AWXをPodmanで動かすメモ。

ansible/awx： AWX Project
https://github.com/ansible/awx

Podman v3.0からdocker-composeが使えるようになったのでAWXが動かせるはず、との予想から開始

動かした結果

Shion Tanaka 2021/02/12に更新

OSの用意

CentOS Streamを新規インストール
使用したイメージ
- CentOS-Stream-8-x86_64-20210209-dvd1.iso
デフォルトのサーバーGUIでインストール。特にカスタマイズなし。
OSと共にインストールされるPodmanのバージョンはv3.0.0-RC2
- パッケージリリース：0.33rc2.module_el8.4.0+673+eabfc99d

Shion Tanaka 2021/02/12に更新

Podman v3.0.0のインストール

2021/2/12時点ではまだCentOS Stream 8 - AppStreamにはv3.0.0のパッケージは無い。
公式サイトの手順を参考に、Coprでv3.0.0のパッケージをインストールする

Podman Installation

Installing development versions of Podmanの章にCentOS 7/CentOS 8/CentOS Streamでの導入方法が記載がある

導入済みPodmanのアンインストール

v3.0.0-RC2をアンインストール

# dnf remove podman
依存関係が解決しました。
============================================================================================================================================================================================================
 パッケージ                                     アーキテクチャー                     バージョン                                                              リポジトリー                             サイズ
============================================================================================================================================================================================================
削除中:
 podman                                         x86_64                               3.0.0-0.33rc2.module_el8.4.0+673+eabfc99d                               @AppStream                                46 M
依存関係パッケージの削除:
 cockpit-podman                                 noarch                               27.1-4.module_el8.4.0+673+eabfc99d                                      @AppStream                               3.7 M
未使用の依存関係の削除:
 conmon                                         x86_64                               2:2.0.25-1.module_el8.4.0+673+eabfc99d                                  @AppStream                               164 k
 podman-catatonit                               x86_64                               3.0.0-0.33rc2.module_el8.4.0+673+eabfc99d                               @AppStream                               760 k

トランザクションの概要
============================================================================================================================================================================================================
削除  4 パッケージ

Copr Repoの有効化

公式サイトの手順通り

sudo dnf -y module disable container-tools
sudo dnf -y install 'dnf-command(copr)'
sudo dnf -y copr enable rhcontainerbot/container-selinux
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:testing.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/testing/CentOS_8_Stream/devel:kubic:libcontainers:testing.repo
sudo dnf -y --refresh install podman

Copr Repoを使ってv3.0.0をインストール

# dnf install --refresh podman
CentOS Stream 8 - AppStream                                                                                                                                                 6.2 kB/s | 4.4 kB     00:00
CentOS Stream 8 - BaseOS                                                                                                                                                    6.0 kB/s | 3.9 kB     00:00
CentOS Stream 8 - Extras                                                                                                                                                    1.7 kB/s | 1.5 kB     00:00
Copr repo for container-selinux owned by rhcontainerbot                                                                                                                     5.8 kB/s | 3.3 kB     00:00
Testing Releases of Upstream github.com/containers packages (CentOS_8_Stream)                                                                                               2.1 kB/s | 1.7 kB     00:00
依存関係が解決しました。
============================================================================================================================================================================================================
 パッケージ                                              アーキテクチャー                   バージョン                                  リポジトリー                                                  サイズ
============================================================================================================================================================================================================
インストール:
 podman                                                  x86_64                             3.0.0-1.el8                                 devel_kubic_libcontainers_testing                              21 M
アップグレード:
 containernetworking-plugins                             x86_64                             0.9.1-2.el8                                 devel_kubic_libcontainers_testing                              36 M
 containers-common                                       noarch                             4:1-4.el8                                   devel_kubic_libcontainers_testing                              58 k
依存関係のインストール:
 conmon                                                  x86_64                             2:2.0.26-2.el8                              devel_kubic_libcontainers_testing                              49 k
 crun                                                    x86_64                             0.17-1.el8                                  devel_kubic_libcontainers_testing                             186 k
弱い依存関係のインストール:
 catatonit                                               x86_64                             0.1.5-1.el8                                 devel_kubic_libcontainers_testing                             290 k
 podman-plugins                                          x86_64                             3.0.0-1.el8                                 devel_kubic_libcontainers_testing                             2.5 M

トランザクションの概要
============================================================================================================================================================================================================
インストール    5 パッケージ
アップグレード  2 パッケージ

インストール後、バージョン確認

# podman version
Version:      3.0.0
API Version:  3.0.0
Go Version:   go1.15.7
Built:        Fri Feb 12 08:47:56 2021
OS/Arch:      linux/amd64

Shion Tanaka 2021/02/12

Podman API Socketの起動

パッケージの更新をしたので念の為リロード後、サービスを起動

# systemctl daemon-reload
# systemctl start podman.socket
# systemctl status podman.socket
● podman.socket - Podman API Socket
   Loaded: loaded (/usr/lib/systemd/system/podman.socket; disabled; vendor preset: disabled)
   Active: active (listening) since Fri 2021-02-12 18:11:50 JST; 2s ago
     Docs: man:podman-system-service(1)
   Listen: /run/podman/podman.sock (Stream)
   CGroup: /system.slice/podman.socket

 2月 12 18:11:50 centos-test systemd[1]: Listening on Podman API Socket.

