add awx 17 example

examples/awx17/README.md

@@ -0,0 +1,37 @@
+# AWX Compose
+
+the directory roles is taken from [here](https://github.com/ansible/awx/tree/17.1.0/installer/roles/local_docker)
+
+also look at https://github.com/ansible/awx/tree/17.1.0/tools/docker-compose
+
+```
+mkdir deploy awx17
+ansible localhost \
+    -e host_port=8080 \
+    -e awx_secret_key='awx,secret.123' \
+    -e secret_key='awx,secret.123' \
+    -e admin_user='admin' \
+    -e admin_password='admin' \
+    -e pg_password='awx,123.' \
+    -e pg_username='awx' \
+    -e pg_database='awx' \
+    -e pg_port='5432' \
+    -e redis_image="docker.io/library/redis:6-alpine" \
+    -e postgres_data_dir="./data/pg" \
+    -e compose_start_containers=false \
+    -e dockerhub_base='docker.io/ansible' \
+    -e awx_image='docker.io/ansible/awx' \
+    -e awx_version='17.1.0' \
+    -e dockerhub_version='17.1.0' \
+    -e docker_deploy_base_path=$PWD/deploy \
+    -e docker_compose_dir=$PWD/awx17 \
+    -e awx_task_hostname=awx \
+    -e awx_web_hostname=awxweb \
+    -m include_role -a name=local_docker
+cp awx17/docker-compose.yml awx17/docker-compose.yml.orig
+sed -i -re "s#- \"$PWD/awx17/(.*):/#- \"./\1:/#" awx17/docker-compose.yml
+cd awx17
+podman-compose run --rm --service-ports task awx-manage migrate --no-input
+podman-compose up -d
+```
+

examples/awx17/roles/local_docker/defaults/main.yml

@@ -0,0 +1,11 @@
+---
+dockerhub_version: "{{ lookup('file', playbook_dir + '/../VERSION') }}"
+
+awx_image: "awx"
+redis_image: "redis"
+
+postgresql_version: "12"
+postgresql_image: "postgres:{{postgresql_version}}"
+
+compose_start_containers: true
+upgrade_postgres: false

examples/awx17/roles/local_docker/tasks/compose.yml

@@ -0,0 +1,74 @@
+---
+- name: Create {{ docker_compose_dir }} directory
+  file:
+    path: "{{ docker_compose_dir }}"
+    state: directory
+
+- name: Create Redis socket directory
+  file:
+    path: "{{ docker_compose_dir }}/redis_socket"
+    state: directory
+    mode: 0777
+
+- name: Create Docker Compose Configuration
+  template:
+    src: "{{ item.file }}.j2"
+    dest: "{{ docker_compose_dir }}/{{ item.file }}"
+    mode: "{{ item.mode }}"
+  loop:
+    - file: environment.sh
+      mode: "0600"
+    - file: credentials.py
+      mode: "0600"
+    - file: docker-compose.yml
+      mode: "0600"
+    - file: nginx.conf
+      mode: "0600"
+    - file: redis.conf
+      mode: "0664"
+  register: awx_compose_config
+
+- name: Render SECRET_KEY file
+  copy:
+    content: "{{ secret_key }}"
+    dest: "{{ docker_compose_dir }}/SECRET_KEY"
+    mode: 0600
+  register: awx_secret_key
+
+- block:
+    - name: Remove AWX containers before migrating postgres so that the old postgres container does not get used
+      docker_compose:
+        project_src: "{{ docker_compose_dir }}"
+        state: absent
+      ignore_errors: true
+
+    - name: Run migrations in task container
+      shell: docker-compose run --rm --service-ports task awx-manage migrate --no-input
+      args:
+        chdir: "{{ docker_compose_dir }}"
+
+    - name: Start the containers
+      docker_compose:
+        project_src: "{{ docker_compose_dir }}"
+        restarted: "{{ awx_compose_config is changed or awx_secret_key is changed }}"
+      register: awx_compose_start
+
+    - name: Update CA trust in awx_web container
+      command: docker exec awx_web '/usr/bin/update-ca-trust'
+      when: awx_compose_config.changed or awx_compose_start.changed
+
+    - name: Update CA trust in awx_task container
+      command: docker exec awx_task '/usr/bin/update-ca-trust'
+      when: awx_compose_config.changed or awx_compose_start.changed
+
+    - name: Wait for launch script to create user
+      wait_for:
+        timeout: 10
+      delegate_to: localhost
+
+    - name: Create Preload data
+      command: docker exec awx_task bash -c "/usr/bin/awx-manage create_preload_data"
+      when: create_preload_data|bool
+      register: cdo
+      changed_when: "'added' in cdo.stdout"
+  when: compose_start_containers|bool

