Unable to install containerized AAP

followed the instructions in the following video

and when I get to the task “Initialize the automation eda database” I get the following error

  msg: Can't run container automation-eda-init
  stderr: |-
    Traceback (most recent call last):
      File "/usr/bin/aap-eda-manage", line 8, in <module>
        sys.exit(main())
      File "/usr/lib/python3.9/site-packages/aap_eda/manage.py", line 18, in main
        execute_from_command_line(sys.argv)
      File "/usr/lib/python3.9/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line
        utility.execute()
      File "/usr/lib/python3.9/site-packages/django/core/management/__init__.py", line 416, in execute
        django.setup()
      File "/usr/lib/python3.9/site-packages/django/__init__.py", line 24, in setup
        apps.populate(settings.INSTALLED_APPS)
      File "/usr/lib/python3.9/site-packages/django/apps/registry.py", line 116, in populate
        app_config.import_models()
      File "/usr/lib/python3.9/site-packages/django/apps/config.py", line 269, in import_models
        self.models_module = import_module(models_module_name)
      File "/usr/lib64/python3.9/importlib/__init__.py", line 127, in import_module
        return _bootstrap._gcd_import(name[level:], package, level)
      File "<frozen importlib._bootstrap>", line 1030, in _gcd_import
      File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
      File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
      File "<frozen importlib._bootstrap>", line 680, in _load_unlocked
      File "<frozen importlib._bootstrap_external>", line 850, in exec_module
      File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
      File "/usr/lib/python3.9/site-packages/ansible_base/authentication/models/__init__.py", line 3, in <module>
        from .social_auth import AuthenticatorUser
      File "/usr/lib/python3.9/site-packages/ansible_base/authentication/models/social_auth.py", line 3, in <module>
        from social_django.models import AbstractUserSocialAuth
      File "/usr/lib/python3.9/site-packages/social_django/__init__.py", line 4, in <module>
        from social_core.backends.base import BaseAuth
      File "/usr/lib/python3.9/site-packages/social_core/backends/base.py", line 3, in <module>
        from requests import ConnectionError, request
      File "/usr/lib/python3.9/site-packages/requests/__init__.py", line 164, in <module>
        from .api import delete, get, head, options, patch, post, put, request
      File "/usr/lib/python3.9/site-packages/requests/api.py", line 11, in <module>
        from . import sessions
      File "/usr/lib/python3.9/site-packages/requests/sessions.py", line 15, in <module>
        from .adapters import HTTPAdapter
      File "/usr/lib/python3.9/site-packages/requests/adapters.py", line 77, in <module>
        _preloaded_ssl_context.load_verify_locations(
    PermissionError: [Errno 13] Permission denied

This is on an up to date RHEL 9 host, I have a few docker containers running but nothing taking up the same ports.

Have you read the error message?

Yes, but im not entirely sure what would be causing the permission denied error. Im not as familiar with podman, and this is an automated installer directly from redhat, I am not as intimate with all the files it may be touching. I briefly looked at the playbook to get a vague idea of where to start looking

any help?

I commented out the automation eda portion of the red hat provided AAP containerized install playbook, and was able to complete the rest of the installation just fine. AAP and automation hub, it appears as though the automation eda init container is the only task having issues. I have attempted to resolve any permissions I could think of, added the parameter to run the container in privileged mode and still get the same error. any help would be appreciated.

Hi @William_Ortiz ,

Welcome to the Ansible Forum! I think the information you provided might not be enough to help you troubleshoot the issue, but here are a few pointers:

1. Did you double check the configuration parameters in the inventory? In particular those related to the database?

2. You might be hitting a containerized AAP install bug, did you create a support case with Red Hat? This Ansible forum is a community site, best effort and volunteers only. Although it’s totally fine to share and troubleshoot AAP here, there are things that only Red Hat support can help you solve when using the product.

   In this particular case, as mentioned in the containerized AAP install guide, this install method is a “Technology Preview”.

3. You mention that you have a few “docker containers”.

   This is on an up to date RHEL 9 host, I have a few docker containers running but nothing taking up the same ports.

   Consider that containerized AAP runs on Podman and requires a minimal install of RHEL 9.2. Check the requirements in the install guide above.

@William_Ortiz . I hit the very same issue. Could you solve it?

I managed to workaround this issue by changing the task “- name: Create the PKI directories” in
collections/ansible_collections/ansible/containerized_installer/roles/common/tasks/tls.yml. Switched to mode: ‘0755’ instead of ‘0750’.

I had the same issue.
Unfortunately your solution didn’t work for me.

