Reputation: 1318
Ansible Shell Cannot Pull Docker Image
I've run into issues pulling Docker images from a private DockerHub repo using the Docker module of Ansible, so to sanity-check that code decided to try pulling the image in question first using the shell. This also fails. What's going on here? If I SSH onto the box, I am able to run exactly the same command in the shell and it works, pulling the right image.
Isolated example play:
---
- hosts: <host-ip>
gather_facts: True
remote_user: ubuntu
sudo: yes
tasks:
- include_vars: vars/client_vars.yml
- name: Pull stardog docker image [private]
shell: sudo docker pull {{stardog_docker_repo}}
- name: Tag stardog docker image [private]
shell: sudo docker tag {{stardog_docker_repo}} stardog_tag
The error that's being output is:
failed: [<host-ip>] => {"changed": true, "cmd": "sudo docker pull <org>/<image>:latest", "delta": "0:00:01.395931", "end": "2015-08-05 17:35:22.480811", "rc": 1, "start": "2015-08-05 17:35:21.084880", "warnings": []}
stderr: Error: image <org>/<image>:latest not found
stdout: Pulling repository <org>/<image>
FATAL: all hosts have already failed -- aborting
NB: I've sanitised my <org> and <image> but rest assured their image identifier in the playbook and error logging perfectly match the image that I can successfully run in the shell over ssh by doing:
$ sudo docker pull <org>/<image>:latest
I'm aware of various GitHub issues (like this one I had when using the Docker module), patches et cetera related to the docker-py library, but the thing here is I'm just using the Ansible shell module. What have I missed?
Upvotes: 2
Views: 5497
Answers (2)
Reputation: 2863
You should use Ansible's docker_container module to pull image now.
In this way, you don't need to run sudo in shell.
http://docs.ansible.com/ansible/docker_container_module.html
Upvotes: 2
Reputation: 1318
A colleague of mine pointed out something - if you log the env, you find that the sudo: yes makes root run the docker commands by default and thus the ubuntu user's Docker credentials are not picked up. This playbook works (assuming you have a valid dockercfg.json in the docker folder, relative to this playbook.
---
- hosts: <host-ip>
gather_facts: True
remote_user: ubuntu
sudo: yes
tasks:
- include_vars: vars/client_vars.yml
# run the docker tasks
- name: Add docker credentials for ubuntu user
copy: src=docker/dockercfg.json dest=/root/.dockercfg
- name: Get env
shell: sudo env
register: sudo_env
- name: Debug
debug: msg="{{sudo_env}}"
- name: Pull stardog docker image [private]
shell: docker pull {{stardog_docker_repo}}
- name: Tag stardog docker image [private]
shell: docker tag {{stardog_docker_repo}} stardog_tag
This gives root the right DockerHub creds. Alternatively, you can add sudo: false to each of the plays and use sudo inline on each shell call to run as the ubuntu user.
Upvotes: 4
Related Questions
- Ansible docker_container command failing with no output
- Dockerfile not executing - 'pull access denied for ansible_image, repository does not exist or may require 'docker login''
- not able to pull ansible image
- Can't pull a docker image using ansible and community.general.docker_image
- Run ansible in docker
- Error while running (docker_image) module ansible Playbook
- How to use docker_image and docker_container module in Ansible
- Ansible fails to pull docker image from aws ecr (registry)
- Building Dockers with Ansible docker_image
- Ansible and docker: locally build image get pulled and causes failure