examples/awx17/roles/local_docker/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+- name: Generate broadcast websocket secret
+  set_fact:
+    broadcast_websocket_secret: "{{ lookup('password', '/dev/null length=128') }}"
+  run_once: true
+  no_log: true
+  when: broadcast_websocket_secret is not defined
+
+- import_tasks: upgrade_postgres.yml
+  when:
+    - postgres_data_dir is defined
+    - pg_hostname is not defined
+
+- import_tasks: set_image.yml
+- import_tasks: compose.yml

examples/awx17/roles/local_docker/tasks/set_image.yml

@@ -0,0 +1,46 @@
+---
+- name: Manage AWX Container Images
+  block:
+    - name: Export Docker awx image if it isnt local and there isnt a registry defined
+      docker_image:
+        name: "{{ awx_image }}"
+        tag: "{{ awx_version }}"
+        archive_path: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_image }}_{{ awx_version }}.tar"
+      when: inventory_hostname != "localhost" and docker_registry is not defined
+      delegate_to: localhost
+
+    - name: Set docker base path
+      set_fact:
+        docker_deploy_base_path: "{{ awx_base_path|default('/tmp') }}/docker_deploy"
+      when: ansible_connection != "local" and docker_registry is not defined
+
+    - name: Ensure directory exists
+      file:
+        path: "{{ docker_deploy_base_path }}"
+        state: directory
+      when: ansible_connection != "local" and docker_registry is not defined
+
+    - name: Copy awx image to docker execution
+      copy:
+        src: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_image }}_{{ awx_version }}.tar"
+        dest: "{{ docker_deploy_base_path }}/{{ awx_image }}_{{ awx_version }}.tar"
+      when: ansible_connection != "local" and docker_registry is not defined
+
+    - name: Load awx image
+      docker_image:
+        name: "{{ awx_image }}"
+        tag: "{{ awx_version }}"
+        load_path: "{{ docker_deploy_base_path }}/{{ awx_image }}_{{ awx_version }}.tar"
+        timeout: 300
+      when: ansible_connection != "local" and docker_registry is not defined
+
+    - name: Set full image path for local install
+      set_fact:
+        awx_docker_actual_image: "{{ awx_image }}:{{ awx_version }}"
+      when: docker_registry is not defined
+  when: dockerhub_base is not defined
+
+- name: Set DockerHub Image Paths
+  set_fact:
+    awx_docker_actual_image: "{{ dockerhub_base }}/awx:{{ dockerhub_version }}"
+  when: dockerhub_base is defined

