I would like to execute a command inside a container of a machine I manage with ansible.
This is possible with the
delegate_to command (see https://stackoverflow.com/a/41626257/458274):
- name: Add container to inventory add_host: name: mycontainer ansible_connection: docker changed_when: false - name: Do something in container delegate_to: mycontainer raw: echo "hello world"
However, the user I’m using has no permission to access
/var/run/docker.sock. I could fix this by adding the user to the
docker group, but I feel that this is a bad security practice, since any program running with this user account could now gain root permission without a password.
become does not work either, since it will be delegated to the container, too.
How can I use
delegate_to, but switch to another user first?