Ansible docker_swarm_service with private registry

Question

I have an image I wish to use which is hosted in a private docker registry, when deploying the service using the docker cli I would do something like:

docker service  create \
  --with-registry-auth \
  --name my_service \
  registry.example.com/acme/my_image:latest

(from docker docs: create-a-service-using-an-image-on-a-private-registry)

However the docker_swarm_service module in ansible doesn't seem to have any way of supplying --with-registry-auth. This means my services I create aren't scaling to other nodes in the swarm.

I am looking for suggestions on how best to create these services using Ansible with the expectation that the images remain in the private registry and any future nodes added to the swarm can authenticate and download them.

Answer 1

Basically @fishyjoes answer is correct.

A bit more in detail:
You would first have to log into the registry via ansible task:

- name: Log into DockerHub
  docker_login:
    username: "{{ docker_username }}"
    password: "{{ docker_secret_pw }}"

https://docs.ansible.com/ansible/2.3/docker_login_module.html

Then use the with_registry_auth var in your Docker stack deploy task:

- name: Deploy stack
  docker_stack:
    state: present
    name: "{{ docker_stack_name }}"
    with_registry_auth: true
    compose:
    - "~/.tads/stacks/{{ docker_stack_name }}/{{ docker_stack_name }}.yml"
  register: stack_deploy

Answer 2

The ansible stack module has the relevant flag

https://docs.ansible.com/ansible/latest/modules/docker_stack_module.html#docker-stack-module