@felixfontein any pointers?
On Tuesday, April 30, 2024 at 3:13:37 PM UTC-4 Emilio Botero wrote:
> Hi,
> I'm trying to authenticate to my private registry (AWS ECR) and use docker
> compose to start my container. I have something like this:
>
> - name: Create AWS credentials file
> ansible.builtin.copy:
> dest: "{{ user_details.home }}/.aws/credentials"
> content: |
> [default]
> aws_access_key_id = {{ aws_access_key_id }}
> aws_secret_access_key = {{ aws_secret_access_key }}
> mode: "0600"
> force: true
> register: aws_credentials_created
>
> - name: Authenticate to AWS
> ansible.builtin.command: "aws ecr get-login-password --region {{
> aws_region }} --profile default"
> register: ecr_login_password
> changed_when: true
>
> - name: Docker login to AWS ECR
> community.docker.docker_login:
> state: present
> username: "AWS"
> password: "{{ ecr_login_password.stdout }}"
> reauthorize: true # what does this do?
> registry_url: "{{ registry_url }}"
> changed_when: true
>
> - name: Docker compose container
> community.docker.docker_compose_v2:
> project_src: "{{ user_details.home }}/{{ path_to_repos
> }}/container"
> state: "present"
>
> I can't get the compose task to correctly pull the image from my private
> registry given that I authenticated in the task before. Is it even
> possible to do this? Setting aside security best practices for the moment,
> how do I get the compose task to pull the image? The compose file has a
> pull policy of "always", so when the task tries to do like "docker compose
> up", it will try to pull the image.
>
> See the error here:
> fatal: [18.208.187.13]: FAILED! => {"actions": [{"id": "my-image",
> "status": "Pulling", "what": "service"}], "changed": false, "cmd":
> "/snap/bin/docker compose --ansi never --progress plain --project-directory
> /home/ubuntu/docker/my-image up --detach --no-color --quiet-pull --",
> "containers": [], "images": [], "msg": "Error when processing my-image:
> Error response from daemon: Head \"
> https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
>
> no basic auth credentials", "rc": 18, "stderr": " my-image Pulling \n
> my-image Error \nError response from daemon: Head \"
> https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
>
> no basic auth credentials\n", "stderr_lines": [" my-image Pulling ", "
> my-image Error ", "Error response from daemon: Head \"
> https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
>
> no basic auth credentials"], "stdout": "", "stdout_lines": []}
>
> Thanks,
>
> Emilio
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/8a6e8a2b-dc7b-4910-84ab-09f4c8875153n%40googlegroups.com.