Shion Tanaka 2021/02/12に更新

Ansibleのインストール

公式のインストール手順

CentOS Streamではdnf installではAnsibleはパッケージで入らない

# dnf install ansible
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.

メタデータの期限切れの最終確認: 0:22:32 時間前の 2021年02月12日 18時07分51秒 に実施しました。
一致した引数がありません: ansible
エラー: 一致するものが見つかりません: ansible

そのためpipでインストールを行う

pipでAnsibleのインストール

Pythonのバージョン確認

# python3 -V
Python 3.6.8

pipのバージョン確認

# pip3 -V
pip 9.0.3 from /usr/lib/python3.6/site-packages (python 3.6)

pipのバージョンが古いのでそのままAnsibleをインストールするとエラー

# pip3 install ansible
WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead.
Collecting ansible
  Downloading https://files.pythonhosted.org/packages/ba/22/7b58a8ba8e43159dc5cb32d97dd50e2b70b016585dbb188e9f2b61dac1e2/ansible-2.10.7.tar.gz (29.9MB)
    100% |████████████████████████████████| 29.9MB 59kB/s
Collecting ansible-base<2.11,>=2.10.5 (from ansible)
  Downloading https://files.pythonhosted.org/packages/bf/44/a75eec7928986a48e179769873f282496e007587e112c57d367c5e1abc1a/ansible-base-2.10.5.tar.gz (5.7MB)
    100% |████████████████████████████████| 5.7MB 298kB/s
Collecting jinja2 (from ansible-base<2.11,>=2.10.5->ansible)
  Downloading https://files.pythonhosted.org/packages/7e/c2/1eece8c95ddbc9b1aeb64f5783a9e07a286de42191b7204d67b7496ddf35/Jinja2-2.11.3-py2.py3-none-any.whl (125kB)
    100% |████████████████████████████████| 133kB 6.1MB/s
Requirement already satisfied: PyYAML in /usr/lib64/python3.6/site-packages (from ansible-base<2.11,>=2.10.5->ansible)
Collecting cryptography (from ansible-base<2.11,>=2.10.5->ansible)
  Downloading https://files.pythonhosted.org/packages/27/5a/007acee0243186123a55423d49cbb5c15cb02d76dd1b6a27659a894b13a2/cryptography-3.4.4.tar.gz (545kB)
    100% |████████████████████████████████| 552kB 2.7MB/s
    Complete output from command python setup.py egg_info:

            =============================DEBUG ASSISTANCE==========================
            If you are seeing an error here please try the following to
            successfully install cryptography:

            Upgrade to the latest pip and try again. This will fix errors for most
            users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip
            =============================DEBUG ASSISTANCE==========================

    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-d62fvkq8/cryptography/setup.py", line 14, in <module>
        from setuptools_rust import RustExtension
    ModuleNotFoundError: No module named 'setuptools_rust'

    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-d62fvkq8/cryptography/

pip自体のアップデート

# pip3 install -U pip
WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead.
Collecting pip
  Downloading https://files.pythonhosted.org/packages/fe/ef/60d7ba03b5c442309ef42e7d69959f73aacccd0d86008362a681c4698e83/pip-21.0.1-py3-none-any.whl (1.5MB)
    100% |████████████████████████████████| 1.5MB 1.1MB/s
Installing collected packages: pip
Successfully installed pip-21.0.1

再度、pipでAnsibleのインストール

# pip3 install ansible
WARNING: pip is being invoked by an old script wrapper. This will fail in a future version of pip.
Please see https://github.com/pypa/pip/issues/5599 for advice on fixing the underlying issue.
To avoid this problem you can invoke Python with '-m pip' instead of running pip directly.
Collecting ansible
  Using cached ansible-2.10.7.tar.gz (29.9 MB)
Collecting ansible-base<2.11,>=2.10.5
  Using cached ansible-base-2.10.5.tar.gz (5.7 MB)
Collecting jinja2
  Using cached Jinja2-2.11.3-py2.py3-none-any.whl (125 kB)
Requirement already satisfied: PyYAML in /usr/lib64/python3.6/site-packages (from ansible-base<2.11,>=2.10.5->ansible) (3.12)
Collecting cryptography
  Downloading cryptography-3.4.4-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)
     |████████████████████████████████| 3.2 MB 5.5 MB/s
Collecting packaging
  Downloading packaging-20.9-py2.py3-none-any.whl (40 kB)
     |████████████████████████████████| 40 kB 9.8 MB/s
Collecting cffi>=1.12
  Downloading cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl (401 kB)
     |████████████████████████████████| 401 kB 12.0 MB/s
Collecting pycparser
  Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)
     |████████████████████████████████| 112 kB 11.7 MB/s
Collecting MarkupSafe>=0.23
  Downloading MarkupSafe-1.1.1-cp36-cp36m-manylinux2010_x86_64.whl (32 kB)
Collecting pyparsing>=2.0.2
  Downloading pyparsing-2.4.7-py2.py3-none-any.whl (67 kB)
     |████████████████████████████████| 67 kB 9.8 MB/s
Using legacy 'setup.py install' for ansible, since package 'wheel' is not installed.
Using legacy 'setup.py install' for ansible-base, since package 'wheel' is not installed.
Installing collected packages: pycparser, pyparsing, MarkupSafe, cffi, packaging, jinja2, cryptography, ansible-base, ansible
    Running setup.py install for ansible-base ... done
    Running setup.py install for ansible ... done
Successfully installed MarkupSafe-1.1.1 ansible-2.10.7 ansible-base-2.10.5 cffi-1.14.5 cryptography-3.4.4 jinja2-2.11.3 packaging-20.9 pycparser-2.20 pyparsing-2.4.7

