Unable to login to private Docker registry using Singularity on cluster

Question

I've been trying to login to the private Docker registry of the GitLab instance of my university. Since Docker is not installed on the cluster I'm working on I'm using Singularity.

When trying to login I'm facing an error:

 while login to docker://git.tu-berlin.de:5000: Get "https://git.tu-berlin.de:5000/v2/": Forbidden

Now when I'm using that URL in Firefox I get:

but I'm also never asked for a password so I guess it's obvious that I'm unauthorized. I'm not sure whether this is related but I have two proxy definitions in my ~.bashrc since the compute nodes don't have access to the internet directly:

export https_proxy=http://[nodeurl]:port/
export http_proxy=http://[nodeurl]:port/

where nodeurl and port are replaced by the actual values of course. Could that be the issue? I'm confused since entering the URL https://git.tu-berlin.de:5000/v2/ on my local laptop gives me unauthorized but I can login through Singularity to the private registry and pull images when not logging in before with Docker.

Answer 1

The easiest way to use docker credentials (whether for a private or public registry) is with the environment variables SINGULARITY_DOCKER_USERNAME and SINGULARITY_DOCKER_PASSWORD. If set, singularity attempts to use these for all docker registry interactions, so it is generally useful to only set them when you need. Additional info is available in the docs: Authentication via Environment Variables

The proxy issue is a bit trickier. Singularity doesn't appear to handle those directly, relying instead on the OS to do its thing. Try using the env variables (or the interactive method also listed in the docs) on your local to ensure it's working, and then give it a try in the cluster. If it's still not playing nice there, you might have to get a bit creative or contact the admins for guidance.