feat: implement Docker configuration for E2E configuration testing

- Create docker/provisioned-instance/ directory with Ubuntu 24.04 configuration
- Add Dockerfile with supervisor, SSH server, and torrust user setup
- Add supervisord.conf for SSH service management
- Add entrypoint.sh with container initialization (fixed shellcheck issues)
- Create comprehensive README.md documentation
- Add docker-phase-architecture.md decision record
- Create docker-testing-revision.md superseding original Docker rejection
- Update ansible-testing-strategy.md for phase-specific testing approach
- Update e2e-docker-config-testing.md with implementation results
- Fix markdown linting issues in docker-phase-architecture.md
- Add project-words.txt entries for new terminology

Architecture implements B.2 step from E2E test split plan:
- Phase-specific testing: LXD VMs for provision, Docker for configuration
- Supervisor replaces systemd for container-friendly process management
- Password auth (torrust:torrust123) plus SSH key support
- Represents post-provision, pre-configuration deployment state

Author: josecelano

docker/provisioned-instance/.dockerignore

@@ -0,0 +1,44 @@
+# Docker ignore file for E2E test container builds
+# Exclude unnecessary files to optimize build context
+
+# Target directory (Rust build artifacts)
+target/
+**/target/
+
+# Build directory (generated configurations)
+build/
+
+# Git directory
+.git/
+
+# VS Code directory
+.vscode/
+
+# Documentation (except what's needed)
+docs/
+!docs/research/e2e-docker-config-testing.md
+!docs/refactors/split-e2e-tests-provision-vs-configuration.md
+
+# Examples and fixtures (except SSH keys)
+examples/
+fixtures/
+!fixtures/testing_rsa.pub
+
+# Lock files
+*.lock
+
+# Temporary files
+*.tmp
+*.temp
+
+# Log files
+*.log
+
+# OS specific files
+.DS_Store
+Thumbs.db
+
+# IDE files
+*.swp
+*.swo
+*~

docker/provisioned-instance/Dockerfile

@@ -0,0 +1,84 @@
+# Dockerfile for Provisioned Instance
+# Ubuntu 24.04 LTS representing the state after VM provisioning (before configuration)
+# This container simulates a freshly provisioned VM ready for Ansible configuration
+# Based on requirements from docs/research/e2e-docker-config-testing.md
+
+FROM ubuntu:24.04
+
+# Metadata
+LABEL description="Ubuntu 24.04 provisioned instance - post-provision, pre-configuration state"
+LABEL maintainer="Torrust Development Team" 
+LABEL version="1.0.0"
+LABEL deployment-phase="provisioned"
+
+# Set environment variables
+ENV DEBIAN_FRONTEND=noninteractive
+ENV TZ=UTC
+
+# Update package list and install essential packages
+RUN apt-get update && apt-get install -y \
+    # SSH server for Ansible connectivity
+    openssh-server \
+    # Sudo for privilege escalation
+    sudo \
+    # Supervisor for process management
+    supervisor \
+    # Basic utilities
+    curl \
+    wget \
+    ca-certificates \
+    gnupg \
+    lsb-release \
+    # APT transport for HTTPS repositories
+    apt-transport-https \
+    # Clean up package cache
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Configure SSH server
+RUN mkdir -p /var/run/sshd \
+    # Configure SSH for password authentication initially (tests will set up keys later)
+    && sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config \
+    && sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
+    && sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config
+
+# Create torrust user matching LXD VM configuration
+RUN useradd -m -s /bin/bash -G sudo torrust \
+    # Set a simple password for initial SSH access (tests will set up keys later)
+    && echo "torrust:torrust123" | chpasswd \
+    # Configure passwordless sudo
+    && echo "torrust ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers \
+    # Create .ssh directory for authorized keys (to be populated by tests)
+    && mkdir -p /home/torrust/.ssh \
+    && chmod 700 /home/torrust/.ssh \
+    && chown torrust:torrust /home/torrust/.ssh
+
+# SSH public key will be copied by E2E tests during setup
+# Create authorized_keys file with proper permissions
+RUN touch /home/torrust/.ssh/authorized_keys \
+    && chmod 600 /home/torrust/.ssh/authorized_keys \
+    && chown torrust:torrust /home/torrust/.ssh/authorized_keys
+
+# Create provision completion marker (matching cloud-init behavior)
+RUN mkdir -p /tmp \
+    && echo "Container provisioned successfully" > /tmp/provision_complete \
+    && chown torrust:torrust /tmp/provision_complete
+
+# Expose SSH port
+EXPOSE 22
+
+# Set working directory
+WORKDIR /home/torrust
+
+# Create supervisor configuration
+COPY docker/provisioned-instance/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+
+# Create entrypoint script for initialization
+COPY docker/provisioned-instance/entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+
+# Set entrypoint
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+
+# Default command - run supervisor
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]

