├── .github ├── dependabot.yml └── workflows │ └── build.yml ├── Dockerfile ├── LICENSE ├── README.md └── initctl_faker /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | --- 2 | updates: 3 | - directory: / 4 | groups: 5 | gha-dependencies: 6 | patterns: 7 | - "*" 8 | package-ecosystem: github-actions 9 | schedule: 10 | interval: weekly 11 | 12 | version: 2 13 | -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Build 3 | 4 | on: 5 | pull_request: 6 | push: 7 | branches: 8 | - master 9 | schedule: 10 | - cron: "10 1 * * 0" 11 | 12 | jobs: 13 | # Test the image builds and works correctly. 14 | test: 15 | name: Test 16 | runs-on: ubuntu-latest 17 | 18 | steps: 19 | - uses: actions/checkout@v4 20 | 21 | - name: Test building image. 22 | run: docker build --tag docker-ansible . 23 | 24 | - name: Run the built image. 25 | run: docker run --name test-container --detach --privileged --cgroupns host --volume /sys/fs/cgroup:/sys/fs/cgroup:rw docker-ansible 26 | 27 | - name: Verify Ansible is accessible in the built image. 28 | run: docker exec --tty test-container env TERM=xterm ansible --version 29 | 30 | # If on master branch, build and release image. 31 | release: 32 | name: Release 33 | runs-on: ubuntu-latest 34 | needs: test 35 | if: github.ref == 'refs/heads/master' 36 | 37 | steps: 38 | - uses: actions/checkout@v4 39 | - uses: docker/setup-qemu-action@v3 40 | - uses: docker/setup-buildx-action@v3 41 | 42 | - name: Login to Docker Hub 43 | uses: docker/login-action@v3 44 | with: 45 | username: ${{ secrets.DOCKER_USERNAME }} 46 | password: ${{ secrets.DOCKER_PASSWORD }} 47 | 48 | - name: Build and push image. 49 | uses: docker/build-push-action@v6 50 | with: 51 | context: ./ 52 | file: Dockerfile 53 | platforms: linux/amd64,linux/arm64 54 | push: true 55 | tags: ${{ github.repository }}:latest 56 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM kalilinux/kali-rolling 2 | LABEL maintainer="Shane Frasier" 3 | 4 | ARG DEBIAN_FRONTEND=noninteractive 5 | 6 | ENV pip_packages "ansible cryptography" 7 | 8 | # Install dependencies. 9 | RUN apt-get update \ 10 | && apt-get install -y --no-install-recommends \ 11 | build-essential \ 12 | iproute2 \ 13 | libffi-dev \ 14 | libssl-dev \ 15 | python3-apt \ 16 | python3-dev \ 17 | python3-pip \ 18 | python3-setuptools \ 19 | python3-wheel \ 20 | sudo \ 21 | systemd \ 22 | systemd-sysv \ 23 | wget \ 24 | && rm -rf /var/lib/apt/lists/* \ 25 | && rm -Rf /usr/share/doc && rm -Rf /usr/share/man \ 26 | && apt-get clean 27 | 28 | # Install Ansible via pip. 29 | RUN pip3 install --break-system-packages $pip_packages 30 | 31 | COPY initctl_faker . 32 | RUN chmod +x initctl_faker && rm -fr /sbin/initctl && ln -s /initctl_faker /sbin/initctl 33 | 34 | # Install Ansible inventory file. 35 | RUN mkdir -p /etc/ansible 36 | RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts 37 | 38 | # Make sure systemd doesn't start agettys on tty[1-6]. 39 | RUN rm -f /lib/systemd/system/multi-user.target.wants/getty.target 40 | 41 | VOLUME ["/sys/fs/cgroup"] 42 | CMD ["/lib/systemd/systemd"] 43 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 Jeff Geerling 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Kali (Rolling) Ansible Test Image # 2 | 3 | [![CI](https://github.com/cisagov/docker-kali-ansible/workflows/Build/badge.svg?branch=master&event=push)](https://github.com/cisagov/docker-kali-ansible/actions?query=workflow%3ABuild) [![Docker pulls](https://img.shields.io/docker/pulls/cisagov/docker-kali-ansible)](https://hub.docker.com/r/cisagov/docker-kali-ansible/) 4 | 5 | Kali Linux (Rolling) Docker container for Ansible playbook and role testing. 6 | 7 | ## Tags ## 8 | 9 | - `latest`: Latest stable version of Ansible, with Python 3.x. 10 | 11 | ## How to Build ## 12 | 13 | This image is built on Docker Hub automatically any time the upstream OS container is rebuilt, and any time a commit is made or merged to the `master` branch. But if you need to build the image on your own locally, do the following: 14 | 15 | 1. [Install Docker](https://docs.docker.com/engine/installation/). 16 | 2. `cd` into this directory. 17 | 3. Run `docker build --tag cisagov/docker-kali-ansible .` 18 | 19 | ## How to Use ## 20 | 21 | 1. [Install Docker](https://docs.docker.com/engine/installation/). 22 | 2. Pull this image from Docker Hub: `docker pull cisagov/docker-kali-ansible:latest` (or use the image you built earlier). 23 | 3. Run a container from the image: `docker run --detach --privileged --cgroupns=host --volume=/sys/fs/cgroup:/sys/fs/cgroup:rw cisagov/docker-kali-ansible:latest`. 24 | 4. Use Ansible inside the container: 25 | a. `docker exec --tty [container_id] env TERM=xterm ansible --version` 26 | b. `docker exec --tty [container_id] env TERM=xterm ansible-playbook /path/to/ansible/playbook.yml --syntax-check` 27 | 28 | ## Author Information ## 29 | 30 | Shane Frasier - 31 | 32 | Heavily based on 33 | [geerlingguy/docker-debian11-ansible](https://github.com/geerlingguy/docker-debian11-ansible) 34 | by [Jeff Geerling](https://www.jeffgeerling.com/) AKA 35 | [@geerlingguy](https://github.com/geerlingguy). 36 | -------------------------------------------------------------------------------- /initctl_faker: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | ALIAS_CMD="$(echo ""$0"" | sed -e 's?/sbin/??')" 3 | 4 | case "$ALIAS_CMD" in 5 | start|stop|restart|reload|status) 6 | exec service $1 $ALIAS_CMD 7 | ;; 8 | esac 9 | 10 | case "$1" in 11 | list ) 12 | exec service --status-all 13 | ;; 14 | reload-configuration ) 15 | exec service $2 restart 16 | ;; 17 | start|stop|restart|reload|status) 18 | exec service $2 $1 19 | ;; 20 | \?) 21 | exit 0 22 | ;; 23 | esac 24 | --------------------------------------------------------------------------------