feat: add docker socket volume mount

gamersoutreach · Feb 17, 2024 · 7093b6e · 7093b6e
1 parent 062d7de
commit 7093b6e
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 11 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -19,8 +19,9 @@ RUN set -eux; \
 # Create ansible user with explicit uid
 RUN <<EOF
     set -eux
+    groupadd -r docker --gid=999
     groupadd -r ansible --gid=1000
-    useradd -m -u 1000 -g 1000 ansible
+    useradd -m -u 1000 -g 1000 -G 999 ansible
     mkdir -p /home/ansible/.ssh
     chown -R ansible:ansible /home/ansible
 EOF
@@ -46,6 +47,7 @@ EOF
 
 VOLUME /app
 VOLUME /home/ansible/.ssh
+VOLUME /var/run/docker.sock
 WORKDIR /app
 ENTRYPOINT ["/docker-entrypoint.sh"]
 CMD ["/bin/bash"]
diff --git a/README.md b/README.md
@@ -6,10 +6,11 @@ This project builds a docker image with all of the dependencies required to run
 
 ### Environment Variables
 
-| Environment Variable | Description                            |
-| -------------------- | -------------------------------------- |
-| `PUID`               | User ID of the primary ansible user    |
-| `PGID`               | Group ID for the priamry ansible group |
+| Environment Variable | Default | Description                            |
+| -------------------- | ------- | -------------------------------------- |
+| `PUID`               | `1000`  | User ID of the primary ansible user    |
+| `PGID`               | `1000`  | Group ID for the priamry ansible group |
+| `DOCKERGID`          | `999`   | Group ID for the docker group          |
 
 ### Users
 
@@ -19,10 +20,11 @@ This project builds a docker image with all of the dependencies required to run
 
 ### Mounts
 
-| Mount                | Description                                                                                                                             |
-| -------------------- | --------------------------------------------------------------------------------------------------------------------------------------- |
-| `/app`               | The expected mount path for an ansible project                                                                                          |
-| `/home/ansible/.ssh` | The default ansible user's SSH Directory. Private keys can be mounted inside of this directory for use by ansible-playbook during runs. |
+| Mount                  | Description                                                                                                                              |
+| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- |
+| `/app`                 | The expected mount path for an ansible project                                                                                           |
+| `/home/ansible/.ssh`   | The default ansible user's SSH Directory. Private keys can be mounted inside of this directory for use by ansible-playbook during runs.  |
+| `/var/run/docker.sock` | This container supports access to the host's docker daemon for testing purposes. Optionally mount the docker socket if you require this. |
 
 ## Usage
 
@@ -35,6 +37,7 @@ docker run \
     --network host \
     -e PUID=${id -u} \
     -e PGID=${id -g} \
+    -e DOCKERGID=${getent group docker | cut -d ':' -f 3} \
     --mount type=bind,source=".",target=/app \
     --mount type=bind,source="${HOME}/.ssh",target=/home/ansible/.ssh,readonly \
     ghcr.io/gamersoutreach/ansible-runner:latest \

diff --git a/overlay/docker-entrypoint.sh b/overlay/docker-entrypoint.sh
@@ -3,11 +3,15 @@ set -e
 
 PUID="${PUID:-1000}"
 PGID="${PGID:-1000}"
+DOCKERGID="${DOCKERGID:-999}"
 
 # Set UID/GID of ansible user
 sed -i "s/^ansible\:x\:1000\:1000/ansible\:x\:$PUID\:$PGID/" /etc/passwd
 sed -i "s/^ansible\:x\:1000/ansible\:x\:$PGID/" /etc/group
 
+# Set the GID of the docker group
+sed -i "s/^docker\:x\:999/docker\:x\:$DOCKERGID/" /etc/group
+
 # Set permissions on home folder, excluding .ssh mount
 chown $PUID:$PGID /home/ansible
 find /home/ansible -mindepth 1 -maxdepth 1 -not -name ".ssh" -exec chown -R $PUID:$PGID {} \;

diff --git a/overlay/opt/buildpack/requirements.txt b/overlay/opt/buildpack/requirements.txt
@@ -1,8 +1,11 @@
-# Match arista.avd collection requirements
-# https://github.com/aristanetworks/avd/blob/v4.5.0/ansible_collections/arista/avd/requirements.txt
+# Default requirements for all projects
 ansible
 ansible-pylibssh
 ansible-lint
+
+# Match arista.avd collection requirements
+# https://github.com/aristanetworks/avd/blob/v4.6.0/ansible_collections/arista/avd/requirements.txt
+aristaproto>=0.1.1
 cryptography>=38.0.4
 cvprac>=1.3.1
 deepmerge>=1.1.0

diff --git a/overlay/opt/buildpack/requirements.yaml b/overlay/opt/buildpack/requirements.yaml
@@ -2,8 +2,10 @@
 collections:
   - name: ansible.netcommon
     version: 6.0.0
+    source: https://galaxy.ansible.com
   - name: arista.avd
     version: 4.6.0
+    source: https://galaxy.ansible.com
   - name: community.docker
     version: 3.7.0
     source: https://galaxy.ansible.com