Open13
AWX on Podman
Shion TanakaAWXをPodmanで動かすメモ。
ansible/awx: AWX Project
Podman v3.0からdocker-composeが使えるようになったのでAWXが動かせるはず、との予想から開始
動かした結果
Shion TanakaOSの用意
- CentOS Streamを新規インストール
- 使用したイメージ
- CentOS-Stream-8-x86_64-20210209-dvd1.iso
- デフォルトのサーバーGUIでインストール。特にカスタマイズなし。
- OSと共にインストールされるPodmanのバージョンはv3.0.0-RC2
- パッケージリリース:0.33rc2.module_el8.4.0+673+eabfc99d
Shion TanakaPodman v3.0.0のインストール
2021/2/12時点ではまだCentOS Stream 8 - AppStreamにはv3.0.0のパッケージは無い。
公式サイトの手順を参考に、Coprでv3.0.0のパッケージをインストールする
Podman Installation
Installing development versions of Podmanの章にCentOS 7/CentOS 8/CentOS Streamでの導入方法が記載がある
導入済みPodmanのアンインストール
v3.0.0-RC2をアンインストール
# dnf remove podman
依存関係が解決しました。
============================================================================================================================================================================================================
パッケージ アーキテクチャー バージョン リポジトリー サイズ
============================================================================================================================================================================================================
削除中:
podman x86_64 3.0.0-0.33rc2.module_el8.4.0+673+eabfc99d @AppStream 46 M
依存関係パッケージの削除:
cockpit-podman noarch 27.1-4.module_el8.4.0+673+eabfc99d @AppStream 3.7 M
未使用の依存関係の削除:
conmon x86_64 2:2.0.25-1.module_el8.4.0+673+eabfc99d @AppStream 164 k
podman-catatonit x86_64 3.0.0-0.33rc2.module_el8.4.0+673+eabfc99d @AppStream 760 k
トランザクションの概要
============================================================================================================================================================================================================
削除 4 パッケージ
Copr Repoの有効化
公式サイトの手順通り
sudo dnf -y module disable container-tools
sudo dnf -y install 'dnf-command(copr)'
sudo dnf -y copr enable rhcontainerbot/container-selinux
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:testing.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/testing/CentOS_8_Stream/devel:kubic:libcontainers:testing.repo
sudo dnf -y --refresh install podman
Copr Repoを使ってv3.0.0をインストール
# dnf install --refresh podman
CentOS Stream 8 - AppStream 6.2 kB/s | 4.4 kB 00:00
CentOS Stream 8 - BaseOS 6.0 kB/s | 3.9 kB 00:00
CentOS Stream 8 - Extras 1.7 kB/s | 1.5 kB 00:00
Copr repo for container-selinux owned by rhcontainerbot 5.8 kB/s | 3.3 kB 00:00
Testing Releases of Upstream github.com/containers packages (CentOS_8_Stream) 2.1 kB/s | 1.7 kB 00:00
依存関係が解決しました。
============================================================================================================================================================================================================
パッケージ アーキテクチャー バージョン リポジトリー サイズ
============================================================================================================================================================================================================
インストール:
podman x86_64 3.0.0-1.el8 devel_kubic_libcontainers_testing 21 M
アップグレード:
containernetworking-plugins x86_64 0.9.1-2.el8 devel_kubic_libcontainers_testing 36 M
containers-common noarch 4:1-4.el8 devel_kubic_libcontainers_testing 58 k
依存関係のインストール:
conmon x86_64 2:2.0.26-2.el8 devel_kubic_libcontainers_testing 49 k
crun x86_64 0.17-1.el8 devel_kubic_libcontainers_testing 186 k
弱い依存関係のインストール:
catatonit x86_64 0.1.5-1.el8 devel_kubic_libcontainers_testing 290 k
podman-plugins x86_64 3.0.0-1.el8 devel_kubic_libcontainers_testing 2.5 M
トランザクションの概要
============================================================================================================================================================================================================
インストール 5 パッケージ
アップグレード 2 パッケージ
インストール後、バージョン確認
# podman version
Version: 3.0.0
API Version: 3.0.0
Go Version: go1.15.7
Built: Fri Feb 12 08:47:56 2021
OS/Arch: linux/amd64
Podman API Socketの起動
パッケージの更新をしたので念の為リロード後、サービスを起動
# systemctl daemon-reload
# systemctl start podman.socket
# systemctl status podman.socket
● podman.socket - Podman API Socket
Loaded: loaded (/usr/lib/systemd/system/podman.socket; disabled; vendor preset: disabled)
Active: active (listening) since Fri 2021-02-12 18:11:50 JST; 2s ago
Docs: man:podman-system-service(1)
Listen: /run/podman/podman.sock (Stream)
CGroup: /system.slice/podman.socket
2月 12 18:11:50 centos-test systemd[1]: Listening on Podman API Socket.
