search

ansible / ansible-container

DEPRECATED -- Ansible Container was a tool to build Docker images and orchestrate containers using only Ansible playbooks.
GNU Lesser General Public License v3.0
2.19k stars 394 forks source link

ansible-container build fails with "permission denied" when SELinux enabled #458

Open saitejamc opened 7 years ago

saitejamc commented 7 years ago
ISSUE TYPE
container.yml
version: "2"
services:
  web:
    from: docker.io/centos:7
    command: [ "yum install -y epel-release" ]
    command: [ "yum install -y nginx" ]
    entrypoint: ["nginx -g 'daemon off;'"]
    ports:
    - 80:80
registries: {}
main.yml
- hosts: localhost
  gather_facts: no
  connection: local
  tasks:
    - name: Wait for 5 sec
      shell: sleep 5
OS / ENVIRONMENT
Ansible Container, version 0.9.0.0
Linux, localhost.localdomain, 3.10.0-514.16.1.el7.x86_64, #1 SMP Wed Apr 12 15:04:24 UTC 2017, x86_64
2.7.5 (default, Nov  6 2016, 00:28:07)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-11)] /usr/bin/python2
{
  "ContainersPaused": 0,
  "Labels": null,
  "DefaultRuntime": "docker-runc",
  "CgroupDriver": "systemd",
  "ClusterAdvertise": "",
  "ContainersRunning": 0,
  "NGoroutines": 28,
  "Swarm": {
    "Managers": 0,
    "ControlAvailable": false,
    "NodeID": "",
    "Cluster": {
      "Spec": {
        "Raft": {},
        "CAConfig": {},
        "Dispatcher": {},
        "Orchestration": {},
        "TaskDefaults": {}
      },
      "Version": {},
      "ID": "",
      "CreatedAt": "0001-01-01T00:00:00Z",
      "UpdatedAt": "0001-01-01T00:00:00Z"
    },
    "Nodes": 0,
    "Error": "",
    "RemoteManagers": null,
    "LocalNodeState": "inactive",
    "NodeAddr": ""
  },
  "LoggingDriver": "journald",
  "OSType": "linux",
  "HttpProxy": "",
  "Runtimes": {
    "runc": {
      "path": "docker-runc"
    },
    "docker-runc": {
      "path": "/usr/libexec/docker/docker-runc-current"
    }
  },
  "DriverStatus": [
    [
      "Pool Name",
      "docker-253:1-25271556-pool"
    ],
    [
      "Pool Blocksize",
      "65.54 kB"
    ],
    [
      "Base Device Size",
      "10.74 GB"
    ],
    [
      "Backing Filesystem",
      "xfs"
    ],
    [
      "Data file",
      "/dev/loop0"
    ],
    [
      "Metadata file",
      "/dev/loop1"
    ],
    [
      "Data Space Used",
      "1.744 GB"
    ],
    [
      "Data Space Total",
      "107.4 GB"
    ],
    [
      "Data Space Available",
      "2.46 GB"
    ],
    [
      "Metadata Space Used",
      "2.933 MB"
    ],
    [
      "Metadata Space Total",
      "2.147 GB"
    ],
    [
      "Metadata Space Available",
      "2.145 GB"
    ],
    [
      "Thin Pool Minimum Free Space",
      "10.74 GB"
    ],
    [
      "Udev Sync Supported",
      "true"
    ],
    [
      "Deferred Removal Enabled",
      "false"
    ],
    [
      "Deferred Deletion Enabled",
      "false"
    ],
    [
      "Deferred Deleted Device Count",
      "0"
    ],
    [
      "Data loop file",
      "/var/lib/docker/devicemapper/devicemapper/data"
    ],
    [
      "Metadata loop file",
      "/var/lib/docker/devicemapper/devicemapper/metadata"
    ],
    [
      "Library Version",
      "1.02.135-RHEL7 (2016-11-16)"
    ]
  ],
  "OperatingSystem": "CentOS Linux 7 (Core)",
  "Containers": 2,
  "HttpsProxy": "",
  "BridgeNfIp6tables": true,
  "MemTotal": 1040871424,
  "Driver": "devicemapper",
  "IndexServerAddress": "https://index.docker.io/v1/",
  "ClusterStore": "",
  "ExecutionDriver": "",
  "Registries": [
    {
      "Name": "docker.io",
      "Secure": true
    }
  ],
  "SystemStatus": null,
  "OomKillDisable": true,
  "PkgVersion": "docker-common-1.12.6-11.el7.centos.x86_64",
  "SystemTime": "2017-04-20T22:37:48.439991054-04:00",
  "Name": "localhost.localdomain",
  "CPUSet": true,
  "RegistryConfig": {
    "InsecureRegistryCIDRs": [
      "127.0.0.0/8"
    ],
    "IndexConfigs": {
      "docker.io": {
        "Official": true,
        "Name": "docker.io",
        "Secure": true,
        "Mirrors": null
      }
    },
    "Mirrors": null
  },
  "SecurityOptions": [
    "seccomp",
    "selinux"
  ],
  "ContainersStopped": 2,
  "NCPU": 1,
  "NFd": 18,
  "Architecture": "x86_64",
  "KernelMemory": true,
  "CpuCfsQuota": true,
  "Debug": false,
  "IndexServerName": "docker.io",
  "ID": "HO7G:4ZR4:DJ4M:YYGQ:SI4P:PDB3:UY26:Y3EN:ODY7:H5TL:CG7V:SJRF",
  "IPv4Forwarding": true,
  "KernelVersion": "3.10.0-514.16.1.el7.x86_64",
  "BridgeNfIptables": true,
  "NoProxy": "",
  "LiveRestoreEnabled": false,
  "ServerVersion": "1.12.6",
  "CpuCfsPeriod": true,
  "ExperimentalBuild": false,
  "MemoryLimit": true,
  "SwapLimit": true,
  "Plugins": {
    "Volume": [
      "local"
    ],
    "Network": [
      "null",
      "host",
      "bridge",
      "overlay"
    ],
    "Authorization": null
  },
  "Images": 25,
  "DockerRootDir": "/var/lib/docker",
  "NEventsListener": 0,
  "CPUShares": true
}
{
  "KernelVersion": "3.10.0-514.16.1.el7.x86_64",
  "PkgVersion": "docker-common-1.12.6-11.el7.centos.x86_64",
  "Os": "linux",
  "BuildTime": "2017-03-07T09:23:34.785530776+00:00",
  "ApiVersion": "1.24",
  "Version": "1.12.6",
  "GitCommit": "96d83a5/1.12.6",
  "Arch": "amd64",
  "GoVersion": "go1.7.4"
}
SUMMARY

