forked from sjoshi10/docker-ansible-core
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile.ubuntu
67 lines (58 loc) · 2.65 KB
/
Dockerfile.ubuntu
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
FROM ubuntu:22.04
LABEL org.opencontainers.image.title="haxorof/ansible-core" \
org.opencontainers.image.description="Ansible Core + additions" \
org.opencontainers.image.licenses="MIT"
ARG docker_version
ARG gosu_version
ENV DEBIAN_FRONTEND=noninteractive
ENV DEFAULT_LOCAL_TMP=/var/tmp/.ansible/tmp
ONBUILD USER root
COPY requirements/requirements.txt ./requirements.txt
RUN \
apt update \
&& apt -y install \
curl \
gnupg \
# Instructions for installing 1password cli: https://support.1password.com/install-linux/#get-1password-for-linux
&& curl -sS https://downloads.1password.com/linux/keys/1password.asc | gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/$(dpkg --print-architecture) stable main" | tee /etc/apt/sources.list.d/1password.list \
&& mkdir -p /etc/debsig/policies/AC2D62742012EA22/ \
&& curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol | tee /etc/debsig/policies/AC2D62742012EA22/1password.policies \
&& apt-get -y clean \
&& apt-get -y update \
&& apt-get -y install apt-utils \
&& apt-get -y upgrade \
&& apt-get -y install \
&& apt-get -y install ruby-full \
sshpass \
git \
sudo \
python3-pip \
wget \
curl \
tzdata \
cargo \
rsync \
1password-cli \
# install gosu for a better su+exec command (remove sudo if this works)
&& wget -O /usr/bin/gosu "https://github.com/tianon/gosu/releases/download/$gosu_version/gosu-amd64" \
&& chmod +x /usr/bin/gosu \
&& gosu nobody true \
&& python3 -m pip install --no-cache-dir --upgrade pip \
&& python3 -m pip install --no-cache-dir -r requirements.txt \
&& wget -O - https://download.docker.com/linux/static/stable/x86_64/docker-${docker_version}.tgz | tar -xz -C /usr/lib \
&& ln -s /usr/lib/docker/docker /usr/bin/docker \
&& mkdir -p /etc/ansible/roles \
&& echo 'localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3' > /etc/ansible/hosts \
&& apt-get clean \
&& useradd -m -u 1000 ansible-1000 \
&& useradd -m -u 1001 ansible-1001 \
&& useradd -m -u 10000 ansible-10000 \
&& echo 'ansible-1000 ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/ansible \
&& echo 'ansible-1001 ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/ansible \
&& echo 'ansible-10000 ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/ansible
RUN gem install bundler
RUN pip3 install jmespath
WORKDIR /mnt
USER ansible-10000
CMD [ "ansible-playbook", "playbook.yml" ]