Ansibleのインストール
公式のインストール手順
CentOS Streamではdnf installではAnsibleはパッケージで入らない
# dnf install ansible
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
メタデータの期限切れの最終確認: 0:22:32 時間前の 2021年02月12日 18時07分51秒 に実施しました。
一致した引数がありません: ansible
エラー: 一致するものが見つかりません: ansible
そのためpipでインストールを行う
pipでAnsibleのインストール
Pythonのバージョン確認
# python3 -V
Python 3.6.8
pipのバージョン確認
# pip3 -V
pip 9.0.3 from /usr/lib/python3.6/site-packages (python 3.6)
pipのバージョンが古いのでそのままAnsibleをインストールするとエラー
# pip3 install ansible
WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead.
Collecting ansible
Downloading https://files.pythonhosted.org/packages/ba/22/7b58a8ba8e43159dc5cb32d97dd50e2b70b016585dbb188e9f2b61dac1e2/ansible-2.10.7.tar.gz (29.9MB)
100% |████████████████████████████████| 29.9MB 59kB/s
Collecting ansible-base<2.11,>=2.10.5 (from ansible)
Downloading https://files.pythonhosted.org/packages/bf/44/a75eec7928986a48e179769873f282496e007587e112c57d367c5e1abc1a/ansible-base-2.10.5.tar.gz (5.7MB)
100% |████████████████████████████████| 5.7MB 298kB/s
Collecting jinja2 (from ansible-base<2.11,>=2.10.5->ansible)
Downloading https://files.pythonhosted.org/packages/7e/c2/1eece8c95ddbc9b1aeb64f5783a9e07a286de42191b7204d67b7496ddf35/Jinja2-2.11.3-py2.py3-none-any.whl (125kB)
100% |████████████████████████████████| 133kB 6.1MB/s
Requirement already satisfied: PyYAML in /usr/lib64/python3.6/site-packages (from ansible-base<2.11,>=2.10.5->ansible)
Collecting cryptography (from ansible-base<2.11,>=2.10.5->ansible)
Downloading https://files.pythonhosted.org/packages/27/5a/007acee0243186123a55423d49cbb5c15cb02d76dd1b6a27659a894b13a2/cryptography-3.4.4.tar.gz (545kB)
100% |████████████████████████████████| 552kB 2.7MB/s
Complete output from command python setup.py egg_info:
=============================DEBUG ASSISTANCE==========================
If you are seeing an error here please try the following to
successfully install cryptography:
Upgrade to the latest pip and try again. This will fix errors for most
users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip
=============================DEBUG ASSISTANCE==========================
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/tmp/pip-build-d62fvkq8/cryptography/setup.py", line 14, in <module>
from setuptools_rust import RustExtension
ModuleNotFoundError: No module named 'setuptools_rust'
----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-d62fvkq8/cryptography/
pip自体のアップデート
# pip3 install -U pip
WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead.
Collecting pip
Downloading https://files.pythonhosted.org/packages/fe/ef/60d7ba03b5c442309ef42e7d69959f73aacccd0d86008362a681c4698e83/pip-21.0.1-py3-none-any.whl (1.5MB)
100% |████████████████████████████████| 1.5MB 1.1MB/s
Installing collected packages: pip
Successfully installed pip-21.0.1
再度、pipでAnsibleのインストール
# pip3 install ansible
WARNING: pip is being invoked by an old script wrapper. This will fail in a future version of pip.
Please see https://github.com/pypa/pip/issues/5599 for advice on fixing the underlying issue.
To avoid this problem you can invoke Python with '-m pip' instead of running pip directly.