While trying to build an image from ansbile-container build command, the build fails saying there is an error "docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', error(13, 'Permission denied'))"

I also changes the permission of /var/run/docker.sock to 0777 also and tried but no luck.

STEPS TO REPRODUCE
[root@localhost buildimage]# ansible-container --debug build
2017-04-20T22:41:18.101628 The default type is            [container.config] caller_file=/usr/lib/python2.7/site-packages/container/config.py caller_func=_resolve_defaults caller_line=124 config=<class 'ruamel.yaml.comments.CommentedMap'> defaults=<type '_ordereddict.ordereddict'>
2017-04-20T22:41:18.102507 Getting environment variables... [container.config] caller_file=/usr/lib/python2.7/site-packages/container/config.py caller_func=_get_environment_variables caller_line=140
2017-04-20T22:41:18.103313 Read environment variables     [container.config] caller_file=/usr/lib/python2.7/site-packages/container/config.py caller_func=_get_environment_variables caller_line=145 env_vars={}
2017-04-20T22:41:18.103951 Resolved template variables    [container.config] caller_file=/usr/lib/python2.7/site-packages/container/config.py caller_func=_resolve_defaults caller_line=129 template_vars={}
2017-04-20T22:41:18.104539 Parsed config                  [container.config] caller_file=/usr/lib/python2.7/site-packages/container/config.py caller_func=set_env caller_line=110 config={"version": "2", "services": {"web": {"from": "docker.io/centos:7", "command": ["yum install -y nginx"], "entrypoint": ["nginx -g 'daemon off;'"], "ports": ["80:80"]}}, "registries": {}, "defaults": {}}
2017-04-20T22:41:18.105813 Loading engine capabilities    [container.utils.loader] caller_file=/usr/lib/python2.7/site-packages/container/utils/loader.py caller_func=load_engine caller_line=14 capabilities=['BUILD', 'RUN'] engine=docker
2017-04-20T22:41:18.196247 Could not find container for conductor [container.docker.engine] all_containers=[] caller_file=/usr/lib/python2.7/site-packages/container/docker/engine.py caller_func=get_container_id_for_service caller_line=351 container=u'buildimage_conductor'
2017-04-20T22:41:18.202496 Call: Engine.build_conductor_image [container.docker.engine] args=('/root/buildimage', 'centos:7') caller_file=/usr/lib/python2.7/site-packages/container/docker/engine.py caller_func=Engine.build_conductor_image caller_line=23 kwargs={'cache': True}
2017-04-20T22:41:18.205252 Using temporary directory      [container.utils.temp] caller_file=/usr/lib/python2.7/site-packages/container/utils/temp.py caller_func=__enter__ caller_line=17 path=/tmp/tmpjtS7R2
2017-04-20T22:41:18.205996 Building Docker Engine context... [container.docker.engine] caller_file=/usr/lib/python2.7/site-packages/container/docker/engine.py caller_func=build_conductor_image caller_line=611
2017-04-20T22:41:18.294885 Rendered Jinja Template:       [container.utils] body=FROM centos:7
ENV ANSIBLE_CONTAINER=1

RUN yum update -y && \
    yum install -y epel-release   && \
    yum install -y gcc git python-devel rsync libffi-devel openssl-devel && \
    yum clean all

ADD https://get.docker.com/builds/Linux/x86_64/docker-17.04.0-ce.tgz /tmp/docker.tgz

COPY /contrib/get-pip.py /get-pip.py
RUN python /get-pip.py && \
    mkdir -p /etc/ansible/roles /_ansible/src && \
    cd /usr/local/bin && \
    tar -xz --strip-components=1 -f /tmp/docker.tgz

# The COPY here will break cache if the version of conductor changed
COPY /container-src /_ansible/container
RUN cd /_ansible && \
    pip install -r container/conductor-build/conductor-requirements.txt && \
    PYTHONPATH=. LC_ALL="en_US.UTF-8" python container/conductor-build/setup.py develop -v && \
    ansible-galaxy install -p /etc/ansible/roles -r container/conductor-build/conductor-requirements.yml

