Changed to test with non-privileged user (#167)

To prove the role works with a non-privileged user.
gantsign · Nov 30, 2019 · 9719a27 · 9719a27
1 parent 9aca850
commit 9719a27
Show file tree

Hide file tree

Showing 10 changed files with 110 additions and 3 deletions.
diff --git a/molecule/centos/Dockerfile.j2 b/molecule/centos/Dockerfile.j2
@@ -0,0 +1,32 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+{% if item.env is defined %}
+{% for var, value in item.env.items() %}
+{% if value %}
+ENV {{ var }} {{ value }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi
+
+# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP`
+ENV ANSIBLE_USER=ansible SUDO_GROUP=wheel DEPLOY_GROUP=deployer
+RUN set -xe \
+  && groupadd -r ${ANSIBLE_USER} \
+  && groupadd -r ${DEPLOY_GROUP} \
+  && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \
+  && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \
+  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
+  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
diff --git a/molecule/centos/molecule.yml b/molecule/centos/molecule.yml
@@ -11,14 +11,17 @@ lint:
 platforms:
   - name: ansible-role-visual-studio-code-centos
     image: centos:7
-    dockerfile: ../default/Dockerfile.j2
 
 provisioner:
   name: ansible
   playbooks:
     converge: ../code-only/playbook.yml
   lint:
     name: ansible-lint
+  inventory:
+    host_vars:
+      instance:
+        ansible_user: ansible
 
 scenario:
   name: centos

diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2
@@ -20,3 +20,13 @@ RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y pyth
     elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \
     elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
     elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi
+
+# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP`
+ENV ANSIBLE_USER=ansible SUDO_GROUP=sudo DEPLOY_GROUP=deployer
+RUN set -xe \
+  && groupadd -r ${ANSIBLE_USER} \
+  && groupadd -r ${DEPLOY_GROUP} \
+  && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \
+  && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \
+  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
+  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -16,6 +16,10 @@ provisioner:
   name: ansible
   lint:
     name: ansible-lint
+  inventory:
+    host_vars:
+      instance:
+        ansible_user: ansible
 
 scenario:
   name: default

diff --git a/molecule/fedora/molecule.yml b/molecule/fedora/molecule.yml
@@ -11,14 +11,18 @@ lint:
 platforms:
   - name: ansible-role-visual-studio-code-fedora
     image: fedora:31
-    dockerfile: ../default/Dockerfile.j2
+    dockerfile: ../centos/Dockerfile.j2
 
 provisioner:
   name: ansible
   playbooks:
     converge: ../code-only/playbook.yml
   lint:
     name: ansible-lint
+  inventory:
+    host_vars:
+      instance:
+        ansible_user: ansible
 
 scenario:
   name: fedora

diff --git a/molecule/opensuse/Dockerfile.j2 b/molecule/opensuse/Dockerfile.j2
@@ -0,0 +1,33 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+{% if item.env is defined %}
+{% for var, value in item.env.items() %}
+{% if value %}
+ENV {{ var }} {{ value }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi
+
+# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP`
+ENV ANSIBLE_USER=ansible SUDO_GROUP=wheel DEPLOY_GROUP=deployer
+RUN set -xe \
+  && groupadd -r ${ANSIBLE_USER} \
+  && groupadd -r ${SUDO_GROUP} \
+  && groupadd -r ${DEPLOY_GROUP} \
+  && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \
+  && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \
+  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
+  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
diff --git a/molecule/opensuse/molecule.yml b/molecule/opensuse/molecule.yml
@@ -11,14 +11,17 @@ lint:
 platforms:
   - name: ansible-role-visual-studio-code-opensuse
     image: opensuse/leap:15.1
-    dockerfile: ../default/Dockerfile.j2
 
 provisioner:
   name: ansible
   playbooks:
     converge: ../code-only/playbook.yml
   lint:
     name: ansible-lint
+  inventory:
+    host_vars:
+      instance:
+        ansible_user: ansible
 
 scenario:
   name: opensuse

diff --git a/molecule/python3/Dockerfile.j2 b/molecule/python3/Dockerfile.j2
@@ -20,3 +20,13 @@ RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y pyth
     elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \
     elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
     elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi
+
+# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP`
+ENV ANSIBLE_USER=ansible SUDO_GROUP=sudo DEPLOY_GROUP=deployer
+RUN set -xe \
+  && groupadd -r ${ANSIBLE_USER} \
+  && groupadd -r ${DEPLOY_GROUP} \
+  && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \
+  && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \
+  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
+  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
diff --git a/molecule/python3/molecule.yml b/molecule/python3/molecule.yml
@@ -21,6 +21,10 @@ provisioner:
       ansible_python_interpreter: /usr/bin/python3
   lint:
     name: ansible-lint
+  inventory:
+    host_vars:
+      instance:
+        ansible_user: ansible
 
 scenario:
   name: python3

diff --git a/molecule/ubuntu-min/molecule.yml b/molecule/ubuntu-min/molecule.yml
@@ -19,6 +19,10 @@ provisioner:
     converge: ../default/playbook.yml
   lint:
     name: ansible-lint
+  inventory:
+    host_vars:
+      instance:
+        ansible_user: ansible
 
 scenario:
   name: ubuntu-min