ansible / ansible-container

DEPRECATED -- Ansible Container was a tool to build Docker images and orchestrate containers using only Ansible playbooks.
GNU Lesser General Public License v3.0
2.19k stars 392 forks source link

Cannot push image to GitLab.com registry #893

Open jerrac opened 6 years ago

jerrac commented 6 years ago
ISSUE TYPE
container.yml
version: "2"
settings:
  conductor:
    # The Conductor container does the heavy lifting, and provides a portable
    # Python runtime for building your target containers. It should be derived
    # from the same distribution as you're building your target containers with.
    base: centos:7
    # roles_path:   # Specify a local path containing Ansible roles
    # volumes:      # Provide a list of volumes to mount
    # environment:  # List or mapping of environment variables

  # Set the name of the project. Defaults to basename of the project directory.
  # For built services, concatenated with service name to form the built image name.
  project_name: master_placeholder

  # The deployment_output_path is mounted to the Conductor container, and the
  # `run` and `deployment` commands then write generated Ansible playbooks to it.
  # deployment_output_path: ./ansible-deployment

  # When using the k8s or openshift engines, use the following to authorize with the API.
  # Values set here will be passed to the Ansible modules. Any file paths will be mounted
  # to the conductor container, allowing the `run` command to access the API.
  #k8s_auth:
    # path to a K8s config file
    #config_file:
    # name of a context found within the config file
    #context:
    # URL for accessing the K8s API
    #host:
    # An API authentication token
    #api_key:
    # Path to a ca cert file
    #ssl_ca_cert:
    # Path to a cert file
    #cert_file:
    # Path to a key file
    #key_file:
    # boolean, indicating if SSL certs should be validated
    #verify_ssl:

  # When using the k8s or openshift engines, use the following to set the namespace.
  # If not set, the project name will be used. For openshift, the namespace maps to a project,
  # and description and display_name are supported.
  # k8s_namespace:
  #  name: master_placeholder
  #  description: master_placeholder
  #  display_name: master_placeholder

services:
  # Add your containers here, specifying the base image you want to build from.
  # To use this example, uncomment it and delete the curly braces after services key.
  # You may need to run `docker pull ubuntu:trusty` for this to work.

