Why Does the Login Command Fail to Be Executed?

Possible causes are as follows:

  1. The container engine is not properly installed, in which case the following error is reported:

    docker: command not found

    Solution: Reinstall the container engine.

    • It is advised to install container engine 1.11.2 or later because earlier versions do not support image push to SWR.
    • If the container engine client is in a private network, bind an elastic IP address (EIP) to the client. This EIP will allow the client to download installation packages from the website.
  1. The temporary login command has expired, or the regional project name, access key (AK), or login key in the command is incorrect, in which case the following error is reported:

    unauthorized: authentication required

    Solution: Log in to the SWR console. In the navigation pane on the left, choose My Images. On the page displayed, click Upload Through Client. Then you can find the information on how to obtain a login command.

    1. To obtain a temporary login command, click Generate a temporary login command and then click to copy the command.
    2. To obtain a long-term valid login command, click learn how to obtain a login command that has long-term validity and follow the instructions.
  2. The image repository address in the login command is incorrect, in which case the following error is reported:

    Error llgging in to v2 endpoint, trying next endpoint: Get https://{{endpoint}}/v2/: dial tcp: lookup {{endpoint}} on xxx.xxx.xxx.xxx:53 : no such host

    Solutions:

    1. Change the image repository address in the login command.
    2. Generate a temporary login command. For detailed instructions, see 2.
  3. x509: certficate has expired or is not yet valid

    The preceding error is reported when the AK/SK in the login command with long-term validity is deleted. In this case, use a valid AK/SK to generate a login command.

  4. x509: certficate signed by unknown authority

    Possible Causes:

    The container engine client communicates with SWR through HTTPS. The client verifies the server certificate. If the server certificate is not issued by an authoritative organization, the following error message is displayed: "x509: certficate signed by unknown authority".

    Solutions:

    If you trust the server and skip certificate authentication, manually configure Docker startup parameters as follows:

    • CentOS:

      Modify the /etc/docker/daemon.json file. If the file does not exist, manually create it. Add the following content to the file:

      {
  "insecure-registries": ["{Image repository address}"]
}
    • Ubuntu:

      Modify the /etc/default/docker file and add the following content to DOCKER_OPTS:

      DOCKER_OPTS="--insecure-registry {image repository address}"
    • EulerOS:

      Modify the /etc/sysconfig/docker file and add the following content to INSECURE_REGISTRY:

      INSECURE_REGISTRY='--insecure-registry {image repository address}'

    The image repository address can be a domain name or an IP address.

    • To obtain the image repository address in domain name format, obtain a temporary login command by referring to 2. The domain name at the end of the command is the image repository address.
    • To obtain the image repository address in IP address format, ping the image repository address in the domain name format.

    After the configuration, run the systemctl restart docker command to restart the container engine.

Parent topic: Troubleshooting