问题:
无法将docker映像推送到heroku注册表
萧德庸
我无法将docker映像推送到heroku注册表。
根据docker的说法,我已成功登录:
❯ docker login registry.heroku.com
Authenticating with existing credentials...
Login Succeeded
在那之后,我运行了mvnjib:build,我得到了一些令人困惑的错误,说我试图推送到一个不安全的repo,而de-output中的url看起来是安全的(以https开头)。我做错了什么?
我正在使用以下jib配置:
<plugin>
<groupId>com.google.cloud.tools</groupId>
<artifactId>jib-maven-plugin</artifactId>
<version>2.5.2</version>
<configuration>
<to>
<image>registry.heroku.com/my-app</image>
</to>
</configuration>
</plugin>
jib的Maven输出:build wiht-X:
Caused by: org.apache.maven.plugin.MojoExecutionException: Build image failed, perhaps you should use a registry that supports HTTPS or set the configuration parameter 'allowInsecureRegistries'
at com.google.cloud.tools.jib.maven.BuildImageMojo.execute (BuildImageMojo.java:169)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:193)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.apache.maven.wrapper.BootstrapMainStarter.start (BootstrapMainStarter.java:39)
at org.apache.maven.wrapper.WrapperExecutor.execute (WrapperExecutor.java:122)
at org.apache.maven.wrapper.MavenWrapperMain.main (MavenWrapperMain.java:61)
Caused by: com.google.cloud.tools.jib.api.InsecureRegistryException: Failed to verify the server at https://registry.heroku.com/v2/myapp/blobs/sha256:0fe85c64a011626a777c0662f83b2d819954d4148d96ca5fc626bf99f7c3644d because only secure connections are allowed.
at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call (RegistryEndpointCaller.java:180)
at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call (RegistryEndpointCaller.java:115)
at com.google.cloud.tools.jib.registry.RegistryClient.callRegistryEndpoint (RegistryClient.java:592)
at com.google.cloud.tools.jib.registry.RegistryClient.checkBlob (RegistryClient.java:444)
at com.google.cloud.tools.jib.builder.steps.ObtainBaseImageLayerStep.lambda$makeListForSelectiveDownload$1 (ObtainBaseImageLayerStep.java:74)
at com.google.cloud.tools.jib.builder.steps.ObtainBaseImageLayerStep.call (ObtainBaseImageLayerStep.java:142)
at com.google.cloud.tools.jib.builder.steps.ObtainBaseImageLayerStep.call (ObtainBaseImageLayerStep.java:43)
at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly (TrustedListenableFutureTask.java:125)
at com.google.common.util.concurrent.InterruptibleTask.run (InterruptibleTask.java:69)
at com.google.common.util.concurrent.TrustedListenableFutureTask.run (TrustedListenableFutureTask.java:78)
at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1128)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:628)
at java.lang.Thread.run (Thread.java:834)
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates (SSLSessionImpl.java:526)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname (SSLConnectionSocketFactory.java:504)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket (SSLConnectionSocketFactory.java:437)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket (SSLConnectionSocketFactory.java:384)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect (DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect (PoolingHttpClientConnectionManager.java:374)
at org.apache.http.impl.execchain.MainClientExec.establishRoute (MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute (MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute (ProtocolExec.java:186)
at org.apache.http.impl.client.InternalHttpClient.doExecute (InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute (CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute (CloseableHttpClient.java:108)