Collecting ansible
Using cached ansible-2.10.7.tar.gz (29.9 MB)
Collecting ansible-base<2.11,>=2.10.5
Using cached ansible-base-2.10.5.tar.gz (5.7 MB)
Collecting jinja2
Using cached Jinja2-2.11.3-py2.py3-none-any.whl (125 kB)
Requirement already satisfied: PyYAML in /usr/lib64/python3.6/site-packages (from ansible-base<2.11,>=2.10.5->ansible) (3.12)
Collecting cryptography
Downloading cryptography-3.4.4-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)
|████████████████████████████████| 3.2 MB 5.5 MB/s
Collecting packaging
Downloading packaging-20.9-py2.py3-none-any.whl (40 kB)
|████████████████████████████████| 40 kB 9.8 MB/s
Collecting cffi>=1.12
Downloading cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl (401 kB)
|████████████████████████████████| 401 kB 12.0 MB/s
Collecting pycparser
Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)
|████████████████████████████████| 112 kB 11.7 MB/s
Collecting MarkupSafe>=0.23
Downloading MarkupSafe-1.1.1-cp36-cp36m-manylinux2010_x86_64.whl (32 kB)
Collecting pyparsing>=2.0.2
Downloading pyparsing-2.4.7-py2.py3-none-any.whl (67 kB)
|████████████████████████████████| 67 kB 9.8 MB/s
Using legacy 'setup.py install' for ansible, since package 'wheel' is not installed.
Using legacy 'setup.py install' for ansible-base, since package 'wheel' is not installed.
Installing collected packages: pycparser, pyparsing, MarkupSafe, cffi, packaging, jinja2, cryptography, ansible-base, ansible
Running setup.py install for ansible-base ... done
Running setup.py install for ansible ... done
Successfully installed MarkupSafe-1.1.1 ansible-2.10.7 ansible-base-2.10.5 cffi-1.14.5 cryptography-3.4.4 jinja2-2.11.3 packaging-20.9 pycparser-2.20 pyparsing-2.4.7
Ansibleのバージョン確認
# ansible --version
ansible 2.10.5
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 3.6.8 (default, Jan 27 2021, 01:17:18) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]
docker-composeのインストール
Docker公式手順
pipでdocker-composeをインストールする
# pip3 install docker-compose
WARNING: pip is being invoked by an old script wrapper. This will fail in a future version of pip.
Please see https://github.com/pypa/pip/issues/5599 for advice on fixing the underlying issue.
To avoid this problem you can invoke Python with '-m pip' instead of running pip directly.
Collecting docker-compose
Downloading docker_compose-1.28.2-py2.py3-none-any.whl (114 kB)
|████████████████████████████████| 114 kB 5.6 MB/s
Collecting docker[ssh]<5,>=4.4.0
Downloading docker-4.4.1-py2.py3-none-any.whl (146 kB)
|████████████████████████████████| 146 kB 13.8 MB/s
Collecting websocket-client<1,>=0.32.0
Downloading websocket_client-0.57.0-py2.py3-none-any.whl (200 kB)
|████████████████████████████████| 200 kB 10.6 MB/s
Requirement already satisfied: PyYAML<6,>=3.10 in /usr/lib64/python3.6/site-packages (from docker-compose) (3.12)
Collecting python-dotenv<1,>=0.13.0
Downloading python_dotenv-0.15.0-py2.py3-none-any.whl (18 kB)
Collecting cached-property<2,>=1.2.0
Downloading cached_property-1.5.2-py2.py3-none-any.whl (7.6 kB)
Requirement already satisfied: requests<3,>=2.20.0 in /usr/lib/python3.6/site-packages (from docker-compose) (2.20.0)
Collecting docopt<1,>=0.6.1
Downloading docopt-0.6.2.tar.gz (25 kB)
Collecting distro<2,>=1.5.0
Downloading distro-1.5.0-py2.py3-none-any.whl (18 kB)
Collecting jsonschema<4,>=2.5.1
Downloading jsonschema-3.2.0-py2.py3-none-any.whl (56 kB)
|████████████████████████████████| 56 kB 10.1 MB/s
Collecting texttable<2,>=0.9.0
Downloading texttable-1.6.3-py2.py3-none-any.whl (10 kB)
Collecting dockerpty<1,>=0.4.1
Downloading dockerpty-0.4.1.tar.gz (13 kB)
Requirement already satisfied: six>=1.4.0 in /usr/lib/python3.6/site-packages (from docker[ssh]<5,>=4.4.0->docker-compose) (1.11.0)
Collecting paramiko>=2.4.2
Downloading paramiko-2.7.2-py2.py3-none-any.whl (206 kB)
|████████████████████████████████| 206 kB 8.8 MB/s
Collecting pyrsistent>=0.14.0
Downloading pyrsistent-0.17.3.tar.gz (106 kB)
|████████████████████████████████| 106 kB 12.5 MB/s
Collecting importlib-metadata
Downloading importlib_metadata-3.4.0-py3-none-any.whl (10 kB)
Requirement already satisfied: setuptools in /usr/lib/python3.6/site-packages (from jsonschema<4,>=2.5.1->docker-compose) (39.2.0)
