[Question/Feature] Basic auth for docker-registry? #1144
Description
Issue Type
- Feature request?
Molecule and Ansible details
ansible --version
ansible 2.4.3.0
molecule --version
molecule, version 2.8.2
- Molecule installation method: pip
- Ansible installation method: pip
Desired Behaviour
1.) Molecule detects that the image already exists locally and build its images with it.
2.) The ability to login to a docker-registry which is secured with basic-auth.
http://molecule.readthedocs.io/en/latest/configuration.html#docker
molecule.yml
[...]
image: molecule_local/debian8
command: "/sbin/init"
registry: registry.example.com
credentials:
username: <username>
passsword: <password>
[...]
Actual Behaviour (Bug report only)
1.) molecule seams to force a pull from registry even if the in "image" declered images are already on the system.
molecule.yml
[...]
image: molecule_local/debian8
command: "/sbin/init"
[...]
Ends with:
[...]
"src": "<HOME>/.ansible/tmp/ansible-tmp-1519138551.25-135865749211750/source",
"state": "file",
"uid": 1000
},
"msg": "Error building molecule_local/molecule_local/debian8 - code: None, message: pull access denied for molecule_local/debian8, repository does not exist or may require 'docker login', logs: [u'Step 1/2 : FROM molecule_local/debian8', u'\\n']"
}
$ docker images -a |grep molecule_local
molecule_local/debian9
molecule_local/debian8
molecule_local/centos7
2.) Ability to login to docker registry with basic auth.
molecule.yml
[...]
image: <registryURL>/ops/molecule/centos7:latest
command: "/sbin/init"
[...]
Ends with:
ASK [Build an Ansible compatible image] ***************************************
task path: <home>/git-repos/<path-to-role>/molecule/default/create.yml:25
Using module file <home>/git-repos/ansible-roles/tools/ansible-pip-docker-test-com_test/com/lib/python2.7/site-packages/ansible/modules/cloud/docker/docker_image.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: <username>
<127.0.0.1> EXEC /bin/sh -c 'echo ~ && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo <home>/.ansible/tmp/ansible-tmp-1519137860.62-25986396057193 `" && echo ansible-tmp-1519137860.62-25986396057193="` echo <home>/.ansible/tmp/ansible-tmp-1519137860.62-25986396057193 `" ) && sleep 0'
<127.0.0.1> PUT /tmp/tmpMyMUvN TO <home>/.ansible/tmp/ansible-tmp-1519137860.62-25986396057193/docker_image.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x <home>/.ansible/tmp/ansible-tmp-1519137860.62-25986396057193/ <home>/.ansible/tmp/ansible-tmp-1519137860.62-25986396057193/docker_image.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '<home>/git-repos/ansible-roles/tools/ansible-pip-docker-test-com_test/bin/python2.7 <home>/.ansible/tmp/ansible-tmp-1519137860.62-25986396057193/docker_image.py; rm -rf "<home>/.ansible/tmp/ansible-tmp-1519137860.62-25986396057193/" > /dev/null 2>&1 && sleep 0'
failed: [comhost] (item={'_ansible_parsed': True, u'changed': False, u'group': u'<username>', u'uid': 1000, 'item': {'name': u'centos7-docker-test-com_test', 'image': u'registry.example.com/ops/molecule/centos7:latest', 'capabilities': [u'SYS_ADMIN', u'NET_ADMIN'], 'command': u'/sbin/init', 'volumes': [u'/sys/fs/cgroup:/sys/fs/cgroup:ro'], 'privileged': False}, 'checksum': u'024626b848b832ec649a22ccd123b0fe4a719332', '_ansible_item_result': True, 'failed': False, u'state': u'file', u'gid': 