# The COPY here will break cache if the requirements or ansible.cfg has changed
COPY /build-src /_ansible/build
RUN ( test -f /_ansible/build/ansible-requirements.txt && pip install --no-cache-dir -r /_ansible/build/ansible-requirements.txt || true ) && \
    ( test -f /_ansible/build/requirements.yml && ansible-galaxy install -p /etc/ansible/roles -r /_ansible/build/requirements.yml || true ) && \
    ( test -f /_ansible/build/ansible.cfg && cp /_ansible/build/ansible.cfg /etc/ansible/ansible.cfg || true)

VOLUME /usr

 caller_file=/usr/lib/python2.7/site-packages/container/utils/__init__.py caller_func=jinja_render_to_temp caller_line=76
2017-04-20T22:41:18.295944 Context manifest:              [container.docker.engine] caller_file=/usr/lib/python2.7/site-packages/container/docker/engine.py caller_func=build_conductor_image caller_line=667
2017-04-20T22:41:18.296120 tarball item: build-src/ansible.cfg (144 bytes) [container.docker.engine] bytes=144 file=build-src/ansible.cfg
2017-04-20T22:41:18.296251 tarball item: build-src/ansible-requirements.txt (141 bytes) [container.docker.engine] bytes=141 file=build-src/ansible-requirements.txt
2017-04-20T22:41:18.296376 tarball item: build-src/requirements.yml (297 bytes) [container.docker.engine] bytes=297 file=build-src/requirements.yml
2017-04-20T22:41:18.296497 tarball item: build-src/.touch (0 bytes) [container.docker.engine] bytes=0 file=build-src/.touch
2017-04-20T22:41:18.296616 tarball item: contrib/get-pip.py (1595409 bytes) [container.docker.engine] bytes=1595409 file=contrib/get-pip.py
2017-04-20T22:41:18.296736 tarball item: container-src (0 bytes) [container.docker.engine] bytes=0L file=container-src
2017-04-20T22:41:18.296853 tarball item: container-src/__init__.py (949 bytes) [container.docker.engine] bytes=949 file=container-src/__init__.py
2017-04-20T22:41:18.296969 tarball item: container-src/cli.py (19017 bytes) [container.docker.engine] bytes=19017 file=container-src/cli.py
2017-04-20T22:41:18.297084 tarball item: container-src/config.py (12751 bytes) [container.docker.engine] bytes=12751 file=container-src/config.py
2017-04-20T22:41:18.297199 tarball item: container-src/core.py (35686 bytes) [container.docker.engine] bytes=35686 file=container-src/core.py
2017-04-20T22:41:18.297317 tarball item: container-src/engine.py (6057 bytes) [container.docker.engine] bytes=6057 file=container-src/engine.py
2017-04-20T22:41:18.297534 tarball item: container-src/exceptions.py (1991 bytes) [container.docker.engine] bytes=1991 file=container-src/exceptions.py
2017-04-20T22:41:18.297656 tarball item: container-src/docker (0 bytes) [container.docker.engine] bytes=0L file=container-src/docker
2017-04-20T22:41:18.297773 tarball item: container-src/docker/__init__.py (205 bytes) [container.docker.engine] bytes=205 file=container-src/docker/__init__.py
2017-04-20T22:41:18.297891 tarball item: container-src/docker/deploy.py (248 bytes) [container.docker.engine] bytes=248 file=container-src/docker/deploy.py
2017-04-20T22:41:18.298005 tarball item: container-src/docker/engine.py (32737 bytes) [container.docker.engine] bytes=32737 file=container-src/docker/engine.py
2017-04-20T22:41:18.298121 tarball item: container-src/docker/importer.py (22882 bytes) [container.docker.engine] bytes=22882 file=container-src/docker/importer.py
2017-04-20T22:41:18.298235 tarball item: container-src/docker/files (0 bytes) [container.docker.engine] bytes=0L file=container-src/docker/files
2017-04-20T22:41:18.298350 tarball item: container-src/docker/files/conductor-requirements.txt (278 bytes) [container.docker.engine] bytes=278 file=container-src/docker/files/conductor-requirements.txt
2017-04-20T22:41:18.298466 tarball item: container-src/docker/files/conductor-requirements.yml (60 bytes) [container.docker.engine] bytes=60 file=container-src/docker/files/conductor-requirements.yml
2017-04-20T22:41:18.299447 tarball item: container-src/docker/files/get-pip.py (1595409 bytes) [container.docker.engine] bytes=1595409 file=container-src/docker/files/get-pip.py
2017-04-20T22:41:18.299805 tarball item: container-src/docker/files/setup.py (3325 bytes) [container.docker.engine] bytes=3325 file=container-src/docker/files/setup.py
2017-04-20T22:41:18.299970 tarball item: container-src/docker/files/get-pip.pyc (1593358 bytes) [container.docker.engine] bytes=1593358 file=container-src/docker/files/get-pip.pyc
2017-04-20T22:41:18.300151 tarball item: container-src/docker/files/setup.pyc (4223 bytes) [container.docker.engine] bytes=4223 file=container-src/docker/files/setup.pyc
2017-04-20T22:41:18.300280 tarball item: container-src/docker/templates (0 bytes) [container.docker.engine] bytes=0L file=container-src/docker/templates