Ansibleのバージョン確認

# ansible --version
ansible 2.10.5
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.6.8 (default, Jan 27 2021, 01:17:18) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]

Shion Tanaka 2021/02/12に更新

docker-composeのインストール

Docker公式手順

pipでdocker-composeをインストールする

# pip3 install docker-compose
WARNING: pip is being invoked by an old script wrapper. This will fail in a future version of pip.
Please see https://github.com/pypa/pip/issues/5599 for advice on fixing the underlying issue.
To avoid this problem you can invoke Python with '-m pip' instead of running pip directly.
Collecting docker-compose
  Downloading docker_compose-1.28.2-py2.py3-none-any.whl (114 kB)
     |████████████████████████████████| 114 kB 5.6 MB/s
Collecting docker[ssh]<5,>=4.4.0
  Downloading docker-4.4.1-py2.py3-none-any.whl (146 kB)
     |████████████████████████████████| 146 kB 13.8 MB/s
Collecting websocket-client<1,>=0.32.0
  Downloading websocket_client-0.57.0-py2.py3-none-any.whl (200 kB)
     |████████████████████████████████| 200 kB 10.6 MB/s
Requirement already satisfied: PyYAML<6,>=3.10 in /usr/lib64/python3.6/site-packages (from docker-compose) (3.12)
Collecting python-dotenv<1,>=0.13.0
  Downloading python_dotenv-0.15.0-py2.py3-none-any.whl (18 kB)
Collecting cached-property<2,>=1.2.0
  Downloading cached_property-1.5.2-py2.py3-none-any.whl (7.6 kB)
Requirement already satisfied: requests<3,>=2.20.0 in /usr/lib/python3.6/site-packages (from docker-compose) (2.20.0)
Collecting docopt<1,>=0.6.1
  Downloading docopt-0.6.2.tar.gz (25 kB)
Collecting distro<2,>=1.5.0
  Downloading distro-1.5.0-py2.py3-none-any.whl (18 kB)
Collecting jsonschema<4,>=2.5.1
  Downloading jsonschema-3.2.0-py2.py3-none-any.whl (56 kB)
     |████████████████████████████████| 56 kB 10.1 MB/s
Collecting texttable<2,>=0.9.0
  Downloading texttable-1.6.3-py2.py3-none-any.whl (10 kB)
Collecting dockerpty<1,>=0.4.1
  Downloading dockerpty-0.4.1.tar.gz (13 kB)
Requirement already satisfied: six>=1.4.0 in /usr/lib/python3.6/site-packages (from docker[ssh]<5,>=4.4.0->docker-compose) (1.11.0)
Collecting paramiko>=2.4.2
  Downloading paramiko-2.7.2-py2.py3-none-any.whl (206 kB)
     |████████████████████████████████| 206 kB 8.8 MB/s
Collecting pyrsistent>=0.14.0
  Downloading pyrsistent-0.17.3.tar.gz (106 kB)
     |████████████████████████████████| 106 kB 12.5 MB/s
Collecting importlib-metadata
  Downloading importlib_metadata-3.4.0-py3-none-any.whl (10 kB)
Requirement already satisfied: setuptools in /usr/lib/python3.6/site-packages (from jsonschema<4,>=2.5.1->docker-compose) (39.2.0)
Collecting attrs>=17.4.0
  Downloading attrs-20.3.0-py2.py3-none-any.whl (49 kB)
     |████████████████████████████████| 49 kB 10.7 MB/s
Collecting pynacl>=1.0.1
  Downloading PyNaCl-1.4.0-cp35-abi3-manylinux1_x86_64.whl (961 kB)
     |████████████████████████████████| 961 kB 11.6 MB/s
Requirement already satisfied: cryptography>=2.5 in /usr/local/lib64/python3.6/site-packages (from paramiko>=2.4.2->docker[ssh]<5,>=4.4.0->docker-compose) (3.4.4)
Collecting bcrypt>=3.1.3
  Downloading bcrypt-3.2.0-cp36-abi3-manylinux2010_x86_64.whl (63 kB)
     |████████████████████████████████| 63 kB 7.7 MB/s
Requirement already satisfied: cffi>=1.1 in /usr/local/lib64/python3.6/site-packages (from bcrypt>=3.1.3->paramiko>=2.4.2->docker[ssh]<5,>=4.4.0->docker-compose) (1.14.5)
Requirement already satisfied: pycparser in /usr/local/lib/python3.6/site-packages (from cffi>=1.1->bcrypt>=3.1.3->paramiko>=2.4.2->docker[ssh]<5,>=4.4.0->docker-compose) (2.20)
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python3.6/site-packages (from requests<3,>=2.20.0->docker-compose) (3.0.4)
Requirement already satisfied: idna<2.8,>=2.5 in /usr/lib/python3.6/site-packages (from requests<3,>=2.20.0->docker-compose) (2.5)
Requirement already satisfied: urllib3<1.25,>=1.21.1 in /usr/lib/python3.6/site-packages (from requests<3,>=2.20.0->docker-compose) (1.24.2)
Collecting zipp>=0.5
  Downloading zipp-3.4.0-py3-none-any.whl (5.2 kB)
Collecting typing-extensions>=3.6.4
  Downloading typing_extensions-3.7.4.3-py3-none-any.whl (22 kB)
Using legacy 'setup.py install' for dockerpty, since package 'wheel' is not installed.
Using legacy 'setup.py install' for docopt, since package 'wheel' is not installed.
Using legacy 'setup.py install' for pyrsistent, since package 'wheel' is not installed.
Installing collected packages: zipp, websocket-client, typing-extensions, pynacl, bcrypt, pyrsistent, paramiko, importlib-metadata, docker, attrs, texttable, python-dotenv, jsonschema, docopt, dockerpty, distro, cached-property, docker-compose
    Running setup.py install for pyrsistent ... done
    Running setup.py install for docopt ... done
    Running setup.py install for dockerpty ... done
Successfully installed attrs-20.3.0 bcrypt-3.2.0 cached-property-1.5.2 distro-1.5.0 docker-4.4.1 docker-compose-1.28.2 dockerpty-0.4.1 docopt-0.6.2 importlib-metadata-3.4.0 jsonschema-3.2.0 paramiko-2.7.2 pynacl-1.4.0 pyrsistent-0.17.3 python-dotenv-0.15.0 texttable-1.6.3 typing-extensions-3.7.4.3 websocket-client-0.57.0 zipp-3.4.0

