[upgrade] AWX to 22.3 #558
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Otherwise it doesn't work (`ImagePullBackoff`).
For now this is a null build i.e. the built image behaves exactly like its `FROM`.
- Obtain the list from the latest `requirements.yml` file on GitHub - Install using straight `ansible-galaxy role install` and `ansible-galaxy collection install`, setting `HOME` so that the install products go into `/runner/.ansible`, which dovetails with the paths shown in the “role not found in ...” error message obtained when trying to run our jobs from the vanilla image. - Document that changing `requirements.yml` entails having to rebuild `wp-awx-ee` (even though there is currently no way to do the latter with the configuration-as-code)
When one embugs, then rebuilds `wp-awx-ee`, the ImageStreamTag will update all right, but the OpenShift node where the pod will be running may already have an image with the exact same name. We need to ensure that the node will pull it again. (Thanks to Docker layer caching, impact is minimal in the no-change case.)
As per OpenShift policy, processes run with a managed (i.e. unpredictable) UID, but always with GID 0. This is also the primary group of the `USER 1000` in the Docker image.
- ... And `busybox`, because we need to `bunzip2` - Praise be to Golang statically-linked binaries, which lets us side-step the seccomp nonsense again.
... as we should have done from day 1 (and actually did in an older incarnation of `feature/pg-awx`, before it was rebased away) This lets do away with all the seccomp nonsense in one fell swoop. - Figure out what this kludgey `ansible-builder` thingy attempts to do, and work it into our `Dockerfile`. It boils down to like 5 lines, compared to the 800+ lines in the `context` directory that the former generates. - Also copy the `receptor` binary from the rig that `ansible-builder` creates, even though I am not certain of what it is here for - Keep an inline `Dockerfile`, rather than creating on more directory under `wp-ops/docker`, as this intuitively feels like less coupling that way. - Ensure that a suitable exists in `/etc/passwd` at both build- and run-time. Unfortunately this doesn't seem to take effect immediately (specifically, the part where it is made a member of group 0); this requires a little kludge in the `Dockerfile`.
domq
pushed a commit
that referenced
this pull request
Aug 27, 2024
Investigation (e.g. in `s3://svc0041-b80382f4fba20c6c1d9dc1bebefc5583/backup/wordpresses/www__research__domains__transportation_center/sql`) reveals that SQL “backups” on a `.htaccess`-only site used to work just fine (before #558 that is). We see snippets like this being “backed up,” ``` Usage: mysqldump [OPTIONS] database [tables] OR mysqldump [OPTIONS] --databases [OPTIONS] DB1 [DB2 DB3...] OR mysqldump [OPTIONS] --all-databases [OPTIONS] For more options, use mysqldump --help ``` indicating that `mysqldump` used to return success (0 exit code) when called with no arguments (as a result of `wp config list --format=json | jq` in `backup_db_to_stdout_command` returning nothing). (As an aside, this wasn't caught by our `set -e` nor `set -o pipefail`, [because bash turns the former off in command-substitution subshells by default](https://unix.stackexchange.com/a/600212)). ⇒ Skip attempting the SQL backup if no `wp-config.php` file exists
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@domq merged some configuration-as-code that was... not quite working right, and as a result our Ansible Tower / AWX broke when @lvenries applied it 🤦
@domq hereby presents his offerings to make amends.
wp-ansible-runnerimage now wantswp-awx-eewp-base, since ever since seccomp filter breaks latest glibc (in fedora rawhide) by blocking clone3 with EPERM moby/moby#42680 we can't build out of newer distributionsansible-builder/ansible-runnerstuff into the imageThe net result: it almost works, except the logs which results in the AWX dashboard being less than useful for any job over some size (i.e. anything besides the GitHub inventory syncs). But at least, the backups have started working again.