Aws ecr (#61)

* Added ability to use ECR as the docker repository

README.md

@@ -321,6 +321,16 @@ If all goes well, you should have six new docker images:
 * Changes made to the [inventory hosts](examples/organized-environment/inventory.yml) list for:
   * docker_nodes
 
+#### Pushing to an ECR repository
+
+To use a ECR repository on AWS, set `is_ecr_registry: true` this will call the `aws_tools` role and install the aws cli on the build host, and grab the password for `docker_login` to use.
+
+The following variables need to be set to use a ECR repository:
+* ecr_access_key_id
+* ecr_secret_access_key
+* ecr_aws_region
+* aws_ecr_username (defaults to `AWS`)
+
 #### The push playbook
 
 From the directory containing this set of playbooks, run:

group_vars/all.yml

@@ -7,7 +7,7 @@ host_volumes: []
 volumes: "{{ role_volumes + common_volumes + host_volumes }}"
 
 docker_image_name: "{{ image_name | default(inventory_hostname) }}"
-repository: "{{ registry }}/{{ repository_path }}"
+repository: "{{ registry }}{{ repository_path }}"
 # multiple build variants are pushed, so repository_push_image references build_vars.tag
 repository_push_image: "{% if repository is defined %}{{ repository }}/{% endif %}{{ docker_image_name }}:{{ build_vars.tag }}"
 # but only one build variant (the one with the unaltered tag) is deployed, so repository_deploy_image references only version

roles/aws_tools/defaults/main.yml

@@ -0,0 +1,9 @@
+---
+awscli_package: awscli-exe-linux-x86_64.zip
+awscli_stage_dest: /tmp/
+awscli_bindir: /usr/local/aws
+awscli_instdir: /usr/bin/aws
+aws_ecr_username: AWS
+aws_region_ecr: YOUR_AWS_REGION
+aws_access_key_ecr: YOUR_ACCESS_KEY
+aws_secret_key_ecr: YOUR_SECRET_KEY

roles/aws_tools/tasks/install_awscli.yml

@@ -0,0 +1,28 @@
+- name: Install AWS CLI
+  when: awscli_command_path.rc != 0
+  block:
+    - name: Download AWS CLI
+      get_url: 
+        url: "https://awscli.amazonaws.com/{{ awscli_package }}"
+        dest: "{{ awscli_stage_dest }}"
+      register: downloaded_awscli_archive
+
+    - name: Unarchive "{{ awscli_stage_archive.dest }}"
+      unarchive:
+        src: "{{ downloaded_awscli_archive.dest }}"
+        dest: "{{ awscli_stage_dest }}"
+      register: unarchive_awscli
+      when: downloaded_awscli_archive.rc == "0"
+
+    - name: Install AWS CLI
+      shell: "{{ unarchive_awscli.dest }}/install -i {{ awscli_instdir }} -b {{ awscli_bindir }}"
+      become: yes
+
+    - name: Remove temp files
+      file:
+        state: absent
+        path: "{{ item }}"
+        with_items:
+          - "{{ downloaded_awscli_archive.dest }}"
+          - "{{ unarchive_awscli.dest }}"
+

roles/aws_tools/tasks/main.yml

@@ -0,0 +1,31 @@
+- name: Configure AWS CLI
+  block:
+    - name: Check if AWS CLI is installed
+      command: "which aws"
+      register: awscli_command_path
+      ignore_errors: yes
+      changed_when: no
+
+    - name: Install AWS CLI
+      when: awscli_command_path.rc != 0
+      include_tasks: install_awscli.yml
+
+- name: Authenticate to ECR
+  environment:
+    AWS_ACCESS_KEY_ID: "{{ ecr_access_key_id }}"
+    AWS_SECRET_ACCESS_KEY: "{{ ecr_secret_access_key }}"
+    AWS_DEFAULT_REGION: "{{ ecr_aws_region }}"
+  shell: "{{ awscli_command_path.stdout }} ecr get-login-password"
+  become: "{{ docker_become_user is defined }}"
+  become_user: "{{ docker_become_user|default(omit) }}"
+  delegate_to: "{{ groups['docker_build_hosts'] | first }}"
+  run_once: true
+  no_log: yes
+  changed_when: no
+  register: ecr_password
+
+- name: Set registry password
+  no_log: yes
+  changed_when: no
+  set_fact:
+    registry_password: "{{ ecr_password.stdout }}"

roles/docker_image_build/tasks/main.yml

@@ -4,4 +4,4 @@
     build_vars: "{{ build_variant.build_vars }}"
   loop: "{{ build_variants }}"
   loop_control:
-    loop_var: build_variant
+    loop_var: build_variant

roles/docker_login/tasks/main.yml

@@ -1,3 +1,8 @@
+- name: Set up AWS CLI for ECR Registry
+  when: is_ecr_registry is defined
+  include_role:
+    name: aws_tools
+
 - name: Log in to repositories
   docker_login:
     registry: "{{ registry }}"