Collecting attrs>=17.4.0
Downloading attrs-20.3.0-py2.py3-none-any.whl (49 kB)
|████████████████████████████████| 49 kB 10.7 MB/s
Collecting pynacl>=1.0.1
Downloading PyNaCl-1.4.0-cp35-abi3-manylinux1_x86_64.whl (961 kB)
|████████████████████████████████| 961 kB 11.6 MB/s
Requirement already satisfied: cryptography>=2.5 in /usr/local/lib64/python3.6/site-packages (from paramiko>=2.4.2->docker[ssh]<5,>=4.4.0->docker-compose) (3.4.4)
Collecting bcrypt>=3.1.3
Downloading bcrypt-3.2.0-cp36-abi3-manylinux2010_x86_64.whl (63 kB)
|████████████████████████████████| 63 kB 7.7 MB/s
Requirement already satisfied: cffi>=1.1 in /usr/local/lib64/python3.6/site-packages (from bcrypt>=3.1.3->paramiko>=2.4.2->docker[ssh]<5,>=4.4.0->docker-compose) (1.14.5)
Requirement already satisfied: pycparser in /usr/local/lib/python3.6/site-packages (from cffi>=1.1->bcrypt>=3.1.3->paramiko>=2.4.2->docker[ssh]<5,>=4.4.0->docker-compose) (2.20)
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python3.6/site-packages (from requests<3,>=2.20.0->docker-compose) (3.0.4)
Requirement already satisfied: idna<2.8,>=2.5 in /usr/lib/python3.6/site-packages (from requests<3,>=2.20.0->docker-compose) (2.5)
Requirement already satisfied: urllib3<1.25,>=1.21.1 in /usr/lib/python3.6/site-packages (from requests<3,>=2.20.0->docker-compose) (1.24.2)
Collecting zipp>=0.5
Downloading zipp-3.4.0-py3-none-any.whl (5.2 kB)
Collecting typing-extensions>=3.6.4
Downloading typing_extensions-3.7.4.3-py3-none-any.whl (22 kB)
Using legacy 'setup.py install' for dockerpty, since package 'wheel' is not installed.
Using legacy 'setup.py install' for docopt, since package 'wheel' is not installed.
Using legacy 'setup.py install' for pyrsistent, since package 'wheel' is not installed.
Installing collected packages: zipp, websocket-client, typing-extensions, pynacl, bcrypt, pyrsistent, paramiko, importlib-metadata, docker, attrs, texttable, python-dotenv, jsonschema, docopt, dockerpty, distro, cached-property, docker-compose
Running setup.py install for pyrsistent ... done
Running setup.py install for docopt ... done
Running setup.py install for dockerpty ... done
Successfully installed attrs-20.3.0 bcrypt-3.2.0 cached-property-1.5.2 distro-1.5.0 docker-4.4.1 docker-compose-1.28.2 dockerpty-0.4.1 docopt-0.6.2 importlib-metadata-3.4.0 jsonschema-3.2.0 paramiko-2.7.2 pynacl-1.4.0 pyrsistent-0.17.3 python-dotenv-0.15.0 texttable-1.6.3 typing-extensions-3.7.4.3 websocket-client-0.57.0 zipp-3.4.0
docker-composeのバージョン確認
# docker-compose version
docker-compose version 1.28.2, build unknown
docker-py version: 4.4.1
CPython version: 3.6.8
OpenSSL version: OpenSSL 1.1.1g FIPS 21 Apr 2020
podman-dockerコマンドのインストール
docker-composeがdockerコマンドを呼び出すため、ラッパースクリプトのpodman-dockerをインストール
# dnf install podman-docker
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
メタデータの期限切れの最終確認: 3:41:16 時間前の 2021年02月12日 18時07分51秒 に実施しました。
依存関係が解決しました。
============================================================================================================================================================================================================
パッケージ アーキテクチャー バージョン リポジトリー サイズ
============================================================================================================================================================================================================
インストール:
podman-docker noarch 3.0.0-1.el8 devel_kubic_libcontainers_testing 170 k
トランザクションの概要
============================================================================================================================================================================================================
インストール 1 パッケージ
ダウンロードサイズの合計: 170 k
インストール後のサイズ: 5.6 k
これでよろしいですか? [y/N]: y
パッケージのダウンロード:
podman-docker-3.0.0-1.el8.noarch.rpm 57 kB/s | 170 kB 00:02
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
合計 57 kB/s | 170 kB 00:02
トランザクションの確認を実行中
トランザクションの確認に成功しました。
トランザクションのテストを実行中
トランザクションのテストに成功しました。
トランザクションを実行中
準備 : 1/1
インストール中 : podman-docker-3.0.0-1.el8.noarch 1/1
scriptletの実行中: podman-docker-3.0.0-1.el8.noarch 1/1
検証 : podman-docker-3.0.0-1.el8.noarch 1/1
Installed products updated.
