Hi,
I'm trying to authenticate to my private registry (AWS ECR) and use docker
compose to start my container. I have something like this:
- name: Create AWS credentials file
ansible.builtin.copy:
dest: "{{ user_details.home }}/.aws/credentials"
content: |
[default]
aws_access_key_id = {{ aws_access_key_id }}
aws_secret_access_key = {{ aws_secret_access_key }}
mode: "0600"
force: true
register: aws_credentials_created
- name: Authenticate to AWS
ansible.builtin.command: "aws ecr get-login-password --region {{
aws_region }} --profile default"
register: ecr_login_password
changed_when: true
- name: Docker login to AWS ECR
community.docker.docker_login:
state: present
username: "AWS"
password: "{{ ecr_login_password.stdout }}"
reauthorize: true # what does this do?
registry_url: "{{ registry_url }}"
changed_when: true
- name: Docker compose container
community.docker.docker_compose_v2:
project_src: "{{ user_details.home }}/{{ path_to_repos }}/container"
state: "present"
I can't get the compose task to correctly pull the image from my private
registry given that I authenticated in the task before. Is it even
possible to do this? Setting aside security best practices for the moment,
how do I get the compose task to pull the image? The compose file has a
pull policy of "always", so when the task tries to do like "docker compose
up", it will try to pull the image.
See the error here:
fatal: [18.208.187.13]: FAILED! => {"actions": [{"id": "my-image",
"status": "Pulling", "what": "service"}], "changed": false, "cmd":
"/snap/bin/docker compose --ansi never --progress plain --project-directory
/home/ubuntu/docker/my-image up --detach --no-color --quiet-pull --",
"containers": [], "images": [], "msg": "Error when processing my-image:
Error response from daemon: Head
\"https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
no basic auth credentials", "rc": 18, "stderr": " my-image Pulling \n
my-image Error \nError response from daemon: Head
\"https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
no basic auth credentials\n", "stderr_lines": [" my-image Pulling ", "
my-image Error ", "Error response from daemon: Head
\"https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
no basic auth credentials"], "stdout": "", "stdout_lines": []}
Thanks,
Emilio
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/4e958157-4c76-4e32-a6f6-069675318259n%40googlegroups.com.
