 endpoint, trying next endpoint: Get https://registry.gitlab.com/v1/users/: x509: failed to load system roots and no roots provided"
Get https://registry.gitlab.com/v1/users/: x509: failed to load system roots and no roots provided
Running after_script
We are on GitLab.com using shared runners.
The gitlab-ci.yml is simplified, we’ve been running a pipeline with more steps and the docker login ... works every single time. I am suspecting the specific deploy job with an environment defined is ‘different’ in some way than the other job types. But I’ve not been able to find anything useful describing this particular situation.
I’ve tried running the docker login command in a before_script within the deploy_staging job and also in the scripts section. All give the same result.
I’ve also tried using different images:
- newer:
image: docker/compose:debian-1.26.0-rc3-> same result - same but explicit version:
docker/compose:1.25.5--> slightly different error message:
Running before_script and script
$ docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
time="2020-04-24T07:44:34Z" level=info msg="Error logging in to v2 endpoint, trying next endpoint: Get https://registry.gitlab.com/v2/: x509: certificate signed by unknown authority"
Get https://registry.gitlab.com/v2/: x509: certificate signed by unknown authority
Running after_script
- older:
docker/compose:1.24.1--> different result,testingjob fails already, with a different error though:
$ docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Warning: failed to get default registry endpoint from daemon (Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?). Using system default: https://index.docker.io/v1/
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Any help or pointers would be much appreciated! Thanks, Mark