Share via

Failed to pull Docker image from ACR to Azure ML

Eric 146 Reputation points
2023-09-28T03:37:00.8166667+00:00

I am trying to pull a docker image from azure container registry to a compute cluster in azure ml. I am getting an error about 1 minute into the run that says

"Failed to pull Docker image mycontainer.azurecr.io/rocker/tidyverse:4.0.0. This error may occur because the compute could not authenticate with the Docker registry to pull the image. If using ACR please ensure the ACR has Admin user enabled or a Managed Identity with AcrPull access to the ACR is assigned to the compute. If the ACR Admin user's password was changed recently it may be necessary to synchronize the workspace keys."

The image rocker/tidyverse:4.0.0 is in mycontainer and I have enabled admin user like it says in the error to no avail. The last time I successfully used azure was in March 2023 and there never was an issue pulling the image from the container registry. Does anyone have an idea what the problem is?

Azure Container Registry
Azure Container Registry
An Azure service that provides a registry of Docker and Open Container Initiative images.
508 questions
Azure Machine Learning
Azure Machine Learning
An Azure machine learning service for building and deploying models.
3,335 questions
0 comments
Accepted answer
  1. Eddie Neto 1,251 Reputation points Microsoft Employee
    2023-09-28T15:31:34.1633333+00:00

    Hi Eric

    Thanks for reaching Microsoft Q&A.

    Regarding your issue, could please follow this steps:

    1. Go to the compute where you are running the Docker image.
    2. Check if a Managed Identity is assigned to the compute.
    3. If a Managed Identity is not assigned, assign one by following the steps in the Azure documentation.
    4. Assign the "AcrPull" role to the Managed Identity on the Azure Container Registry.

    Hope this helps. Please "Accept as Answer" if it helped, so that it can help others in the community looking for help on similar topics.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Eric 146 Reputation points
    2023-09-29T07:35:14.31+00:00

    I got it resolved, but I'm not sure exactly what fixed it. The diagnostics in the help menu gave me this warning

    Recommended Actions for your workspace are available for storageAccountResults category.
    Warning we detected SharedAccessKeyDisallowed. Follow the recommended action in below message if applicable:
Azure Storage /subscriptions/********/resourceGroups/*************/providers/Microsoft.Storage/storageAccounts/*************** has AllowSharedKeyAccess disabled. Azure Storage supports Azure AD authorization for requests to Blob and Queue storage only. Please allow Shared Key access for requests to Azure Files or Table storage.

    I did not see anything in my storage account configuration page that explicitly mentioned "AllowSharedKeyAccess", but there were some settings that were disabled, so I just enabled everything and it worked.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.