インストール済み:
podman-docker-3.0.0-1.el8.noarch
完了しました!
コマンド実行の確認
# docker version
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Version: 3.0.0
API Version: 3.0.0
Go Version: go1.15.7
Built: Fri Feb 12 08:47:56 2021
OS/Arch: linux/amd64
Podman System Serviceの起動
# systemctl start podman.socket
サービスの確認
# systemctl status podman.socket
● podman.socket - Podman API Socket
Loaded: loaded (/usr/lib/systemd/system/podman.socket; disabled; vendor preset: disabled)
Active: active (listening) since Fri 2021-02-12 22:12:05 JST; 10s ago
Docs: man:podman-system-service(1)
Listen: /run/podman/podman.sock (Stream)
CGroup: /system.slice/podman.socket
2月 12 22:12:05 centos-test systemd[1]: Listening on Podman API Socket.
AWXのインストール
gitを使うので先にgitをインストール
# dnf install git
AWXリポジトリをGitクローン
# git clone -b 17.0.1 https://github.com/ansible/awx.git
inventryファイルのadmin_passwordのコメントアウトを外し値をセット
# cd awx/installer/
# vi inventory
inventry
# admin_password=password
↓
inventry
admin_password=password
Playbookの実行
# ansible-playbook -i inventory install.yml
Podman v3.0.0リリース版でdocker-composeが実行できない
:::
Podman v3.0.1ではdocker-composeが起動できない不具合が修正されています
:::
プレイブックを実行するもエラー発生。下記のタスクで止まる。
TASK [local_docker : Run migrations in task container]
# ansible-playbook -vvv -i inventory install.yml
~省略~
TASK [local_docker : Run migrations in task container] *****************************************************************************************************************************************************
task path: /root/DEV/awx/installer/roles/local_docker/tasks/compose.yml:45
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c 'echo ~root && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1613167769.442079-185244-161102983095298 `" && echo ansible-tmp-1613167769.442079-185244-161102983095298="` echo /root/.ansible/tmp/ansible-tmp-1613167769.442079-185244-161102983095298 `" ) && sleep 0'
Using module file /usr/local/lib/python3.6/site-packages/ansible/modules/command.py
<localhost> PUT /root/.ansible/tmp/ansible-local-184375e8_ibv6z/tmpa_wnv_i8 TO /root/.ansible/tmp/ansible-tmp-1613167769.442079-185244-161102983095298/AnsiballZ_command.py
<localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1613167769.442079-185244-161102983095298/ /root/.ansible/tmp/ansible-tmp-1613167769.442079-185244-161102983095298/AnsiballZ_command.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/env python3 /root/.ansible/tmp/ansible-tmp-1613167769.442079-185244-161102983095298/AnsiballZ_command.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1613167769.442079-185244-161102983095298/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"changed": true,
"cmd": "docker-compose run --rm --service-ports task awx-manage migrate --no-input",
"delta": "0:00:01.078452",
"end": "2021-02-13 07:09:30.641002",
"invocation": {
"module_args": {
"_raw_params": "docker-compose run --rm --service-ports task awx-manage migrate --no-input",
"_uses_shell": true,
"argv": null,
"chdir": "/root/.awx/awxcompose",
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true,
"warn": true
}
},
"msg": "non-zero return code",
"rc": 1,
"start": "2021-02-13 07:09:29.562550",
"stderr": "Creating awx_postgres ... \r\nCreating awx_redis ... \r\nCreating awx_redis ... done\r\nCreating awx_postgres ... done\r\nCreating awx_web ... \r\nCreating awx_web ... error\r\n\nERROR: for awx_web Cannot start service web: error streaming container content for copy up into volume 8fe2772daae71c7a6427be4d9062d1c150488f0d60a99c32495027c5258d462e: copier: get: globs [/nginx] matched nothing (0 filtered out): no such file or directory\n\nERROR: for web Cannot start service web: error streaming container content for copy up into volume 8fe2772daae71c7a6427be4d9062d1c150488f0d60a99c32495027c5258d462e: copier: get: globs [/nginx] matched nothing (0 filtered out): no such file or directory\nEncountered errors while bringing up the project.",
"stderr_lines": [
"Creating awx_postgres ... ",
"Creating awx_redis ... ",
"Creating awx_redis ... done",
"Creating awx_postgres ... done",
"Creating awx_web ... ",
"Creating awx_web ... error",
"",
"ERROR: for awx_web Cannot start service web: error streaming container content for copy up into volume 8fe2772daae71c7a6427be4d9062d1c150488f0d60a99c32495027c5258d462e: copier: get: globs [/nginx] matched nothing (0 filtered out): no such file or directory",
"",
"ERROR: for web Cannot start service web: error streaming container content for copy up into volume 8fe2772daae71c7a6427be4d9062d1c150488f0d60a99c32495027c5258d462e: copier: get: globs [/nginx] matched nothing (0 filtered out): no such file or directory",
"Encountered errors while bringing up the project."
