Merge pull request #472 from microsoft/clantz/ansible-common-script

Update azure-ansible to use common scripts

Author: Chuxel

containers/azure-ansible/.devcontainer/Dockerfile

@@ -1,71 +1,54 @@
-# Pick any base image, but if you select node, skip installing node. 😊
-FROM debian:9
+# You can pick any Debian/Ubuntu-based image. 😊
+FROM mcr.microsoft.com/vscode/devcontainers/base:buster
 
-# This Dockerfile adds a non-root user with sudo access. Update the “remoteUser” property in
-# devcontainer.json to use it. More info: https://aka.ms/vscode-remote/containers/non-root-user.
+COPY library-scripts/*.sh /tmp/library-scripts/
+
+# Install needed packages and setup non-root user. Use a separate RUN statement to add your own dependencies.
+ARG INSTALL_ZSH="true"
+ARG UPGRADE_PACKAGES="false"
 ARG USERNAME=vscode
 ARG USER_UID=1000
 ARG USER_GID=$USER_UID
+RUN apt-get update \
+    && export DEBIAN_FRONTEND=noninteractive \
+    && bash /tmp/library-scripts/common-debian.sh "${INSTALL_ZSH}" "${USERNAME}" "${USER_UID}" "${USER_GID}" "${UPGRADE_PACKAGES}" \
+    && apt-get install -y libssl-dev libffi-dev python3-dev python3-pip \
+    && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
 
-# Install needed packages and setup non-root user. Use a separate RUN statement to add your own dependencies.
+# Optional installs. Use a separate RUN statement to add your own dependencies.
+ARG INSTALL_AZURE_CLI="true"
+ARG INSTALL_DOCKER="true"
+ARG INSTALL_NODE="true"
+ARG NODE_VERSION="lts/*"
+ENV NVM_DIR=/usr/local/share/nvm
+ENV NVM_SYMLINK_CURRENT=true \
+    PATH=${NVM_DIR}/current/bin:${PATH}
 RUN apt-get update \
     && export DEBIAN_FRONTEND=noninteractive \
-    && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \
-    #
-    # Verify git, required tools installed
-    && apt-get install -y \
-        git \
-        openssh-client \
-        less \
-        iproute2 \
-        curl \
-        procps \
-        unzip \
-        apt-transport-https \
-        ca-certificates \
-        gnupg-agent \
-        software-properties-common \
-        lsb-release 2>&1 \
-    #
-    # [Optional] Install Node.js for Azure Cloud Shell support 
-    # Change the "lts/*" in the two lines below to pick a different version
-    && curl -so- https://raw.githubusercontent.com/creationix/nvm/v0.34.0/install.sh | bash 2>&1 \
-    && /bin/bash -c "source $HOME/.nvm/nvm.sh \
-        && nvm install lts/* \
-        && nvm alias default lts/*" 2>&1 \
-    #
-    # [Optional] For local testing instead of cloud shell
-    # Install Docker CE CLI. 
-    && curl -fsSL https://download.docker.com/linux/$(lsb_release -is | tr '[:upper:]' '[:lower:]')/gpg | apt-key add - 2>/dev/null \
-    && add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/$(lsb_release -is | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable" \
-    && apt-get update \
-    && apt-get install -y docker-ce-cli \
-    #
-    # [Optional] For local testing instead of cloud shell
-    # Install the Azure CLI
-    && echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/azure-cli.list \
-    && curl -sL https://packages.microsoft.com/keys/microsoft.asc | apt-key add - 2>/dev/null \
-    && apt-get update \
-    && apt-get install -y azure-cli \
-    #
-    # Install Ansible
-    && apt-get install -y libssl-dev libffi-dev python-dev python-pip \
-    && pip install ansible[azure] \
-    #
-    # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
-    && groupadd --gid $USER_GID $USERNAME \
-    && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \
-    # [Optional] Add sudo support for the non-root user
-    && apt-get install -y sudo \
-    && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME\
-    && chmod 0440 /etc/sudoers.d/$USERNAME \
-    #
-    # Clean up
-    && apt-get autoremove -y \
-    && apt-get clean -y \
-    && rm -rf /var/lib/apt/lists/*
+    # Install Azure CLI
+    && if [ "${INSTALL_AZURE_CLI}" = "true" ]; then \
+        echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/azure-cli.list \
+        && curl -sL https://packages.microsoft.com/keys/microsoft.asc | apt-key add - 2>/dev/null \
+        && apt-get update \
+        && apt-get install -y azure-cli; \
+    fi \
+    # Install Node.js
+    && if [ "${INSTALL_AZURE_CLI}" = "true" ]; then bash /tmp/library-scripts/node-debian.sh "${NVM_DIR}" "${NODE_VERSION}" "${USERNAME}"; fi \
+    # Install Docker CLI
+    && if [ "${INSTALL_DOCKER}" = "true" ]; then \
+        bash /tmp/library-scripts/docker-debian.sh "true" "/var/run/docker-host.sock" "/var/run/docker.sock" "${USERNAME}"; \
+    else \
+        echo '#!/bin/bash\n"$@"' > /usr/local/share/docker-init.sh \
+        && chmod +x /usr/local/share/docker-init.sh; \
+    fi \
+    && rm -rf /var/lib/apt/lists/* /tmp/library-scripts
+
+# Install Ansible
+RUN pip3 install ansible[azure]
+
+ENTRYPOINT [ "/usr/local/share/docker-init.sh" ]
+CMD [ "sleep", "infinity" ]
 
