Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission and support custom OS rpm packages installation #8537

Closed
nicolas-g opened this issue Nov 4, 2020 · 5 comments
Closed

Permission and support custom OS rpm packages installation #8537

nicolas-g opened this issue Nov 4, 2020 · 5 comments

Comments

@nicolas-g
Copy link
Contributor

ISSUE TYPE
  • Feature Idea
SUMMARY

People need to have sudo access or be able to install OS packages inside AWX Kubernetes Pod awx-web container, right now when you try to install something with yum you get the bellow error due to permissions :

yum install <PACKAGE_NAME>
Error: This command has to be run under the root user.

Most of the Ansible modules require python pip packages which we can install through custom virtual envs, but many modules do required system packages and not pip, as for example the helm module requires the helm binary to be installed.

Giving sudo access when you access the Pod or define variables for the Kubernetes AWS installer to install custom yum pacakges like we do with custom virtual envs will help people solve this issue.
@wenottingham
Copy link
Contributor

wenottingham commented Nov 4, 2020
edited
Loading

Yea, no. Modifying the system image at runtime is a bad idea.

This will be solved by #7060 / #5157.

@nicolas-g
Copy link
Contributor Author

Yea, no. Modifying the system image at runtime is a bad idea.

It is but that should be something for the users to decide, there are tools users need permissions to install for troubleshooting reasons.

@bobby0724
Copy link

Is there a workaround for this i need to install kerberos packages in the awx-task container in order to support windows hosts

@nicolas-g
Copy link
Contributor Author

@bobby0724 the only solution I found was to create my own custom image based on the AWX docker image.

For example, this is how your Dockerfile will look like:

FROM ansible/awx:15.0.1
USER root
RUN yum install kerberos -y

You build and push your new image to a Docker registry and update your deployment configs to download your new custom image.

@cnukwas
Copy link

cnukwas commented Dec 16, 2020

@bobby0724 the only solution I found was to create my own custom image based on the AWX docker image.

For example, this is how your Dockerfile will look like:

FROM ansible/awx:15.0.1
USER root
RUN yum install kerberos -y

You build and push your new image to a Docker registry and update your deployment configs to download your new custom image.

What changes need to be made for this to work since I tried to add few additional tools to be installed during docker image build by adding lines to Dockerfile.j2 but those don't appear to be picked up during the install/build process?
We need to add custom tools related to Open LDAP, jq, wget and few other utilities to awx-web container image.

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nicolas-g @wenottingham @bobby0724 @cnukwas