Skip to content

Commit

Permalink
Merge pull request #57 from dev-sec/feat/alpine_sudo
Browse files Browse the repository at this point in the history
feat(alpine): add ansible-user and sudo-support
  • Loading branch information
rndmh3ro authored Oct 13, 2024
2 parents e4feea1 + 677b5ee commit dc6807e
Showing 1 changed file with 12 additions and 1 deletion.
13 changes: 12 additions & 1 deletion alpine-ansible-latest/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,12 +1,23 @@
FROM alpine:latest
LABEL maintainer="Sebastian Gumprich"

RUN apk add --no-cache ansible
RUN apk add --no-cache ansible sudo openrc linux-pam openssh-server-pam bash

# Install Ansible inventory file
RUN mkdir -p /etc/ansible \
&& echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts

# https://molecule.readthedocs.io/en/latest/examples.html#docker-with-non-privileged-user
# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP`
# This template gets rendered using `loop: "{{ molecule_yml.platforms }}"`, so
# each `item` is an element of platforms list from the molecule.yml file for this scenario.
ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer SUDO_GROUP=wheel
RUN set -xe \
&& adduser -D ${ANSIBLE_USER} ${DEPLOY_GROUP} \
&& addgroup ${ANSIBLE_USER} ${ANSIBLE_USER} \
&& addgroup ${ANSIBLE_USER} ${SUDO_GROUP} \
&& sed -i "s/^# %${SUDO_GROUP} ALL=(ALL:ALL) NOPASSWD: ALL/%${SUDO_GROUP} ALL=(ALL:ALL) NOPASSWD: ALL/" /etc/sudoers

# delete file created by systemd that prevents login via ssh
RUN rm -f /{var/run,etc,run}/nologin

Expand Down

0 comments on commit dc6807e

Please sign in to comment.