3

Using the Azure CLI on Windows Server 2016 against an Azure container registry (az login and az acr login)

I'm pushing a large Windows container docker image (>10GB) with docker push. It seems the authentication expires before it finishes.

The smaller layers of the image push successfully and finish, but the largest reaches 100% before declaring

unauthorized: authentication required

Is there some way to extend the duration of the authentication (az acr login) so that the complete push finishes?

David Roberts
  • 141
  • 1
  • 4
  • proper layering. questionmark – 4c74356b41 Feb 12 '19 at 12:57
  • @4c74356b41 proper layering is not under my control here, this is Windows server core + the MSDN documented means of installing VS build tools – David Roberts Feb 12 '19 at 14:47
  • why not? have the base in the registry, create a layer with build tools on top of it and push it to the registry, after that you only need to push diffs – 4c74356b41 Feb 12 '19 at 14:52
  • @4c74356b41 the base image is already in the registry (and all those pushes complete successfully separately any way) - the issue is the build tools add a single 50GB+ layer as the result of a one line addition to the Dockerfile. Again - I don't have much control over this: https://docs.microsoft.com/en-us/visualstudio/install/build-tools-container?view=vs-2017#step-5-create-and-build-the-dockerfile – David Roberts Feb 13 '19 at 09:25
  • you dont really need to rebuild build tools on each build – 4c74356b41 Feb 13 '19 at 09:27
  • @4c74356b41 I'm not - this is the first time I've ever built and pushed this image.I don't think your comments here are particularly useful w.r.t the question - if you have an additional workaround I'd be glad to see it added as an answer, but otherwise we should stop here since I don't think this discussion is relevant – David Roberts Feb 13 '19 at 09:35
  • yeah, tldr: this is not needed with proper layering – 4c74356b41 Feb 13 '19 at 09:36
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/89660/discussion-between-david-roberts-and-4c74356b41). – David Roberts Feb 13 '19 at 09:57
  • 1
    On linux, we solved pushes failing after an hour it with cron, `*/30 * * * * az acr login -n=`, and it works. (Yeah, I know...). You can try running `az acr login` with Windows task scheduler, but I don't know if it will work with Windows user permissions. I also don't know if it will help for a push lasting more than an hour. – OhJeez Jun 27 '19 at 08:58

2 Answers2

1

A functioning workaround appears to be to ignore az acr login entirely, and go straight to docker login which actually caches its credentials

I used the workaround of enabling the administrator account and logging in with that in order to push - but this still works with RBAC/user accounts besides the administrator too

David Roberts
  • 141
  • 1
  • 4
0

3 hours is currently the timeout for Azure CLI logins. So, maybe authentication is really timing out on a 10 GB image.

However, in my case, I found that the container's image's repository path needed to all lower case. Once I did this I no longer had authorization issues.

PS> docker images --all REPOSITORY TAG IMAGE ID
my-asp-app latest a1f5b7c1e076
myFirstContainerRegistry3364629895.azurecr.io/my-asp-app
v1 a1f5b7c1e076
myfirstcontainerregistry3364629895.azurecr.io/my-asp-app
v1 a1f5b7c1e076

EnocNRoll - AnandaGopal Pardue
  • 121
  • 3