Why not use docker_user to administer docker

Question

Why not use docker_user to administer docker

t2d opened this issue 3 years ago · 7 comments

Hey, thanks for the role again. I was just in the process of creating a PR which adds a .bashrc to the docker_user, when I saw the note in your README.md:

Note that the sole purpose of the docker_user is to run the Docker daemon and related containers, and not for system administration or used as a regular user.

It somehow feels strange to me to use sudo every time, I run the docker command. Because I want docker to not have admin privileges. So my idea was to just switch into the user (sudo su docker_user) and than run commands as if it was rootful.

Why are you arguing against such a use case? Would you still accept a PR with an optional .bashrc?

$ whoami
dockeruser

$ cat .bashrc 
export XDG_RUNTIME_DIR="/run/user/1002"
export DOCKER_HOST="unix:///run/user/1002/docker.sock"
export PATH="~/bin:$PATH"

Answer 1 · 2021-08-06T09:51:22.000Z

The reasoning is that it all should be automated and thus managed by Ansible, but I believe that the add_alias variable probably does what you want? (https://github.com/konstruktoid/ansible-docker-rootless/blob/main/tasks/main.yml#L35)

If add_alias: true, then a docker alias will be added to either .bashrc or .bash_aliases, otherwise a shell script named docker_rootless.sh is created in the Ansible user home directory that works as a substitute to the docker command.

Related #4

Answer 2 · 2021-08-06T10:32:17.000Z

add_alias is badly named, as it misses a role prefix and is prone to collisions.
In my case, add_alias adds a configuration to /root/.bashrc, which is useless as we never use the root user. This happens because ansible-playbook is called from an unprivileged user but with become: true.

I understand and prefer you're approach to not do anything manually, but this is currently not realistic for my team. I will prepare a PR and disable it by default. And you can decide what to do with it.

Answer 3 · 2021-08-06T10:54:48.000Z

add_alias is badly named, as it misses a role prefix and is prone to collisions.

Any suggestions?

In my case, add_alias adds a configuration to /root/.bashrc, which is useless as we never use the root user.

... but you actually did? 😉

Answer 4 · 2021-08-06T11:05:02.000Z

add_alias is badly named, as it misses a role prefix and is prone to collisions.

Any suggestions?

docker_add_alias

Answer 5 · 2021-08-06T11:26:07.000Z

add_alias is badly named, as it misses a role prefix and is prone to collisions.

Any suggestions?

docker_add_alias

Yep, will use that.

Answer 6 · 2021-08-09T20:51:51.000Z

add_alias is badly named, as it misses a role prefix and is prone to collisions.

Any suggestions?

docker_add_alias

ff454cd

Answer 7 · 2021-09-09T00:35:07.000Z

This issue is stale because it has been open 30 days with no activity, without any activity it will be closed in 5 days.