ansible aws ecr登錄不使用docker命令

Question

我想使用 ansible 登錄 aws docker ecr 注冊表

    # return  docker login -u AWS -p <token> 
   -name: dget docker command
    shell: "aws ecr get-login --region {{ aws_region }}"
    register: docker_login_command
    
   -name: docker login 
    shell: "{{docker_login_command.output}}"
   

這將需要在我們的機器上安裝 docker cli。但我們正在使用 docker 容器來運行 ansible 並共享 docker 套接字。 有沒有辦法不為此使用 docker cli？

Answer 1

嘗試這個。 這對我有用。

  - name: ecr docker get-authorization-token
    shell: "aws ecr get-authorization-token  \
    --profile {{ envsettings.infra.aws_profile }} --region {{ envsettings.infra.aws_region }}"
    register: ecr_command
  
  - set_fact:
      ecr_authorization_data: "{{ (ecr_command.stdout | from_json).authorizationData[0] }}"
  
  - set_fact:
      ecr_credentials: "{{ (ecr_authorization_data.authorizationToken | b64decode).split(':') }}"
  
  - name: docker_repository - Log into ECR registry and force re-authorization
    docker_login:
      registry_url: "{{ ecr_authorization_data.proxyEndpoint.rpartition('//')[2] }}"
      username: "{{ ecr_credentials[0] }}"
      password: "{{ ecr_credentials[1] }}"
      reauthorize: yes

它需要 docker pip python 模塊。 在上面的代碼之前安裝

  - name: install required packages for this role
    pip:
      state: present
      name: docker
      executable: /usr/bin/pip3

Answer 2

這對我有用 \\o/

- name: "Teili e zaga"
  shell: "{{ item }}"
  with_items:    
   - $(aws ecr get-login --no-include-email --region us-east-1)

psicopante

Answer 3

另一個可能更簡單的解決方案是依賴get-login-password而不是get-authorization-token

例如，基於實例配置文件：

- name: Get instance profile info
  amazon.aws.aws_caller_info:
  register: aws_info

- set_fact:
    ecr_registry_url: "{{ aws_info.account }}.dkr.ecr.eu-west-1.amazonaws.com"

- name: Get ECR token
  shell: "aws ecr get-login-password --region eu-west-1"
  register: ecr_token

- name: Log into ECR registry
  docker_login:
    registry_url: "{{ ecr_registry_url }}"
    debug: yes
    username: "AWS"
    password: "{{ ecr_token.stdout }}"
    reauthorize: yes