],
"stdout": "",
"stdout_lines": []
}
PLAY RECAP *************************************************************************************************************************************************************************************************
localhost : ok=15 changed=3 unreachable=0 failed=1 skipped=72 rescued=0 ignored=1
クリーンナップしてdocker-compose up を直接実行するもエラー
# podman stop --all && podman rm --all
# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
# cd /root/.awx/awxcompose/
# docker-compose up
Building with native build. Learn about native build in Compose here: https://docs.docker.com/go/compose-native-build/
Creating awx_postgres ... done
Creating awx_redis ... done
Creating awx_web ... error
ERROR: for awx_web error preparing container 6f6644925b7b79f59434371cd9277cb467da6f519c138c0ecc1cec3666891d61 for attach: error streaming container content for copy up into volume dd7653b5fa5472f3a8c5272626e9356847687a0d47c48ba306a29c0bb1c08a18: copier: get: globs [/nginx] matched nothing (0 filtered out): no such file or directory
ERROR: for web error preparing container 6f6644925b7b79f59434371cd9277cb467da6f519c138c0ecc1cec3666891d61 for attach: error streaming container content for copy up into volume dd7653b5fa5472f3a8c5272626e9356847687a0d47c48ba306a29c0bb1c08a18: copier: get: globs [/nginx] matched nothing (0 filtered out): no such file or directory
ERROR: Encountered errors while bringing up the project.
# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3f4aa66a5483 docker.io/library/redis:latest /usr/local/etc/re... About a minute ago Up About a minute ago awx_redis
1afbf240d703 docker.io/library/postgres:12 postgres About a minute ago Up About a minute ago awx_postgres
6f6644925b7b docker.io/ansible/awx:17.0.1 /bin/sh -c /usr/b... About a minute ago Created 0.0.0.0:80->8052/tcp awx_web
Podman v3.0.0-RC2に戻した環境では実行できている
v3.0.0リリース版の不具合と想定
# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
91f5bfec500b docker.io/library/redis:latest /usr/local/etc/re... 8 hours ago Up 8 hours ago awx_redis
03267a15ee04 docker.io/library/postgres:12 postgres 8 hours ago Up 8 hours ago awx_postgres
db5d063e9184 docker.io/ansible/awx:17.0.1 /bin/sh -c /usr/b... 8 hours ago Up 8 hours ago 0.0.0.0:80->8052/tcp awx_web
19ca639b96fe docker.io/ansible/awx:17.0.1 /usr/bin/launch_a... 8 hours ago Up 8 hours ago awx_task
# podman version
Version: 3.0.0-dev
API Version: 3.0.0
Go Version: go1.15.7
Built: Wed Feb 3 07:06:33 2021
OS/Arch: linux/amd64
# rpm -qa|grep podman
podman-plugins-3.0.0-0.33rc2.module_el8.4.0+673+eabfc99d.x86_64
podman-3.0.0-0.33rc2.module_el8.4.0+673+eabfc99d.x86_64
podman-docker-3.0.0-0.33rc2.module_el8.4.0+673+eabfc99d.noarch
podman-catatonit-3.0.0-0.33rc2.module_el8.4.0+673+eabfc99d.x86_64
rootlessモードではdocker-compose できない
GitHub上でもまだ未解決
DOCKER_HOSTにpodman.sockを指定
$ export DOCKER_HOST=unix:/run/user/1000/podman/podman.sock
docker-compose upの実行(エラー)
$ docker-compose up
Building with native build. Learn about native build in Compose here: https://docs.docker.com/go/compose-native-build/
Creating volume "awxcompose_supervisor-socket" with default driver
Creating volume "awxcompose_rsyslog-socket" with default driver
Creating volume "awxcompose_rsyslog-config" with default driver
Pulling redis (redis:)...
eb0ab2d55fdfc3ba4226348749a2f34af13a280a44c8045aefd9506fe064b297: pulling image () from docker.io/library/redis:latest
Pulling postgres (postgres:12)...
