These are Docker containers that include ansible latest stable Ansible version.
They are meant for testing purposes and are mainly used for dev-sec and the ansible-test-framework.
Sebastian Gumprich [email protected]
Docker containers that include ansible latest stable 2.x version.
License: GNU General Public License v3.0
These are Docker containers that include ansible latest stable Ansible version.
They are meant for testing purposes and are mainly used for dev-sec and the ansible-test-framework.
Sebastian Gumprich [email protected]
It seems, that the latest fedora image does not contain systemd, therefore automated tests are failing, because /sbin/init
is missing:
https://travis-ci.org/github/dev-sec/ansible-os-hardening/jobs/717298859#L535
https://travis-ci.org/github/dev-sec/ansible-ssh-hardening/jobs/717077625#L525
I would suggest to change source image here:
https://github.com/rndmh3ro/docker-ansible/blob/fe9468fff1838fc4e30c49b3be051e313859fd3c/fedora-ansible-latest/Dockerfile#L1
to the same one with systemd: https://hub.docker.com/r/fedora/systemd-systemd
so as a result:
FROM fedora/systemd-systemd:latest
LABEL maintainer="Sebastian Gumprich"
RUN dnf -y update \
&& dnf -y install ansible python python3-libselinux \
&& dnf clean all
RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts
CMD [ "ansible-playbook", "--version" ]
We are using these images for CI testing. These tests run very often, so having small images pays in time and also in ressource conservation. We should aim to create images of minimal size.
For refference these are the current sizes:
REPOSITORY TAG IMAGE ID CREATED SIZE
ghcr.io/dev-sec/docker-alpine-ansible latest af951ddf1aa1 2 days ago 457 MB
ghcr.io/dev-sec/docker-amazon2023-ansible latest de5bdec68d62 2 hours ago 716 MB
ghcr.io/dev-sec/docker-amazon2-ansible latest 43a257a24b9c 2 days ago 428 MB
ghcr.io/dev-sec/docker-arch-ansible latest b8780266aaff 2 hours ago 1.39 GB
ghcr.io/dev-sec/docker-centos7-ansible latest 88579c4ee1b4 2 hours ago 967 MB
ghcr.io/dev-sec/docker-centos8-ansible latest 2153e2f811b8 2 hours ago 965 MB
ghcr.io/dev-sec/docker-centosstream8-ansible latest a2ef3f11fc2c 2 hours ago 793 MB
ghcr.io/dev-sec/docker-centosstream9-ansible latest e570f1f0e373 2 hours ago 719 MB
ghcr.io/dev-sec/docker-debian10-ansible latest 06391215a7f5 2 hours ago 1.02 GB
ghcr.io/dev-sec/docker-debian11-ansible latest 4c1a0819eacd 2 hours ago 887 MB
ghcr.io/dev-sec/docker-debian12-ansible latest dde018385671 2 hours ago 1.01 GB
ghcr.io/dev-sec/docker-fedora37-ansible latest 5b374bd02fc7 2 hours ago 844 MB
ghcr.io/dev-sec/docker-fedora38-ansible latest 8e1eecc729ca 2 hours ago 853 MB
ghcr.io/dev-sec/docker-opensuse_tumbleweed-ansible latest 65353cec8d5b 2 hours ago 879 MB
ghcr.io/dev-sec/docker-openwrt-ansible latest 07b0246ee9eb 2 hours ago 589 MB
ghcr.io/dev-sec/docker-oracle7-ansible latest 92fd7df2680b 2 days ago 4.22 GB
ghcr.io/dev-sec/docker-rocky8-ansible latest ca4dfb3ea864 2 hours ago 786 MB
ghcr.io/dev-sec/docker-rocky9-ansible latest e12490568e32 2 hours ago 793 MB
ghcr.io/dev-sec/docker-ubuntu1804-ansible latest 94011e3af663 2 days ago 281 MB
ghcr.io/dev-sec/docker-ubuntu2004-ansible latest c88164cc718f 2 days ago 334 MB
ghcr.io/dev-sec/docker-ubuntu2204-ansible latest cdf18b113c33 2 days ago 568 MB
Is your feature request related to a problem? Please describe.