docker/provisioned-instance/README.md

@@ -0,0 +1,180 @@
+# Docker Provisioned Instance Configuration
+
+This directory contains the Docker configuration representing a **provisioned instance** - the state of a VM after provisioning but before configuration in the deployment lifecycle.
+
+## Overview
+
+This Docker configuration provides an Ubuntu 24.04 container that simulates a freshly provisioned VM:
+
+- **SSH Server**: For Ansible connectivity (via supervisor)
+- **Base System**: Clean Ubuntu 24.04 LTS installation
+- **Sudo User**: `torrust` user with passwordless sudo access
+- **Network Access**: For package downloads during configuration phase
+- **No App Dependencies**: Docker, Docker Compose, etc. not yet installed (that's the configure phase)
+
+## Files
+
+- `Dockerfile`: Main container configuration for provisioned instance state
+- `supervisord.conf`: Supervisor configuration for SSH service management
+- `entrypoint.sh`: Container initialization script
+- `README.md`: This documentation file
+
+## Deployment Phase Context
+
+This container represents the **provisioned** state in the deployment lifecycle:
+
+```text
+┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐
+│    Provision    │───▶│   Configure     │───▶│    Release      │───▶│      Run        │
+│                 │    │                 │    │                 │    │                 │
+│ • VM Created    │    │ • Install Docker│    │ • Deploy Apps   │    │ • Start Services│
+│ • SSH Ready     │    │ • Install Deps  │    │ • Config Files  │    │ • Validate      │
+│ • User Setup    │    │ • System Config │    │ • Certificates  │    │ • Monitor       │
+└─────────────────┘    └─────────────────┘    └─────────────────┘    └─────────────────┘
+       ▲
+   THIS CONTAINER
+```
+
+**Future Expansion**: Additional containers can represent later phases:
+
+- `docker/configured-instance/` - After Ansible configuration
+- `docker/released-instance/` - After application deployment
+
+## Usage
+
+### Building the Container
+
+From the project root directory:
+
+```bash
+# Build the provisioned instance Docker image
+docker build -f docker/provisioned-instance/Dockerfile -t torrust-provisioned-instance:latest .
+```
+
+### Running the Container
+
+#### Basic Run (for testing)
+
+```bash
+# Run provisioned instance container with SSH access
+docker run -d \
+  --name torrust-provisioned \
+  -p 2222:22 \
+  torrust-provisioned-instance:latest
+```
+
+#### Connect via SSH
+
+```bash
+# Connect using password authentication (initial setup)
+sshpass -p "torrust123" ssh -p 2222 -o StrictHostKeyChecking=no torrust@localhost
+
+# Or copy SSH key and use key authentication
+sshpass -p "torrust123" scp -P 2222 -o StrictHostKeyChecking=no fixtures/testing_rsa.pub torrust@localhost:~/.ssh/authorized_keys
+ssh -i fixtures/testing_rsa -p 2222 -o StrictHostKeyChecking=no torrust@localhost
+```
+
+### Integration with E2E Configuration Tests
+
+The provisioned instance container simulates the state after VM provisioning and is designed for E2E configuration testing:
+
+1. **Container Lifecycle**: Tests manage container creation and cleanup
+2. **SSH Authentication**: Initial password authentication (`torrust:torrust123`)
+3. **SSH Key Setup**: Tests copy SSH public key during setup phase
+4. **Port Mapping**: SSH port (22) is mapped to host for Ansible connectivity
+5. **Inventory Generation**: Container IP is added to Ansible inventory
+
+### Configuration Details
+
+#### User Configuration
+
+- **Username**: `torrust` (matches LXD VM configuration)
+- **Password**: `torrust123` (for initial SSH access)
+- **Groups**: `sudo`
+- **Shell**: `/bin/bash`
+- **Sudo**: Passwordless sudo access (`NOPASSWD:ALL`)
+- **SSH**: Password authentication enabled initially, key-based authentication supported
+
+#### SSH Configuration
+
+- **Port**: 22 (standard SSH port)
+- **Authentication**: Password authentication enabled (`torrust123`)
+- **Public Key**: Key-based authentication supported (tests copy public key)
+- **Root Login**: Disabled
+
+#### Supervisor Configuration
+
+- **Process Manager**: Supervisor instead of systemd (container-friendly)
+- **Services**: SSH service managed by supervisor
+- **Logging**: Supervisor handles service logging
+- **No Privileges**: No `--privileged` flag required
+
+## Requirements
+
+### For Building
+
+- Docker installed on the build system
+- Project repository with `fixtures/testing_rsa.pub` file
+
+### For Running
+
+- Docker installed on the system
+- No special privileges required (no `--privileged` flag needed)
+- SSH client for connectivity testing
+
+## Troubleshooting
+
+### Container Won't Start
+
+1. Check if Docker daemon is running
+2. Verify no port conflicts on port 2222
+3. Check container logs: `docker logs <container-name>`
+
+### SSH Connection Fails
+
+1. Verify SSH port mapping: `-p 2222:22`
+2. Test password authentication: `sshpass -p "torrust123" ssh -p 2222 torrust@localhost`
+3. Check if SSH service is running inside container
+4. Verify container is accessible: `docker exec -it <container-name> bash`
+
+### Key Authentication Issues
+
+1. Ensure public key is copied correctly to container
+2. Verify SSH key file permissions (should be 600)
+3. Check authorized_keys file in container: `~/.ssh/authorized_keys`
+
+## Architecture
+
+This container configuration supports the E2E test split architecture:
+
+```text
+┌─────────────────────────────────────────┐
+│         E2E Config Tests Binary         │
+│                                         │
+│  ┌─────────────────────────────────────┐│
+│  │       Docker Container              ││
+│  │  ┌─────────────────────────────────┐││
+│  │  │      Ubuntu 24.04 LTS           │││
+│  │  │  - SSH Server (port 22)         │││
+│  │  │  - Supervisor (process mgmt)    │││
+│  │  │  - torrust user (sudo access)   │││
+│  │  │  - Package management (apt)     │││
+│  │  └─────────────────────────────────┘││
+│  └─────────────────────────────────────┘│
+│             ▲                           │
+│             │ SSH (port 2222)           │
+│             ▼                           │
+│  ┌─────────────────────────────────────┐│
+│  │         Ansible Client              ││
+│  │  - install-docker.yml               ││
+│  │  - install-docker-compose.yml       ││
+│  │  - Dynamic inventory generation     ││
+│  └─────────────────────────────────────┘│
+└─────────────────────────────────────────┘
+```
+
+## Related Documentation
+
+- [E2E Tests Split Plan](../../docs/refactors/split-e2e-tests-provision-vs-configuration.md)
+- [Docker Configuration Testing Research](../../docs/research/e2e-docker-config-testing.md)
+- [E2E Testing Guide](../../docs/e2e-testing.md)