  master_placeholder:
    from: "centos:7"
    roles:
      - staticsite
    ports:
      - "80:80"
    # command: ["/usr/bin/dumb-init", "/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
    # dev_overrides:
    #   environment:
    #     - "DEBUG=1"
registries:
  gitlab:
    url: registry.gitlab.com
    namespace: projectgroup
    repository-prefix: ""
OS / ENVIRONMENT
Ansible Container, version 0.9.2
Linux, Reach, 4.11.0-14-generic, #20~16.04.1-Ubuntu SMP Wed Aug 9 09:06:22 UTC 2017, x86_64
3.5.2 (default, Nov 23 2017, 16:37:01) 
[GCC 5.4.0 20160609] /usr/bin/python3
{
  "OomKillDisable": true,
  "HttpProxy": "",
  "RegistryConfig": {
    "Mirrors": [],
    "AllowNondistributableArtifactsHostnames": [],
    "InsecureRegistryCIDRs": [
      "172.30.0.0/16",
      "127.0.0.0/8"
    ],
    "AllowNondistributableArtifactsCIDRs": [],
    "IndexConfigs": {
      "local.openshift": {
        "Official": false,
        "Secure": false,
        "Mirrors": [],
        "Name": "local.openshift"
      },
      "docker.io": {
        "Official": true,
        "Secure": true,
        "Mirrors": [],
        "Name": "docker.io"
      }
    }
  },
  "BridgeNfIp6tables": true,
  "HttpsProxy": "",
  "DockerRootDir": "/var/lib/docker",
  "Architecture": "x86_64",
  "Runtimes": {
    "runc": {
      "path": "docker-runc"
    }
  },
  "DriverStatus": [
    [
      "Backing Filesystem",
      "extfs"
    ],
    [
      "Supports d_type",
      "true"
    ],
    [
      "Native Overlay Diff",
      "true"
    ]
  ],
  "InitCommit": {
    "ID": "949e6fa",
    "Expected": "949e6fa"
  },
  "NCPU": 4,
  "ExperimentalBuild": false,
  "LiveRestoreEnabled": false,
  "MemoryLimit": true,
  "MemTotal": 16678940672,
  "SwapLimit": false,
  "SecurityOptions": [
    "name=apparmor",
    "name=seccomp,profile=default"
  ],
  "NGoroutines": 34,
  "ContainerdCommit": {
    "ID": "89623f28b87a6004d4b785663257362d1658a729",
    "Expected": "89623f28b87a6004d4b785663257362d1658a729"
  },
  "LoggingDriver": "json-file",
  "Driver": "overlay2",
  "CPUSet": true,
  "BridgeNfIptables": true,
  "Plugins": {
    "Volume": [
      "local"
    ],
    "Authorization": null,
    "Network": [
      "bridge",
      "host",
      "macvlan",
      "null",
      "overlay"
    ],
    "Log": [
      "awslogs",
      "fluentd",
      "gcplogs",
      "gelf",
      "journald",
      "json-file",
      "logentries",
      "splunk",
      "syslog"
    ]
  },
  "CpuCfsPeriod": true,
  "Name": "Reach",
  "SystemTime": "2018-02-21T19:55:40.412255758-08:00",
  "ClusterAdvertise": "",
  "ServerVersion": "17.12.0-ce",
  "CpuCfsQuota": true,
  "Swarm": {
    "RemoteManagers": null,
    "NodeAddr": "",
    "ControlAvailable": false,
    "NodeID": "",
    "LocalNodeState": "inactive",
    "Error": ""
  },
  "CPUShares": true,
  "Debug": false,
  "KernelMemory": true,
  "NEventsListener": 0,
  "NoProxy": "",
  "Images": 168,
  "Isolation": "",
  "OSType": "linux",
  "KernelVersion": "4.11.0-14-generic",
  "OperatingSystem": "Ubuntu 16.04.3 LTS",
  "ID": "EDKL:QPH7:LDR5:U6U6:4QEW:YXCA:Z2VW:ZTU2:BVS7:MWOW:6UDW:D2KK",
  "Containers": 1,
  "SystemStatus": null,
  "IPv4Forwarding": true,
  "DefaultRuntime": "runc",
  "InitBinary": "docker-init",
  "GenericResources": null,
  "ContainersPaused": 0,
  "CgroupDriver": "cgroupfs",
  "ClusterStore": "",
  "IndexServerAddress": "https://index.docker.io/v1/",
  "NFd": 20,
  "ContainersStopped": 1,
  "Labels": [],
  "RuncCommit": {
    "ID": "b2567b37d7b75eb4cf325b77297b140ea686ce8f",
    "Expected": "b2567b37d7b75eb4cf325b77297b140ea686ce8f"
  },
  "ContainersRunning": 0
}
{
  "Components": [
    {
      "Version": "17.12.0-ce",
      "Details": {
        "Os": "linux",
        "GitCommit": "c97c6d6",
        "BuildTime": "2017-12-27T20:09:53.000000000+00:00",
        "ApiVersion": "1.35",
        "MinAPIVersion": "1.12",
        "GoVersion": "go1.9.2",
        "Experimental": "false",
        "Arch": "amd64",
        "KernelVersion": "4.11.0-14-generic"
      },
      "Name": "Engine"
    }
  ],
  "Os": "linux",
  "ApiVersion": "1.35",
  "GoVersion": "go1.9.2",
  "Platform": {
    "Name": ""
  },
  "Version": "17.12.0-ce",
  "MinAPIVersion": "1.12",
  "BuildTime": "2017-12-27T20:09:53.000000000+00:00",
  "GitCommit": "c97c6d6",
  "Arch": "amd64",
  "KernelVersion": "4.11.0-14-generic"
}
SUMMARY

The image name/url generated by ansible-container is incompatible with the name/urls that GitLab.com supports.

