Added clarifications about customizing docker images #3604
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -15,29 +15,62 @@ should be addressed by the Ansible Creator Execution Environment project. | |
|
|
||
| .. _`Ansible Creator Execution Environment`: https://github.com/ansible/creator-ee | ||
|
|
||
| Customizing the Docker Image Used by a Scenario/Platform | ||
| ======================================================== | ||
|
|
||
| The docker driver supports using pre-built images and ``docker build`` -ing | ||
| local customizations for each scenario's platform. The Docker image used by a | ||
| scenario is governed by the following configuration items: | ||
|
|
||
| 1. ``platforms[*].image``: Docker image name:tag to use as base image. | ||
| 2. ``platforms[*].pre_build_image``: Whether to customize base image or use | ||
| as-is[^1]. | ||
|
|
||
| * When ``true``, use the specified ``platform[].image`` as-is. | ||
| * When ``false``, exec ``docker build`` to customize base image using | ||
| either: | ||
|
|
||
| * Dockerfile specified by ``platforms[*].dockerfile`` or | ||
| * Dockerfile rendered from ``Dockerfile.j2`` template (in scenario dir) | ||
|
|
||
| The ``Dockerfile.j2`` template is generated at ``molecule init scenario``-time | ||
| when ``--driver-name`` is ``docker``. The template can be customized as needed | ||
| to create the desired modifications to the Docker image used in the scenario. | ||
|
|
||
| Note: ``platforms[*].pre_build_image`` defaults to ``true`` in each scenario's | ||
| generated `molecule.yml` file. | ||
|
|
||
| Docker With Non-Privileged User | ||
| =============================== | ||
|
|
||
| The default Molecule Docker driver executes Ansible playbooks as the root user. | ||
| If your workflow requires adding support for running as a non-privileged user, | ||
| then adapt ``molecule.yml`` and ``Dockerfile.j2`` as follows. | ||
|
|
||
| Note: The ``Dockerfile`` templating and image building processes are only done | ||
| for scenarios with ``pre_build_image = False``, which is not the default | ||
| setting in generated `molecule.yml` files. | ||
|
|
||
| To modify the Docker image to support running as normal user: | ||
|
|
||
| Append the following code block to the end of ``Dockerfile.j2``. It creates an | ||
| ``ansible`` user with passwordless sudo privileges. Note the variable | ||
| ``SUDO_GROUP`` depends on the target distribution[^2]. | ||
|
There was a problem hiding this comment. ... and this, like this: |
||
|
|
||
| .. code-block:: docker | ||
|
|
||
| # Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP` | ||
| # This template gets rendered using `loop: "{{ molecule_yml.platforms }}"`, so | ||
| # each `item` is an element of platforms list from the molecule.yml file for this scenario. | ||
| ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer | ||
| ENV SUDO_GROUP={{'sudo' if 'debian' in item.image else 'wheel' }} | ||
| RUN set -xe \ | ||
| && groupadd -r ${ANSIBLE_USER} \ | ||
| && groupadd -r ${DEPLOY_GROUP} \ | ||
| && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \ | ||
| && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \ | ||
| && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \ | ||
| && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers | ||
|
|
||
| Modify ``provisioner.inventory`` in ``molecule.yml`` as follows: | ||
|
|
||
|
|
@@ -394,3 +427,6 @@ issues. | |
| .. _GNU Parallel: https://www.gnu.org/software/parallel/ | ||
| .. _Pytest: https://docs.pytest.org/en/latest/ | ||
| .. _UUID: https://en.wikipedia.org/wiki/Universally_unique_identifier | ||
|
|
||
| [^1]: [Implementation in molecule-docker](https://github.com/ansible-community/molecule-docker/blob/f4efce3c4fda226c8ca5f10976927fff7daa8e69/src/molecule_docker/playbooks/create.yml#L35) | ||
| [^2]: e.g. [Debian uses `sudo` instead of `wheel` group.](https://wiki.debian.org/sudo/) | ||
|
Comment on lines
+430
to
+432
There was a problem hiding this comment. And the footnote body should then look like this: Note, that inline (external) web links also look different in SphinxDoc/rST. I also updated the links. |
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @timblaktu, thank you for this PR!
As this PR is already closed, I am not sure if this is the right place to mention this.
But let me do it anyway, if I should create a separate issue/PR, just let me know.
The footnotes in this PR do not render correctly in https://molecule.readthedocs.io/en/latest/examples.html.
The documentation is composed as SphinxDoc/reStructuredText the footnote reference should look like this:
[#name]_.For example, this line could look like this: