Hello,
I’m wondering if anyone can help me run ansible as an inexistent user in a docker container.
I’m trying to build a docker container image that runs ansible as a non-root user. It therefore runs the ansible process with the UID and GID of the user who launched the container. This user doesn’t exist within the container image, but permissions and temporary spaces are configured so that ansible has a place to write temporary files etc. This specific container image I’m working on runs kubespray to deploy kubernetes on a set of nodes.
I’m running into a problem since Ansible tries to get the username of the running process through the uid. The first place where it fails is
lib/ansible/playbook/play_context.py:433: new_info.remote_user = pwd.getpwuid(os.getuid()).pw_name
This of course doesn’t work because the password database doesn’t container the UID I’m using. Patching this line exposes other places where the code is written assuming that an account exists for the process’ current UID.
Does anyone see a solution to this problem? I don’t think ansible should really need a local account to do its thing. Moreover, it could also use getpass.getuser(), which is smarter about how it gets the login name (it also checks the relevant environment variables).
Thanks in advance,
Luca