GitLab supports the following:

registry.gitlab.com/<username or groupname>/<project name>:tag
registry.gitlab.com/<username or groupname>/<project name>/optional-image-name:tag
registry.gitlab.com/<username or groupname>/<project name>/optional-name/optional-image-name:tag

I was only ever able to get something like

registry.gitlab.com/projectgroup/master_placeholder-master_placeholder:20180222033022

I needed things like:

registry.gitlab.com/projectgroup/master_placeholder:20180222033022
registry.gitlab.com/projectgroup/master_placeholder/master_placeholder_web:20180222033022
STEPS TO REPRODUCE
$ ansible-container build                
Building Docker Engine context...   
Starting Docker build of Ansible Container Conductor image (please be patient)...   
Parsing conductor CLI args.
Docker™ daemon integration engine loaded. Build starting.   project=master_placeholder
Building service... project=master_placeholder service=master_placeholder
Applied role staticsite from cache  role=staticsite service=master_placeholder
Build complete. service=master_placeholder
All images successfully built.
Conductor terminated. Cleaning up.  command_rc=0 conductor_id=be36ca86d055a4bfbbec5839fab160791f12f06cfdf53102ffa456d84265a3e5 save_container=False

$ ansible-container push --push-to gitlab
Parsing conductor CLI args.
Engine integration loaded. Preparing push.  engine=Docker™ daemon
Tagging registry.gitlab.com/projectgroup/master_placeholder-master_placeholder
Pushing registry.gitlab.com/projectgroup/master_placeholder-master_placeholder:20180222033022...
The push refers to repository [registry.gitlab.com/projectgroup/master_placeholder-master_placeholder]
Preparing
denied: requested access to the resource is denied
Traceback (most recent call last):
  File "/usr/bin/conductor", line 11, in <module>
    load_entry_point('ansible-container', 'console_scripts', 'conductor')()
  File "/_ansible/container/__init__.py", line 19, in __wrapped__
    return fn(*args, **kwargs)
  File "/_ansible/container/cli.py", line 399, in conductor_commandline
    **params)
  File "/_ansible/container/__init__.py", line 19, in __wrapped__
    return fn(*args, **kwargs)
  File "/_ansible/container/core.py", line 974, in conductorcmd_push
    password=password, repository_prefix=repository_prefix)
  File "/_ansible/container/__init__.py", line 19, in __wrapped__
    return fn(*args, **kwargs)
  File "/_ansible/container/docker/engine.py", line 873, in push
    "Failed to push image. {}".format(line['error'])
container.exceptions.AnsibleContainerException: Failed to push image. denied: requested access to the resource is denied
Conductor terminated. Cleaning up.  command_rc=1 conductor_id=49476f4742460b188e411b0c9f92ba64e83272b2f2206e9726ad6e1aa0fe7cf1 save_container=False
ERROR   Conductor exited with status 1  
EXPECTED RESULTS

I expected my image to be pushed to GitLab.