 # [Optional] Uncomment this section to install additional OS packages.
 # RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
 #     && apt-get -y install --no-install-recommends <your-package-list-here>
-

containers/azure-ansible/.devcontainer/devcontainer.json

@@ -1,15 +1,24 @@
 {
 	"name": "Azure Ansible",
-	"dockerFile": "Dockerfile",
+	"build": {
+		"dockerfile": "Dockerfile",
+		"args": {
+			"INSTALL_AZURE_CLI": "true",
+			"INSTALL_DOCKER": "true",
+			"INSTALL_NODE": "true"
+		}
+	},
 	"mounts": [
 		// [Optional] Anisble Collections: Uncomment if you want to mount your local .ansible/collections folder.
 		// "source=${localEnv:HOME}${localEnv:USERPROFILE}/.ansible/collections,target=/root/.ansible/collections,type=bind,consistency=cached",
-		"source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind"
+		"source=/var/run/docker.sock,target=/var/run/docker-host.sock,type=bind"
 	],
+
 	// Set *default* container specific settings.json values on container create.
 	"settings": {
 		"terminal.integrated.shell.linux": "/bin/bash"
 	},
+
 	// Add the IDs of extensions you want installed when the container is created.
 	"extensions": [
 		"vscoss.vscode-ansible",
@@ -19,10 +28,10 @@
 	]
 	// Use 'forwardPorts' to make a list of ports inside the container available locally.
 	// "forwardPorts": [],
+
 	// Use 'postCreateCommand' to run commands after the container is created.
 	// "postCreateCommand": "ansible --version",
-	// Uncomment when using a ptrace-based debugger like C++, Go, and Rust
-	// "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ],
+
 	// Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root.
 	// "remoteUser": "vscode"
 }

containers/azure-ansible/.devcontainer/library-scripts/README.md

@@ -0,0 +1,5 @@
+# Warning: Folder contents may be replaced
+
+The contents of this folder will be automatically replaced with a file of the same name in the repository's [script-library folder](https://github.com/microsoft/vscode-dev-containers/tree/master/script-library) whenever the repository is packaged.
+
+To retain your edits, move the file to a different location. You may also delete the files if they are not needed.

