search

ansible / awx

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.
Other
13.96k stars 3.41k forks source link

invalid permissions on postgres pod #15221

Open Akasurde opened 4 months ago

Akasurde commented 4 months ago

Summary

While attempting to install on k8s helm install -n ansible-awx --create-namespace awx-operator awx-operator/awx-operator --version 2.16.1 with this manifest 

---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
  name: ansible-awx
  namespace: ansible-awx
spec:
  image:  ansible/awx
  image_version: 24.3.1
  image_pull_policy: Always
  projects_persistence: true

there is persistent error on Postgres pod 

➜  k get pods -n ansible-awx
NAME                                               READY   STATUS             RESTARTS          AGE
ansible-awx-postgres-15-0                          0/1     CrashLoopBackOff   492 (3m23s ago)   41h
awx-operator-controller-manager-666c5cd5bb-2xm4m   2/2     Running            0                 42h
➜  k logs ansible-awx-postgres-15-0 -n ansible-awx
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

fixing permissions on existing directory /var/lib/pgsql/data/userdata ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 20
selecting default shared_buffers ... 400kB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
2024-05-23 02:37:36.659 UTC [71] FATAL:  data directory "/var/lib/pgsql/data/userdata" has invalid permissions
2024-05-23 02:37:36.659 UTC [71] DETAIL:  Permissions should be u=rwx (0700) or u=rwx,g=rx (0750).
child process exited with exit code 1
initdb: removing contents of data directory "/var/lib/pgsql/data/userdata"
running bootstrap script ... %

regardless of which version of awx/ansible I choose there are always issues with permission

tested with k8s version v1.25.7 & v1.26.3+k0s

Issue Type

Bug Report

Component Name

user

Ansible Version

$ ansible --version
image_version: 24.3.1

Configuration

# if using a version older than ansible-core 2.12 you should omit the '-t all'
$ ansible-config dump --only-changed -t all
NA

OS / Environment

k8s

Steps to Reproduce

helm install -n ansible-awx --create-namespace awx-operator awx-operator/awx-operator --version 2.16.1

Expected Results

I expected to see all pods running

Actual Results

fixing permissions on existing directory /var/lib/pgsql/data/userdata ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 20
selecting default shared_buffers ... 400kB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
2024-05-23 02:37:36.659 UTC [71] FATAL:  data directory "/var/lib/pgsql/data/userdata" has invalid permissions
2024-05-23 02:37:36.659 UTC [71] DETAIL:  Permissions should be u=rwx (0700) or u=rwx,g=rx (0750).
child process exited with exit code 1
initdb: removing contents of data directory "/var/lib/pgsql/data/userdata"
running bootstrap script ... %

Code of Conduct

Akasurde commented 4 months ago

cc @darioneto

Akasurde commented 4 months ago

Here are the specific details of the error:

2024-05-23 02:37:36.659 UTC [71] FATAL: data directory "/var/lib/pgsql/data/userdata" has invalid permissions 2024-05-23 02:37:36.659 UTC [71] DETAIL: Permissions should be u=rwx (0700) or u=rwx,g=rx (0750). child process exited with exit code 1 initdb: removing contents of data directory "/var/lib/pgsql/data/userdata"

Could you please provide guidance on how to resolve the permission issues on the /var/lib/pgsql/data/userdata directory? Is there a specific configuration or workaround that I need to apply to ensure the Postgres pod initializes correctly?

Akasurde commented 4 months ago

Issue is migrated from Ansible/ansible repo to here, please ping @darioneto if you require more information. Thanks,

darioneto commented 4 months ago

I've found way around it with other approach and installing external postgres , but now I face another issue now trying to install the dedicated modules https://docs.ansible.com/ansible/latest/collections/f5networks/f5_modules/bigip_command_module.html#ansible-collections-f5networks-f5-modules-bigip-command-module

with the older version of image I was running 14.0.0 those libraries were officially supported out of a box, but seems not available with the new image image: quay.io/ansible/awx image_version: 24.3.1

I managed to build the new image with ansible-builder and although they were available in the list [root@22b17349d1d0 runner]# ansible-galaxy collection list

Collection Version

amazon.aws 7.5.0
ansible.netcommon 6.1.2
ansible.posix 1.5.4
ansible.utils 4.1.0
ansible.windows 2.3.0
awx.awx 24.3.0 azure.azcollection 2.3.0
community.vmware 4.3.0
f5networks.f5_modules 1.28.0 google.cloud 1.3.0
kubernetes.core 3.0.1
kubevirt.core 1.3.2
openstack.cloud 2.2.0
ovirt.ovirt 3.2.0
redhatinsights.insights 1.2.2
theforeman.foreman 4.0.0
[root@22b17349d1d0 runner]#

this image failed to be loaded in the awx on k8s "[dumb-init] /usr/bin/launch_awx_web.sh: No such file or directory" Could you please provide any guide what is the correct way of adding those official ansible modules for bigip

darioneto commented 4 months ago

I sorted out, never mind