2017-04-20T22:41:18.300459 tarball item: container-src/docker/templates/conductor-dockerfile.j2 (1902 bytes) [container.docker.engine] bytes=1902 file=container-src/docker/templates/conductor-dockerfile.j2
2017-04-20T22:41:18.300614 tarball item: container-src/docker/__init__.pyc (327 bytes) [container.docker.engine] bytes=327 file=container-src/docker/__init__.pyc
2017-04-20T22:41:18.300948 tarball item: container-src/docker/deploy.pyc (325 bytes) [container.docker.engine] bytes=325 file=container-src/docker/deploy.pyc
2017-04-20T22:41:18.301118 tarball item: container-src/docker/engine.pyc (28051 bytes) [container.docker.engine] bytes=28051 file=container-src/docker/engine.pyc
2017-04-20T22:41:18.301250 tarball item: container-src/docker/importer.pyc (19372 bytes) [container.docker.engine] bytes=19372 file=container-src/docker/importer.pyc
2017-04-20T22:41:18.301376 tarball item: container-src/k8s (0 bytes) [container.docker.engine] bytes=0L file=container-src/k8s
2017-04-20T22:41:18.301501 tarball item: container-src/k8s/__init__.py (196 bytes) [container.docker.engine] bytes=196 file=container-src/k8s/__init__.py
2017-04-20T22:41:18.301625 tarball item: container-src/k8s/base_deploy.py (27642 bytes) [container.docker.engine] bytes=27642 file=container-src/k8s/base_deploy.py
2017-04-20T22:41:18.301748 tarball item: container-src/k8s/base_engine.py (4983 bytes) [container.docker.engine] bytes=4983 file=container-src/k8s/base_engine.py
2017-04-20T22:41:18.301871 tarball item: container-src/k8s/deploy.py (1720 bytes) [container.docker.engine] bytes=1720 file=container-src/k8s/deploy.py
2017-04-20T22:41:18.301992 tarball item: container-src/k8s/engine.py (2389 bytes) [container.docker.engine] bytes=2389 file=container-src/k8s/engine.py
2017-04-20T22:41:18.302112 tarball item: container-src/k8s/__init__.pyc (324 bytes) [container.docker.engine] bytes=324 file=container-src/k8s/__init__.pyc
2017-04-20T22:41:18.302234 tarball item: container-src/k8s/base_deploy.pyc (19906 bytes) [container.docker.engine] bytes=19906 file=container-src/k8s/base_deploy.pyc
2017-04-20T22:41:18.302353 tarball item: container-src/k8s/base_engine.pyc (5427 bytes) [container.docker.engine] bytes=5427 file=container-src/k8s/base_engine.pyc
2017-04-20T22:41:18.302472 tarball item: container-src/k8s/deploy.pyc (1961 bytes) [container.docker.engine] bytes=1961 file=container-src/k8s/deploy.pyc
2017-04-20T22:41:18.302592 tarball item: container-src/k8s/engine.pyc (1893 bytes) [container.docker.engine] bytes=1893 file=container-src/k8s/engine.pyc
2017-04-20T22:41:18.302711 tarball item: container-src/openshift (0 bytes) [container.docker.engine] bytes=0L file=container-src/openshift
2017-04-20T22:41:18.302830 tarball item: container-src/openshift/__init__.py (196 bytes) [container.docker.engine] bytes=196 file=container-src/openshift/__init__.py
2017-04-20T22:41:18.302949 tarball item: container-src/openshift/deploy.py (6203 bytes) [container.docker.engine] bytes=6203 file=container-src/openshift/deploy.py
2017-04-20T22:41:18.303068 tarball item: container-src/openshift/engine.py (2151 bytes) [container.docker.engine] bytes=2151 file=container-src/openshift/engine.py
2017-04-20T22:41:18.303187 tarball item: container-src/openshift/__init__.pyc (330 bytes) [container.docker.engine] bytes=330 file=container-src/openshift/__init__.pyc
2017-04-20T22:41:18.303351 tarball item: container-src/openshift/deploy.pyc (5199 bytes) [container.docker.engine] bytes=5199 file=container-src/openshift/deploy.pyc
2017-04-20T22:41:18.303483 tarball item: container-src/openshift/engine.pyc (2606 bytes) [container.docker.engine] bytes=2606 file=container-src/openshift/engine.pyc
2017-04-20T22:41:18.303604 tarball item: container-src/utils (0 bytes) [container.docker.engine] bytes=0L file=container-src/utils
2017-04-20T22:41:18.303723 tarball item: container-src/utils/__init__.py (9585 bytes) [container.docker.engine] bytes=9585 file=container-src/utils/__init__.py
2017-04-20T22:41:18.303842 tarball item: container-src/utils/_text.py (12304 bytes) [container.docker.engine] bytes=12304 file=container-src/utils/_text.py
2017-04-20T22:41:18.304454 tarball item: container-src/utils/galaxy.py (8206 bytes) [container.docker.engine] bytes=8206 file=container-src/utils/galaxy.py
2017-04-20T22:41:18.305240 tarball item: container-src/utils/loader.py (906 bytes) [container.docker.engine] bytes=906 file=container-src/utils/loader.py
2017-04-20T22:41:18.305638 tarball item: container-src/utils/logmux.py (1313 bytes) [container.docker.engine] bytes=1313 file=container-src/utils/logmux.py