at org.apache.http.impl.client.CloseableHttpClient.execute (CloseableHttpClient.java:56)
at com.google.api.client.http.apache.v2.ApacheHttpRequest.execute (ApacheHttpRequest.java:73)
at com.google.api.client.http.HttpRequest.execute (HttpRequest.java:1012)
at com.google.cloud.tools.jib.http.FailoverHttpClient.call (FailoverHttpClient.java:323)
at com.google.cloud.tools.jib.http.FailoverHttpClient.call (FailoverHttpClient.java:250)
at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call (RegistryEndpointCaller.java:139)
at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call (RegistryEndpointCaller.java:115)
at com.google.cloud.tools.jib.registry.RegistryClient.callRegistryEndpoint (RegistryClient.java:592)
at com.google.cloud.tools.jib.registry.RegistryClient.checkBlob (RegistryClient.java:444)
at com.google.cloud.tools.jib.builder.steps.ObtainBaseImageLayerStep.lambda$makeListForSelectiveDownload$1 (ObtainBaseImageLayerStep.java:74)
at com.google.cloud.tools.jib.builder.steps.ObtainBaseImageLayerStep.call (ObtainBaseImageLayerStep.java:142)
at com.google.cloud.tools.jib.builder.steps.ObtainBaseImageLayerStep.call (ObtainBaseImageLayerStep.java:43)
at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly (TrustedListenableFutureTask.java:125)
at com.google.common.util.concurrent.InterruptibleTask.run (InterruptibleTask.java:69)
at com.google.common.util.concurrent.TrustedListenableFutureTask.run (TrustedListenableFutureTask.java:78)
at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1128)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:628)
at java.lang.Thread.run (Thread.java:834)
共有1个答案
凌嘉志
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
该错误表示您的注册表注册表。赫罗库。com是不安全的,或者至少您的系统认为它是不安全的(除非整个TLS验证流程中存在漏洞,registry.heroku.com在服务器端配置错误,或者registry.heroku.com遭到黑客攻击,这是不常见的)。使用https://并不意味着连接是安全的;只有当你能验证服务器时,它才是安全的。当你访问一个不安全的网站时,浏览器也会发出警告:
这也可能是由于本地代理或防火墙(因为当我访问https://registry.heroku.com在浏览器上,我的浏览器可以验证服务器)。
一些选择:
>
接受风险,通过设置起重臂的
假设无法验证服务器的原因不是因为本地代理问题,而是因为服务器正在使用自签名证书(即服务器证书没有公开认可):保护您的服务器(或让您的系统相信它是安全的)。最实用的解决方案是通过将自签名证书存储到JVM的信任库中,让您的JVM相信registry.heroku.com是安全的。有许多操作方法文章和帖子。例如,
https://github.com/GoogleContainerTools/jib/blob/master/docs/self_sign_cert.md- https://davidjb.com/blog/2012/02/java-http-request-fails-with-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated/
(但是,我不太确定registry.heroku.com是否使用自签名证书,因为我说过我的浏览器可以验证它。可能还有其他原因干扰您的机器来验证服务器。值得追查根本原因。)
类似资料:
-
我无法将docker映像推送到低于错误的工件注册表 登录和拉取工作正常 詹金斯档案: Dockerfile: 我不确定这是怎么回事。我可以在jenkins从属节点上手动推送图像。但使用詹金斯会产生错误 我构建工作的日志 这是我的构建日志中的内容。
-
问题内容: 我已经创建了自己的docker文件(该文件运行一个显示“ helloworld”的shell脚本)。图像是“ hellodocker”,标签是“ mytag”,我现在拥有: 如何将Docker映像推送到dockerhub?我用。这给出了“无此类ID”错误。我想念什么?提前致谢。 问题答案: 您要么在构建时就将其标记为标签,例如 或创建绑定到同一图像的新标签,即
-
我有一个小问题与我的docker注册表上openshift源安装。 我创建了一个docker注册表pod: 创建了一条路线: 创建了一个服务: Openshift的Master是在10.0.2.235上的,只有一个节点,现在我已经创建了一个spring boot应用程序,我使用maven插件docker来构建和推送映像。 当我在本地(主计算机上)运行maven push时,工作正常,但如果我在另一
-
JHipster现在使用maven jib插件。在此之前,运行在docker容器中的jenkins服务器能够用*创建docker映像。war文件,并通过使用“Jenkinsfile”的管道将其推送到我自己的docker注册表(对于gradle,但我现在切换到Maven),在作业完成后,另一个作业通过使用ssh在远程主机上执行shell脚本,将新构建的docker映像拉到我服务器上的新docker容
-
问题内容: 我是AWS的新手。我想在AWS ECS容器实例上设置私有Docker存储库。我创建了一个名为的存储库。AWS显示的示例推入命令正在运行。 但是,通过此命令,我构建并推送了一个名为的映像,我想构建一个名为的映像。所以我将命令更改为: 这应该可以,但是不能。重试一段时间后,出现错误: AWS真的需要我要推送的每个映像专用的存储库吗? 问题答案: 在EC2容器注册需要一个像仓库要设置为你想要
-
我还不太了解dockerhub。我得到了以下案例: 我为中心标记了几张图片 docker标签myImageA myuser/myrepo: 1 docker标签myImageB myuser/myrepo: 1 docker标签myImageC myuser/myrepo: 1 然后我用docker push myuser/myrepo推送它们 现在,当删除所有本地图像并再次拉入自己的docker