Runner pushes image to registry: "unauthorized: authentication required"

guydou · October 30, 2016, 6:43am

Hi all,

I implemented the following setup for gitlab-ci, in my gitlab community environment

I am using version: 8.12.0

I have a “build” stage in which I build a docker image and pushes it to gitlab registry
and I have a “test” stage after the build stage in which I pull the image (I built in previous stage) and test it.

I am using this setup for a while, but recently I started to have some problems, on the build stage I keep getting unauthorized: authentication required for pushing and the push itself takes a very long time.

My gut feeling is telling me that the reason I am getting the unauthorized: authentication required is because push takes a lot of time, and the ci-token is getting invalidated.

The push job looks like this:

build_image:
    stage: build
    script:
        - "docker build --pull -t $CONTAINER_REF_IMAGE ."
        - "docker push $CONTAINER_REF_IMAGE"

I had to solve it, so I started to:

delete images from the registry
restart gitlab
use new runers

I don’t know which of the above helped, if any.

Actually I am kind of lost here,

Am I doing something wrong? pushing so many images? (we re practicing CD)
How do I delete old images without using the UI maybe as part of a “cleanup” stage in the gitlab-ci.yml
And important of all, why am I getting this error

Any help will be appreciated.

Thanks

david9991 · October 31, 2016, 6:54am

I think you should login first.
run: docker login -u <username> -p <password>
before docker push

guydou · October 31, 2016, 11:04am

There is ofcourse a login in a before_script

before_script:
      - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $registry

uavni · November 1, 2016, 1:58pm

I’m having the same issue, any solution?

guydou · November 2, 2016, 6:45am

At the moment, I started using a different image registry (ECR) and since then I don’t have problems,

I know it is a workaround but I had no choices

uavni · November 2, 2016, 7:03am

nice, although not a solution for me as I am not free to change the company registry

hdbikeroh · November 4, 2016, 1:12am

I had this issue because the login token expired. As the admin user, click on the gear icon and choose Settings. Then scroll down to the Container Registry section and change the timeout. The default is 5 minutes, but it can be increased to accommodate your builds. This sets the lifetime of the token, and it sounds like you might be exceeding it, so it acts as if you are no longer logged in to the registry.

Hope that helps!