docker-composeのバージョン確認

# docker-compose version
docker-compose version 1.28.2, build unknown
docker-py version: 4.4.1
CPython version: 3.6.8
OpenSSL version: OpenSSL 1.1.1g FIPS  21 Apr 2020

Shion Tanaka 2021/02/12に更新

podman-dockerコマンドのインストール

docker-composeがdockerコマンドを呼び出すため、ラッパースクリプトのpodman-dockerをインストール

# dnf install podman-docker
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.

メタデータの期限切れの最終確認: 3:41:16 時間前の 2021年02月12日 18時07分51秒 に実施しました。
依存関係が解決しました。
============================================================================================================================================================================================================
 パッケージ                                    アーキテクチャー                       バージョン                                    リポジトリー                                                      サイズ
============================================================================================================================================================================================================
インストール:
 podman-docker                                 noarch                                 3.0.0-1.el8                                   devel_kubic_libcontainers_testing                                 170 k

トランザクションの概要
============================================================================================================================================================================================================
インストール  1 パッケージ

ダウンロードサイズの合計: 170 k
インストール後のサイズ: 5.6 k
これでよろしいですか? [y/N]: y
パッケージのダウンロード:
podman-docker-3.0.0-1.el8.noarch.rpm                                                                                                                                         57 kB/s | 170 kB     00:02
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
合計                                                                                                                                                                         57 kB/s | 170 kB     00:02
トランザクションの確認を実行中
トランザクションの確認に成功しました。
トランザクションのテストを実行中
トランザクションのテストに成功しました。
トランザクションを実行中
  準備             :                                                                                                                                                                                    1/1
  インストール中   : podman-docker-3.0.0-1.el8.noarch                                                                                                                                                   1/1
  scriptletの実行中: podman-docker-3.0.0-1.el8.noarch                                                                                                                                                   1/1
  検証             : podman-docker-3.0.0-1.el8.noarch                                                                                                                                                   1/1
Installed products updated.

インストール済み:
  podman-docker-3.0.0-1.el8.noarch

完了しました!

