Ansible - How do I pull a Docker image from a private registry

Question

I'm trying to pull a Docker image from my Google Cloud Artifact private registry using an Ansible Task.

currently I'm running the task like this:

- name: Deploy Webserver Container
   docker_container: 
   image: "https://console.cloud.google.com/artifacts/docker/.../webserver"
   pull: yes
   name: ws
   volumes: 
      - "{{ img_log }}:{{ img_log }}"
      - "{{ img_strg }}:{{ img_strg }}"
      - "{{ img_netplan }}:{{ img_netplan }}" 
      - "{{ img_home_dir }}:{{ img_home_dir }}"
      - "{{ img_ssl_prvt }}:{{ img_ssl_prvt }}"
      - "{{ img_ssl_crt }}:{{ img_ssl_crt }}"
   working_dir: "{{ img_workdir }}"
   state: started
   restart_policy: always

but when I run the playbook I get this error:

"msg": "Error pulling image webserver:latest - 404 Client Error: Not Found (\"{\"message\":\"pull access denied for webserver, repository does not exist or may require 'docker login': denied: requested access to the resource is denied\"}\")"

Answer 1

1. the user/serviceaccount that the playbook runing as needs to have at least the role Artifact Registry Reader
2. your image section is wrong, to get the url of you private repository you need to navigate to the url that you put in your image section and click on the button copy your private url repo should look like thiszone-docker.pkg.../projectid/nameofyourrepo
3. finaly you need to execute the command that exist in GCP Setup instructions -> Configure Docker