From 514ec559f0e54d47bfe0eeae6f974b5dac8a309d Mon Sep 17 00:00:00 2001 From: Sebastian Gumprich Date: Sun, 13 Oct 2024 18:59:54 +0200 Subject: [PATCH] feat(alpine): add ansible-user and sudo-support Signed-off-by: Sebastian Gumprich --- alpine-ansible-latest/Dockerfile | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/alpine-ansible-latest/Dockerfile b/alpine-ansible-latest/Dockerfile index 95446a2..1d46a06 100644 --- a/alpine-ansible-latest/Dockerfile +++ b/alpine-ansible-latest/Dockerfile @@ -1,12 +1,23 @@ FROM alpine:latest LABEL maintainer="Sebastian Gumprich" -RUN apk add --no-cache ansible +RUN apk add --no-cache ansible sudo # Install Ansible inventory file RUN mkdir -p /etc/ansible \ && echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts +# https://molecule.readthedocs.io/en/latest/examples.html#docker-with-non-privileged-user +# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP` +# This template gets rendered using `loop: "{{ molecule_yml.platforms }}"`, so +# each `item` is an element of platforms list from the molecule.yml file for this scenario. +ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer SUDO_GROUP=wheel +RUN set -xe \ + && adduser -D ${ANSIBLE_USER} ${DEPLOY_GROUP} \ + && addgroup ${ANSIBLE_USER} ${ANSIBLE_USER} \ + && addgroup ${ANSIBLE_USER} ${SUDO_GROUP} \ + && sed -i "s/^# %${SUDO_GROUP} ALL=(ALL:ALL) NOPASSWD: ALL/%${SUDO_GROUP} ALL=(ALL:ALL) NOPASSWD: ALL/" /etc/sudoers + # delete file created by systemd that prevents login via ssh RUN rm -f /{var/run,etc,run}/nologin