ACTUAL RESULTS
$ ansible-container --debug push --push-to gitlab
2018-02-21T19:59:11.809261 The default type is            [container.config] caller_file=/usr/local/lib/python3.5/dist-packages/container/config.py caller_func=_resolve_defaults caller_line=189 config=<class 'ruamel.yaml.comments.CommentedMap'> defaults=<class 'ruamel.yaml.compat.ordereddict'>
2018-02-21T19:59:11.810456 Getting environment variables... [container.config] caller_file=/usr/local/lib/python3.5/dist-packages/container/config.py caller_func=_get_environment_variables caller_line=205
2018-02-21T19:59:11.811790 Read environment variables     [container.config] caller_file=/usr/local/lib/python3.5/dist-packages/container/config.py caller_func=_get_environment_variables caller_line=210 env_vars={}
2018-02-21T19:59:11.812780 Resolved template variables    [container.config] caller_file=/usr/local/lib/python3.5/dist-packages/container/config.py caller_func=_resolve_defaults caller_line=194 template_vars={}
2018-02-21T19:59:11.813839 Parsed config                  [container.config] caller_file=/usr/local/lib/python3.5/dist-packages/container/config.py caller_func=set_env caller_line=148 config={"version": "2", "settings": {"conductor": {"base": "centos:7"}, "project_name": "master_placeholder", "pwd": "/home/localusername/projectgroup/master_placeholder"}, "services": {"master_placeholder": {"from": "centos:7", "roles": ["staticsite"], "ports": ["80:80"]}}, "registries": {"gitlab": {"url": "registry.gitlab.com", "namespace": "projectgroup", "repository-prefix": ""}}, "defaults": {}}
2018-02-21T19:59:11.814767 Loading engine capabilities    [container.utils.loader] caller_file=/usr/local/lib/python3.5/dist-packages/container/utils/loader.py caller_func=load_engine caller_line=14 capabilities=['LOGIN', 'PUSH'] engine=docker
2018-02-21T19:59:11.849057 PROJECT NAME                   [container.core] caller_file=/usr/local/lib/python3.5/dist-packages/container/core.py caller_func=hostcmd_push caller_line=354 project_name=master_placeholder
2018-02-21T19:59:11.854015 Setting Docker client timeout to 60 [container.docker.engine] caller_file=/usr/local/lib/python3.5/dist-packages/container/docker/engine.py caller_func=get_timeout caller_line=122
2018-02-21T19:59:11.862803 Could not find container for conductor [container.docker.engine] all_containers=[] caller_file=/usr/local/lib/python3.5/dist-packages/container/docker/engine.py caller_func=get_container_id_for_service caller_line=531 container=master_placeholder_conductor
2018-02-21T19:59:11.875141 Call: Engine.run_conductor     [container.docker.engine] args=('push', {'version': '2', 'defaults': ordereddict(), 'registries': CommentedMap([('gitlab', CommentedMap([('url', 'registry.gitlab.com'), ('namespace', 'projectgroup'), ('repository-prefix', '')]))]), 'settings': CommentedMap([('conductor', CommentedMap([('base', 'centos:7')])), ('project_name', 'master_placeholder'), ('pwd', '/home/localusername/projectgroup/master_placeholder')]), 'services': ordereddict([('master_placeholder', CommentedMap([('from', 'centos:7'), ('roles', ['staticsite']), ('ports', ['80:80'])]))])}, '/home/localusername/projectgroup/master_placeholder', {'email': None, 'tag': None, 'debug': True, 'username': None, 'volume_driver': None, 'roles_path': [], 'devel': False, 'config_path': '/home/localusername/.docker/config.json', 'pull_from_url': None, 'repository_prefix': None, 'subcommand': 'push', 'save_conductor': False, 'with_volumes': [], 'url': 'registry.gitlab.com', 'push_to': 'gitlab', 'with_variables': [], 'password': None, 'selinux': True, 'namespace': 'projectgroup'}) caller_file=/usr/local/lib/python3.5/dist-packages/container/docker/engine.py caller_func=Engine.run_conductor caller_line=278 kwargs={}
