Question 84407 in Docker Question posted in
The official documentation can be found here.

Unable to run az acr check-health command on MacOS – Docker

I am unable to run a health check using the Azure CLI. I am on MacOS Monterey. Below is the error:

➜ az acr check-health -n <ACR_NAME>
Docker daemon status: available
Docker version: 'Docker version 20.10.12, build 459d0df, platform linux/amd64'
This will pull the image mcr.microsoft.com/mcr/hello-world:latest. Proceed? (y/n): y
Docker pull of 'mcr.microsoft.com/mcr/hello-world:latest' : OK
Azure CLI version: 2.33.1
DNS lookup to <ACR_NAME>.azurecr.io at IP 20.42.66.2 : OK
Challenge endpoint https://<ACR_NAME>.azurecr.io/v2/ : OK
Fetch refresh token for registry '<ACR_NAME>.azurecr.io' : OK
Fetch access token for registry '<ACR_NAME>.azurecr.io' : OK
Helm version: 3.8.0
An error occurred: NOTARY_COMMAND_ERROR
Please verify if notary is installed.

Please refer to https://aka.ms/acr/errors#notary_command_error for more information.

The support URL provided does not lead to anywhere useful.

Not sure if it helps, but I’m able to login to my ACR just fine:

➜ az acr login --name <ACR_NAME>
Login Succeeded

Has anyone else faced this error/issue? What am I missing here?

Tags:

3

Answers


  1. 0

    According too azure/container-registry| Microsoft Docs.

    Azure Container Registry does not officially support the Notary CLI
    but is compatible with the Notary Server API, which is included with
    Docker Desktop. Currently Notary version 0.6.0 is recommended

    So please try the suggestion provided in comment by @madhuraj.

    It looks like a known issue .See if below can be workaround.

    Try to enable content trust at the registry level.

    enter image description here

    Or
    In Bash

    export DOCKER_CONTENT_TRUST=1

    Enable content trust for single command

    docker build --disable-content-trust=false -t myacr.azurecr.io/myimage:v1 .

    In azure CLI

    $ docker push myregistry.azurecr.io/myimage:v1

    Please check enable registry content trust | Microsoft Docs for further details.

    $ docker pull myregistry.azurecr.io/myimage:signed

    Or see azure container registry – Stack Overflow reference

    set DOCKER_CONTENT_TRUST=1

docker push myregistry.azurecr.io/image:tag

    If the issue remains please raise a support request from overview blade > Support + troubleshooting >New Support Request.

    References:

    1. https://docker-docs-notary
    2. Registry authentication options – Azure Container Registry |
      Microsoft Docs
    3. behind-the-scenes – Azure Container Registry | Microsoft Docs
    Login or Signup to reply.
  2. 0

    set AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1 and voila, you won’t get NOTARY_COMMAND_ERROR with az acr login command.

    Login or Signup to reply.
  3. 0

    I faced the same issue and fixed it by the following command (installing notary v0.6.1)

    $ go install github.com/notaryproject/notary/cmd/[email protected]

    See https://github.com/notaryproject/notary for what the notary is.

    And well, the command was useless though (sigh

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search