2017-04-20T22:41:18.305795 tarball item: container-src/utils/temp.py (698 bytes) [container.docker.engine] bytes=698 file=container-src/utils/temp.py
2017-04-20T22:41:18.305923 tarball item: container-src/utils/visibility.py (3329 bytes) [container.docker.engine] bytes=3329 file=container-src/utils/visibility.py
2017-04-20T22:41:18.306048 tarball item: container-src/utils/__init__.pyc (10874 bytes) [container.docker.engine] bytes=10874 file=container-src/utils/__init__.pyc
2017-04-20T22:41:18.306171 tarball item: container-src/utils/_text.pyc (8796 bytes) [container.docker.engine] bytes=8796 file=container-src/utils/_text.pyc
2017-04-20T22:41:18.306292 tarball item: container-src/utils/galaxy.pyc (7838 bytes) [container.docker.engine] bytes=7838 file=container-src/utils/galaxy.pyc
2017-04-20T22:41:18.306412 tarball item: container-src/utils/loader.pyc (1170 bytes) [container.docker.engine] bytes=1170 file=container-src/utils/loader.pyc
2017-04-20T22:41:18.306530 tarball item: container-src/utils/logmux.pyc (2559 bytes) [container.docker.engine] bytes=2559 file=container-src/utils/logmux.pyc
2017-04-20T22:41:18.306647 tarball item: container-src/utils/temp.pyc (1358 bytes) [container.docker.engine] bytes=1358 file=container-src/utils/temp.pyc
2017-04-20T22:41:18.306764 tarball item: container-src/utils/visibility.pyc (4148 bytes) [container.docker.engine] bytes=4148 file=container-src/utils/visibility.pyc
2017-04-20T22:41:18.306881 tarball item: container-src/templates (0 bytes) [container.docker.engine] bytes=0L file=container-src/templates
2017-04-20T22:41:18.306999 tarball item: container-src/templates/ansible-container-inventory.py (1230 bytes) [container.docker.engine] bytes=1230 file=container-src/templates/ansible-container-inventory.py
2017-04-20T22:41:18.307158 tarball item: container-src/templates/ansible-dockerfile.j2 (1194 bytes) [container.docker.engine] bytes=1194 file=container-src/templates/ansible-dockerfile.j2
2017-04-20T22:41:18.307283 tarball item: container-src/templates/ansible.cfg (41 bytes) [container.docker.engine] bytes=41 file=container-src/templates/ansible.cfg
2017-04-20T22:41:18.307401 tarball item: container-src/templates/build-docker-compose.j2.yml (1635 bytes) [container.docker.engine] bytes=1635 file=container-src/templates/build-docker-compose.j2.yml
2017-04-20T22:41:18.307531 tarball item: container-src/templates/builder.sh (620 bytes) [container.docker.engine] bytes=620 file=container-src/templates/builder.sh
2017-04-20T22:41:18.307648 tarball item: container-src/templates/compose_versioned.j2.yml (237 bytes) [container.docker.engine] bytes=237 file=container-src/templates/compose_versioned.j2.yml
2017-04-20T22:41:18.307766 tarball item: container-src/templates/hosts.j2 (90 bytes) [container.docker.engine] bytes=90 file=container-src/templates/hosts.j2
2017-04-20T22:41:18.307904 tarball item: container-src/templates/install-docker-compose.j2.yml (712 bytes) [container.docker.engine] bytes=712 file=container-src/templates/install-docker-compose.j2.yml
2017-04-20T22:41:18.308022 tarball item: container-src/templates/listhosts-docker-compose.j2.yml (1640 bytes) [container.docker.engine] bytes=1640 file=container-src/templates/listhosts-docker-compose.j2.yml
2017-04-20T22:41:18.308141 tarball item: container-src/templates/restart-docker-compose.j2.yml (75 bytes) [container.docker.engine] bytes=75 file=container-src/templates/restart-docker-compose.j2.yml
2017-04-20T22:41:18.308256 tarball item: container-src/templates/run-docker-compose.j2.yml (75 bytes) [container.docker.engine] bytes=75 file=container-src/templates/run-docker-compose.j2.yml
2017-04-20T22:41:18.308410 tarball item: container-src/templates/stop-docker-compose.j2.yml (75 bytes) [container.docker.engine] bytes=75 file=container-src/templates/stop-docker-compose.j2.yml
2017-04-20T22:41:18.308950 tarball item: container-src/templates/wait_on_host.py (2365 bytes) [container.docker.engine] bytes=2365 file=container-src/templates/wait_on_host.py
2017-04-20T22:41:18.309628 tarball item: container-src/templates/init (0 bytes) [container.docker.engine] bytes=0L file=container-src/templates/init
2017-04-20T22:41:18.309816 tarball item: container-src/templates/init/ansible-requirements.j2.txt (130 bytes) [container.docker.engine] bytes=130 file=container-src/templates/init/ansible-requirements.j2.txt
2017-04-20T22:41:18.309952 tarball item: container-src/templates/init/ansible.j2.cfg (145 bytes) [container.docker.engine] bytes=145 file=container-src/templates/init/ansible.j2.cfg
2017-04-20T22:41:18.310114 tarball item: container-src/templates/init/container.j2.yml (2026 bytes) [container.docker.engine] bytes=2026 file=container-src/templates/init/container.j2.yml