docker/provisioned-instance/entrypoint.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+# Entrypoint script for E2E configuration testing container
+# Initializes SSH server via supervisor for Ansible connectivity
+
+set -e
+
+# Function to log messages
+log() {
+    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" >&2
+}
+
+log "Starting container initialization..."
+
+# Create supervisor log directory
+mkdir -p /var/log/supervisor
+
+# Create SSH host keys if they don't exist
+if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
+    log "Generating SSH host keys..."
+    ssh-keygen -A
+fi
+
+# Ensure SSH directory has proper permissions
+chown torrust:torrust /home/torrust/.ssh
+chmod 700 /home/torrust/.ssh
+chmod 600 /home/torrust/.ssh/authorized_keys
+
+# Signal that container is ready
+log "Container initialization complete. Starting supervisor..."
+
+# Execute the provided command (supervisor by default)
+exec "$@"

docker/provisioned-instance/supervisord.conf

@@ -0,0 +1,27 @@
+[supervisord]
+nodaemon=true
+user=root
+logfile=/var/log/supervisor/supervisord.log
+pidfile=/var/run/supervisord.pid
+childlogdir=/var/log/supervisor
+logfile_maxbytes=50MB
+logfile_backups=10
+loglevel=info
+
+[program:sshd]
+command=/usr/sbin/sshd -D
+stdout_logfile=/var/log/supervisor/sshd.log
+stderr_logfile=/var/log/supervisor/sshd.log
+autorestart=true
+startretries=3
+priority=1
+
+[unix_http_server]
+file=/var/run/supervisor.sock
+chmod=0700
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisor.sock
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface