WIP: fix plugins dir

[eveerman]

Still working on this but trying to get the dynamic inventory plugins to work neatly.

So far this allows the vmware_vm_inventory plugin to run (have not tested others) although there is a bug viewing individual hosts.

[Klaas-]

https://github.com/ansible/awx/blob/devel/installer/roles/kubernetes/templates/configmap.yml.j2#L128-L207 that's how the file looks in the awx kubernetes install - that's where I copied the last version from :D

[Klaas-]

I could never get the proot working though: #7

[eveerman]

Ahh nifty!

Ehm - I ended up creating a box with docker-compose and running that to look and compare at what was different - I spent a bit too long today thinking this was an upstream issue. XD
I put that line before in from hunting through ansible/awx issues but either I got creative, or I typo'd it, or I forgot to restart the pod!

Unfortunately now it can pull the inventory (just tested ec2 as well and it looks ok but I have nothing in that account to really confirm) but I have an issue displaying the hosts.

Still doing a bit of log watching and click testing but the short is that going to the inventory and hitting hosts throws an error (Invalid search term entered. GET returned: -1) , going to a group and then trying the hosts gives same. BUT going to a group, then... not sure I think repeating/cycling allows you to see the hosts IN the group.

podman logs awx-awx_awxweb gives me some output to start hunting though. Going to check other sources first and see if a.) they work & b.) whether the individual host issue is common

[eveerman]

I could never get the proot working though: #7

I am not sure how to test this, just had a quick look at the tower docs for the AWX_PROOT_ENABLED flag and I've set it to true in my current env. restarting pod is OK, re-running inventory is ok, rebooting fully and re-running inventory is OK.

BUT - In earlier troubleshooting I pulled some k8s params from an ansible/awx issue that I now cannot find. Kinda unhappy about them to begin with as I * think* it looks a bit excessive, but I have this added in the awx.yml for both web and task:

securityContext: allowPrivilegeEscalation: true capabilities: {} privileged: true readOnlyRootFilesystem: false runAsGroup: 0 runAsUser: 0 seLinuxOptions: {}

[ikke-t]

Where is it described what you should do and why? I'm not familiar of the topic, but perhaps I could help with the podman part. Are you trying to set up permanent project directory from host? Why do you require root? Any docs about the subject?

[eveerman]

I had a little look this morning and it appears that the reason I am getting errors viewing hosts for the VMWare inventory is due to incorrect directory permissions in the awxweb container.

Specifically the /var/lib/nginx has root:root but needs nginx:root.
This is correct in the base image but gets changed once running in the pod - I assume this is a k8s thing. I made a couple of attempts adding in some variant of /bin/chown -R nginx:root /var/lib/nginx to the start command in the k8s yaml but haven't been successful.

My other thought was to set that dir as a mounted volume which should allow the perms to be changed reasonably easily (such as for /var/lib/pgsql) but I really don't know if that is a good answer.

[eveerman]

haha - woops! OK that works but ... I don't like it much. Still confused as to why the owner of that dir gets changed to root :/. I am also surprised that I didn't see similar errors due to it (although I have not actually used this much.)