2017-04-20T22:41:18.310241 tarball item: container-src/templates/init/meta.j2.yml (1231 bytes) [container.docker.engine] bytes=1231 file=container-src/templates/init/meta.j2.yml
2017-04-20T22:41:18.310362 tarball item: container-src/templates/init/requirements.j2.yml (298 bytes) [container.docker.engine] bytes=298 file=container-src/templates/init/requirements.j2.yml
2017-04-20T22:41:18.310482 tarball item: container-src/templates/role (0 bytes) [container.docker.engine] bytes=0L file=container-src/templates/role
2017-04-20T22:41:18.310666 tarball item: container-src/templates/role/.travis.j2.yml (540 bytes) [container.docker.engine] bytes=540 file=container-src/templates/role/.travis.j2.yml
2017-04-20T22:41:18.310796 tarball item: container-src/templates/role/README.j2.md (1287 bytes) [container.docker.engine] bytes=1287 file=container-src/templates/role/README.j2.md
2017-04-20T22:41:18.310915 tarball item: container-src/templates/role/defaults (0 bytes) [container.docker.engine] bytes=0L file=container-src/templates/role/defaults
2017-04-20T22:41:18.311033 tarball item: container-src/templates/role/defaults/main.j2.yml (55 bytes) [container.docker.engine] bytes=55 file=container-src/templates/role/defaults/main.j2.yml
2017-04-20T22:41:18.311177 tarball item: container-src/templates/role/meta (0 bytes) [container.docker.engine] bytes=0L file=container-src/templates/role/meta
2017-04-20T22:41:18.311303 tarball item: container-src/templates/role/meta/main.j2.yml (3220 bytes) [container.docker.engine] bytes=3220 file=container-src/templates/role/meta/main.j2.yml
2017-04-20T22:41:18.311421 tarball item: container-src/templates/role/test (0 bytes) [container.docker.engine] bytes=0L file=container-src/templates/role/test
2017-04-20T22:41:18.311538 tarball item: container-src/templates/role/test/test.j2.yml (81 bytes) [container.docker.engine] bytes=81 file=container-src/templates/role/test/test.j2.yml
2017-04-20T22:41:18.311654 tarball item: container-src/templates/ansible-container-inventory.pyc (2032 bytes) [container.docker.engine] bytes=2032 file=container-src/templates/ansible-container-inventory.pyc
2017-04-20T22:41:18.311786 tarball item: container-src/templates/wait_on_host.pyc (2483 bytes) [container.docker.engine] bytes=2483 file=container-src/templates/wait_on_host.pyc
2017-04-20T22:41:18.311908 tarball item: container-src/__init__.pyc (1393 bytes) [container.docker.engine] bytes=1393 file=container-src/__init__.pyc
2017-04-20T22:41:18.312024 tarball item: container-src/cli.pyc (15297 bytes) [container.docker.engine] bytes=15297 file=container-src/cli.pyc
2017-04-20T22:41:18.312140 tarball item: container-src/config.pyc (11929 bytes) [container.docker.engine] bytes=11929 file=container-src/config.pyc
2017-04-20T22:41:18.312254 tarball item: container-src/core.pyc (26062 bytes) [container.docker.engine] bytes=26062 file=container-src/core.pyc
2017-04-20T22:41:18.312408 tarball item: container-src/engine.pyc (9617 bytes) [container.docker.engine] bytes=9617 file=container-src/engine.pyc
2017-04-20T22:41:18.312526 tarball item: container-src/exceptions.pyc (5225 bytes) [container.docker.engine] bytes=5225 file=container-src/exceptions.pyc
2017-04-20T22:41:18.312641 tarball item: container-src/conductor-build/setup.py (3325 bytes) [container.docker.engine] bytes=3325 file=container-src/conductor-build/setup.py
2017-04-20T22:41:18.312756 tarball item: container-src/conductor-build/conductor-requirements.txt (278 bytes) [container.docker.engine] bytes=278 file=container-src/conductor-build/conductor-requirements.txt
2017-04-20T22:41:18.312886 tarball item: container-src/conductor-build/conductor-requirements.yml (60 bytes) [container.docker.engine] bytes=60 file=container-src/conductor-build/conductor-requirements.yml
2017-04-20T22:41:18.313706 tarball item: Dockerfile (1418 bytes) [container.docker.engine] bytes=1418 file=Dockerfile
2017-04-20T22:41:18.314812 Starting Docker build of Ansible Container Conductor image (please be patient)... [container.docker.engine] caller_file=/usr/lib/python2.7/site-packages/container/docker/engine.py caller_func=build_conductor_image caller_line=675
Step 1 : FROM centos:7
 ---> a8493f5f50ff
Step 2 : ENV ANSIBLE_CONTAINER 1
 ---> Using cache
 ---> 7b5efeb562b1
Step 3 : RUN yum update -y &&     yum install -y epel-release   &&     yum install -y gcc git python-devel rsync libffi-devel openssl-devel &&     yum clean all
 ---> Using cache
 ---> 8bcc7a6c4529
Step 4 : ADD https://get.docker.com/builds/Linux/x86_64/docker-17.04.0-ce.tgz /tmp/docker.tgz

