Hi,
I'm trying to authenticate to my private registry (AWS ECR) and use docker
compose to start my container. I have something like this:
- name: Create AWS credentials file
ansible.builtin.copy:
dest: "{{ user_details.home }}/.aws/credentials"
content: |
[default]
aws_access_key_id = {{ aws_access_key_id }}
aws_secret_access_key = {{ aws_secret_access_key }}
mode: "0600"
force: true
register: aws_credentials_created
- name: Authenticate to AWS
ansible.builtin.command: "aws ecr get-login-password --region {{
aws_region }} --profile default"
register: ecr_login_password
changed_when: true
- name: Docker login to AWS ECR
community.docker.docker_login:
state: present
username: "AWS"
password: "{{ ecr_login_password.stdout }}"
reauthorize: true # what does this do?
registry_url: "{{ registry_url }}"
changed_when: true
- name: Docker compose container
community.docker.docker_compose_v2:
project_src: "{{ user_details.home }}/{{ path_to_repos }}/container"
state: "present"
I can't get the compose task to correctly pull the image from my private
registry given that I authenticated in the task before. Is it even
possible to do this? Setting aside security best practices for the moment,
how do I get the compose task to pull the image? The compose file has a
pull policy of "always", so when the task tries to do like "docker compose
up", it will try to pull the image.
See the error here:
fatal: [18.208.187.13]: FAILED! => {"actions": [{"id": "my-image",
"status": "Pulling", "what": "service"}], "changed": false, "cmd":
"/snap/bin/docker compose --ansi never --progress plain --project-directory
/home/ubuntu/docker/my-image up --detach --no-color --quiet-pull --",
"containers": [], "images": [], "msg": "Error when processing my-image:
Error response from daemon: Head
\"https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
no basic auth credentials", "rc": 18, "stderr": " my-image Pulling \n
my-image Error \nError response from daemon: Head
\"https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
no basic auth credentials\n", "stderr_lines": [" my-image Pulling ", "
my-image Error ", "Error response from daemon: Head
\"https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
no basic auth credentials"], "stdout": "", "stdout_lines": []}
Thanks,
Emilio
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/4e958157-4c76-4e32-a6f6-069675318259n%40googlegroups.com.
