sherwind · January 27, 2023 06:39
diff --git a/ansible-awscli-gosu-Dockerfile b/ansible-awscli-gosu-Dockerfile
 ## $ docker build -t myansible .
 ## $ export AWS_PROFILE="..."
 ## $ docker run -it --rm -e AWS_PROFILE \
 ##                       -e MY_UID=$(id -u) -e MY_GID=$(id -g)  \
 ##                       -v ${HOME}/.aws/config:/home/user/.aws/config:ro \
 ##                       -v ${HOME}/.aws/credentials:/home/user/.aws/credentials:ro \
 ##                       -v ${HOME}/.ssh/:/home/user/.ssh/:ro \
 ##                       -v $(pwd):/work \
 ##                       --workdir=/work myansible ansible -i inventory all -m ping
 
 FROM golang:1-bullseye as builder

 # session-manager-plugin
 RUN set -eux; \
        git clone https://github.com/aws/session-manager-plugin.git /tmp/session-manager-plugin; \
        cd /tmp/session-manager-plugin; \
        PLUGIN_VERSION="$( git tag --sort=-creatordate \
                | sort -V \
                | grep -E '[0-9]+\.[0-9]+\.[0-9]+$' \
                | tail -1 \
        )"; \
        git checkout "${PLUGIN_VERSION}"; \
        echo -n "${PLUGIN_VERSION}" > VERSION; \
 	find /tmp/session-manager-plugin -name '*.go' -print0 | xargs -0 -n1 gofmt -w; \
        make clean checkstyle release-test pre-release build-linux-amd64 build-arm64 prepack-linux-amd64 prepack-linux-arm64; \
 	dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
        mv bin/linux_${dpkgArch}_plugin/session-manager-plugin /usr/bin/session-manager-plugin; \
 	rm -rf tmp/session-manager-plugin; \
        chmod +x /usr/bin/session-manager-plugin; \
        /usr/bin/session-manager-plugin --version


 FROM python:3-slim-bullseye as production

 RUN set -ex; \
 	if ! command -v gpg > /dev/null; then \
 		apt-get update; \
 		apt-get install -y --no-install-recommends \
 			gnupg \
 			dirmngr \
 		; \
 		rm -rf /var/lib/apt/lists/*; \
 	fi

 # See list of versions at https://github.com/aws/aws-cli/blob/v2/CHANGELOG.rst
 ENV AWSCLI_VERSION 2.9.18
 RUN set -eux; \
        savedAptMark="$(apt-mark showmanual)"; \
        apt-get update; \
        apt-get install -y --no-install-recommends ca-certificates curl unzip; \
 	rm -rf /var/lib/apt/lists/*; \
 	curl -o awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m)-${AWSCLI_VERSION}.zip"; \
 	curl -o awscliv2.sig "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m)-${AWSCLI_VERSION}.zip.sig"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	gpg --batch --keyserver hkps://pgp.mit.edu --recv-keys FB5DB77FD5C118B80511ADA8A6310ACC4672475C; \
 	gpg --batch --verify awscliv2.sig awscliv2.zip; \
 	gpgconf --kill all; \
 	unzip awscliv2.zip; \
 	rm -rf "$GNUPGHOME" awscliv2.sig awscliv2.zip; \
        apt-mark auto '.*' > /dev/null; \
        [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
        apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
 	./aws/install; \
 	rm -rf ./aws; \
 	aws --version


 # grab gosu for easy step-down from root
 # https://github.com/tianon/gosu/releases
 ENV GOSU_VERSION 1.16
 RUN set -eux; \
 	savedAptMark="$(apt-mark showmanual)"; \
 	apt-get update; \
 	apt-get install -y --no-install-recommends ca-certificates wget; \
 	dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
 	wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-${dpkgArch}"; \
 	wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-${dpkgArch}.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
 	gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
 	gpgconf --kill all; \
 	rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
 	apt-mark auto '.*' > /dev/null; \
 	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
 	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
 	rm -rf /var/lib/apt/lists/*; \
 	chmod +x /usr/local/bin/gosu; \
 	gosu --version; \
 	gosu nobody true