Now that the docker images are moved to this new organization, we should create the docker images under the new organization, too. We need to check which registry we will use.
If the Dockerhub provides a redirection-method when you docker pull
and image, we should use that. Otherwise we should push to the old namespace as well as the new one.
We already use them: https://github.com/dev-sec/.github/tree/main/.github/workflows, so we should also use them for this repo.
Describe the bug
I'm starting to work on the pull-request for SSH hardening in Alpine by setting up the tests. I noticed that calling the init system like you do with systemd in all the other distros doesn't work and it looks like that the openrc
package needs to be installed in order to get services up and running for testing the role.
Expected behavior
Calling /sbin/init
(or whatever is appropriate) in the alpine-ansible-latest
image has the same general effect as calling /lib/systemd/systemd
in the debian12-ansible-latest
for the purposes of testing the devsec.hardening
collection. As in it starts the indicated init system.
Actual behavior
Manually run:
$ docker run -it rndmh3ro/docker-alpine-ansible /sbin/init
can't run '/sbin/openrc': No such file or directory
can't run '/sbin/openrc': No such file or directory
can't run '/sbin/openrc': No such file or directory
can't open /dev/tty1: No such file or directory
can't open /dev/tty2: No such file or directory
can't open /dev/tty3: No such file or directory
can't open /dev/tty4: No such file or directory
can't open /dev/tty5: No such file or directory
can't open /dev/tty6: No such file or directory
can't open /dev/tty1: No such file or directory
can't open /dev/tty2: No such file or directory
can't open /dev/tty3: No such file or directory
can't open /dev/tty4: No such file or directory
can't open /dev/tty5: No such file or directory
can't open /dev/tty6: No such file or directory
can't open /dev/tty1: No such file or directory
can't open /dev/tty2: No such file or directory
can't open /dev/tty3: No such file or directory
can't open /dev/tty4: No such file or directory
can't open /dev/tty5: No such file or directory
can't open /dev/tty6: No such file or directory
can't open /dev/tty1: No such file or directory
can't open /dev/tty2: No such file or directory
can't open /dev/tty3: No such file or directory
can't open /dev/tty4: No such file or directory
can't open /dev/tty5: No such file or directory
can't open /dev/tty6: No such file or directory
can't open /dev/tty1: No such file or directory
can't open /dev/tty2: No such file or directory
can't open /dev/tty3: No such file or directory
can't open /dev/tty4: No such file or directory
can't open /dev/tty5: No such file or directory
can't open /dev/tty6: No such file or directory
can't open /dev/tty1: No such file or directory
can't open /dev/tty2: No such file or directory
can't open /dev/tty3: No such file or directory
can't open /dev/tty4: No such file or directory
can't open /dev/tty5: No such file or directory
can't open /dev/tty6: No such file or directory
can't open /dev/tty1: No such file or directory
can't open /dev/tty2: No such file or directory
can't open /dev/tty3: No such file or directory
can't open /dev/tty4: No such file or directory
can't open /dev/tty5: No such file or directory
can't open /dev/tty6: No such file or directory
can't open /dev/tty1: No such file or directory
can't open /dev/tty2: No such file or directory
can't open /dev/tty3: No such file or directory
can't open /dev/tty4: No such file or directory
can't open /dev/tty5: No such file or directory
can't open /dev/tty6: No such file or directory
can't open /dev/tty1: No such file or directory
can't open /dev/tty2: No such file or directory
can't open /dev/tty3: No such file or directory
can't open /dev/tty4: No such file or directory
can't open /dev/tty5: No such file or directory
can't open /dev/tty6: No such file or directory
can't open /dev/tty1: No such file or directory
can't open /dev/tty2: No such file or directory
can't open /dev/tty3: No such file or directory
can't open /dev/tty4: No such file or directory
can't open /dev/tty5: No such file or directory
can't open /dev/tty6: No such file or directory
can't open /dev/tty1: No such file or directory
can't open /dev/tty2: No such file or directory
can't open /dev/tty3: No such file or directory
can't open /dev/tty4: No such file or directory
can't open /dev/tty5: No such file or directory
can't open /dev/tty6: No such file or directory
can't open /dev/tty1: No such file or directory
can't open /dev/tty2: No such file or directory
can't open /dev/tty3: No such file or directory
can't open /dev/tty4: No such file or directory
can't open /dev/tty5: No such file or directory
can't open /dev/tty6: No such file or directory
<ctrl-c here>
can't run '/sbin/openrc': No such file or directory
The system is going down NOW!