2018-02-21T19:59:11.883096 Docker run:                    [container.docker.engine] caller_file=/usr/local/lib/python3.5/dist-packages/container/docker/engine.py caller_func=run_conductor caller_line=435 image=sha256:56824a1e0fca1a57ec6378045f36c750eb9b5973cc1d4d5d1ae0ffb01afe8937 params={'volumes': {'/home/localusername/.docker/config.json': {'mode': 'rw', 'bind': '/home/localusername/.docker/config.json'}, 'master_placeholder_secrets': {'mode': 'rw', 'bind': '/run/secrets'}, '/home/localusername/projectgroup/master_placeholder': {'mode': 'ro', 'bind': '/src'}, '/var/run/docker.sock': {'mode': 'rw', 'bind': '/var/run/docker.sock'}}, 'cap_add': ['SYS_ADMIN'], 'name': 'master_placeholder_conductor', 'user': 'root', 'environment': {'ANSIBLE_ROLES_PATH': '/src/roles:/etc/ansible/roles', 'DOCKER_HOST': 'unix:///var/run/docker.sock'}, 'detach': True, 'privileged': True, 'working_dir': '/src', 'command': ['conductor', 'push', '--project-name', 'master_placeholder', '--engine', 'docker', '--params', 'eyJlbWFpbCI6IG51bGwsICJ0YWciOiBudWxsLCAiZGVidWciOiB0cnVlLCAidXNlcm5hbWUiOiBudWxsLCAidm9sdW1lX2RyaXZlciI6IG51bGwsICJyb2xlc19wYXRoIjogW10sICJkZXZlbCI6IGZhbHNlLCAiY29uZmlnX3BhdGgiOiAiL2hvbWUvcmVhZ2FuZC8uZG9ja2VyL2NvbmZpZy5qc29uIiwgInB1bGxfZnJvbV91cmwiOiBudWxsLCAicmVwb3NpdG9yeV9wcmVmaXgiOiBudWxsLCAic3ViY29tbWFuZCI6ICJwdXNoIiwgInNhdmVfY29uZHVjdG9yIjogZmFsc2UsICJ3aXRoX3ZvbHVtZXMiOiBbXSwgInVybCI6ICJyZWdpc3RyeS5naXRsYWIuY29tIiwgInB1c2hfdG8iOiAiZ2l0bGFiIiwgIndpdGhfdmFyaWFibGVzIjogW10sICJwYXNzd29yZCI6IG51bGwsICJzZWxpbnV4IjogdHJ1ZSwgIm5hbWVzcGFjZSI6ICJyYXlndW5ob3N0aW5nIn0=', '--config', 'eyJ2ZXJzaW9uIjogIjIiLCAiZGVmYXVsdHMiOiBbXSwgInNldHRpbmdzIjogW1siY29uZHVjdG9yIiwgeyJiYXNlIjogImNlbnRvczo3In1dLCBbInByb2plY3RfbmFtZSIsICJtYXN0ZXJfcGxhY2Vob2xkZXIiXSwgWyJwd2QiLCAiL2hvbWUvcmVhZ2FuZC9yYXlndW5ob3N0aW5nL21hc3Rlcl9wbGFjZWhvbGRlciJdXSwgInJlZ2lzdHJpZXMiOiBbWyJnaXRsYWIiLCB7InVybCI6ICJyZWdpc3RyeS5naXRsYWIuY29tIiwgIm5hbWVzcGFjZSI6ICJyYXlndW5ob3N0aW5nIiwgInJlcG9zaXRvcnktcHJlZml4IjogIiJ9XV0sICJzZXJ2aWNlcyI6IFtbIm1hc3Rlcl9wbGFjZWhvbGRlciIsIHsiZnJvbSI6ICJjZW50b3M6NyIsICJyb2xlcyI6IFsic3RhdGljc2l0ZSJdLCAicG9ydHMiOiBbIjgwOjgwIl19XV19', '--encoding', 'b64json']}
Parsing conductor CLI args.
2018-02-22T03:59:14.474364 Processing defaults section... [container.config] caller_file=/_ansible/container/config.py caller_func=_process_defaults caller_line=325
2018-02-22T03:59:14.477709 Processing section...          [container.config] caller_file=/_ansible/container/config.py caller_func=_process_top_level_sections caller_line=334 section=volumes
2018-02-22T03:59:14.481961 Processing section...          [container.config] caller_file=/_ansible/container/config.py caller_func=_process_top_level_sections caller_line=334 section=registries
2018-02-22T03:59:14.489489 Processing section...          [container.config] caller_file=/_ansible/container/config.py caller_func=_process_top_level_sections caller_line=334 section=secrets
