Drop root for kolla-ansible

This change ensures commands run in the kolla-ansible container are done as the 'ansible' user rather than root. By default Ansible tries to write it's temporary files to $HOME/.ansible on the target, which in most cases won't exist when run as the new user. Hence we now supply the kolla-ansible container with an ansible.cfg, to tweak the remote_dir option to /tmp. Change-Id: I838a8c8cd0c7dc1aeca4d12e38c346f252170e7c Partially-Implements: blueprint drop-root

Drop root for kolla-ansible
0f315a0e · Paul Bourke · e21c39b0 · 0f315a0e · 0f315a0e
Commit 0f315a0e authored 9 years ago by Paul Bourke
--- a/docker/kolla-ansible/Dockerfile.j2
+++ b/docker/kolla-ansible/Dockerfile.j2
@@ -24,9 +24,13 @@ RUN git clone --depth 1 -b v2.0.0-0.2.alpha2 https://github.com/ansible/ansible.
    && git submodule update --init --recursive \
    && pip --no-cache-dir install .

-RUN mkdir -p /etc/ansible /usr/share/ansible \
-    && echo 'localhost ansible_connection=local' > /etc/ansible/hosts
+RUN mkdir -p /etc/ansible /usr/share/ansible /home/ansible \
+    && echo 'localhost ansible_connection=local' > /etc/ansible/hosts \
+    && useradd --user-group ansible --groups kolla

 COPY kolla_keystone_service.py kolla_keystone_user.py /usr/share/ansible/
+COPY ansible.cfg /home/ansible/.ansible.cfg
+
+USER ansible

 {{ include_footer }}
--- a/docker/kolla-ansible/ansible.cfg
+++ b/docker/kolla-ansible/ansible.cfg
+[defaults]
+remote_tmp = /tmp