1000, u'mode': u'0644', u'invocation': {u'module_args': {u'directory_mode': None, u'force': False, u'remote_src': None, u'path': u'<home>/git-repos/<path-to-role>/molecule/default/.molecule/Dockerfile_registry_example_com_ops_molecule_centos7_latest', u'owner': None, u'follow': False, u'group': None, u'unsafe_writes': None, u'state': u'file', u'content': None, u'serole': None, u'diff_peek': None, u'setype': None, u'dest': u'<home>/git-repos/<path-to-role>/molecule/default/.molecule/Dockerfile_registry_example_com_ops_molecule_centos7_latest', u'selevel': None, u'original_basename': u'Dockerfile.j2', u'regexp': None, u'validate': None, u'src': u'Dockerfile.j2', u'seuser': None, u'recurse': False, u'delimiter': None, u'mode': None, u'attributes': None, u'backup': None}}, u'owner': u'<username>', u'path': u'<home>/git-repos/<path-to-role>/molecule/default/.molecule/Dockerfile_registry_example_com_ops_molecule_centos7_latest', u'size': 809, 'diff': {u'after': {u'path': u'<home>/git-repos/<path-to-role>/molecule/default/.molecule/Dockerfile_registry_example_com_ops_molecule_centos7_latest'}, u'before': {u'path': u'<home>/git-repos/<path-to-role>/molecule/default/.molecule/Dockerfile_registry_example_com_ops_molecule_centos7_latest'}}, '_ansible_ignore_errors': None, '_ansible_no_log': False}) => {
"changed": false,
"invocation": {
"module_args": {
"api_version": null,
"archive_path": null,
"buildargs": null,
"cacert_path": null,
"cert_path": null,
"container_limits": null,
"debug": false,
"docker_host": null,
"dockerfile": "<home>/git-repos/<path-to-role>/molecule/default/.molecule/Dockerfile_registry_example_com_ops_molecule_centos7_latest",
"filter_logger": false,
"force": true,
"http_timeout": null,
"key_path": null,
"load_path": null,
"name": "molecule_com/registry.example.com/ops/molecule/centos7:latest",
"nocache": false,
"path": "<home>/git-repos/<path-to-role>/molecule/default/.molecule",
"pull": true,
"push": false,
"repository": null,
"rm": true,
"ssl_version": null,
"state": "present",
"tag": "latest",
"timeout": null,
"tls": null,
"tls_hostname": null,
"tls_verify": null,
"use_tls": "no"
}
},
"item": {
"changed": false,
"checksum": "024626b848b832ec649a22ccd123b0fe4a719332",
"diff": {
"after": {
"path": "<home>/git-repos/<path-to-role>/molecule/default/.molecule/Dockerfile_registry_example_com_ops_molecule_centos7_latest"
},
"before": {
"path": "<home>/git-repos/<path-to-role>/molecule/default/.molecule/Dockerfile_registry_example_com_ops_molecule_centos7_latest"
}
},
"failed": false,
"gid": 1000,
"group": "<username>",
"invocation": {
"module_args": {
"attributes": null,
"backup": null,
"content": null,
"delimiter": null,
"dest": "<home>/git-repos/<path-to-role>/molecule/default/.molecule/Dockerfile_registry_example_com_ops_molecule_centos7_latest",
"diff_peek": null,
"directory_mode": null,
"follow": false,
"force": false,
"group": null,
"mode": null,
"original_basename": "Dockerfile.j2",
"owner": null,
"path": "<home>/git-repos/<path-to-role>/molecule/default/.molecule/Dockerfile_registry_example_com_ops_molecule_centos7_latest",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": "Dockerfile.j2",
"state": "file",
"unsafe_writes": null,
"validate": null
}
},
"item": {
"capabilities": [
"SYS_ADMIN",
"NET_ADMIN"
],
"command": "/sbin/init",
"image": "registry.example.com/ops/molecule/centos7:latest",
"name": "centos7-docker-test-com_test",
"privileged": false,
"volumes": [
"/sys/fs/cgroup:/sys/fs/cgroup:ro"
]
},
"mode": "0644",
"owner": "<username>",
"path": "<home>/git-repos/<path-to-role>/molecule/default/.molecule/Dockerfile_registry_example_com_ops_molecule_centos7_latest",
"size": 809,
"state": "file",
"uid": 1000
},
"msg": "Error building molecule_com/registry.example.com/ops/molecule/centos7 - code: None, message: Get https://registry.example.com/v2/ops/molecule/centos7/manifests/latest: no basic auth credentials, logs: [u'Step 1/2 : FROM registry.example.com/ops/molecule/centos7:latest', u'\\n']"
}
UPDATE:
Current workaround:
NOTE:
Make sure to unset historyfile if needed to not log your credentials to it!
docker login -u $USERNAME -p $PASSWORD $REGISTRYURL