コマンド実行の確認

# docker version
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Version:      3.0.0
API Version:  3.0.0
Go Version:   go1.15.7
Built:        Fri Feb 12 08:47:56 2021
OS/Arch:      linux/amd64

Shion Tanaka 2021/02/12に更新

Podman System Serviceの起動

# systemctl start podman.socket

サービスの確認

# systemctl status podman.socket
● podman.socket - Podman API Socket
   Loaded: loaded (/usr/lib/systemd/system/podman.socket; disabled; vendor preset: disabled)
   Active: active (listening) since Fri 2021-02-12 22:12:05 JST; 10s ago
     Docs: man:podman-system-service(1)
   Listen: /run/podman/podman.sock (Stream)
   CGroup: /system.slice/podman.socket

 2月 12 22:12:05 centos-test systemd[1]: Listening on Podman API Socket.

Shion Tanaka 2021/02/19に更新

AWXのインストール

gitを使うので先にgitをインストール

# dnf install git

AWXリポジトリをGitクローン

# git clone -b 17.0.1 https://github.com/ansible/awx.git

inventryファイルのadmin_passwordのコメントアウトを外し値をセット

# cd awx/installer/
# vi inventory

inventry

# admin_password=password

↓

inventry

admin_password=password

Playbookの実行

# ansible-playbook -i inventory install.yml

Shion Tanaka 2021/02/20に更新

Podman v3.0.0リリース版でdocker-composeが実行できない

:::
Podman v3.0.1ではdocker-composeが起動できない不具合が修正されています
:::

プレイブックを実行するもエラー発生。下記のタスクで止まる。
TASK [local_docker : Run migrations in task container]

# ansible-playbook -vvv -i inventory install.yml
~省略~
TASK [local_docker : Run migrations in task container] *****************************************************************************************************************************************************
task path: /root/DEV/awx/installer/roles/local_docker/tasks/compose.yml:45
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c 'echo ~root && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1613167769.442079-185244-161102983095298 `" && echo ansible-tmp-1613167769.442079-185244-161102983095298="` echo /root/.ansible/tmp/ansible-tmp-1613167769.442079-185244-161102983095298 `" ) && sleep 0'
Using module file /usr/local/lib/python3.6/site-packages/ansible/modules/command.py
<localhost> PUT /root/.ansible/tmp/ansible-local-184375e8_ibv6z/tmpa_wnv_i8 TO /root/.ansible/tmp/ansible-tmp-1613167769.442079-185244-161102983095298/AnsiballZ_command.py
<localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1613167769.442079-185244-161102983095298/ /root/.ansible/tmp/ansible-tmp-1613167769.442079-185244-161102983095298/AnsiballZ_command.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/env python3 /root/.ansible/tmp/ansible-tmp-1613167769.442079-185244-161102983095298/AnsiballZ_command.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1613167769.442079-185244-161102983095298/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
    "changed": true,
    "cmd": "docker-compose run --rm --service-ports task awx-manage migrate --no-input",
    "delta": "0:00:01.078452",
    "end": "2021-02-13 07:09:30.641002",
    "invocation": {
        "module_args": {
            "_raw_params": "docker-compose run --rm --service-ports task awx-manage migrate --no-input",
            "_uses_shell": true,
            "argv": null,
            "chdir": "/root/.awx/awxcompose",
            "creates": null,
            "executable": null,
            "removes": null,
            "stdin": null,
            "stdin_add_newline": true,
            "strip_empty_ends": true,
            "warn": true
        }
    },
    "msg": "non-zero return code",
    "rc": 1,
    "start": "2021-02-13 07:09:29.562550",
    "stderr": "Creating awx_postgres ... \r\nCreating awx_redis    ... \r\nCreating awx_redis    ... done\r\nCreating awx_postgres ... done\r\nCreating awx_web      ... \r\nCreating awx_web      ... error\r\n\nERROR: for awx_web  Cannot start service web: error streaming container content for copy up into volume 8fe2772daae71c7a6427be4d9062d1c150488f0d60a99c32495027c5258d462e: copier: get: globs [/nginx] matched nothing (0 filtered out): no such file or directory\n\nERROR: for web  Cannot start service web: error streaming container content for copy up into volume 8fe2772daae71c7a6427be4d9062d1c150488f0d60a99c32495027c5258d462e: copier: get: globs [/nginx] matched nothing (0 filtered out): no such file or directory\nEncountered errors while bringing up the project.",
    "stderr_lines": [
        "Creating awx_postgres ... ",
        "Creating awx_redis    ... ",
        "Creating awx_redis    ... done",
        "Creating awx_postgres ... done",
        "Creating awx_web      ... ",
        "Creating awx_web      ... error",
        "",
        "ERROR: for awx_web  Cannot start service web: error streaming container content for copy up into volume 8fe2772daae71c7a6427be4d9062d1c150488f0d60a99c32495027c5258d462e: copier: get: globs [/nginx] matched nothing (0 filtered out): no such file or directory",
        "",
        "ERROR: for web  Cannot start service web: error streaming container content for copy up into volume 8fe2772daae71c7a6427be4d9062d1c150488f0d60a99c32495027c5258d462e: copier: get: globs [/nginx] matched nothing (0 filtered out): no such file or directory",
        "Encountered errors while bringing up the project."
    ],
    "stdout": "",
    "stdout_lines": []
}