containers/azure-ansible/.devcontainer/library-scripts/common-debian.sh

@@ -0,0 +1,123 @@
+#!/usr/bin/env bash
+#-------------------------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
+#-------------------------------------------------------------------------------------------------------------
+
+# Syntax: ./common-debian.sh <install zsh flag> <username> <user UID> <user GID> <upgrade packages flag>
+
+set -e
+
+INSTALL_ZSH=${1:-"true"}
+USERNAME=${2:-"$(awk -v val=1000 -F ":" '$3==val{print $1}' /etc/passwd)"}
+USER_UID=${3:-1000}
+USER_GID=${4:-1000}
+UPGRADE_PACKAGES=${5:-"true"}
+
+if [ "$(id -u)" -ne 0 ]; then
+    echo 'Script must be run a root. Use sudo or set "USER root" before running the script.'
+    exit 1
+fi
+
+# Treat a user name of "none" as root
+if [ "${USERNAME}" = "none" ] || [ "${USERNAME}" = "root" ]; then
+    USERNAME=root
+    USER_UID=0
+    USER_GID=0
+fi
+
+# Ensure apt is in non-interactive to avoid prompts
+export DEBIAN_FRONTEND=noninteractive
+
+# Install apt-utils to avoid debconf warning
+apt-get -y install --no-install-recommends apt-utils 2> >( grep -v 'debconf: delaying package configuration, since apt-utils is not installed' >&2 )
+
+# Get to latest versions of all packages
+if [ "${UPGRADE_PACKAGES}" = "true" ]; then
+    apt-get -y upgrade --no-install-recommends
+fi
+
+# Install common developer tools and dependencies
+apt-get -y install --no-install-recommends \
+    git \
+    openssh-client \
+    less \
+    iproute2 \
+    procps \
+    curl \
+    wget \
+    unzip \
+    nano \
+    jq \
+    lsb-release \
+    ca-certificates \
+    apt-transport-https \
+    dialog \
+    gnupg2 \
+    libc6 \
+    libgcc1 \
+    libgssapi-krb5-2 \
+    libicu[0-9][0-9] \
+    liblttng-ust0 \
+    libstdc++6 \
+    zlib1g \
+    locales
+
+# Ensure at least the en_US.UTF-8 UTF-8 locale is available.
+# Common need for both applications and things like the agnoster ZSH theme.
+echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen 
+locale-gen
+
+# Install libssl1.1 if available
+if [[ ! -z $(apt-cache --names-only search ^libssl1.1$) ]]; then
+    apt-get -y install  --no-install-recommends libssl1.1
+fi
+ 
+# Install appropriate version of libssl1.0.x if available
+LIBSSL=$(dpkg-query -f '${db:Status-Abbrev}\t${binary:Package}\n' -W 'libssl1\.0\.?' 2>&1 || echo '')
+if [ "$(echo "$LIBSSL" | grep -o 'libssl1\.0\.[0-9]:' | uniq | sort | wc -l)" -eq 0 ]; then
+    if [[ ! -z $(apt-cache --names-only search ^libssl1.0.2$) ]]; then
+        # Debian 9
+        apt-get -y install  --no-install-recommends libssl1.0.2
+    elif [[ ! -z $(apt-cache --names-only search ^libssl1.0.0$) ]]; then
+        # Ubuntu 18.04, 16.04, earlier
+        apt-get -y install  --no-install-recommends libssl1.0.0
+    fi
+fi
+
+# Create or update a non-root user to match UID/GID - see https://aka.ms/vscode-remote/containers/non-root-user.
+if id -u $USERNAME > /dev/null 2>&1; then
+    # User exists, update if needed
+    if [ "$USER_GID" != "$(id -G $USERNAME)" ]; then 
+        groupmod --gid $USER_GID $USERNAME 
+        usermod --gid $USER_GID $USERNAME
+    fi
+    if [ "$USER_UID" != "$(id -u $USERNAME)" ]; then 
+        usermod --uid $USER_UID $USERNAME
+    fi
+else
+    # Create user
+    groupadd --gid $USER_GID $USERNAME
+    useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME
+fi
+
+# Add add sudo support for non-root user
+apt-get install -y sudo
+echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME
+chmod 0440 /etc/sudoers.d/$USERNAME
+
+# Ensure ~/.local/bin is in the PATH for root and non-root users for bash. (zsh is later)
+echo "export PATH=\$PATH:\$HOME/.local/bin" | tee -a /root/.bashrc >> /home/$USERNAME/.bashrc 
+chown $USER_UID:$USER_GID /home/$USERNAME/.bashrc
+
+# Optionally install and configure zsh
+if [ "$INSTALL_ZSH" = "true" ] && [ ! -d "/root/.oh-my-zsh" ]; then 
+    apt-get install -y zsh
+    sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"
+    echo "export PATH=\$PATH:\$HOME/.local/bin" >> /root/.zshrc
+    cp -R /root/.oh-my-zsh /home/$USERNAME
+    cp /root/.zshrc /home/$USERNAME
+    sed -i -e "s/\/root\/.oh-my-zsh/\/home\/$USERNAME\/.oh-my-zsh/g" /home/$USERNAME/.zshrc
+    chown -R $USER_UID:$USER_GID /home/$USERNAME/.oh-my-zsh /home/$USERNAME/.zshrc
+fi
+