 ---> Using cache
 ---> 6114eb422108
Step 5 : COPY /contrib/get-pip.py /get-pip.py
 ---> Using cache
 ---> c7d328c0d341
Step 6 : RUN python /get-pip.py &&     mkdir -p /etc/ansible/roles /_ansible/src &&     cd /usr/local/bin &&     tar -xz --strip-components=1 -f /tmp/docker.tgz
 ---> Using cache
 ---> d94056202ec2
Step 7 : COPY /container-src /_ansible/container
 ---> Using cache
 ---> 573ac194288a
Step 8 : RUN cd /_ansible &&     pip install -r container/conductor-build/conductor-requirements.txt &&     PYTHONPATH=. LC_ALL="en_US.UTF-8" python container/conductor-build/setup.py develop -v &&     ansible-galaxy install -p /etc/ansible/roles -r container/conductor-build/conductor-requirements.yml
 ---> Using cache
 ---> 6a9b7cd1c941
Step 9 : COPY /build-src /_ansible/build
 ---> Using cache
 ---> 84bbda4a2998
Step 10 : RUN ( test -f /_ansible/build/ansible-requirements.txt && pip install --no-cache-dir -r /_ansible/build/ansible-requirements.txt || true ) &&     ( test -f /_ansible/build/requirements.yml && ansible-galaxy install -p /etc/ansible/roles -r /_ansible/build/requirements.yml || true ) &&     ( test -f /_ansible/build/ansible.cfg && cp /_ansible/build/ansible.cfg /etc/ansible/ansible.cfg || true)
 ---> Using cache
 ---> dd6de839e5b0
Step 11 : VOLUME /usr
 ---> Using cache
 ---> 59fe9bc1bee1
Successfully built 59fe9bc1bee1
2017-04-20T22:41:36.883676 Cleaning up temporary directory [container.utils.temp] caller_file=/usr/lib/python2.7/site-packages/container/utils/temp.py caller_func=__exit__ caller_line=22 path=/tmp/tmpjtS7R2
2017-04-20T22:41:36.885270 Config settings                [container.core] caller_file=/usr/lib/python2.7/site-packages/container/core.py caller_func=hostcmd_build caller_line=154 config=<container.config.AnsibleContainerConfig object at 0x207b690> rawsettings=None settings={} tconf=<class 'container.config.AnsibleContainerConfig'>
2017-04-20T22:41:36.886172 Call: Engine.run_conductor     [container.docker.engine] args=('build', {'services': ordereddict([('web', ordereddict([('from', 'docker.io/centos:7'), ('command', ['yum install -y nginx']), ('entrypoint', ["nginx -g 'daemon off;'"]), ('ports', ['80:80'])]))]), 'version': '2', 'defaults': ordereddict([]), 'registries': ordereddict([])}, '/root/buildimage', {'with_volumes': [], 'python_interpreter': None, 'roles_path': None, 'with_variables': [], 'selinux': True, 'purge_last': True, 'subcommand': 'build', 'devel': False, 'cache': True, 'ansible_options': u'', 'flatten': False, 'debug': True, 'services_to_build': None, 'save_conductor_container': False}) caller_file=/usr/lib/python2.7/site-packages/container/docker/engine.py caller_func=Engine.run_conductor caller_line=23 kwargs={}
2017-04-20T22:41:36.889537 Docker run:                    [container.docker.engine] caller_file=/usr/lib/python2.7/site-packages/container/docker/engine.py caller_func=run_conductor caller_line=266 image=u'sha256:59fe9bc1bee127a88d0ccb9d291c30ca6d945bdc24cd3d761a04ec6fdcf3e70c' params={'name': u'buildimage_conductor', 'cap_add': ['SYS_ADMIN'], 'environment': {'DOCKER_HOST': 'unix:///var/run/docker.sock', 'ANSIBLE_ROLES_PATH': '/src/roles:/etc/ansible/roles'}, 'working_dir': '/src', 'command': ['conductor', 'build', '--project-name', 'buildimage', '--engine', 'docker', '--params', u'eyJ3aXRoX3ZvbHVtZXMiOiBbXSwgInB5dGhvbl9pbnRlcnByZXRlciI6IG51bGwsICJyb2xlc19wYXRoIjogbnVsbCwgIndpdGhfdmFyaWFibGVzIjogW10sICJzZWxpbnV4IjogdHJ1ZSwgInB1cmdlX2xhc3QiOiB0cnVlLCAic3ViY29tbWFuZCI6ICJidWlsZCIsICJkZXZlbCI6IGZhbHNlLCAiY2FjaGUiOiB0cnVlLCAiYW5zaWJsZV9vcHRpb25zIjogIiIsICJmbGF0dGVuIjogZmFsc2UsICJkZWJ1ZyI6IHRydWUsICJzZXJ2aWNlc190b19idWlsZCI6IG51bGwsICJzYXZlX2NvbmR1Y3Rvcl9jb250YWluZXIiOiBmYWxzZX0=', '--config', u'eyJzZXJ2aWNlcyI6IHsid2ViIjogeyJmcm9tIjogImRvY2tlci5pby9jZW50b3M6NyIsICJjb21tYW5kIjogWyJ5dW0gaW5zdGFsbCAteSBuZ2lueCJdLCAiZW50cnlwb2ludCI6IFsibmdpbnggLWcgJ2RhZW1vbiBvZmY7JyJdLCAicG9ydHMiOiBbIjgwOjgwIl19fSwgInNldHRpbmdzIjogeyJwd2QiOiAiL3Jvb3QvYnVpbGRpbWFnZSJ9LCAidmVyc2lvbiI6ICIyIiwgImRlZmF1bHRzIjoge30sICJyZWdpc3RyaWVzIjoge319', '--encoding', 'b64json'], 'user': 'root', 'volumes': {'/root/buildimage': {'bind': '/src', 'mode': 'ro'}, '/var/run/docker.sock': {'bind': '/var/run/docker.sock', 'mode': 'rw'}}, 'detach': True}
Parsing conductor CLI args.
2017-04-21T02:41:46.255731 Processing defaults section... [container.config] caller_file=/_ansible/container/config.py caller_func=_process_defaults caller_line=248
2017-04-21T02:41:46.257642 Processing section...          [container.config] caller_file=/_ansible/container/config.py caller_func=_process_top_level_sections caller_line=257 section=volumes
2017-04-21T02:41:46.259465 Processing section...          [container.config] caller_file=/_ansible/container/config.py caller_func=_process_top_level_sections caller_line=257 section=registries
2017-04-21T02:41:46.261130 Processing service...          [container.config] caller_file=/_ansible/container/config.py caller_func=_process_services caller_line=266 service=u'web'
2017-04-21T02:41:46.264308 Rendering service keys from defaults [container.config] caller_file=/_ansible/container/config.py caller_func=_process_services caller_line=292 defaults={} service=u'web'
2017-04-21T02:41:46.268388 Starting Ansible Container Conductor: build [container.cli] caller_file=/_ansible/container/cli.py caller_func=conductor_commandline caller_line=344 services={"web": {"command": ["yum install -y nginx"], "entrypoint": ["nginx -g 'daemon off;'"], "from": "docker.io/centos:7", "ports": ["80:80"], "defaults": {}}}
2017-04-21T02:41:46.277913 Loading engine capabilities    [container.utils.loader] caller_file=/_ansible/container/utils/loader.py caller_func=load_engine caller_line=14 capabilities=['BUILD'] engine=docker
2017-04-21T02:41:46.338845 2017-04-21T02:41:46.338845 Docker™ daemon integration engine loaded. Build starting. [container.core] caller_file=/_ansible/container/core.py caller_func=conductorcmd_build caller_line=606 project=buildimage
2017-04-21T02:41:46.341323 Building service...            [container.core] caller_file=/_ansible/container/core.py caller_func=conductorcmd_build caller_line=613 project=buildimage service=u'web'
Traceback (most recent call last):
  File "/usr/bin/conductor", line 11, in <module>
    load_entry_point('ansible-container', 'console_scripts', 'conductor')()
  File "/_ansible/container/__init__.py", line 19, in __wrapped__
    return fn(*args, **kwargs)
  File "/_ansible/container/cli.py", line 351, in conductor_commandline
    **params)
  File "/_ansible/container/__init__.py", line 19, in __wrapped__
    return fn(*args, **kwargs)
  File "/_ansible/container/core.py", line 614, in conductorcmd_build
    cur_image_id = engine.get_image_id_by_tag(service['from'])
  File "/_ansible/container/docker/engine.py", line 369, in get_image_id_by_tag
    image = self.client.images.get(tag)
  File "/_ansible/container/docker/engine.py", line 121, in client
    self._client = docker.from_env(version='auto')
  File "/usr/lib/python2.7/site-packages/docker/client.py", line 79, in from_env
    **kwargs_from_env(**kwargs))
  File "/usr/lib/python2.7/site-packages/docker/client.py", line 36, in __init__
    self.api = APIClient(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/docker/api/client.py", line 141, in __init__
    self._version = self._retrieve_server_version()
  File "/usr/lib/python2.7/site-packages/docker/api/client.py", line 168, in _retrieve_server_version
    'Error while fetching server API version: {0}'.format(e)
docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', error(13, 'Permission denied'))
2017-04-20T22:41:46.584259 Conductor terminated. Cleaning up. [container.docker.engine] caller_file=/usr/lib/python2.7/site-packages/container/docker/engine.py caller_func=await_conductor_command caller_line=293 command_rc=1 conductor_id=u'fee6baef18044d2c0600992f3c218c585969f2ae7da8653fb10bed5ecef79774' save_container=False
2017-04-20T22:41:47.775433 Conductor exited with status 1 [container.cli] caller_file=/usr/lib/python2.7/site-packages/container/cli.py caller_func=__call__ caller_line=271
chouseknecht commented 7 years ago