85f1c84fe3074b5849114b806bc303a880e8acd2579d577b152054ff165390ef: pulling image () from docker.io/library/postgres:12
Pulling web (ansible/awx:17.0.1)...
44187ed3a96753c5e03445af6cbb742eeb4024e9265e748ef6748800fd0854d0: pulling image () from docker.io/ansible/awx:17.0.1
Creating awx_redis ... error
Creating awx_postgres ...
Creating awx_postgres ... error
ERROR: for awx_postgres network connect is not enabled for rootless containers
ERROR: for redis network connect is not enabled for rootless containers
ERROR: for postgres network connect is not enabled for rootless containers
ERROR: Encountered errors while bringing up the project.
Podman v3.0.1でdocker-composeが起動できない不具合が修正
Shion TanakaPlaybook実行時のエラー:"PermissionError: [Errno 13] Permission denied: '/etc/tower/conf.d/credentials.py'"
原因
Playbook実行後、.awx/awxcompose/ 配下に作成されるファイルのSELinuxコンテキストが適切でない
コンフィング作成後の権限
# ls -lZ ~/.awx/awxcompose/
合計 24
-rw-------. 1 root root system_u:object_r:admin_home_t:s0 9 2月 20 07:36 SECRET_KEY
-rw-------. 1 root root system_u:object_r:admin_home_t:s0 457 2月 20 07:36 credentials.py
-rw-------. 1 root root system_u:object_r:admin_home_t:s0 2349 2月 20 07:36 docker-compose.yml
-rw-------. 1 root root system_u:object_r:admin_home_t:s0 153 2月 20 07:36 environment.sh
-rw-------. 1 root root system_u:object_r:admin_home_t:s0 2961 2月 20 07:36 nginx.conf
-rw-rw-r--. 1 root root system_u:object_r:admin_home_t:s0 78 2月 20 07:36 redis.conf
drwxrwxrwx. 2 root root unconfined_u:object_r:container_file_t:s0 6 2月 20 07:36 redis_socket
対処
SELinuxコンテキストを変更する
# chcon -Rt container_file_t ~/.awx/
# ls -lZ ~/.awx/awxcompose/
合計 24
-rw-------. 1 root root system_u:object_r:container_file_t:s0 9 2月 20 07:36 SECRET_KEY
-rw-------. 1 root root system_u:object_r:container_file_t:s0 457 2月 20 07:36 credentials.py
-rw-------. 1 root root system_u:object_r:container_file_t:s0 2349 2月 20 07:36 docker-compose.yml
-rw-------. 1 root root system_u:object_r:container_file_t:s0 153 2月 20 07:36 environment.sh
-rw-------. 1 root root system_u:object_r:container_file_t:s0 2961 2月 20 07:36 nginx.conf
-rw-rw-r--. 1 root root system_u:object_r:container_file_t:s0 78 2月 20 07:36 redis.conf
drwxrwxrwx. 2 root root unconfined_u:object_r:container_file_t:s0 24 2月 20 09:05 redis_socket
エラーログ
TASK [local_docker : Run migrations in task container] *****************************************************************************************************************************************************
task path: /root/DEV/awx/installer/roles/local_docker/tasks/compose.yml:45
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c 'echo ~root && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1613774213.9207056-48697-219489850661127 `" && echo ansible-tmp-1613774213.9207056-48697-219489850661127="` echo /root/.ansible/tmp/ansible-tmp-1613774213.9207056-48697-219489850661127 `" ) && sleep 0'
Using module file /usr/local/lib/python3.6/site-packages/ansible/modules/command.py
<localhost> PUT /root/.ansible/tmp/ansible-local-47828zrk8fiw6/tmpdw4aw03v TO /root/.ansible/tmp/ansible-tmp-1613774213.9207056-48697-219489850661127/AnsiballZ_command.py
<localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1613774213.9207056-48697-219489850661127/ /root/.ansible/tmp/ansible-tmp-1613774213.9207056-48697-219489850661127/AnsiballZ_command.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/env python3 /root/.ansible/tmp/ansible-tmp-1613774213.9207056-48697-219489850661127/AnsiballZ_command.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1613774213.9207056-48697-219489850661127/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"changed": true,
"cmd": "docker-compose run --rm --service-ports task awx-manage migrate --no-input",
"delta": "0:00:02.846475",
"end": "2021-02-20 07:36:56.905876",
"invocation": {
"module_args": {
"_raw_params": "docker-compose run --rm --service-ports task awx-manage migrate --no-input",
"_uses_shell": true,
"argv": null,
"chdir": "/root/.awx/awxcompose",
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true,
"warn": true
}
},
"msg": "non-zero return code",
"rc": 1,
"start": "2021-02-20 07:36:54.059401",