 ENV ANSIBLE_VERSION 5.10.0
 RUN set -eux; \
 	\
 	savedAptMark="$(apt-mark showmanual)"; \
 	apt-get update; \
 	apt-get install -y --no-install-recommends \
 		g++ \
 		gcc \
 		libyaml-dev \
 		libpq-dev \
 		libkrb5-dev \
 		libssl-dev \
 		libffi-dev \
 		libxml2-dev \
 		libxslt-dev \
 		default-libmysqlclient-dev \
 		default-mysql-client \
 		postgresql-client \
 		python3-dev \
 		python3-yaml \
 		python3-pip \
 	; \
 	pip install --no-cache-dir --no-compile ansible~="$ANSIBLE_VERSION" pyyaml pycrypto netaddr boto boto3 paramiko psycopg2 openshift \
 		 dnspython mitogen PyMySQL pexpect jsondiff \
 	; \
 	apt-mark auto '.*' > /dev/null; \
 	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
 	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
 	rm -rf /var/lib/apt/lists/*; \
 	ansible --version

 RUN set -ex; \
 	apt-get update; \
 	apt-get install -y --no-install-recommends \
 		git \
 		openssh-client \
 		jq \
 		rsync \
 		libpq5 \
 		libyaml-0-2 \
 		less \
 		vim \
 		sshpass \
 	; \
 	rm -rf /var/lib/apt/lists/*

 COPY entrypoint.sh /usr/local/bin/entrypoint.sh
 RUN chmod +x /usr/local/bin/entrypoint.sh

 COPY --from=builder /usr/bin/session-manager-plugin /usr/bin/session-manager-plugin

 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

diff --git a/ansible-awscli-gosu-entrypoint.sh b/ansible-awscli-gosu-entrypoint.sh
 #!/bin/bash

 USER_ID=${MY_UID:-1000}
 GROUP_ID=${MY_GID:-1000}

 groupadd -g $GROUP_ID -o user
 useradd --shell /bin/bash -u $USER_ID -g $GROUP_ID -o -c "" -M user
 export HOME=/home/user
 install -d -o $USER_ID -g $GROUP_ID -m 0755 $HOME

 exec /usr/local/bin/gosu user "$@"
	## $ docker build -t myansible .
	## $ export AWS_PROFILE="..."
	## $ docker run -it --rm -e AWS_PROFILE \
	## -e MY_UID=$(id -u) -e MY_GID=$(id -g) \
	## -v ${HOME}/.aws/config:/home/user/.aws/config:ro \
	## -v ${HOME}/.aws/credentials:/home/user/.aws/credentials:ro \
	## -v ${HOME}/.ssh/:/home/user/.ssh/:ro \
	## -v $(pwd):/work \
	## --workdir=/work myansible ansible -i inventory all -m ping

	FROM golang:1-bullseye as builder

	# session-manager-plugin
	RUN set -eux; \
	git clone https://github.com/aws/session-manager-plugin.git /tmp/session-manager-plugin; \
	cd /tmp/session-manager-plugin; \
	PLUGIN_VERSION="$( git tag --sort=-creatordate \
	\| sort -V \
	\| grep -E '[0-9]+\.[0-9]+\.[0-9]+$' \
	\| tail -1 \
	)"; \
	git checkout "${PLUGIN_VERSION}"; \
	echo -n "${PLUGIN_VERSION}" > VERSION; \
	find /tmp/session-manager-plugin -name '*.go' -print0 \| xargs -0 -n1 gofmt -w; \
	make clean checkstyle release-test pre-release build-linux-amd64 build-arm64 prepack-linux-amd64 prepack-linux-arm64; \
	dpkgArch="$(dpkg --print-architecture \| awk -F- '{ print $NF }')"; \
	mv bin/linux_${dpkgArch}_plugin/session-manager-plugin /usr/bin/session-manager-plugin; \
	rm -rf tmp/session-manager-plugin; \
	chmod +x /usr/bin/session-manager-plugin; \
	/usr/bin/session-manager-plugin --version


	FROM python:3-slim-bullseye as production

	RUN set -ex; \
	if ! command -v gpg > /dev/null; then \
	apt-get update; \
	apt-get install -y --no-install-recommends \
	gnupg \
	dirmngr \
	; \
	rm -rf /var/lib/apt/lists/*; \
	fi

