From 3a636c29ab77b27f70b4a1ee01dcf090efcd228d Mon Sep 17 00:00:00 2001
From: Bryan Havenstein <bhavenst@redhat.com>
Date: Wed, 27 Oct 2021 15:55:25 -0600
Subject: [PATCH] Fix dev build (docker-compose) problems

Prevent deletion of nginx user by entrypoint.sh
 - Fixes: https://github.com/ansible/awx/issues/9552

Enable fuse-overlayfs in all images - native overlay not supported until kernel 5.13+
 - Fixes: https://github.com/ansible/awx/issues/10099

Refs:
https://www.redhat.com/sysadmin/podman-rootless-overlay
https://www.redhat.com/en/blog/working-container-storage-library-and-tools-red-hat-enterprise-linux
---
 tools/ansible/roles/dockerfile/templates/Dockerfile.j2 | 5 +++++
 tools/docker-compose/entrypoint.sh                     | 1 +
 2 files changed, 6 insertions(+)

diff --git a/tools/ansible/roles/dockerfile/templates/Dockerfile.j2 b/tools/ansible/roles/dockerfile/templates/Dockerfile.j2
index 4f8d40fa2d..466d947421 100644
--- a/tools/ansible/roles/dockerfile/templates/Dockerfile.j2
+++ b/tools/ansible/roles/dockerfile/templates/Dockerfile.j2
@@ -171,6 +171,11 @@ RUN dnf install -y podman
 RUN echo -e '[engine]\ncgroup_manager = "cgroupfs"\nevents_logger = "file"\nruntime = "crun"' > /etc/containers/containers.conf
 {% endif %}
 
+# Fix overlay filesystem issue
+{% if build_dev|bool %}
+RUN sed -i '/^#mount_program/s/^#//' /etc/containers/storage.conf
+{% endif %}
+
 # Ensure we must use fully qualified image names
 # This prevents podman prompt that hangs when trying to pull unqualified images
 RUN mkdir -p /etc/containers/registries.conf.d/ && echo "unqualified-search-registries = []" >> /etc/containers/registries.conf.d/force-fully-qualified-images.conf && chmod 644 /etc/containers/registries.conf.d/force-fully-qualified-images.conf
diff --git a/tools/docker-compose/entrypoint.sh b/tools/docker-compose/entrypoint.sh
index 006435000a..03a3b46616 100755
--- a/tools/docker-compose/entrypoint.sh
+++ b/tools/docker-compose/entrypoint.sh
@@ -5,6 +5,7 @@ if [ `id -u` -ge 500 ] || [ -z "${CURRENT_UID}" ]; then
 cat << EOF > /etc/passwd
 root:x:0:0:root:/root:/bin/bash
 awx:x:`id -u`:`id -g`:,,,:/var/lib/awx:/bin/bash
+nginx:x:`id -u nginx`:`id -g nginx`:Nginx web server:/var/lib/nginx:/sbin/nologin
 EOF
 
 cat <<EOF >> /etc/group