Volumes and persistence

Mark_Constant · January 23, 2018, 7:44pm

I thought I got this working before but I can’t seem to get volumes exported. To the main.yml for docker I added
volumes:

/var/lib/awx/projects:/var/lib/awx/projects
To both the AWX Task and AWX Web Container build
I can start the containers as I get the following error

fatal: [localhost]: FAILED! => {“changed”: false, “failed”: true, “msg”: “Error starting container 9ae28cb4952d8785247c141e9c3670ef6ac9d46ae9276ec3232b2fb9ac62be0e: 400 Client Error: Bad Request ("oci runtime error: container_linux.go:265: starting container process caused "process_linux.go:368: container init caused \"rootfs_linux.go:57: mounting \\\"/var/lib/awx/projects\\\" to rootfs \\\"/var/lib/docker/500000.500000/overlay2/501f4a95c8c328af94e8834a669ec5e6bd4522534e770d8fd287bfbceabe89c4/merged\\\" at \\\"/var/lib/awx/projects\\\" caused \\\"stat /var/lib/awx/projects: permission denied\\\"\""\n")”}

What should the permissions be on /var/lib/awx/projects on the docker host?

Also are there any other volumes I can mount locally to make AWX more “persistent” in case of a catastrophe or an upgrade?

jmitchel · January 23, 2018, 8:16pm

Ideally, use GitHub or some sort of scm to host your projects.

http://docs.ansible.com/ansible-tower/latest/html/userguide/projects.html#manage-playbooks-using-source-control

Mark_Constant · January 24, 2018, 3:57pm

I do understand, but I work for a company that has contracts where as of right now we can’t use GitHub and also there would be internal fighting if we set up GitHub on our own servers. It is a long story. Again I do understand best practices and maybe even what is going to be force in the future where you won’t allow local projects but at this point I need to use them. When I do chmod 777 as a test on local /var/lib/awx it of course lets the containers start up but that can’t be the best solution to the problem.

jmitchel · January 24, 2018, 4:30pm

Ah, I understand, good luck with getting your company to move forward!

Voluming involves creating a two-way bind of the folder on your local machine to the container. So the permissions/ownership need to have full read/write access of the same uid for your volume’d folder on your local machine and in the container. It’s not enough to chown to the user name (as this name is just an alias to a uid that could potentially be different on the two “machines”.)

I think the reason the chmod 777 works is because you’re allowing read/write for all users so the above is true. Unfortunately, I’m not entirely sure how you’d tighten it down to the smallest possible permissions to make the above true.

Hope that helps a little bit,
John

Topic		Replies	Views
AWX job stuck AWX Project awx	1	1	September 10, 2020
Replacement for project_data_dir AWX Project awx	0	0	May 21, 2021
Cannot access /var/lib/awx/projects AWX Project awx , ubuntu	1	2	May 22, 2020
Mounting a host volume AWX Project awx	5	1	April 26, 2019
mounted playbook dir in docker AWX Project awx	12	0	November 26, 2017

Volumes and persistence

Related topics