Open milongo opened 2 months ago
The docker_compose_v2(_pull) module doesn't do anything else than running docker compose
. If that isn't able to pull from the registry, then it's a problem with your docker setup or the way you log in to the registry.
You're using the docker_login module to authenticate. That module verifies that the credentials are correct by using the /auth
endpoint of the Docker daemon, and stores the credentials in the credential store (which that is depends on your Docker config file).
Now docker_compose_v2(_pull) can only use the credentials if it has access to the same credential store that docker_login stored them in. You are running Docker CLI from a Snap. My guess is that your Docker CLI setup does not use the same credentials store than docker_login (which uses code from Docker SDK for Python for accessing the credentials store).
Thank you for the answer! I'm not modifying the CLI setup as far as I know. How do I get the docker CLI setup to use the same credentials store than docker_login?
Usually they do use the same context, unless you changed something. Are you maybe using Docker contexts? (I.e. does docker context ls
show something else than default
?)
No...
docker context ls
NAME DESCRIPTION DOCKER ENDPOINT ERROR
default * Current DOCKER_HOST based configuration unix:///var/run/docker.sock
In that case, no idea. I cannot replicate this with a regular registry.
Thanks for the help. Any idea what I can try to progress? are you able to authenticate to a private registry the same way I am doing it?
If you run docker login
with ansible.builtin.command
, does a subsequent community.docker.docker_compose_v2
then work?
are you able to authenticate to a private registry the same way I am doing it?
Yes, it works for me.
BTW, I noticed that in the error message you posted:
fatal: [18.208.187.13]: FAILED! => {"actions": [{"id": "my-image", "status": "Pulling", "what": "service"}], "changed": false, "cmd": "/snap/bin/docker compose --ansi never --progress plain --project-directory /home/ubuntu/docker/my-image up --detach --no-color --quiet-pull --", "containers": [], "images": [], "msg": "Error when processing my-image: Error response from daemon: Head \"https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\": no basic auth credentials", "rc": 18, "stderr": " my-image Pulling \n my-image Error \nError response from daemon: Head \"https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\": no basic auth credentials\n", "stderr_lines": [" my-image Pulling ", " my-image Error ", "Error response from daemon: Head \"https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\": no basic auth credentials"], "stdout": "", "stdout_lines": []}
there is a backslash \
(%5C
in the quoted URL) at the end of the URL, which looks like to be part of the tag. Could it be that you have a problem somewhere else, like a backslash showing up in the image's tag that shouldn't be there?
SUMMARY
Pulling from private registry doesn't work after doing docker login
ISSUE TYPE
COMPONENT NAME
community.docker.docker_login
andcommunity.docker.docker_compose_v2
/community.docker.docker_compose_v2_pull module
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
STEPS TO REPRODUCE
EXPECTED RESULTS
After logging in, successfully being able to pull my images in private repository.
ACTUAL RESULTS
Failure to authenticate