Initial EE integration

2026-02-01 01:28:09 -03:30 · 2020-07-31 09:43:46 -04:00
parent 297fecba3a
commit 06d7a61ca1
7 changed files with 68 additions and 13 deletions
--- a/tools/ansible/roles/dockerfile/templates/Dockerfile.j2
+++ b/tools/ansible/roles/dockerfile/templates/Dockerfile.j2
@@ -103,6 +103,7 @@ RUN dnf -y update && \
    krb5-workstation \
    libcgroup-tools \
    nginx \
+    podman \
    @postgresql:12 \
    python3-devel \
    python3-libselinux \
@@ -216,6 +217,7 @@ RUN for dir in \
      /var/lib/awx \
      /var/lib/awx/rsyslog \
      /var/lib/awx/rsyslog/conf.d \
+      /var/lib/awx/.local/share/containers/storage \
      /var/run/awx-rsyslog \
      /var/log/tower \
      /var/log/nginx \
@@ -225,6 +227,8 @@ RUN for dir in \
      /var/lib/nginx ; \
    do mkdir -m 0775 -p $dir ; chmod g+rw $dir ; chgrp root $dir ; done && \
    for file in \
+      /etc/subuid \
+      /etc/subgid \
      /etc/passwd \
      /var/lib/awx/rsyslog/rsyslog.conf ; \
    do touch $file ; chmod g+rw $file ; chgrp root $file ; done
@@ -255,6 +259,8 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
    ln -sf /dev/stderr /var/log/nginx/error.log
 {% endif %}

+RUN echo -e 'cgroup_manager = "cgroupfs"\nevents_logger = "file"' > /etc/containers/libpod.conf
+
 ENV HOME="/var/lib/awx"
 ENV PATH="/usr/pgsql-10/bin:${PATH}"

@@ -272,3 +278,5 @@ ENTRYPOINT ["/usr/bin/tini", "--"]
 CMD /usr/bin/launch_awx.sh
 VOLUME /var/lib/nginx
 {% endif %}
+
+VOLUME /var/lib/awx/.local/share/containers/storage
--- a/tools/docker-compose/ansible/roles/sources/templates/docker-compose.yml.j2
+++ b/tools/docker-compose/ansible/roles/sources/templates/docker-compose.yml.j2
@@ -33,6 +33,7 @@ services:
      - "../../docker-compose/_sources/local_settings.py:/etc/tower/conf.d/local_settings.py"
      - "../../docker-compose/_sources/SECRET_KEY:/etc/tower/SECRET_KEY"
      - "redis_socket:/var/run/redis/:rw"
+      - "/sys/fs/cgroup:/sys/fs/cgroup"
    privileged: true
    tty: true
  # A useful container that simply passes through log messages to the console
--- a/tools/docker-compose/entrypoint.sh
+++ b/tools/docker-compose/entrypoint.sh
@@ -2,13 +2,23 @@

 if [ `id -u` -ge 500 ] || [ -z "${CURRENT_UID}" ]; then

-  cat << EOF > /tmp/passwd
+cat << EOF > /etc/passwd
 root:x:0:0:root:/root:/bin/bash
-awx:x:`id -u`:`id -g`:,,,:/tmp:/bin/bash
+awx:x:`id -u`:`id -g`:,,,:/var/lib/awx:/bin/bash
+EOF
+
+cat <<EOF > /etc/subuid
+awx:100000:50001
+EOF
+
+cat <<EOF > /etc/subgid
+awx:100000:50001
 EOF

-  cat /tmp/passwd > /etc/passwd
-  rm /tmp/passwd
 fi

+# Required to get rootless podman working after
+# writing out the sub*id files above
+podman system migrate
+
 exec $@