@felixfontein any pointers?
On Tuesday, April 30, 2024 at 3:13:37 PM UTC-4 Emilio Botero wrote:
> Hi,
> I'm trying to authenticate to my private registry (AWS ECR) and use docker
> compose to start my container. I have something like this:
>
> - name: Create AWS credentials file
> ansible.builtin.copy:
> dest: "{{ user_details.home }}/.aws/credentials"
> content: |
> [default]
> aws_access_key_id = {{ aws_access_key_id }}
> aws_secret_access_key = {{ aws_secret_access_key }}
> mode: "0600"
> force: true
> register: aws_credentials_created
>
> - name: Authenticate to AWS
> ansible.builtin.command: "aws ecr get-login-password --region {{
> aws_region }} --profile default"
> register: ecr_login_password
> changed_when: true
>
> - name: Docker login to AWS ECR
> community.docker.docker_login:
> state: present
> username: "AWS"
> password: "{{ ecr_login_password.stdout }}"
> reauthorize: true # what does this do?
> registry_url: "{{ registry_url }}"
> changed_when: true
>
> - name: Docker compose container
> community.docker.docker_compose_v2:
> project_src: "{{ user_details.home }}/{{ path_to_repos
> }}/container"
> state: "present"
>
> I can't get the compose task to correctly pull the image from my private
> registry given that I authenticated in the task before. Is it even
> possible to do this? Setting aside security best practices for the moment,
> how do I get the compose task to pull the image? The compose file has a
> pull policy of "always", so when the task tries to do like "docker compose
> up", it will try to pull the image.
>
> See the error here:
> fatal: [18.208.187.13]: FAILED! => {"actions": [{"id": "my-image",
> "status": "Pulling", "what": "service"}], "changed": false, "cmd":
> "/snap/bin/docker compose --ansi never --progress plain --project-directory
> /home/ubuntu/docker/my-image up --detach --no-color --quiet-pull --",
> "containers": [], "images": [], "msg": "Error when processing my-image:
> Error response from daemon: Head \"
> https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
>
> no basic auth credentials", "rc": 18, "stderr": " my-image Pulling \n
> my-image Error \nError response from daemon: Head \"
> https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
>
> no basic auth credentials\n", "stderr_lines": [" my-image Pulling ", "
> my-image Error ", "Error response from daemon: Head \"
> https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
>
> no basic auth credentials"], "stdout": "", "stdout_lines": []}
>
> Thanks,
>
> Emilio
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/8a6e8a2b-dc7b-4910-84ab-09f4c8875153n%40googlegroups.com.