	# See list of versions at https://github.com/aws/aws-cli/blob/v2/CHANGELOG.rst
	ENV AWSCLI_VERSION 2.9.18
	RUN set -eux; \
	savedAptMark="$(apt-mark showmanual)"; \
	apt-get update; \
	apt-get install -y --no-install-recommends ca-certificates curl unzip; \
	rm -rf /var/lib/apt/lists/*; \
	curl -o awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m)-${AWSCLI_VERSION}.zip"; \
	curl -o awscliv2.sig "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m)-${AWSCLI_VERSION}.zip.sig"; \
	export GNUPGHOME="$(mktemp -d)"; \
	gpg --batch --keyserver hkps://pgp.mit.edu --recv-keys FB5DB77FD5C118B80511ADA8A6310ACC4672475C; \
	gpg --batch --verify awscliv2.sig awscliv2.zip; \
	gpgconf --kill all; \
	unzip awscliv2.zip; \
	rm -rf "$GNUPGHOME" awscliv2.sig awscliv2.zip; \
	apt-mark auto '.*' > /dev/null; \
	[ -z "$savedAptMark" ] \|\| apt-mark manual $savedAptMark > /dev/null; \
	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
	./aws/install; \
	rm -rf ./aws; \
	aws --version


	# grab gosu for easy step-down from root
	# https://github.com/tianon/gosu/releases
	ENV GOSU_VERSION 1.16
	RUN set -eux; \
	savedAptMark="$(apt-mark showmanual)"; \
	apt-get update; \
	apt-get install -y --no-install-recommends ca-certificates wget; \
	dpkgArch="$(dpkg --print-architecture \| awk -F- '{ print $NF }')"; \
	wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-${dpkgArch}"; \
	wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-${dpkgArch}.asc"; \
	export GNUPGHOME="$(mktemp -d)"; \
	gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
	gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
	gpgconf --kill all; \
	rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
	apt-mark auto '.*' > /dev/null; \
	[ -z "$savedAptMark" ] \|\| apt-mark manual $savedAptMark > /dev/null; \
	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
	rm -rf /var/lib/apt/lists/*; \
	chmod +x /usr/local/bin/gosu; \
	gosu --version; \
	gosu nobody true

	ENV ANSIBLE_VERSION 5.10.0
	RUN set -eux; \
	\
	savedAptMark="$(apt-mark showmanual)"; \
	apt-get update; \
	apt-get install -y --no-install-recommends \
	g++ \
	gcc \
	libyaml-dev \
	libpq-dev \
	libkrb5-dev \
	libssl-dev \
	libffi-dev \
	libxml2-dev \
	libxslt-dev \
	default-libmysqlclient-dev \
	default-mysql-client \
	postgresql-client \
	python3-dev \
	python3-yaml \
	python3-pip \
	; \
	pip install --no-cache-dir --no-compile ansible~="$ANSIBLE_VERSION" pyyaml pycrypto netaddr boto boto3 paramiko psycopg2 openshift \
	dnspython mitogen PyMySQL pexpect jsondiff \
	; \
	apt-mark auto '.*' > /dev/null; \
	[ -z "$savedAptMark" ] \|\| apt-mark manual $savedAptMark > /dev/null; \
	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
	rm -rf /var/lib/apt/lists/*; \
	ansible --version

	RUN set -ex; \
	apt-get update; \
	apt-get install -y --no-install-recommends \
	git \
	openssh-client \
	jq \
	rsync \
	libpq5 \
	libyaml-0-2 \
	less \
	vim \
	sshpass \
	; \
	rm -rf /var/lib/apt/lists/*

	COPY entrypoint.sh /usr/local/bin/entrypoint.sh
	RUN chmod +x /usr/local/bin/entrypoint.sh

	COPY --from=builder /usr/bin/session-manager-plugin /usr/bin/session-manager-plugin

	ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
	#!/bin/bash

	USER_ID=${MY_UID:-1000}
	GROUP_ID=${MY_GID:-1000}

	groupadd -g $GROUP_ID -o user
	useradd --shell /bin/bash -u $USER_ID -g $GROUP_ID -o -c "" -M user
	export HOME=/home/user
	install -d -o $USER_ID -g $GROUP_ID -m 0755 $HOME

	exec /usr/local/bin/gosu user "$@"