unprivileged user interaction / root password
Opened this issue · 2 comments
I'm looking for an image to be used as-is for running ansible playbooks inside gitlab-CI (with docker runner).
Gitlab does not have a possibility to specify the user a given job is run with inside the container: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/2750
Since it uses a different image for doing the repo checkout and artifact placement before a job runs, these files will then belong to the default user of that helper image: 0/root. Which makes them read-only or inaccessible to the UID=1000 picked up from the ansible images.
Possible solutions:
- have a gitlab-CI option to specify the UID: see issue linked above
- default this image to uid=0/root
- have a means of local privilege escalation (passwordless sudo, or su with a known password) -- this was explicitly rejected for the awx-ee image(s) ansible/awx-ee#89
Since the images here are explicitly meant for CI use (as opposed to e.g. the awx-ee), can we make this possible?
Are you talking about the images in ansible-test/, or about the ones in execution-environments/?
The former are meant for CI, but not for what you have in mind. They are meant to be used with the --docker option of ansible-test.
The latter are meant to run ansible-core in them, but they are regular EEs (for end-users) and not aimed at CI. They are meant to be used with ansible-navigator or ansible-runner though, similar to awx-ee.
I was trying ghcr.io/ansible-community/community-ee-base:latest