Sent SIGTERM to all processes
Sent SIGKILL to all processes
Requesting system reboot
The CI for devsec.ssh_hardening
(with Alpine added) fails in a funny way in the prepare step that I suspect is due to the lack of openrc. The internet says this is likely due to the container not being available.
The run with debug mode on is here.
PLAY [Wrapper playbook for kitchen testing "ansible-ssh-hardening" with default settings] ***
TASK [Gathering Facts] *********************************************************
Wednesday 03 April 2024 15:58:44 +0000 (0:00:00.010) 0:00:00.010 *******
fatal: [instance]: UNREACHABLE! => {"changed": false, "msg": "Failed to create temporary directory. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"` echo unable to find user ansible: no matching entries in passwd file/.ansible/tmp `\"&& mkdir \"` echo unable to find user ansible: no matching entries in passwd file/.ansible/tmp/ansible-tmp-1712159924.476709-2657-37920254182010 `\" && echo ansible-tmp-1712159924.476709-2657-37920254182010=\"` echo unable to find user ansible: no matching entries in passwd file/.ansible/tmp/ansible-tmp-1712159924.476709-2657-37920254182010 `\" ), exited with result 126, stdout output: unable to find user ansible: no matching entries in passwd file\r\n", "unreachable": true}
PLAY RECAP *********************************************************************
instance : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
Example Playbook
I'm not sure if this is relevant but it's failing in the prepare.yml in the molecule tests in the CI for devsec.ssh_hardening
, but that's before it gets to the container.
OS / Environment
The manual run was with an Ubuntu 22.04 host using Docker version 26.0.0, build 2ae903e.
The CI output is from github using your CI config with alpine added. https://github.com/haxwithaxe/ansible-collection-hardening/blob/feature/alpine-ssh-hardening-dev/.github/workflows/ssh_hardening.yml
Ansible Version
From the CI output before molecule has started:
Collecting ansible-core==2.16.5 (from -r requirements.txt (line 4))
From the image in question:
ansible [core 2.16.1]
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.11/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.11.8 (main, Feb 19 2024, 17:01:17) [GCC 13.2.1 20231014] (/usr/bin/python3)
jinja version = 3.1.2
libyaml = True
Role Version
Not applicable.
Additional context
Thanks for maintaining these docker images!
Hey, great work with this! I've been using an Alpine-based image to do this for a little while, and I thought you might want to complete the collection ๐
It's hosted here https://github.com/absolutejam/docker-ansible/blob/master/Dockerfile but if you do use it, you might want to reformat it and strip out the winrm-based python modules.
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
.github/workflows/all.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
peter-evans/dockerhub-description v4
.github/workflows/alpine-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/amazon2-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/amazon2023-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/arch-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/centos7-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/centos8-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/centosstream8-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/centosstream9-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/debian10-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/debian11-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/debian12-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/fedora37-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/fedora38-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/fedora39-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/fedora40-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/lint.yml
actions/checkout v4
hadolint/hadolint-action v3.1.0
.github/workflows/opensuse_tumbleweed-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/openwrt-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/oracle7-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/rocky8-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/rocky9-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/ubuntu1804-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/ubuntu2004-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
.github/workflows/ubuntu2204-ansible-latest.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
docker/login-action v3
docker/build-push-action v5
Describe the bug
The build fails for some time.
https://github.com/rndmh3ro/docker-ansible/actions/runs/3778661949/jobs/6423327751#step:5:402
Expected behavior
The build should succeed.
@komachi, are you able to fix that?
Is your feature request related to a problem? Please describe.
@dlouzan kindly offered to maintain the docker-images for Fedora (see dev-sec/ansible-collection-hardening#677).
We need to invite him (and anyone else, @dlouzan?) into the organization so they can work.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.