Get awx operator to run on OpenShift

Get Help
, , , ,
1

I am troubleshooting awx-operator deployment using helm on OpenShift 4.18 I almost have everything working but have one image that is giving me problems. Can anyone suggest solutions to getting awx-web to run ?

All of my pods at least start up but my awx-web pod is having trouble with the awx-web image. (The redis and awx-rsyslog images are running within that pod)

Presently, my override file looks like this:

AWX:
  # enable use of awx-deploy template
  enabled: true
  name: awx
  spec:
    replicas: 1
    service_type: clusterip
    ingress_type: route
    admin_user: admin
    hostname: awx.gdev.org
    control_plane_ee_image: gdev-podman1.gdev.org:8443/localadm/awx/awx-ee:23.7.0                                                                                                                                                       
    image: gdev-podman1.gdev.org:8443/localadm/awx/awx-ee
    image_version: 23.7.0
    init_container_image: gdev-podman1.gdev.org:8443/localadm/awx/awx-ee
    init_container_image_version: 23.7.0
    ee_images:
    - name: AWX EE
      image: gdev-podman1.gdev.org:8443/localadm/awx/awx-ee:23.7.0
    ee_extra_env: |
      - name: RECEPTOR_KUBE_SUPPORT_RECONNECT
        value: enabled
    image: gdev-podman1.gdev.org:8443/localadm/awx/awx
    image_version: 23.7.0
    postgres_image: gdev-podman1.gdev.org:8443/localadm/awx/postgres
    postgres_image_version: "13"
    postgres_selector: |
      nodefor: psql
    redis_image: gdev-podman1.gdev.org:8443/localadm/awx/redis
    redis_image_version: "7"

customVolumes:
  postgres:
    enabled: true
    hostPath: /var/lib/postgresql
    size: 8Gi
    storageClassName: nfs-sc
  projects:
    enabled: true
    hostPath: /opt/projects/data

I modified my helm deployment template. I set awx-deploy.yaml like this:

security_context_settings:
    runAsGroup: 1000790000
    runAsUser: 1000790000
    fsGroup: 1000790000
    fsGroupChangePolicy: OnRootMismatch

I added a policy to my cluster:
oc adm policy add-scc-to-user privileged -z awx

awx-web shows me this error in my logs:

/usr/bin/launch_awx_web.sh: line 4:  /etc/passwd:  Permission denied
Error:  cannot open HTTP server:  socket.error reported errno.EACCES (13)
For help, use  /usr/local/bin/supervisord -h

Troubleshooting:

  • Pod status (ready):
    awx-operator 2/2
    postgres 1/1
    awx-task 4/4
    awx-web 2/3

  • When I run a debugfor awx-web container I can see that permissions to /etc/passwd are set 644. That should be ok.

  • ID shows that my GID, UID and groups are: 1000790000

  • I think now my error centers around getting supervisord to run properly.

Can anyone suggest how to get supervisord and the socket error cleared? I am not very familiar it but understand it probably wants to run as root. Maybe I need to build a custom image for awx-web that allows supervisord to run using my ID? Suggestions and input are appreciated! Thanks. :slight_smile: