search

redhat-cop / ee_utilities

This ansible collection includes a number of roles and tools which can be useful for managing Ansible Execution Environments.
https://galaxy.ansible.com/infra/ee_utilities
GNU General Public License v3.0
57 stars 34 forks source link

ee_base_registry_username / ee_base_registry_password not working in latest version #118

Open chofstede opened 1 year ago

chofstede commented 1 year ago

Summary

The variables ee_base_registry_username and ee_base_registry_password are not being used to authenticate to registry.redhat.io. Even when they are set to valid Red Hat Registry credentials, I still get the error: "unable to retrieve auth token: invalid username/password if the user is not logged in yet."

I added this as a workaround and it works:

  pre_tasks:
    - name: Login to registry.redhat.io
      ansible.builtin.shell:
        cmd: 'podman login registry.redhat.io --username "{{ ee_base_registry_username }}" --password "{{ ee_base_registry_password }}"'

  roles:
    - infra.ee_utilities.ee_builder

Issue Type

Ansible, Collection, Docker/Podman details

ansible --version
ansible [core 2.15.0]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/eebuilder/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/eebuilder/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.16 (main, May 29 2023, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

ansible-galaxy collection list
# /home/eebuilder/.ansible/collections/ansible_collections
Collection         Version
------------------ -------
containers.podman  1.10.2 
infra.ee_utilities 3.0.0  

podman --version
podman version 4.4.1

Ansible installed from RPM

OS / ENVIRONMENT

RHEL9

Desired Behavior

ansible-builder should authenticate to registry.redhat.io

Actual Behavior

ansible-builder fails with "unable to retrieve auth token: invalid username/password if the user is not logged in yet."

STEPS TO REPRODUCE

  1. podman logout registry.redhat.io
  2. Start playbook with correct credentials inside
djdanielsson commented 1 year ago

@sean-m-sullivan any ideas?

laurent-indermuehle commented 8 months ago

@sean-m-sullivan just got this error too. I think it's because here you used ee_registry_username: https://github.com/redhat-cop/ee_utilities/blob/devel/roles/ee_builder/tasks/00_build_ee.yml#L62-L63 And here you used ee_base_registry_username: https://github.com/redhat-cop/ee_utilities/blob/devel/roles/ee_builder/tasks/00_build_ee.yml#L13-L14

As noted here: https://github.com/redhat-cop/ee_utilities/issues/133 there is different credentials for the base image and the destination registry.

Do you see a way to make it work for every use case?

I think it would be best to move those 4 variables inside the image definition. This way, when using this role from aap_configuratioin_template, we can have a list of images in ee_list with different settings for each, instead of having everything in the global scope.

EDIT: Remove mention to builder image repository. I got confused with the term "builder image" and "upstream" vs "downstream". I just start to understand what it means.