Molecule throws error during gather_facts : Failed to create temporary directory

[patrickstump]

Overview

This appears to be an issue with default docker settings on ubuntu 22.04 desktop, so I don't think it is an actual issue with the image. However, I wasn't sure where else to put the knowledge. Apologies if this is the wrong call.

Error

When running molecule test with the geerlingguy/docker-ubuntu2204-ansible:latest image, gather_facts throws the error:

{"changed": false, "msg": "Failed to create temporary directory.
 In some cases, you may have been able to authenticate and did not have permissions on the target directory.
 Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error
 information use -vvv. 

Failed command was: ( umask 77 && mkdir -p \"` echo ~/.ansible/tmp `\"&& mkdir \"` echo ~/.ansible/tmp/ansible-tmp-1662828157.3138137-2593026-85746141845239 `\" && echo ansible-tmp-1662828157.3138137-2593026-85746141845239=\"`
 echo ~/.ansible/tmp/ansible-tmp-1662828157.3138137-2593026-85746141845239 `\" ), 
exited with result 1", "unreachable": true}

As stated clearly in the README for this project, the cgroupns=host should be used. Docker says the default cgroupns is host, however unless I specified that on the command line, it would not run manually or via molecule.

Making modifications to molecule.yml did nothing. Finally I edited /etc/docker/daemon.json to set the default cgroupns for docker to host and it started working.

Fix

Add `default-cgroupns-mode" to docker's daemon.json file and restart docker.

$ cat /etc/docker/daemon.json 
{
  "default-cgroupns-mode": "host"
}

Alternate Fix

If someone knows how to specify cgroupns in the molecule file, I think that would be a better solution. I could not find anyway to do so. Please comment if you know how.

Host Machine

Host: Ubuntu 22.04 Desktop, amd64

Docker Version

Client: Docker Engine - Community
 Version:           20.10.17
 API version:       1.41
 Go version:        go1.17.11
 Git commit:        100c701
 Built:             Mon Jun  6 23:02:46 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.17
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.17.11
  Git commit:       a89b842
  Built:            Mon Jun  6 23:00:51 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.6
  GitCommit:        10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
 runc:
  Version:          1.1.2
  GitCommit:        v1.1.2-0-ga916309
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Molecule Config

---
dependency:
  name: galaxy
driver:
  name: docker
lint: |
  yamllint .
  ansible-lint
  flake8
platforms:
  - name: ubuntu-22.04
    image: geerlingguy/docker-ubuntu2204-ansible:latest
    command: "/lib/systemd/systemd"
    privileged: true
    pre_build_image: false
    #dockerfile: ../common/Dockerfile-ubuntu.j2
    capabilities:
      - SYS_ADMIN
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:rw
    tmpfs:
      - /run 
      - /tmp

provisioner:
  name: ansible
verifier:
  name: ansible

[mircea-pavel-anton]

+1 on this. Also encountered today and was about to report this

[vanguard737]

Concur with @patrickstump that this isn't actually an issue for this repo/image - molecule has an open discussion (here) and a PR in the works (here).

[robin-checkmk]

Possible duplicate of #4.

[coaxial]

For those with the same issue, this is the solution:

# molecule.yml
# ,,,
platforms:
  - name: ubuntu2204
    image: geerlingguy/docker-ubuntu2204-ansible:latest
    cgroupns_mode: host
    command: ""
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:rw # won't work with ro
    privileged: true
    pre_build_image: true
# ...

My understanding is that this removes any isolation from the container and the processes run directly on the host. Obviously an issue in prod, but fine for local dev and automated testing on GitHub Actions.