PLAY RECAP *************************************************************************************************************************************************************************************************
localhost                  : ok=15   changed=3    unreachable=0    failed=1    skipped=72   rescued=0    ignored=1

クリーンナップして`docker-compose up` を直接実行するもエラー

# podman stop --all && podman rm --all
# podman ps -a
CONTAINER ID  IMAGE   COMMAND  CREATED  STATUS  PORTS   NAMES
# cd /root/.awx/awxcompose/
# docker-compose up
Building with native build. Learn about native build in Compose here: https://docs.docker.com/go/compose-native-build/
Creating awx_postgres ... done
Creating awx_redis    ... done
Creating awx_web      ... error

ERROR: for awx_web  error preparing container 6f6644925b7b79f59434371cd9277cb467da6f519c138c0ecc1cec3666891d61 for attach: error streaming container content for copy up into volume dd7653b5fa5472f3a8c5272626e9356847687a0d47c48ba306a29c0bb1c08a18: copier: get: globs [/nginx] matched nothing (0 filtered out): no such file or directory

ERROR: for web  error preparing container 6f6644925b7b79f59434371cd9277cb467da6f519c138c0ecc1cec3666891d61 for attach: error streaming container content for copy up into volume dd7653b5fa5472f3a8c5272626e9356847687a0d47c48ba306a29c0bb1c08a18: copier: get: globs [/nginx] matched nothing (0 filtered out): no such file or directory
ERROR: Encountered errors while bringing up the project.
# podman ps -a
CONTAINER ID  IMAGE                           COMMAND               CREATED             STATUS                 PORTS                 NAMES
3f4aa66a5483  docker.io/library/redis:latest  /usr/local/etc/re...  About a minute ago  Up About a minute ago                        awx_redis
1afbf240d703  docker.io/library/postgres:12   postgres              About a minute ago  Up About a minute ago                        awx_postgres
6f6644925b7b  docker.io/ansible/awx:17.0.1    /bin/sh -c /usr/b...  About a minute ago  Created                0.0.0.0:80->8052/tcp  awx_web

Podman v3.0.0-RC2に戻した環境では実行できている

v3.0.0リリース版の不具合と想定

# podman ps -a
CONTAINER ID  IMAGE                           COMMAND               CREATED      STATUS          PORTS                 NAMES
91f5bfec500b  docker.io/library/redis:latest  /usr/local/etc/re...  8 hours ago  Up 8 hours ago                        awx_redis
03267a15ee04  docker.io/library/postgres:12   postgres              8 hours ago  Up 8 hours ago                        awx_postgres
db5d063e9184  docker.io/ansible/awx:17.0.1    /bin/sh -c /usr/b...  8 hours ago  Up 8 hours ago  0.0.0.0:80->8052/tcp  awx_web
19ca639b96fe  docker.io/ansible/awx:17.0.1    /usr/bin/launch_a...  8 hours ago  Up 8 hours ago                        awx_task
# podman version
Version:      3.0.0-dev
API Version:  3.0.0
Go Version:   go1.15.7
Built:        Wed Feb  3 07:06:33 2021
OS/Arch:      linux/amd64
# rpm -qa|grep podman
podman-plugins-3.0.0-0.33rc2.module_el8.4.0+673+eabfc99d.x86_64
podman-3.0.0-0.33rc2.module_el8.4.0+673+eabfc99d.x86_64
podman-docker-3.0.0-0.33rc2.module_el8.4.0+673+eabfc99d.noarch
podman-catatonit-3.0.0-0.33rc2.module_el8.4.0+673+eabfc99d.x86_64

Shion Tanaka 2021/02/20に更新

rootlessモードではdocker-compose できない

GitHub上でもまだ未解決

DOCKER_HOSTにpodman.sockを指定

$ export DOCKER_HOST=unix:/run/user/1000/podman/podman.sock

docker-compose upの実行（エラー）

$ docker-compose up
Building with native build. Learn about native build in Compose here: https://docs.docker.com/go/compose-native-build/
Creating volume "awxcompose_supervisor-socket" with default driver
Creating volume "awxcompose_rsyslog-socket" with default driver
Creating volume "awxcompose_rsyslog-config" with default driver
Pulling redis (redis:)...
eb0ab2d55fdfc3ba4226348749a2f34af13a280a44c8045aefd9506fe064b297: pulling image () from docker.io/library/redis:latest 
Pulling postgres (postgres:12)...
85f1c84fe3074b5849114b806bc303a880e8acd2579d577b152054ff165390ef: pulling image () from docker.io/library/postgres:12 
Pulling web (ansible/awx:17.0.1)...
44187ed3a96753c5e03445af6cbb742eeb4024e9265e748ef6748800fd0854d0: pulling image () from docker.io/ansible/awx:17.0.1 
Creating awx_redis    ... error
Creating awx_postgres ... 

