Why not use docker_user to administer docker
t2d opened this issue · 7 comments
Hey, thanks for the role again. I was just in the process of creating a PR which adds a .bashrc to the docker_user, when I saw the note in your README.md
:
Note that the sole purpose of the docker_user is to run the Docker daemon and related containers, and not for system administration or used as a regular user.
It somehow feels strange to me to use sudo every time, I run the docker command. Because I want docker to not have admin privileges. So my idea was to just switch into the user (sudo su docker_user
) and than run commands as if it was rootful.
Why are you arguing against such a use case? Would you still accept a PR with an optional .bashrc?
$ whoami
dockeruser
$ cat .bashrc
export XDG_RUNTIME_DIR="/run/user/1002"
export DOCKER_HOST="unix:///run/user/1002/docker.sock"
export PATH="~/bin:$PATH"
The reasoning is that it all should be automated and thus managed by Ansible, but I believe that the add_alias
variable probably does what you want? (https://github.com/konstruktoid/ansible-docker-rootless/blob/main/tasks/main.yml#L35)
If add_alias: true, then a docker alias will be added to either .bashrc or .bash_aliases, otherwise a shell script named docker_rootless.sh is created in the Ansible user home directory that works as a substitute to the docker command.
Related #4
add_alias
is badly named, as it misses a role prefix and is prone to collisions.- In my case,
add_alias
adds a configuration to/root/.bashrc
, which is useless as we never use the root user. This happens becauseansible-playbook
is called from an unprivileged user but withbecome: true
.
I understand and prefer you're approach to not do anything manually, but this is currently not realistic for my team. I will prepare a PR and disable it by default. And you can decide what to do with it.
add_alias
is badly named, as it misses a role prefix and is prone to collisions.
Any suggestions?
- In my case,
add_alias
adds a configuration to/root/.bashrc
, which is useless as we never use the root user.
... but you actually did? 😉
add_alias
is badly named, as it misses a role prefix and is prone to collisions.Any suggestions?
docker_add_alias
add_alias
is badly named, as it misses a role prefix and is prone to collisions.Any suggestions?
docker_add_alias
Yep, will use that.
add_alias
is badly named, as it misses a role prefix and is prone to collisions.Any suggestions?
docker_add_alias
This issue is stale because it has been open 30 days with no activity, without any activity it will be closed in 5 days.