Volumes and persistence

[Mark Constant]

I thought I got this working before but I can't seem to get volumes exported. To the main.yml for docker I added

volumes:
      - /var/lib/awx/projects:/var/lib/awx/projects

To both the AWX Task and AWX Web Container build

I can start the containers as I get the following error

fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Error starting container 9ae28cb4952d8785247c141e9c3670ef6ac9d46ae9276ec3232b2fb9ac62be0e: 400 Client Error: Bad Request (\"oci runtime error: container_linux.go:265: starting container process caused \"process_linux.go:368: container init caused \\\"rootfs_linux.go:57: mounting \\\\\\\"/var/lib/awx/projects\\\\\\\" to rootfs \\\\\\\"/var/lib/docker/500000.500000/overlay2/501f4a95c8c328af94e8834a669ec5e6bd4522534e770d8fd287bfbceabe89c4/merged\\\\\\\" at \\\\\\\"/var/lib/awx/projects\\\\\\\" caused \\\\\\\"stat /var/lib/awx/projects: permission denied\\\\\\\"\\\"\"\n\")"}

What should the permissions be on /var/lib/awx/projects on the docker host?

Also are there any other volumes I can mount locally to make AWX more "persistent" in case of a catastrophe or an upgrade?

[John Mitchell]

Ideally, use GitHub or some sort of scm to host your projects.

http://docs.ansible.com/ansible-tower/latest/html/userguide/projects.html#manage-playbooks-using-source-control

--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To post to this group, send email to awx-p...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/bb979a1e-59bf-41e3-b4e3-d20376009af7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

John Mitchell
UI Engineer - Ansible Tower
Ansible by Red Hat

919-394-6667 | ansible.com 

GitHub: jlmitch5

[Mark Constant]

I do understand, but I work for a company that has contracts where as of right now we can't use GitHub and also there would be internal fighting if we set up GitHub on our own servers. It is a long story. Again I do understand best practices and maybe even what is going to be force in the future where you won't allow local projects but at this point I need to use them. When I do chmod 777 as a test on local /var/lib/awx it of course lets the containers start up but that can't be the best solution to the problem.

[John Mitchell]

Ah, I understand, good luck with getting your company to move forward!

Voluming involves creating a two-way bind of the folder on your local machine to the container.  So the permissions/ownership need to have full read/write access of the same uid for your volume'd folder on your local machine and in the container.  It's not enough to chown to the user name (as this name is just an alias to a uid that could potentially be different on the two "machines".)

I think the reason the chmod 777 works is because you're allowing read/write for all users so the above is true.  Unfortunately, I'm not entirely sure how you'd tighten it down to the smallest possible permissions to make the above true.

Hope that helps a little bit,
John

To unsubscribe from this group and stop receiving emails from it, send an email to awx-project+unsubscribe@googlegroups.com.

To post to this group, send email to awx-p...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/70ebfea8-c8e3-4dce-9a56-5c3d3c236b0f%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.