search

ansible / awx

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.
Other
14k stars 3.42k forks source link

Cannot sync Git project #9785

Open tigattack opened 3 years ago

tigattack commented 3 years ago
ISSUE TYPE
SUMMARY

I am unable to clone ("sync") GitHub repos configured in SCM projects in AWX. When attempting to sync, I see the following error:

cannot clone: Operation not permitted
user namespaces are not enabled in /proc/sys/kernel/unprivileged_userns_clone
Error: cannot re-exec process

I've been testing with https://github.com/ansible/tower-example.

ENVIRONMENT
STEPS TO REPRODUCE
  1. Follow instructions for docker-compose install.
  2. See error during install 
    [...]
tools_redis_1 | 1:M 01 Apr 2021 08:08:03.867 * The server is now ready to accept connections at /var/run/redis/redis.sock
tools_awx_1 | cannot clone: Operation not permitted
tools_awx_1 | user namespaces are not enabled in /proc/sys/kernel/unprivileged_userns_clone
tools_awx_1 | Error: cannot re-exec process
tools_awx_1 | [ -d "/awx_devel/awx.egg-info" ] || python3 /awx_devel/setup.py egg_info_dev
[...]
  3. Login and create a project
  4. Save the project and click Sync
  5. See error: image
EXPECTED RESULTS

I would expect the project to sync correctly.

ACTUAL RESULTS

See error above.

ADDITIONAL INFORMATION

I don't think it's related, but AWX also reports that the Ansible version is "unknown": image

shanemcd commented 3 years ago

The development environment commits some sins in order to run Podman inside of docker. This works on most machines, but I have seen this error pop up a few times and haven't been able to reproduce or identify a fix. If possible, I strongly recommend you to use the AWX Operator.

ghost commented 3 years ago

I applied this solution to my docker host, which fixed the issue for me.

On your docker host, run sudo sysctl -w kernel.unprivileged_userns_clone=1

To persist across reboots: echo "kernel.unprivileged_userns_clone=1" | sudo tee -a /etc/sysctl.conf

titus-anromedonn commented 2 years ago

I ran into the same issue on Centos 7. After trying a bunch of things I upgraded my kernel to 5.4.196 and things started to work.

The original one installed was really old (3.10.0). After doing some digging it appears that the older kernel may not have supported the user clone syscall.