Pierre Monico
09/21/2021, 5:13 PMdocker pull myregistry/myimage:latest
from the VM works flawlessly), yet I can’t run my flows since I get a 500:
500 Server Error for <http+docker://localhost/v1.41/images/create?tag=latest&fromImage=myregistry%2Fmyimage>: Internal Server Error ("Head <https://myregistry/v2/myimage/manifests/latest>: unauthorized: authentication required, visit <https://aka.ms/acr/authorization> for more information.")
My registry is on Azure Container Registries and from the VM I am properly logged in and can pull the image. Does the agent need some sort of additional authentication?Kevin Kho
09/21/2021, 6:33 PMPierre Monico
09/22/2021, 10:09 AMprefect agent docker start
. I’m going to try a few more things today and post it here but I really have no clue what’s going on.prefect agent docker start
is run) by writing a short Python script doing the same thing - and it works. So from the VM I can docker pull
, I can docker_client.pull()
(in Python), but somehow when done from the agent it’s not working… I tried so many things that I am not sure what to do next… any clues?Kevin Kho
10/04/2021, 1:48 PMprefect agent docker start --log-level=DEBUG
and this will give you debug level logs for the agent. What a weird situation since the pull()
should be equivalent to the docker pull
for the most part.Pierre Monico
10/04/2021, 3:13 PMsystemd
service (that I wrote), but I did not include the User=
clause >> it was running as root
, but only my current user was in the docker
group and authenticated… would have thought that root
always is, but oh well, I finally solved it!Kevin Kho
10/04/2021, 5:16 PMPierre Monico
10/04/2021, 5:22 PMsystemd
service before I actually got all my (devops) pipelines right 😄 premature optimization is the root of all evil
holds true againprefect server start
as a non-root user, some services (and especially the one pulling from docker) will still be run as root
. Effectively that means you need to make sure that root is authenticated to the registry you are trying to pull the image from - there is no way of just having a non-root user do that.Kevin Kho
10/06/2021, 2:45 PMPierre Monico
10/06/2021, 3:19 PMroot
and the user running prefect start server
are authenticated to the registry (I can both docker pull
and sudo docker pull
the images successfully) but when running from the server/agent I get the original error again…Kevin Kho
10/06/2021, 3:20 PM