{"id":31895292,"url":"https://github.com/carlodepieri/docker-archlinux-ansible","last_synced_at":"2025-10-13T10:23:54.776Z","repository":{"id":48106772,"uuid":"296390173","full_name":"CarloDePieri/docker-archlinux-ansible","owner":"CarloDePieri","description":"An updated, systemd-enabled Archlinux docker image useful for testing ansible playbook.","archived":false,"fork":false,"pushed_at":"2025-04-29T17:34:33.000Z","size":48,"stargazers_count":6,"open_issues_count":1,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-29T17:36:34.296Z","etag":null,"topics":["ansible","archlinux","docker","molecule"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/carlodepieri/docker-archlinux-ansible","language":"Makefile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CarloDePieri.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-09-17T17:00:58.000Z","updated_at":"2025-04-29T17:34:37.000Z","dependencies_parsed_at":"2025-04-29T17:28:05.719Z","dependency_job_id":null,"html_url":"https://github.com/CarloDePieri/docker-archlinux-ansible","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/CarloDePieri/docker-archlinux-ansible","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CarloDePieri%2Fdocker-archlinux-ansible","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CarloDePieri%2Fdocker-archlinux-ansible/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CarloDePieri%2Fdocker-archlinux-ansible/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CarloDePieri%2Fdocker-archlinux-ansible/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CarloDePieri","download_url":"https://codeload.github.com/CarloDePieri/docker-archlinux-ansible/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CarloDePieri%2Fdocker-archlinux-ansible/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279014684,"owners_count":26085554,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-13T02:00:06.723Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","archlinux","docker","molecule"],"created_at":"2025-10-13T10:23:51.549Z","updated_at":"2025-10-13T10:23:54.762Z","avatar_url":"https://github.com/CarloDePieri.png","language":"Makefile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Docker Archlinux for testing Ansible playbooks\n\n[![prod](https://github.com/CarloDePieri/docker-archlinux-ansible/actions/workflows/prod.yml/badge.svg)](https://github.com/CarloDePieri/docker-archlinux-ansible/actions/workflows/prod.yml) [![Docker Cloud Automated build](https://img.shields.io/badge/docker%20build-automatic-success)](https://hub.docker.com/r/carlodepieri/docker-archlinux-ansible) [![Maintenance](https://img.shields.io/maintenance/yes/2025)](https://github.com/CarloDePieri/docker-archlinux-ansible)\n\nAn updated, systemd-enabled Archlinux docker image (based on my [docker-archlinux-systemd](https://hub.docker.com/r/carlodepieri/docker-archlinux-systemd))\nuseful for testing Ansible playbook.\n\nImages are built by GitHub CI, tagged and pushed to DockerHub at least once a month.\n\n#### Available tags\n\nArch is a rolling release distribution. This means that the [available tags](https://hub.docker.com/r/carlodepieri/docker-archlinux-ansible/tags)\nare nothing more than arbitrary snapshots of the distro at that particular time.\n\nBeware when using tags in automated testing environments: while usually a good\npractice, keep in mind that in reality Arch is changing daily and that a system\ntest with a pinned environment could become useless quickly. A more in-depth\ndiscussion on this can be found [here](https://github.com/CarloDePieri/docker-archlinux-ansible/issues/6).\n\n## Usage: testing with Molecule\n\nA [working Docker installation](https://docs.docker.com/engine/install/) is needed.\nImages on Docker Hub gets automatically built at least once a month by GitHub Actions.\n\nA [working molecule installation](https://molecule.readthedocs.io/en/latest/installation.html) is also needed.\n\nRunning `molecule init scenario --driver-name docker` will quick-start a project.\nNow edit the `'platforms'` section inside the file `molecule/default/molecule.yml`.\n\n```yaml\nplatforms:\n  - name: cdp-arch-ansible\n    image: carlodepieri/docker-archlinux-ansible:latest\n    command: ${MOLECULE_DOCKER_COMMAND:-\"\"}\n    privileged: true\n    pre_build_image: true\n    # see \"Problems with ulimits and makepkg\" section below \n    ulimits:\n      - nofile:65535:65535\n\nprovisioner:\n  name: ansible\n  inventory:\n    host_vars:\n      # setting for the platform instance named 'cdp-arch-ansible'\n      # see \"Problems with ulimits and makepkg\" section below \n      cdp-arch-ansible:\n        ansible_user: ansible\n```\n\nThis will make molecule pull the image from Dockerhub and start the container in a way that\n- supports systemd and Ansible.\n- uses non-privileged, passwordless sudoer `ansible` user (to allow to build AUR packages)\n- uses lower `nofiles` ulimit value (to avoid problems with AUR package\n  builds taking too long).\n\nFor more information about last two points see [Problems with ulimits and makepkg](#problems-with-ulimits-and-makepkg).\n\n\u003e **Important**: the privileged flag is necessary to make systemd behave,\n\u003e but make sure to understand [the security concerns involved](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities).