Done a bit more digging. I can see the calls being made on the server via /var/log/docker and they all look right. It does the auth and then tries to pull, but the pull fails with:
2014/09/05 02:18:04 POST /v1.12/auth [3d312112] +job auth() [3d312112] -job auth() = OK (0) 2014/09/05 02:18:05 POST /v1.12/images/create?tag=1.0.0&fromImage=private-repo.com%3A443%2Fbusicorp%2Fapp [3d312112] +job pull(private-repo.com:443/busicorp/app, 1.0.0) Authentication is required. [3d312112] -job pull(private-repo.com:443/busicorp/app, 1.0.0) = ERR (1) If I use the exact same credentials and do a 'docker login' on the server, everything works. And a 'docker pull' from the server looks exactly like the POST command above, just that it succeeds. I found this issue referencing a similar problem on the docker-py group: https://github.com/docker/docker-py/issues/241 By adding /v1/ to the end of my repository parameter, the login and basic auth worked on the pull. Not really sure what to make of this, but it's a workaround at least. On Thursday, September 4, 2014 9:53:07 PM UTC-4, Michael DeHaan wrote: > > Hmmm.... I don't have a private registry running/available at the moment, > is this something you might like to help work on/debug? > > We can definitely private some pointers. > > --Michael > > > > > On Thu, Sep 4, 2014 at 9:33 PM, Matt Hughes <[email protected] > <javascript:>> wrote: > >> I'm using master branch. To be specific, commit >> 4f55bcc298669f61ee11fb244ec447762b01edba. >> >> >> >> On Thursday, September 4, 2014 9:31:14 PM UTC-4, Michael DeHaan wrote: >> >>> For starters, can you share the version of Ansible you are using? >>> >>> >>> >>> >>> On Thu, Sep 4, 2014 at 4:10 PM, Matt Hughes <[email protected]> wrote: >>> >>>> Trying to use the docker module to run images from a docker private >>>> registry. >>>> >>>> I'm using the current master branch of Ansible as that supports >>>> username/password. Playbook is: >>>> >>>> - name: run app >>>> docker: registry=https://private-repo.com:443 image= >>>> private-repo.com:443/busycorp/app:1.0.0 username={{ >>>> docker_registry_username }} password={{ docker_registry_password }} email= >>>> [email protected] >>>> >>>> It appears to successfully log in, but can't find that tag: >>>> >>>> <test> ESTABLISH CONNECTION FOR USER: mhughes >>>> <test> REMOTE_MODULE docker registry=https://private-repo.com:443 >>>> image=private-repo.com:443/busicorp/app:1.0.0 username=mhughes >>>> password=VALUE_HIDDEN [email protected] >>>> >>>> <test> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s >>>> -o ControlPath=/Users/mhughes/.ansible/cp/ansible-ssh-%h-%p-%r -o >>>> KbdInteractiveAuthentication=no -o PreferredAuthentications= >>>> gssapi-with-mic,gssapi-keyex,hostbased,publickey -o >>>> PasswordAuthentication=no -o ConnectTimeout=10 test /bin/sh -c 'mkdir -p >>>> $HOME/.ansible/tmp/ansible-tmp-1409858894.29-223607362771114 && chmod >>>> a+rx $HOME/.ansible/tmp/ansible-tmp-1409858894.29-223607362771114 && >>>> echo $HOME/.ansible/tmp/ansible-tmp-1409858894.29-223607362771114' >>>> <test> PUT /var/folders/_n/6r_pnw9d1jg33_chqmcpyvn00000gn/T/tmpm2Jl5K >>>> TO /home/clduser/.ansible/tmp/ansible-tmp-1409858894.29- >>>> 223607362771114/docker >>>> <test> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s >>>> -o ControlPath=/Users/mhughes/.ansible/cp/ansible-ssh-%h-%p-%r -o >>>> KbdInteractiveAuthentication=no -o PreferredAuthentications= >>>> gssapi-with-mic,gssapi-keyex,hostbased,publickey -o >>>> PasswordAuthentication=no -o ConnectTimeout=10 test /bin/sh -c 'sudo -k && >>>> sudo -H -S -p "[sudo via ansible, key=mlompfrrydppecgwsjntwvxuyqknbxtf] >>>> password: " -u root /bin/sh -c '"'"'echo SUDO-SUCCESS- >>>> mlompfrrydppecgwsjntwvxuyqknbxtf; LANG=en_US.UTF-8 >>>> LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/clduser/.ansible/tmp/ >>>> ansible-tmp-1409858894.29-223607362771114/docker; rm -rf >>>> /home/clduser/.ansible/tmp/ansible-tmp-1409858894.29-223607362771114/ >>>> >/dev/null 2>&1'"'"'' >>>> failed: [test] => {"changed": true, "failed": true} >>>> msg: Docker API error: No such image: private-repo.com:443/busicorp/ >>>> app:1.0.0 (tag: 1.0.0) >>>> >>>> FATAL: all hosts have already failed -- aborting >>>> >>>> >>>> >>>> I have tried with and without the registry name in the image. I can >>>> take the same image parameter above and successfully do a 'docker pull' on >>>> the machine. Is there some way to see the logs of ansible on the remote >>>> server so I can see exactly what commands it is calling? Or maybe there >>>> is >>>> just an issue with use of Docker namespaces? >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/ansible-project/412cf480-7e21-4790-9725- >>>> 98604b4680f1%40googlegroups.com >>>> <https://groups.google.com/d/msgid/ansible-project/412cf480-7e21-4790-9725-98604b4680f1%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/df1ffc32-1a99-40e3-927b-29bfa44ec738%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/df1ffc32-1a99-40e3-927b-29bfa44ec738%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8a85eb59-575d-47d5-97d2-ec53d227dfe2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
