forked from sjoshi10/docker-ansible-core
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile.ubuntu
97 lines (86 loc) · 4.16 KB
/
Dockerfile.ubuntu
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
FROM ubuntu:22.04
LABEL org.opencontainers.image.title="quiknode-labs/docker-ansible-core" \
org.opencontainers.image.description="Ansible Core + additions"
# ANSIBLE_STRATEGY_PLUGINS is Hardcoded, because it's impossible to set dinamically
ENV DEBIAN_FRONTEND=noninteractive \
DEFAULT_LOCAL_TMP=/var/tmp/.ansible/tmp \
ANSIBLE_STRATEGY_PLUGINS=/usr/local/lib/python3.10/dist-packages/ansible_mitogen
ONBUILD USER root
COPY requirements/requirements.txt ./requirements.txt
# Upgrade system packages in one dedicated layer (run less frequently)
RUN apt-get update && \
apt-get -y upgrade && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Note:
# - openssh-client: for key management (like ssh-copy-id)
# - less: for ansible commands (like ansible-doc)
# - make, patch, cargo, clang, etc.: for compiling requirements during role_chain_build
# - ca-certificates: required for 1password-cli and docker cli
RUN apt-get update && \
apt-get -y --no-install-recommends install \
curl \
gnupg \
apt-utils \
ruby-full \
sshpass \
git \
sudo \
python3-pip \
wget \
tzdata \
rsync \
openssh-client \
less \
make \
patch \
cargo \
clang \
libclang-dev \
llvm-dev \
ca-certificates \
&& \
curl -sS https://downloads.1password.com/linux/keys/1password.asc | gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg && \
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/$(dpkg --print-architecture) stable main" | tee /etc/apt/sources.list.d/1password.list && \
mkdir -p /etc/debsig/policies/AC2D62742012EA22/ && \
curl -sS https://downloads.1password.com/linux/debsig/1password.pol | tee /etc/debsig/policies/AC2D62742012EA22/1password.policies && \
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker.gpg && \
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo \"${UBUNTU_CODENAME:-$VERSION_CODENAME}\") stable" | tee /etc/apt/sources.list.d/docker.list && \
apt-get update && \
apt-get -y --no-install-recommends install 1password-cli && \
apt-get -y --no-install-recommends install docker-ce-cli && \
apt-get autoremove -y && \
apt-get autoclean -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /tmp/* && \
rm -rf /var/tmp/* && \
rm -rf /root/.ansible && \
rm -rf /root/.cache && \
apt-get update
# The latest apt-get update command is needed to ensure that the apt cache is up to date for the backward compatibility
# Some DroneCI pupelines run apt-get install without apt-get update before
# Install defferent dependencies
RUN gem install bundler && \
python3 -m pip install --no-cache-dir --upgrade pip && \
python3 -m pip install --no-cache-dir -r requirements.txt
# Set up Ansible environment and create users with sudo privileges
RUN mkdir -p /etc/ansible/roles && \
echo 'localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3' > /etc/ansible/hosts && \
useradd -m -u 1000 ansible-1000 && \
useradd -m -u 1001 ansible-1001 && \
useradd -m -u 10000 ansible-10000 && \
echo 'ansible-1000 ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/ansible && \
echo 'ansible-1001 ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/ansible && \
echo 'ansible-10000 ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/ansible && \
EXPECTED_PATH=$(python3 -c 'import site; print(site.getsitepackages()[0])') && \
if [ "$ANSIBLE_STRATEGY_PLUGINS" != "${EXPECTED_PATH}/ansible_mitogen" ]; then \
echo "Error: ANSIBLE_STRATEGY_PLUGINS is set to '$ANSIBLE_STRATEGY_PLUGINS' but expected '${EXPECTED_PATH}/ansible_mitogen'. Please, update Dockerfile.ubuntu."; \
exit 1; \
else \
echo "ANSIBLE_STRATEGY_PLUGINS is correctly set to '$ANSIBLE_STRATEGY_PLUGINS'"; \
fi
WORKDIR /mnt
USER ansible-10000
# Use the entrypoint script and default command
CMD [ "ansible", "--version" ]