"stderr": "Creating awx_postgres ... \r\nCreating awx_redis ... \r\nCreating awx_postgres ... done\r\nCreating awx_redis ... done\r\nCreating awx_web ... \r\nCreating awx_web ... done\r\nCreating awxcompose_task_run ... \r\nCreating awxcompose_task_run ... done\r\nEmulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.\nTraceback (most recent call last):\n File \"/usr/bin/awx-manage\", line 8, in <module>\n sys.exit(manage())\n File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/__init__.py\", line 138, in manage\n prepare_env()\n File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/__init__.py\", line 97, in prepare_env\n if not settings.DEBUG: # pragma: no cover\n File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/django/conf/__init__.py\", line 79, in __getattr__\n self._setup(name)\n File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/django/conf/__init__.py\", line 66, in _setup\n self._wrapped = Settings(settings_module)\n File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/django/conf/__init__.py\", line 157, in __init__\n mod = importlib.import_module(self.SETTINGS_MODULE)\n File \"/var/lib/awx/venv/awx/lib64/python3.6/importlib/__init__.py\", line 126, in import_module\n return _bootstrap._gcd_import(name[level:], package, level)\n File \"<frozen importlib._bootstrap>\", line 994, in _gcd_import\n File \"<frozen importlib._bootstrap>\", line 971, in _find_and_load\n File \"<frozen importlib._bootstrap>\", line 955, in _find_and_load_unlocked\n File \"<frozen importlib._bootstrap>\", line 665, in _load_unlocked\n File \"<frozen importlib._bootstrap_external>\", line 678, in exec_module\n File \"<frozen importlib._bootstrap>\", line 219, in _call_with_frames_removed\n File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/settings/production.py\", line 66, in <module>\n include(settings_file, optional(settings_files), scope=locals())\n File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/split_settings/tools.py\", line 103, in include\n with open(included_file, 'rb') as to_compile:\nPermissionError: [Errno 13] Permission denied: '/etc/tower/conf.d/credentials.py'\n1",
"stderr_lines": [
"Creating awx_postgres ... ",
"Creating awx_redis ... ",
"Creating awx_postgres ... done",
"Creating awx_redis ... done",
"Creating awx_web ... ",
"Creating awx_web ... done",
"Creating awxcompose_task_run ... ",
"Creating awxcompose_task_run ... done",
"Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.",
"Traceback (most recent call last):",
" File \"/usr/bin/awx-manage\", line 8, in <module>",
" sys.exit(manage())",
" File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/__init__.py\", line 138, in manage",
" prepare_env()",
" File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/__init__.py\", line 97, in prepare_env",
" if not settings.DEBUG: # pragma: no cover",
" File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/django/conf/__init__.py\", line 79, in __getattr__",
" self._setup(name)",
" File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/django/conf/__init__.py\", line 66, in _setup",
" self._wrapped = Settings(settings_module)",
" File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/django/conf/__init__.py\", line 157, in __init__",
" mod = importlib.import_module(self.SETTINGS_MODULE)",
" File \"/var/lib/awx/venv/awx/lib64/python3.6/importlib/__init__.py\", line 126, in import_module",
" return _bootstrap._gcd_import(name[level:], package, level)",
" File \"<frozen importlib._bootstrap>\", line 994, in _gcd_import",
" File \"<frozen importlib._bootstrap>\", line 971, in _find_and_load",
" File \"<frozen importlib._bootstrap>\", line 955, in _find_and_load_unlocked",
" File \"<frozen importlib._bootstrap>\", line 665, in _load_unlocked",
" File \"<frozen importlib._bootstrap_external>\", line 678, in exec_module",
" File \"<frozen importlib._bootstrap>\", line 219, in _call_with_frames_removed",
" File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/settings/production.py\", line 66, in <module>",
" include(settings_file, optional(settings_files), scope=locals())",
" File \"/var/lib/awx/venv/awx/lib/python3.6/site-packages/split_settings/tools.py\", line 103, in include",
" with open(included_file, 'rb') as to_compile:",
"PermissionError: [Errno 13] Permission denied: '/etc/tower/conf.d/credentials.py'",
"1"
],
"stdout": "",
"stdout_lines": []
}
PLAY RECAP *************************************************************************************************************************************************************************************************
localhost : ok=15 changed=6 unreachable=0 failed=1 skipped=72 rescued=0 ignored=1