ansible-container icon indicating copy to clipboard operation
ansible-container copied to clipboard

Published 20 hours ago verified publisher icon ansible

Question Re: Using Private Repo In requirements.yml / Passing Private Key To Conductor?

Open TheoNolasco opened this issue 7 years ago • 6 comments

Hi Everyone!

I've started to use the requirements.yml to have the conductor access my various roles which will run to create my image. This is working great when accessing anything public (ie github). However, I do not know what is the best practice when trying to reference private roles in a repository that requires authentication.

Is there a way to copy my private key to the conductor before attempting to grab all the roles from the requirements.yml file?

I thought I could try to mount a volume, but this seems to be after the requirements in terms of order.

The only other option I could think is to build out my own base conductor image with the key added and use that. Or take the conductor generated, add a key to it and commit that to a new image.

I'd appreciate any insight into this. Also, @j00bar I attended your session at AnsibleFest on Thursday. It was great! Thanks!

TheoNolasco avatar Sep 09 '17 19:09 TheoNolasco

@TheoNolasco

Rather than trying to download the roles into the Conductor image, you might try downloading them to a directory outside of your project. You can then use the --roles-path option to mount the directory to the Conductor container during build.

chouseknecht avatar Sep 11 '17 12:09 chouseknecht

@chouseknecht - That was what I was originally doing.

I really like the idea of having the code pulled automatically using requirements.yml without having to possibly script something that made sure the roles are there beforehand. Was hoping there was something I missed though! Thanks for the reply!

TheoNolasco avatar Sep 11 '17 21:09 TheoNolasco

It would be of interest to consider, if SSH_AUTH_SOCK is defined and available to the Docker daemon, to automatically mounting and exporting into the Conductor that socket. That way, any running SSH agent at the time when Ansible Container is run would be available for use by Galaxy. "Available" would be the operative word - for things like Docker for Mac, I don't think /private/tmp is exported into the Linux VM running the Docker daemon.

j00bar avatar Sep 11 '17 21:09 j00bar

@j00bar I'm doing acc. to your suggestion, and let's see how this helps.

mvk avatar Jan 28 '18 10:01 mvk

I'm on Linux, Ubuntu 16.04. This is not working properly for me. I hoped ssh auth sock would be passed mounted on conductor, but it wasn't. I was passing via command line --with-volumes "/local/path:/conductor/path:ro" I correctly calculated the /tmp/blabla/$pid.sock and the folder to expose. Also, currently ansible-container is unclear on how to pass --tmpfs mounts, and this is a kind of mount that should be done as tmp.

mvk avatar Jan 28 '18 12:01 mvk

I've created feature request #866 to implement this feature.

j00bar avatar Jan 28 '18 15:01 j00bar