Creating awx_postgres ... error

ERROR: for awx_postgres  network connect is not enabled for rootless containers

ERROR: for redis  network connect is not enabled for rootless containers

ERROR: for postgres  network connect is not enabled for rootless containers
ERROR: Encountered errors while bringing up the project.

Shion Tanaka 2021/02/20

Podman v3.0.1でdocker-composeが起動できない不具合が修正

Shion Tanaka 2021/02/20に更新

Playbook実行時のエラー："PermissionError: [Errno 13] Permission denied: '/etc/tower/conf.d/credentials.py'"

原因

Playbook実行後、.awx/awxcompose/ 配下に作成されるファイルのSELinuxコンテキストが適切でない

コンフィング作成後の権限

# ls -lZ ~/.awx/awxcompose/
合計 24
-rw-------. 1 root root system_u:object_r:admin_home_t:s0            9  2月 20 07:36 SECRET_KEY
-rw-------. 1 root root system_u:object_r:admin_home_t:s0          457  2月 20 07:36 credentials.py
-rw-------. 1 root root system_u:object_r:admin_home_t:s0         2349  2月 20 07:36 docker-compose.yml
-rw-------. 1 root root system_u:object_r:admin_home_t:s0          153  2月 20 07:36 environment.sh
-rw-------. 1 root root system_u:object_r:admin_home_t:s0         2961  2月 20 07:36 nginx.conf
-rw-rw-r--. 1 root root system_u:object_r:admin_home_t:s0           78  2月 20 07:36 redis.conf
drwxrwxrwx. 2 root root unconfined_u:object_r:container_file_t:s0    6  2月 20 07:36 redis_socket

対処

SELinuxコンテキストを変更する

# chcon -Rt container_file_t ~/.awx/
# ls -lZ ~/.awx/awxcompose/
合計 24
-rw-------. 1 root root system_u:object_r:container_file_t:s0        9  2月 20 07:36 SECRET_KEY
-rw-------. 1 root root system_u:object_r:container_file_t:s0      457  2月 20 07:36 credentials.py
-rw-------. 1 root root system_u:object_r:container_file_t:s0     2349  2月 20 07:36 docker-compose.yml
-rw-------. 1 root root system_u:object_r:container_file_t:s0      153  2月 20 07:36 environment.sh
-rw-------. 1 root root system_u:object_r:container_file_t:s0     2961  2月 20 07:36 nginx.conf
-rw-rw-r--. 1 root root system_u:object_r:container_file_t:s0       78  2月 20 07:36 redis.conf
drwxrwxrwx. 2 root root unconfined_u:object_r:container_file_t:s0   24  2月 20 09:05 redis_socket

