Docker push error : requested access to the resource is denied

Community
1

Hi , I am new to GitLab and this forum - so please excuse me if go about the incorrect way finding a solution for my problem.

Our dev team that designed the current solution, all left our business, so i’m trying resolve the issue.

When we try and push our docker image to registry.gitlab.com we get back “requested access to the resource is denied”

Can anyone assist with this issue, why this is happening?

2

Hi @vniekecc

Docker needs to authenticate to GitLab before it can push images to registry. If you are running it in a Pipeline job this is usually done by setting DOCKER_AUTH_CONFIG as described here.

If you are using Docker command locally or from some shared server, you need to login as well.
docker login registry.gitlab.com and use your username and token.

You can get better answer if you describe your setup in more details.

3

Hi balonik, much appreciated for your help.

I was thinking the same was not 100% sure. We are running YML scripts in DEVOPS that will create the images. The username & password is stored in DEVOPS and is encrypted when passed to the scripts. Problem now is I cannot test the login manually. But we have the URL where it is trying to push the image too. Whom can assist me in tracing the login account being used and reset the password? As mentioned, the previous developers left our company and country, so we are stuck. I’m desperate for a solution?

4

Please share the YML files and any commands you execute. If you do not want to share it publicly, you can share it with me in DM.

5

Hi Balonik, please see below details as requested.

parameters:

  • name: environment
    type: string
    default: “dev”
  • name: branchName
    type: string
    default: “dev”
  • name: poolName
    type: string
    default: “development”
  • name: serviceName
    type: string
    default: “”
  • name: dockerFileLocation
    type: string
    default: “”
  • name: networkName
    type: string
    default: “zoneNetwork”
  • name: ports
    type: string
    default: “”

stages:

  • stage: ${{ parameters.environment }}
    dependsOn:
    condition: and(succeeded(), eq(variables[‘Build.SourceBranch’], ‘refs/heads/${{ parameters.branchName }}’))
    pool:
    name: ${{ parameters.poolName }}
    jobs:

    • job: Build
      workspace:
      clean: all
      steps:

      • script: docker login -u $(regUID) -p $(regPWD) $(regLocation)
        displayName: Login to Docker Reg
      • script: cd ${{ parameters.dockerFileLocation }} && docker build --build-arg env=${{ parameters.environment }} -t registry.gitlab.com/bcxzone/bcxzone/${{ parameters.serviceName }}:${{ parameters.environment }} .
        displayName: Docker Build
      • script: docker push registry.gitlab.com/bcxzone/bcxzone/${{ parameters.serviceName }}:${{ parameters.environment }}
        displayName: Docker Push

    • deployment: Deployment
      dependsOn: Build
      workspace:
      clean: all
      environment: ${{ parameters.environment }}
      strategy:
      runOnce:
      deploy:
      steps:
      - script: docker network create ${{ parameters.networkName }} || true
      displayName: Create Network
      - script: docker stop $(docker ps -a -q -f “name=${{ parameters.serviceName }}${{ parameters.environment }}") || true
      displayName: Stop Container
      - script: docker rm -f $(docker ps -a -q -f "name=${{ parameters.serviceName }}      ${{ parameters.environment }}”) || true
      displayName: Remove Container
      - script: docker create --name ${{ parameters.serviceName }}${{ parameters.environment }} -e “ASPNETCORE_ENVIRONMENT=${{ parameters.environment }}” ${{parameters.ports}} -e TZ=Africa/Johannesburg --net ${{ parameters.networkName }} -P --restart always registry.gitlab.com/bcxzone/bcxzone/${{ parameters.serviceName }}:${{ parameters.environment }}
      displayName: Create Container
      - script: docker start ${{ parameters.serviceName }}      ${{ parameters.environment }}
      displayName: Start Container
      - script: docker ps
      displayName: List Containers

6

That file is for Azure DevOps not GitLab CI. I am not that familiar with Azure DevOps, you could find someone that can help you in https://techcommunity.microsoft.com/t5/azure-devops/bd-p/AzureDevOpsForum

7

Ok, thanks will do that

8

Hi Balonik, before I asked for more info in the Microsoft forums, Who can assist us to recover the username and/or password? Currently the credentials is in a DEVOPS register and is encrypted.
We are trying to access the gitlab account but cannot. This will perhaps help us in generating a new access token to be used - think the current one has expired.

9

If you don’t know where or who created the access token, just create a new one and use that to access GitLab.

10

Ok, this is the part that I do not know how to do it - I’m very new to gitlab.
On a high-level
1)Do I create a new project with new registry?
2) Then generate a token with new username and password and expiry date and copy this into the Docker json file?

11

Self-hosted Gitlab or gitlab.com? Paid or Free?

12

Selfhosted, so I think this is free.

13

If you push only to single project, navigate to that project in GitLab. If you push into more projects, navigate to a group where all the projects are.

In the left pane select Settings → Access Tokens. There you can add new token. For docker push you need to grant “write_registry” scope and “Developer” role.

You get a token that you need to save somehow in your Azure DevOps pipeline.

1 Like
14

Cool, much appreciated for your help. Will do this - thanx