push command doesn't support --src-mount-path

[treyd]

ISSUE TYPE

• Bug Report

container.yml

version: "2"

settings:
  conductor:
    base: alpine:latest

  project_name: my-ac-project

services:
  mycontainer:
    from: alpine:3.7
    roles:
      - roleA
      - roleB
    command: ["/usr/local/bin/start.sh"]

registries:
  myregistry:
    url: https://registry.myorg.com
    repository_prefix: ""

OS / ENVIRONMENT

Ansible Container, version 0.9.2
Linux, runner-30c30817-project-13-concurrent-0, 3.10.0-693.el7.x86_64, #1 SMP Tue Aug 22 21:09:27 UTC 2017, x86_64
2.7.14 (default, Dec 14 2017, 15:51:29) 
[GCC 6.4.0] /usr/bin/python2
{
  "ContainersPaused": 0, 
  "Labels": [], 
  "CgroupDriver": "cgroupfs", 
  "ContainersRunning": 1, 
  "ContainerdCommit": {
    "Expected": "cfd04396dc68220d1cecbe686a6cc3aa5ce3667c", 
    "ID": "cfd04396dc68220d1cecbe686a6cc3aa5ce3667c"
  }, 
  "InitBinary": "docker-init", 
  "NGoroutines": 48, 
  "Swarm": {
    "ControlAvailable": false, 
    "NodeID": "", 
    "Error": "", 
    "RemoteManagers": null, 
    "LocalNodeState": "inactive", 
    "NodeAddr": ""
  }, 
  "LoggingDriver": "json-file", 
  "OSType": "linux", 
  "HttpProxy": "", 
  "Runtimes": {
    "runc": {
      "path": "docker-runc"
    }
  }, 
  "DriverStatus": [
    [
      "Pool Name", 
      "docker-253:0-17093855-pool"
    ], 
    [
      "Pool Blocksize", 
      "65.54kB"
    ], 
    [
      "Base Device Size", 
      "10.74GB"
    ], 
    [
      "Backing Filesystem", 
      "xfs"
    ], 
    [
      "Udev Sync Supported", 
      "true"
    ], 
    [
      "Data file", 
      "/dev/loop0"
    ], 
    [
      "Metadata file", 
      "/dev/loop1"
    ], 
    [
      "Data loop file", 
      "/var/lib/docker/devicemapper/devicemapper/data"
    ], 
    [
      "Metadata loop file", 
      "/var/lib/docker/devicemapper/devicemapper/metadata"
    ], 
    [
      "Data Space Used", 
      "5.433GB"
    ], 
    [
      "Data Space Total", 
      "107.4GB"
    ], 
    [
      "Data Space Available", 
      "21.24GB"
    ], 
    [
      "Metadata Space Used", 
      "10.89MB"
    ], 
    [
      "Metadata Space Total", 
      "2.147GB"
    ], 
    [
      "Metadata Space Available", 
      "2.137GB"
    ], 
    [
      "Thin Pool Minimum Free Space", 
      "10.74GB"
    ], 
    [
      "Deferred Removal Enabled", 
      "true"
    ], 
    [
      "Deferred Deletion Enabled", 
      "true"
    ], 
    [
      "Deferred Deleted Device Count", 
      "0"
    ], 
    [
      "Library Version", 
      "1.02.140-RHEL7 (2017-05-03)"
    ]
  ], 
  "OperatingSystem": "CentOS Linux 7 (Core)", 
  "Containers": 31, 
  "HttpsProxy": "", 
  "BridgeNfIp6tables": true, 
  "MemTotal": 3974561792, 
  "SecurityOptions": [
    "name=seccomp,profile=default"
  ], 
  "Driver": "devicemapper", 
  "IndexServerAddress": "https://index.docker.io/v1/", 
  "ClusterStore": "", 
  "InitCommit": {
    "Expected": "949e6fa", 
    "ID": "949e6fa"
  }, 
  "GenericResources": null, 
  "Isolation": "", 
  "SystemStatus": null, 
  "OomKillDisable": true, 
  "ClusterAdvertise": "", 
  "SystemTime": "2018-04-07T16:49:10.89834575-04:00", 
  "Name": "sac-glr01.swiftstack.org", 
  "CPUSet": true, 
  "RegistryConfig": {
    "AllowNondistributableArtifactsCIDRs": [], 
    "Mirrors": [], 
    "IndexConfigs": {
      "docker.io": {
        "Official": true, 
        "Name": "docker.io", 
        "Secure": true, 
        "Mirrors": []
      }
    }, 
    "AllowNondistributableArtifactsHostnames": [], 
    "InsecureRegistryCIDRs": [
      "127.0.0.0/8"
    ]
  }, 
  "DefaultRuntime": "runc", 
  "ContainersStopped": 30, 
  "NCPU": 4, 
  "NFd": 30, 
  "Architecture": "x86_64", 
  "KernelMemory": true, 
  "CpuCfsQuota": true, 
  "Debug": false, 
  "ID": "SPBH:26KX:ODB2:X7WD:RRSE:S527:MHUI:XBPV:B4AE:ZC5W:EVUJ:LBK6", 
  "IPv4Forwarding": true, 
  "KernelVersion": "3.10.0-693.el7.x86_64", 
  "BridgeNfIptables": true, 
  "NoProxy": "", 
  "LiveRestoreEnabled": false, 
  "ServerVersion": "18.03.0-ce", 
  "CpuCfsPeriod": true, 
  "ExperimentalBuild": false, 
  "MemoryLimit": true, 
  "SwapLimit": true, 
  "Plugins": {
    "Volume": [
      "local"
    ], 
    "Network": [
      "bridge", 
      "host", 
      "macvlan", 
      "null", 
      "overlay"
    ], 
    "Authorization": null, 
    "Log": [
      "awslogs", 
      "fluentd", 
      "gcplogs", 
      "gelf", 
      "journald", 
      "json-file", 
      "logentries", 
      "splunk", 
      "syslog"
    ]
  }, 
  "Images": 46, 
  "DockerRootDir": "/var/lib/docker", 
  "NEventsListener": 0, 
  "CPUShares": true, 
  "RuncCommit": {
    "Expected": "4fc53a81fb7c994640722ac585fa9ca548971871", 
    "ID": "4fc53a81fb7c994640722ac585fa9ca548971871"
  }
}
{
  "KernelVersion": "3.10.0-693.el7.x86_64", 
  "Components": [
    {
      "Version": "18.03.0-ce", 
      "Name": "Engine", 
      "Details": {
        "KernelVersion": "3.10.0-693.el7.x86_64", 
        "Os": "linux", 
        "BuildTime": "2018-03-21T23:13:03.000000000+00:00", 
        "ApiVersion": "1.37", 
        "MinAPIVersion": "1.12", 
        "GitCommit": "0520e24", 
        "Arch": "amd64", 
        "Experimental": "false", 
        "GoVersion": "go1.9.4"
      }
    }
  ], 
  "Arch": "amd64", 
  "BuildTime": "2018-03-21T23:13:03.000000000+00:00", 
  "ApiVersion": "1.37", 
  "Platform": {
    "Name": ""
  }, 
  "Version": "18.03.0-ce", 
  "MinAPIVersion": "1.12", 
  "GitCommit": "0520e24", 
  "Os": "linux", 
  "GoVersion": "go1.9.4"
}

