medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update tech_docs/automation/ansible-build.txt

Browse Source
This commit is contained in:
medusa
2025-06-30 09:06:42 +00:00
parent 5e2da39599
commit fd5c837c96
1 changed files with 42 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
tech_docs/automation/ansible-build.txt
View File

@@ -1,70 +1,64 @@
# Base Image and Environment Setup
FROM python:slim FROM python:slim
ENV DEBIAN_FRONTEND=noninteractive
ENV DEBIAN_FRONTEND noninteractive # Package Installation
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
software-properties-common \ software-properties-common \
openssh-client \ openssh-client \
sshpass \ sshpass \
locales \ locales \
# bat \ bash \
bash \ git \
git \ curl \
curl \ rsync \
rsync \ zsh \
zsh \ nano \
nano \ sudo \
sudo \ less \
less \
# #new
# gcc \
# python3-dev \
# #end-new
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
&& rm -Rf /usr/share/doc && rm -Rf /usr/share/man && rm -Rf /usr/share/doc && rm -Rf /usr/share/man
# User Creation
ARG USERNAME=ansible ARG USERNAME=ansible
ARG USER_UID=1000 ARG USER_UID=1000
ARG USER_GID=$USER_UID ARG USER_GID=${USER_UID}
ENV HOME=/home/$USERNAME ENV HOME=/home/${USERNAME}
RUN groupadd --gid $USER_GID $USERNAME RUN groupadd --gid "${USER_GID}" "${USERNAME}" \
RUN useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME && useradd -s /bin/bash --uid "${USER_UID}" --gid "${USER_GID}" -m "${USERNAME}" \
RUN echo $USERNAME ALL=\(root\) NOPASSWD:ALL >/etc/sudoers.d/$USERNAME && echo "${USERNAME} ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/"${USERNAME}" \
RUN chmod 0440 /etc/sudoers.d/$USERNAME && chmod 0440 /etc/sudoers.d/"${USERNAME}"
# Python Package Installation
RUN pip3 install --no-cache-dir \ RUN pip3 install --no-cache-dir \
ansible \ ansible \
# ansible-cmdb \
# ansible-runner \
# ansible-builder \
# ansible-test \
ara \ ara \
hvac \ hvac \
# molecule \
dnspython \ dnspython \
jmespath \ jmespath \
"hvac[parser]" \ "hvac[parser]" \
certifi \ certifi \
ansible-lint \ ansible-lint \
ansible-modules-hashivault ansible-modules-hashivault
# ansible-autodoc
# COPY --from=hashicorp/consul-template /consul-template /usr/local/bin/consul-template # Multi-Stage Builds (Copying Binaries from other images)
# COPY --from=hashicorp/envconsul /bin/envconsul /usr/local/bin/envconsul COPY --from=hashicorp/vault /bin/vault /usr/local/bin/vault
COPY --from=hashicorp/vault /bin/vault /usr/local/bin/vault
COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
COPY --from=donaldrich/function:container /usr/local/bin/goss /usr/local/bin/goss COPY --from=donaldrich/function:container /usr/local/bin/goss /usr/local/bin/goss
COPY --from=donaldrich/function:task /usr/local/bin/tusk /usr/local/bin/tusk COPY --from=donaldrich/function:task \
COPY --from=donaldrich/function:task /usr/local/bin/task /usr/local/bin/task /usr/local/bin/tusk /usr/local/bin/tusk \
COPY --from=donaldrich/function:task /usr/local/bin/variant /usr/local/bin/variant /usr/local/bin/task /usr/local/bin/task \
/usr/local/bin/variant /usr/local/bin/variant
COPY --from=donaldrich/function:syntax-tools /usr/local/bin/jq /usr/local/bin/jq COPY --from=donaldrich/function:syntax-tools /usr/local/bin/jq /usr/local/bin/jq
# Zsh Configuration
COPY --from=donaldrich/runner:zsh /zsh/ /zsh/ COPY --from=donaldrich/runner:zsh /zsh/ /zsh/
COPY --from=donaldrich/runner:zsh --chown=ansible:ansible /zsh/.zshrc /home/ansible/.zshrc COPY --from=donaldrich/runner:zsh --chown=ansible:ansible /zsh/.zshrc /home/ansible/.zshrc
COPY --from=donaldrich/runner:zsh --chown=ansible:ansible /zsh/.nanorc /home/ansible/.nanorc COPY --from=donaldrich/runner:zsh --chown=ansible:ansible /zsh/.nanorc /home/ansible/.nanorc
# Environment Variables
ENV ANSIBLE_GATHERING smart ENV ANSIBLE_GATHERING smart
ENV ANSIBLE_HOST_KEY_CHECKING false ENV ANSIBLE_HOST_KEY_CHECKING false
ENV ANSIBLE_RETRY_FILES_ENABLED false ENV ANSIBLE_RETRY_FILES_ENABLED false
@@ -72,22 +66,25 @@ ENV ANSIBLE_FORCE_COLOR true
ENV GOSS_FMT documentation ENV GOSS_FMT documentation
ENV GOSS_COLOR true ENV GOSS_COLOR true
# Optional ARA API Server configuration (uncomment if needed)
# ENV ANSIBLE_CALLBACK_PLUGINS="$(python3 -m ara.setup.callback_plugins)" # ENV ANSIBLE_CALLBACK_PLUGINS="$(python3 -m ara.setup.callback_plugins)"
# ENV ARA_API_CLIENT="http" # ENV ARA_API_CLIENT="http"
# ENV ARA_API_SERVER="http://192.168.1.101:8734" # ENV ARA_API_SERVER="http://192.168.1.101:8734"
RUN echo "LC_ALL=en_US.UTF-8" >> /etc/environment # Locale Configuration
RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen RUN echo "LC_ALL=en_US.UTF-8" >> /etc/environment \
RUN echo "LANG=en_US.UTF-8" > /etc/locale.conf && echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen \
RUN locale-gen en_US.UTF-8 && echo "LANG=en_US.UTF-8" > /etc/locale.conf \
&& locale-gen en_US.UTF-8
# Copy Local Files into the image
COPY ./tusk-docker.yml ./tusk.yml COPY ./tusk-docker.yml ./tusk.yml
COPY ./goss.yaml ./goss.yaml COPY ./goss.yaml ./goss.yaml
COPY ./goss2.yaml ./goss2.yaml COPY ./goss2.yaml ./goss2.yaml
COPY ./Dockerfile ./Dockerfile COPY ./Dockerfile ./Dockerfile # Often copied for auditing/debugging within the container
# Switch to the non-root user (good practice for security)
# USER ${USERNAME} # USER ${USERNAME}
ENV DEBIAN_FRONTEND=dialog # Final validation step (runs tests on the image)
RUN goss validate
RUN goss validate