2018-02-22T03:59:14.491923 Processing service...          [container.config] caller_file=/_ansible/container/config.py caller_func=_process_services caller_line=340 service=u'master_placeholder' service_data={u'from': u'centos:7', u'ports': [u'80:80'], u'roles': [u'staticsite']}
2018-02-22T03:59:14.496706 Rendering service keys from defaults [container.config] caller_file=/_ansible/container/config.py caller_func=_process_services caller_line=363 defaults={} service=u'master_placeholder'
2018-02-22T03:59:14.501253 Starting Ansible Container Conductor: push [container.cli] caller_file=/_ansible/container/cli.py caller_func=conductor_commandline caller_line=391 services={"master_placeholder": {"from": "centos:7", "ports": ["80:80"], "roles": ["staticsite"], "defaults": {}}}
2018-02-22T03:59:14.505392 Loading engine capabilities    [container.utils.loader] caller_file=/_ansible/container/utils/loader.py caller_func=load_engine caller_line=14 capabilities=['PUSH', 'LOGIN'] engine=docker
2018-02-22T03:59:14.523995 Engine integration loaded. Preparing push. [container.core] caller_file=/_ansible/container/core.py caller_func=conductorcmd_push caller_line=956 engine=u'Docker\u2122 daemon'
2018-02-22T03:59:14.531383 Setting Docker client timeout to 60 [container.docker.engine] caller_file=/_ansible/container/docker/engine.py caller_func=get_timeout caller_line=122
2018-02-22T03:59:14.549806 Tagging registry.gitlab.com/projectgroup/master_placeholder-master_placeholder [container.docker.engine] caller_file=/_ansible/container/docker/engine.py caller_func=push caller_line=859
2018-02-22T03:59:14.582836 Pushing registry.gitlab.com/projectgroup/master_placeholder-master_placeholder:20180222033022... [container.docker.engine] caller_file=/_ansible/container/docker/engine.py caller_func=push caller_line=862
The push refers to repository [registry.gitlab.com/projectgroup/master_placeholder-master_placeholder]
Preparing
denied: requested access to the resource is denied
Traceback (most recent call last):
  File "/usr/bin/conductor", line 11, in <module>
    load_entry_point('ansible-container', 'console_scripts', 'conductor')()
  File "/_ansible/container/__init__.py", line 19, in __wrapped__
    return fn(*args, **kwargs)
  File "/_ansible/container/cli.py", line 399, in conductor_commandline
    **params)
  File "/_ansible/container/__init__.py", line 19, in __wrapped__
    return fn(*args, **kwargs)
  File "/_ansible/container/core.py", line 974, in conductorcmd_push
    password=password, repository_prefix=repository_prefix)
  File "/_ansible/container/__init__.py", line 19, in __wrapped__
    return fn(*args, **kwargs)
  File "/_ansible/container/docker/engine.py", line 873, in push
    "Failed to push image. {}".format(line['error'])
container.exceptions.AnsibleContainerException: Failed to push image. denied: requested access to the resource is denied
2018-02-21T19:59:18.123270 Conductor terminated. Cleaning up. [container.docker.engine] caller_file=/usr/local/lib/python3.5/dist-packages/container/docker/engine.py caller_func=await_conductor_command caller_line=462 command_rc=1 conductor_id=9445ff23d819233b81ef0c86f6a3cc9faf46ea364c3460bdac70749e57a80f8b save_container=False
2018-02-21T19:59:18.482459 Conductor exited with status 1 [container.cli] caller_file=/usr/local/lib/python3.5/dist-packages/container/cli.py caller_func=__call__ caller_line=311
j00bar commented 6 years ago

@chouseknecht Would you mind taking a look at this one? Thanks!

j00bar commented 6 years ago

Related: #826