エラーログ

TASK [local_docker : Run migrations in task container] *****************************************************************************************************************************************************
task path: /root/DEV/awx/installer/roles/local_docker/tasks/compose.yml:45
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c 'echo ~root && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1613774213.9207056-48697-219489850661127 `" && echo ansible-tmp-1613774213.9207056-48697-219489850661127="` echo /root/.ansible/tmp/ansible-tmp-1613774213.9207056-48697-219489850661127 `" ) && sleep 0'
Using module file /usr/local/lib/python3.6/site-packages/ansible/modules/command.py
<localhost> PUT /root/.ansible/tmp/ansible-local-47828zrk8fiw6/tmpdw4aw03v TO /root/.ansible/tmp/ansible-tmp-1613774213.9207056-48697-219489850661127/AnsiballZ_command.py
<localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1613774213.9207056-48697-219489850661127/ /root/.ansible/tmp/ansible-tmp-1613774213.9207056-48697-219489850661127/AnsiballZ_command.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/env python3 /root/.ansible/tmp/ansible-tmp-1613774213.9207056-48697-219489850661127/AnsiballZ_command.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1613774213.9207056-48697-219489850661127/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
    "changed": true,
    "cmd": "docker-compose run --rm --service-ports task awx-manage migrate --no-input",
    "delta": "0:00:02.846475",
    "end": "2021-02-20 07:36:56.905876",
    "invocation": {
        "module_args": {
            "_raw_params": "docker-compose run --rm --service-ports task awx-manage migrate --no-input",
            "_uses_shell": true,
            "argv": null,
            "chdir": "/root/.awx/awxcompose",
            "creates": null,
            "executable": null,
            "removes": null,
            "stdin": null,
            "stdin_add_newline": true,
            "strip_empty_ends": true,
            "warn": true
        }
    },
    "msg": "non-zero return code",
    "rc": 1,
    "start": "2021-02-20 07:36:54.059401",
    "stderr": "Creating awx_postgres ... \r\nCreating awx_redis    ... \r\nCreating awx_postgres ... done\r\nCreating awx_redis    ... done\r\nCreating awx_web      ... \r\nCreating awx_web      ... done\r\nCreating awxcompose_task_run ... \r\nCreating awxcompose_task_run ... done\r\nEmulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.\nTraceback (most recent call last):\n  File \"/usr/bin/awx-manage\", line 8, in <module>\n    sys.exit(manage())\n  File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/__init__.py\", line 138, in manage\n    prepare_env()\n  File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/__init__.py\", line 97, in prepare_env\n    if not settings.DEBUG: # pragma: no cover\n  File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/django/conf/__init__.py\", line 79, in __getattr__\n    self._setup(name)\n  File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/django/conf/__init__.py\", line 66, in _setup\n    self._wrapped = Settings(settings_module)\n  File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/django/conf/__init__.py\", line 157, in __init__\n    mod = importlib.import_module(self.SETTINGS_MODULE)\n  File \"/var/lib/awx/venv/awx/lib64/python3.6/importlib/__init__.py\", line 126, in import_module\n    return _bootstrap._gcd_import(name[level:], package, level)\n  File \"<frozen importlib._bootstrap>\", line 994, in _gcd_import\n  File \"<frozen importlib._bootstrap>\", line 971, in _find_and_load\n  File \"<frozen importlib._bootstrap>\", line 955, in _find_and_load_unlocked\n  File \"<frozen importlib._bootstrap>\", line 665, in _load_unlocked\n  File \"<frozen importlib._bootstrap_external>\", line 678, in exec_module\n  File \"<frozen importlib._bootstrap>\", line 219, in _call_with_frames_removed\n  File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/settings/production.py\", line 66, in <module>\n    include(settings_file, optional(settings_files), scope=locals())\n  File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/split_settings/tools.py\", line 103, in include\n    with open(included_file, 'rb') as to_compile:\nPermissionError: [Errno 13] Permission denied: '/etc/tower/conf.d/credentials.py'\n1",
    "stderr_lines": [
        "Creating awx_postgres ... ",
        "Creating awx_redis    ... ",
        "Creating awx_postgres ... done",
        "Creating awx_redis    ... done",
        "Creating awx_web      ... ",
        "Creating awx_web      ... done",
        "Creating awxcompose_task_run ... ",
        "Creating awxcompose_task_run ... done",
        "Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.",
        "Traceback (most recent call last):",
        "  File \"/usr/bin/awx-manage\", line 8, in <module>",
        "    sys.exit(manage())",
        "  File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/__init__.py\", line 138, in manage",
        "    prepare_env()",
        "  File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/__init__.py\", line 97, in prepare_env",
        "    if not settings.DEBUG: # pragma: no cover",
        "  File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/django/conf/__init__.py\", line 79, in __getattr__",
        "    self._setup(name)",
        "  File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/django/conf/__init__.py\", line 66, in _setup",
        "    self._wrapped = Settings(settings_module)",
        "  File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/django/conf/__init__.py\", line 157, in __init__",
        "    mod = importlib.import_module(self.SETTINGS_MODULE)",
        "  File \"/var/lib/awx/venv/awx/lib64/python3.6/importlib/__init__.py\", line 126, in import_module",
        "    return _bootstrap._gcd_import(name[level:], package, level)",
        "  File \"<frozen importlib._bootstrap>\", line 994, in _gcd_import",
        "  File \"<frozen importlib._bootstrap>\", line 971, in _find_and_load",
        "  File \"<frozen importlib._bootstrap>\", line 955, in _find_and_load_unlocked",
        "  File \"<frozen importlib._bootstrap>\", line 665, in _load_unlocked",
        "  File \"<frozen importlib._bootstrap_external>\", line 678, in exec_module",
        "  File \"<frozen importlib._bootstrap>\", line 219, in _call_with_frames_removed",
        "  File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/settings/production.py\", line 66, in <module>",
        "    include(settings_file, optional(settings_files), scope=locals())",
        "  File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/split_settings/tools.py\", line 103, in include",
        "    with open(included_file, 'rb') as to_compile:",
        "PermissionError: [Errno 13] Permission denied: '/etc/tower/conf.d/credentials.py'",
        "1"
    ],
    "stdout": "",
    "stdout_lines": []
}

PLAY RECAP *************************************************************************************************************************************************************************************************
localhost                  : ok=15   changed=6    unreachable=0    failed=1    skipped=72   rescued=0    ignored=1

AWXをPodmanで動かすメモ。

動かした結果

OSの用意

Podman v3.0.0のインストール

導入済みPodmanのアンインストール

Copr Repoの有効化

Copr Repoを使ってv3.0.0をインストール

インストール後、バージョン確認

Podman API Socketの起動

Ansibleのインストール

pipでAnsibleのインストール

docker-composeのインストール

podman-dockerコマンドのインストール

Podman System Serviceの起動

AWXのインストール

Podman v3.0.0リリース版でdocker-composeが実行できない

クリーンナップしてdocker-compose up を直接実行するもエラー

Podman v3.0.0-RC2に戻した環境では実行できている

rootlessモードではdocker-compose できない

Podman v3.0.1でdocker-composeが起動できない不具合が修正

Playbook実行時のエラー："PermissionError: [Errno 13] Permission denied: '/etc/tower/conf.d/credentials.py'"

原因

対処

エラーログ

クリーンナップして`docker-compose up` を直接実行するもエラー