From c9171b8c2a67fdbd2552fd5432665c50468edb1f Mon Sep 17 00:00:00 2001 From: Bastian de Byl Date: Fri, 5 May 2023 12:39:01 -0400 Subject: [PATCH] added ECR login for podman containers needed [debyltech] --- .../roles/podman/tasks/container-fulfillr.yml | 4 ++- .../roles/podman/tasks/podman-ecr-login.yml | 25 +++++++++++++++++++ ansible/roles/podman/tasks/podman.yml | 2 +- 3 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 ansible/roles/podman/tasks/podman-ecr-login.yml diff --git a/ansible/roles/podman/tasks/container-fulfillr.yml b/ansible/roles/podman/tasks/container-fulfillr.yml index 338289a..5b56c65 100644 --- a/ansible/roles/podman/tasks/container-fulfillr.yml +++ b/ansible/roles/podman/tasks/container-fulfillr.yml @@ -1,4 +1,6 @@ --- +- import_tasks: podman-ecr-login.yml + - name: create fulfillr host directory volumes become: true ansible.builtin.file: @@ -35,7 +37,7 @@ become_user: "{{ podman_user }}" containers.podman.podman_container: name: fulfillr - image: "{{ aws_ecr_endpoint }}/fulfillr:20230503.1628" + image: "{{ aws_ecr_endpoint }}/fulfillr:20230505.1608" command: --config /config/production.json recreate: true restart: true diff --git a/ansible/roles/podman/tasks/podman-ecr-login.yml b/ansible/roles/podman/tasks/podman-ecr-login.yml new file mode 100644 index 0000000..b12dfe0 --- /dev/null +++ b/ansible/roles/podman/tasks/podman-ecr-login.yml @@ -0,0 +1,25 @@ +--- +- name: fetch aws ecr auth token + become: true + become_user: podman + shell: | + aws ecr get-authorization-token --region us-east-1 + register: ecr_command + tags: always + +- set_fact: + ecr_authorization_data: "{{ (ecr_command.stdout | from_json).authorizationData[0] }}" + tags: always + +- set_fact: + ecr_credentials: "{{ (ecr_authorization_data.authorizationToken | b64decode).split(':') }}" + tags: always + +- name: podman login to AWS ECR + become: true + become_user: podman + containers.podman.podman_login: + registry: "{{ aws_ecr_endpoint }}" + username: "{{ ecr_credentials[0] }}" + password: "{{ ecr_credentials[1] }}" + tags: always \ No newline at end of file diff --git a/ansible/roles/podman/tasks/podman.yml b/ansible/roles/podman/tasks/podman.yml index a633146..14e6e7e 100644 --- a/ansible/roles/podman/tasks/podman.yml +++ b/ansible/roles/podman/tasks/podman.yml @@ -115,4 +115,4 @@ ansible.builtin.shell: | set -o pipefail && cat /etc/subuid | awk -F':' '/{{ podman_user }}/{ print $2 }' | head -n 1 register: podman_subuid - tags: always + tags: always \ No newline at end of file