Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Option to install rootless #412

Closed
paranerd opened this issue Apr 7, 2023 · 4 comments · May be fixed by #413
Closed

Option to install rootless #412

paranerd opened this issue Apr 7, 2023 · 4 comments · May be fixed by #413
Labels
stale

Comments

@paranerd
Copy link

paranerd commented Apr 7, 2023
edited

Hi!

I saw that we're installing the Docker rootless package but we're not actually setting it up. In case I just missed that option, please let me know :-)

Here's what I'm doing currently as a workaround:

- name: 'Disable root docker.service'
  ansible.builtin.systemd:
    name: docker.service
    enabled: false
  when: docker_rootless and docker_disable_root_daemon == true

- name: 'Disable root docker.socket'
  ansible.builtin.systemd:
    name: docker.socket
    enabled: false
  when: docker_rootless and docker_disable_root_daemon == true

- name: 'Install uidmap for rootless UID mapping'
  ansible.builtin.package:
    name: uidmap
    state: present
  when: docker_rootless

- name: 'Install Docker rootless'
  become: false
  ansible.builtin.shell: dockerd-rootless-setuptool.sh install
  args:
    creates: /home/{{ ansible_user }}/.config/systemd/user/docker.service
  when: docker_rootless

- name: 'Set capabilities for rootlesskit'
  community.general.capabilities:
    path: /usr/bin/rootlesskit
    capability: '{{ docker_capabilities | join(",") }}=ep'
    state: present
  register: docker_capabilities_update
  when: docker_rootless

- name: 'Restart docker service'
  become: false
  ansible.builtin.systemd:
    state: restarted
    name: docker
    scope: user
  when: docker_rootless and docker_capabilities_update.changed

- name: 'Get current user ID'
  getent:
    database: passwd
    key: '{{ ansible_user }}'
  when: docker_rootless

- name: 'Add export for path'
  become: false
  ansible.builtin.lineinfile:
    path: /home/{{ ansible_user }}/.bashrc
    line: export path=/usr/bin:$PATH
    create: yes
  when: docker_rootless

- name: 'Add export for DOCKER_HOST'
  become: false
  ansible.builtin.lineinfile:
    path: /home/{{ ansible_user }}/.bashrc
    line: export DOCKER_HOST=unix:///run/user/{{ getent_passwd[ansible_user][1] }}/docker.sock
    create: yes
  when: docker_rootless

with the following variables:

docker_rootless: true
docker_disable_root_daemon: true
docker_capabilities:
  - cap_net_bind_service

Is this something that could find its way into the main package?
@reboss reboss mentioned this issue Apr 11, 2023
Open
@reboss
Copy link

reboss commented Apr 11, 2023

Hi paranerd, is #413 roughly what you're looking for? Would really appreciate your feedback :)

@paranerd
Copy link
Author

Took a look at the code and it looks awesome to me 🚀
Added a comment.

@github-actions
Copy link

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

@github-actions github-actions bot added the stale label Aug 14, 2023
@github-actions
Copy link

This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Oct 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Rootless docker reboss/ansible-role-docker
2 participants
@paranerd @reboss