Use docker_login and docker_compose_v2

Archives Ansible Project
,
1

Hi,
I’m trying to authenticate to my private registry (AWS ECR) and use docker compose to start my container. I have something like this:

  • name: Create AWS credentials file
    ansible.builtin.copy:
    dest: “{{ user_details.home }}/.aws/credentials”
    content: |
    [default]
    aws_access_key_id = {{ aws_access_key_id }}
    aws_secret_access_key = {{ aws_secret_access_key }}
    mode: “0600”
    force: true
    register: aws_credentials_created

  • name: Authenticate to AWS
    ansible.builtin.command: “aws ecr get-login-password --region {{ aws_region }} --profile default”
    register: ecr_login_password
    changed_when: true

  • name: Docker login to AWS ECR
    community.docker.docker_login:
    state: present
    username: “AWS”
    password: “{{ ecr_login_password.stdout }}”
    reauthorize: true # what does this do?
    registry_url: “{{ registry_url }}”
    changed_when: true

  • name: Docker compose container
    community.docker.docker_compose_v2:
    project_src: “{{ user_details.home }}/{{ path_to_repos }}/container”
    state: “present”

I can’t get the compose task to correctly pull the image from my private registry given that I authenticated in the task before. Is it even possible to do this? Setting aside security best practices for the moment, how do I get the compose task to pull the image? The compose file has a pull policy of “always”, so when the task tries to do like “docker compose up”, it will try to pull the image.

See the error here:
fatal: [18.208.187.13]: FAILED! => {“actions”: [{“id”: “my-image”, “status”: “Pulling”, “what”: “service”}], “changed”: false, “cmd”: “/snap/bin/docker compose --ansi never --progress plain --project-directory /home/ubuntu/docker/my-image up --detach --no-color --quiet-pull --”, “containers”: , “images”: , “msg”: “Error when processing my-image: Error response from daemon: Head "https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\”: no basic auth credentials", “rc”: 18, “stderr”: " my-image Pulling \n my-image Error \nError response from daemon: Head "https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\“: no basic auth credentials\n”, “stderr_lines”: [" my-image Pulling ", " my-image Error “, “Error response from daemon: Head "https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\”: no basic auth credentials”], “stdout”: “”, “stdout_lines”: }

Thanks,

Emilio

2

@felixfontein any pointers?