Hi @jtdevops, I've opened this issue to separately discuss improvements for ansible.
I've noticed that mounting an .ssh directory with 0444 permissions, is actually not possible on Windows. Even when using the special configs section of compose 3.3+, they will mount without restrictions.
It's possible to circumvent the warning for ansible.cfg being in a writable directory, by adding ANSIBLE_CONFIG=ansible.cfg. This works if dockerized ansible-playbook is run from the directory with the config file.
For .ssh keys, we'll have to try out different solutions:
Somehow making a read-only mount. Perhaps by re-mounting the share within docker? Although it seems that the unix permissions of mounted directories will be set by the underlying file-system, so a re-mount may not achieve anything.
Copy the ssh keys on startup. This is doable, and we can use the existing .init.sh script pattern for that, as used by gh.
Mount a docker volume to ~/.ssh, and copy user keys to it on init. This is very similar to not using any volume, and just copying the keys to the container's ~/.ssh folder.
Hi @jtdevops, I've opened this issue to separately discuss improvements for ansible.
I've noticed that mounting an .ssh directory with 0444 permissions, is actually not possible on Windows. Even when using the special
configssection of compose 3.3+, they will mount without restrictions.It's possible to circumvent the warning for
ansible.cfgbeing in a writable directory, by addingANSIBLE_CONFIG=ansible.cfg. This works ifdockerized ansible-playbookis run from the directory with the config file.For .ssh keys, we'll have to try out different solutions:
.init.shscript pattern for that, as used bygh.