Test to install AAP on a WSL RHEL9 installation on Windows 10.

ah ok, I did it by first running the uninstall playbook (uninstall.yml will remove the ~/aap/tls/ structure and next install force extracted folder to be created with mode from subdirs in the task “Create the PKI directories”, which should be 0755).

So, it could be that on your end the ~/aap/tls/extracted folder exists from a previous launch and then got perms 0750 from the task “Create the PKI directories” task. Ansible file module will not touch the permissions on parent dir when it already exists, the “Create the PKI directories” focuses only on edk2/java/openssl/pem.
So you can try to do chmod 755 ~/aap/tls/extracted or running uninstall.yml and then install.yml again.

@Hampus_Lundqvist, thanks for your explanation, I haven’t thought about the fact, that the directories are already created.

I gave it a try and it worked.

$ podman ps
CONTAINER ID  IMAGE                                                                             COMMAND               CREATED             STATUS         PORTS       NAMES
6b70dda1980b  registry.redhat.io/rhel8/postgresql-13:latest                                     run-postgresql        7 minutes ago       Up 6 minutes               postgresql
96787f477e64  registry.redhat.io/rhel8/redis-6:latest                                           run-redis             6 minutes ago       Up 6 minutes               redis
7483fd5c9e76  registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel8:latest       /usr/bin/receptor...  6 minutes ago       Up 6 minutes               receptor
2c5d0fbda05d  registry.redhat.io/ansible-automation-platform-24/controller-rhel8:latest         /usr/bin/launch_a...  5 minutes ago       Up 3 minutes               automation-controller-rsyslog
e90d2bdd3df6  registry.redhat.io/ansible-automation-platform-24/controller-rhel8:latest         /usr/bin/launch_a...  5 minutes ago       Up 3 minutes               automation-controller-task
3b4cc7841f66  registry.redhat.io/ansible-automation-platform-24/controller-rhel8:latest         /usr/bin/launch_a...  5 minutes ago       Up 3 minutes               automation-controller-web
d46ce0721ff7  registry.redhat.io/ansible-automation-platform-24/eda-controller-rhel8:latest     gunicorn --bind 1...  2 minutes ago       Up 2 minutes               automation-eda-api
6a33eff5e5c8  registry.redhat.io/ansible-automation-platform-24/eda-controller-rhel8:latest     daphne -b 127.0.0...  2 minutes ago       Up 2 minutes               automation-eda-daphne
d352c5292792  registry.redhat.io/ansible-automation-platform-24/eda-controller-ui-rhel8:latest  /bin/sh -c nginx ...  2 minutes ago       Up 2 minutes               automation-eda-web
a4777b875a1c  registry.redhat.io/ansible-automation-platform-24/eda-controller-rhel8:latest     aap-eda-manage rq...  2 minutes ago       Up 2 minutes               automation-eda-worker-1
4f944d61f877  registry.redhat.io/ansible-automation-platform-24/eda-controller-rhel8:latest     aap-eda-manage rq...  2 minutes ago       Up 2 minutes               automation-eda-worker-2
b40942018bbc  registry.redhat.io/ansible-automation-platform-24/eda-controller-rhel8:latest     aap-eda-manage rq...  2 minutes ago       Up 2 minutes               automation-eda-activation-worker-1
6fa7316598a2  registry.redhat.io/ansible-automation-platform-24/eda-controller-rhel8:latest     aap-eda-manage rq...  2 minutes ago       Up 2 minutes               automation-eda-activation-worker-2
b5801637fa19  registry.redhat.io/ansible-automation-platform-24/eda-controller-rhel8:latest     aap-eda-manage sc...  2 minutes ago       Up 2 minutes               automation-eda-scheduler
52878206c850  registry.redhat.io/ansible-automation-platform-24/hub-rhel8:latest                gunicorn --name p...  About a minute ago  Up 48 seconds              automation-hub-api
315c1f0638d8  registry.redhat.io/ansible-automation-platform-24/hub-rhel8:latest                gunicorn --name p...  About a minute ago  Up 46 seconds              automation-hub-content
7147f8a856ab  registry.redhat.io/ansible-automation-platform-24/hub-web-rhel8:latest            nginx -g daemon o...  About a minute ago  Up 46 seconds              automation-hub-web
58571c70fea9  registry.redhat.io/ansible-automation-platform-24/hub-rhel8:latest                pulpcore-worker       About a minute ago  Up 35 seconds              automation-hub-worker-1
08e9c87ab143  registry.redhat.io/ansible-automation-platform-24/hub-rhel8:latest                pulpcore-worker       About a minute ago  Up 34 seconds              automation-hub-worker-2

The AAP 2.4 controller, hub and eda runs on a RHEL 9 on WSL.