Hi, Why not simply create a dedicated ansible user inside the container?
kind regards Pshem On Tue, 12 Feb 2019 at 05:08, Luca Pireddu <[email protected]> wrote: > Hello, > > I'm wondering if anyone can help me run ansible as an inexistent user in a > docker container. > > I'm trying to build a docker container image that runs ansible as a > non-root user. It therefore runs the ansible process with the UID and GID > of the user who launched the container. This user doesn't exist within the > container image, but permissions and temporary spaces are configured so > that ansible has a place to write temporary files etc. This specific > container image I'm working on runs kubespray to deploy kubernetes on a set > of nodes. > > I'm running into a problem since Ansible tries to get the username of the > running process through the uid. The first place where it fails is > > lib/ansible/playbook/play_context.py:433: new_info.remote_user > = pwd.getpwuid(os.getuid()).pw_name > > This of course doesn't work because the password database doesn't > container the UID I'm using. Patching this line exposes other places where > the code is written assuming that an account exists for the process' > current UID. > > Does anyone see a solution to this problem? I don't think ansible should > really need a local account to do its thing. Moreover, it could also use > `getpass.getuser()`, which is smarter about how it gets the login name (it > also checks the relevant environment variables). > > Thanks in advance, > > Luca > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/49bccafb-df57-49a5-a153-4286b4258d51%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/49bccafb-df57-49a5-a153-4286b4258d51%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAEaZiRWyuqrhXmTyG9t-b%3Dv%2BgZH7xmyOdJfHVvTXKKA7vX6f3g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