\n\nAfter the container has been created (for example by `molecule converge`),\na shell to inspect the container can be obtained with:\n\n```bash\ndocker exec -it cdp-arch-ansible env TERM=xterm bash\n```\n\n### Problems with ulimits and makepkg\nAUR packages are installed via\n[`makepkg`](https://wiki.archlinux.org/title/makepkg) which uses\n[`fakeroot`](https://man.archlinux.org/man/fakeroot.1.en) to allow to\nbuild packages as a normal user with root permissions. `makepkg`\nitself cannot run under root and that is why we need a non-privileged user \n(which we call `ansible`) inside Docker container to be able to install\nAUR packages inside that container. In case of Docker container\ncontrolled by Molecule (via Molecule Docker driver) we need to add the\nfollowing section to `./molecule/default/molecule.yml`:\n\n```yaml\nprovisioner:\n  name: ansible\n  inventory:\n    host_vars:\n      # setting for the platform instance named 'cdp-arch-ansible'\n      # see \"Problems with ulimits and makepkg\" section below \n      cdp-arch-ansible:\n        ansible_user: ansible\n```\n\n\nMoreover, `fakeroot` is known to be extremely slow when [nofile\nulimit](https://wiki.archlinux.org/title/Limits.conf#nofile) is set to a\nhigh value (see\nhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920913).\nThis results in AUR package installation taking too long (sometimes -\nhours). \n\nUlimits for Docker containers can be set in one the following ways:\n- system-wide (see https://wiki.archlinux.org/title/Limits.conf)\n- just for Docker service (see\n  https://bbs.archlinux.org/viewtopic.php?id=283460) by adding something\n  like \n  ```\n  [Service]\n  LimitNOFILE=1048576\n  ```\n  to \n  ```\n  /usr/lib/systemd/system/docker.service.d/override.conf\n  ```\n  on ArchLinux\n- by specifying `--ulimit` option for `docker build` and `docker run`:\n```\ndocker run --rm --ulimit nofile=65536:65536 rabbitmq:3.6.6-management\n```\n-  in Molecule with Docker driver we can configure Molecule\nto pass specific value of `nofile` ulimit to Docker using the follwing\nsyntax:\n\n```yaml\nplatforms:\n  - name: cdp-arch-ansible\n    ...\n    ulimits:\n      - nofile:65535:65535\n```\n\nConsequently, if we want Molecule \nto test an Ansbile role or a playbook that installs AUR packages we need\nall of the following:\n- Pre-built Docker image with non-privileded user inside that container\n- Molecule contigured to\n  - use that non-privileged Ansible (instead of using `root`)\n  - use lower values of `nofiles` ulimit.\n\n\n## Devs: building the image from GitHub\n\nClone the repo first with:\n\n```bash\ngit clone git@github.com:CarloDePieri/docker-archlinux-ansible.git\n```\n\n### Building the image from source\n\nA [working Docker installation](https://docs.docker.com/engine/install/) is needed.\nThen run:\n\n```bash\ndocker build -t carlodepieri/docker-archlinux-ansible .\n```\n\nor, for convenience:\n\n```bash\nmake\n```\n\nThis will build the image. The command `docker images` can then be used to verify a\nsuccessful build.\n\n### Creating a new container\n\nRun:\n\n```bash\ndocker run --name=cdp-arch-ansible --detach --privileged --volume=`pwd`:/etc/ansible/roles/role_under_test:ro carlodepieri/docker-archlinux-ansible\n```\n\nor, for convenience:\n\n```bash\nmake run-container\n```\n\nThis should start the container, which can should be then visible in `docker ps`.\nIt will also bind the current working directory inside the container, which can\nbe handy to quickly test a playbook (like the included `test.yml`).\n\n### Support for manual cgroup binding\n\nIf manual cgroup volume mounting is needed and the docker-archlinux-systemd\nimage has been built as explained [here](https://github.com/CarloDePieri/docker-archlinux-systemd#compatibility-with-systems-that-need-cgroups-volumes),\nthis image must be build as described above but then, for running the\ncontainer, launch:\n\n```bash\ndocker run --name=cdp-arch-ansible --detach --privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro --volume=`pwd`:/etc/ansible/roles/role_under_test:ro carlodepieri/docker-archlinux-ansible\n```\n\nor, for convenience:\n\n```bash\nmake run-container-volume\n```\n\n### Testing the container\n\nRun:\n\n```bash\ndocker exec -i cdp-arch-ansible env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/test.yml --syntax-check\n```\n\nor, for convenience:\n\n```bash\nmake test\n```\n\n### Connecting to the container\n\nRun:\n\n```bash\ndocker exec -it cdp-arch-ansible env TERM=xterm bash\n```\n\nor, for convenience:\n\n```bash\nmake shell\n```\n\n### Testing the CI loop\n\n[Act](https://github.com/nektos/act) can be used to execute locally the GitHub\nActions loop. Keep in mind that this will use Act's\n[full image](https://hub.docker.com/r/nektos/act-environments-ubuntu/tags),\nwhich is really heavy (\u003e18GB).\n\nTo execute a 'push on a testing branch' event (which also triggers when pulling\ninto master), run:\n\n```bash\nmake act-dev\n```\n\nTo execute a 'push on master' event (which triggers also on scheduled cronjobs),\nwith the relative DockerHub deploy:\n\n```bash\nmake act-prod\n```\n\nTo access the act containers:\n\n```bash\nmake act-dev-shell\n# or\nmake act-prod-shell-ci\n# or\nmake act-prod-shell-deploy\n```\n\nTo quickly delete them the act containers:\n\n```bash\nmake act-dev-clean\n# or\nmake act-prod-clean\n```\n\nDo note that the included CI loop will clear the containers used but NOT the\nimage (to save from repetitive builds). This can be forced by running:\n\n```bash\nmake clean-image\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcarlodepieri%2Fdocker-archlinux-ansible","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcarlodepieri%2Fdocker-archlinux-ansible","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcarlodepieri%2Fdocker-archlinux-ansible/lists"}