SUMMARY

When trying to build and push my container project to my registry, and using a dockerized CI/CI container that runs ansible-container (Gitlab CI), I am using named volumes to mount the ansible-container config (container.yml and the roles directory). My build system will launch a container with a named volume (ansible-container-build-source) attached and mounted to a directory (and will have docker.sock bind mounted from the host as well), check out the source code, copy the code to that directory, install ansible-container and then run the command ansible-container build --src-mount-path ansible-container-build-source. This seems to work as --src-mount-path will interpret this properly as a named container and mount the ansible-container-build-source volume to /src inside the conductor, which will let it find the roles and continue the build. Without mounting this volume, ansible will not be able to find the roles dir as it attempts to bind-mount the working directory, which, in the docker-in-docker case, will try to bind mount a directory on the host instead of a directory in the container.

However, in the next build step, when I try to perform an ansible-container push --push-to myregistry it will fail with an error saying it cannot find the roles. If I try to include the --src-mount-path directory, it will error as that is not a valid option for push.

I've tried to use the --with volume option but this apparently cannot mount named volumes (it treats the first string in the src:dest:mode format as a path always, which it can also refer to a named volume). This might be another bug.

STEPS TO REPRODUCE

1. Create a named volume on host system with docker volume ansible-container-build-src
2. Launch a new container which maps the above volume to /buildsrc
3. Install ansible-container in this container and check out your source code 
4. Copy your source code to /buildsrc
5. Run ansible-container build --src-mount-path ansible-container-build-src
6. Run ansible-container push --push-to myregistry (will fail on not able to find roles)
7. Run ansible-container push --src-mount-path ansible-container-build-src --push-to myregistry (will fail on invalid option)

EXPECTED RESULTS

Either ansible-container push to work on its own (not sure why a push command needs to re-read the roles when they were used only in build) or for it to also respect the --src-mount-path flag if it does need access to the src and roles dir.

ACTUAL RESULTS

See above repro steps for unexpected results

[marcusianlevine]

Thanks for the report @treyd, quick fix is to allow this option for push. I'll open a PR momentarily.

[treyd]

makes sense, thanks @marcusianlevine . Any idea why push needs access to the roles? Or is that just the default conductor container behavior?

[marcusianlevine]

I believe push needs access to the roles in order to ensure that there are fully baked images available to be pushed, and deploy also needs to transpile container.yml (including meta/container.yml for roles) into docker-compose.yml for injection into the generated playbook.