@saitejamc

Thank you for trying Ansible Container, and for taking the time to open an issue. We appreciate your feedback!

It appears you may have SELinux enabled. I see it listed in the security options. It may be that we need to add the 'Z' permission to docker/engine.py, where we mount /var/run/docker.sock into the conductor.

I'll experiment with that today, and see if I can reproduce what you're seeing. In the meantime, you might try temporarily removing the selinux option from the Docker daemon options, and disabling SELinux on your system, just to see if it makes the problem go away. Not a permanent fix, of course. It would just tell us if that's the culprit.

saitejamc commented 7 years ago

@chouseknecht You just hit the nail on the head!

I disabled selinux on the machine and ran the ansible-container build command and it worked!!

chouseknecht commented 7 years ago

@saitejamc

I've tried reproducing this with Fedora 25, using vagrant. With the latest docker (docker-ce), selinux enabled in the OS, and on the Docker daemon, it doesn't break.

I am, however, having difficulty getting docker 1.12.6 to install. For some reason cryptography fails with a gcc related error.

Will try again with Centos.

chouseknecht commented 7 years ago

@ryansb, please attempt to reproduce this. I failed trying on Fedora 25. I think this just needs a good set of sysadmin eyes.

wbrefvem commented 7 years ago

+1. Error goes away with selinux disabled.

Here's my env:

(.venv) [wrefvem@localhost django-template]$ docker --version
Docker version 1.12.6, build ae7d637/1.12.6
(.venv) [wrefvem@localhost django-template]$ cat /etc/fedora-release 
Fedora release 25 (Twenty Five)

EDIT: I get the same error running ansible-container run with ansible.django-template. EDIT2: debug output:

2017-05-03T15:27:35.511649 Verifying service image        
[container.docker.engine] 
caller_file=/_ansible/container/docker/engine.py 
caller_func=containers_built_for_services 
caller_line=420 
service=u'nginx'

So it's happening during verification of the nginx image.

dminca commented 7 years ago

@chouseknecht you need to install some dependencies via yum for that to work

yum install gcc openssl-devel libffi-devel python-devel

Found it here.