examples/awx17/roles/local_docker/tasks/upgrade_postgres.yml

@@ -0,0 +1,64 @@
+---
+
+- name: Create {{ postgres_data_dir }} directory
+  file:
+    path: "{{ postgres_data_dir }}"
+    state: directory
+
+- name: Get full path of postgres data dir
+  shell: "echo {{ postgres_data_dir }}"
+  register: fq_postgres_data_dir
+
+- name: Register temporary docker container
+  set_fact:
+    container_command: "docker run --rm -v '{{ fq_postgres_data_dir.stdout }}:/var/lib/postgresql' centos:8 bash -c "
+
+- name: Check for existing Postgres data (run from inside the container for access to file)
+  shell:
+    cmd: |
+      {{ container_command }} "[[ -f /var/lib/postgresql/10/data/PG_VERSION ]] && echo 'exists'"
+  register: pg_version_file
+  ignore_errors: true
+
+- name: Record Postgres version
+  shell: |
+    {{ container_command }} "cat /var/lib/postgresql/10/data/PG_VERSION"
+  register: old_pg_version
+  when: pg_version_file is defined and pg_version_file.stdout == 'exists'
+
+- name: Determine whether to upgrade postgres
+  set_fact:
+    upgrade_postgres: "{{ old_pg_version.stdout == '10' }}"
+  when: old_pg_version.changed
+
+- name: Set up new postgres paths pre-upgrade
+  shell: |
+    {{ container_command }} "mkdir -p /var/lib/postgresql/12/data/"
+  when: upgrade_postgres | bool
+
+- name: Stop AWX before upgrading postgres
+  docker_compose:
+    project_src: "{{ docker_compose_dir }}"
+    stopped: true
+  when: upgrade_postgres | bool
+
+- name: Upgrade Postgres
+  shell: |
+    docker run --rm \
+      -v {{ postgres_data_dir }}/10/data:/var/lib/postgresql/10/data \
+      -v {{ postgres_data_dir }}/12/data:/var/lib/postgresql/12/data \
+      -e PGUSER={{ pg_username }} -e POSTGRES_INITDB_ARGS="-U {{ pg_username }}" \
+      tianon/postgres-upgrade:10-to-12 --username={{ pg_username }}
+  when: upgrade_postgres | bool
+
+- name: Copy old pg_hba.conf
+  shell: |
+    {{ container_command }} "cp /var/lib/postgresql/10/data/pg_hba.conf /var/lib/postgresql/12/data/pg_hba.conf"
+  when: upgrade_postgres | bool
+
+- name: Remove old data directory
+  shell: |
+    {{ container_command }} "rm -rf /var/lib/postgresql/10/data"
+  when:
+    - upgrade_postgres | bool
+    - compose_start_containers|bool

examples/awx17/roles/local_docker/templates/credentials.py.j2

@@ -0,0 +1,13 @@
+DATABASES = {
+    'default': {
+        'ATOMIC_REQUESTS': True,
+        'ENGINE': 'django.db.backends.postgresql',
+        'NAME': "{{ pg_database }}",
+        'USER': "{{ pg_username }}",
+        'PASSWORD': "{{ pg_password }}",
+        'HOST': "{{ pg_hostname | default('postgres') }}",
+        'PORT': "{{ pg_port }}",
+    }
+}
+
+BROADCAST_WEBSOCKET_SECRET = "{{ broadcast_websocket_secret | b64encode }}"

examples/awx17/roles/local_docker/templates/docker-compose.yml.j2

@@ -0,0 +1,208 @@
+#jinja2: lstrip_blocks: True
+version: '2'
+services:
+
+  web:
+    image: {{ awx_docker_actual_image }}
+    container_name: awx_web
+    depends_on:
+      - redis
+      {% if pg_hostname is not defined %}
+      - postgres
+      {% endif %}
+    {% if (host_port is defined) or (host_port_ssl is defined) %}
+    ports:
+      {% if (host_port_ssl is defined) and (ssl_certificate is defined) %}
+      - "{{ host_port_ssl }}:8053"
+      {% endif %}
+      {% if host_port is defined %}
+      - "{{ host_port }}:8052"
+      {% endif %}
+    {% endif %}
+    hostname: {{ awx_web_hostname }}
+    user: root
+    restart: unless-stopped
+    {% if (awx_web_container_labels is defined) and (',' in awx_web_container_labels) %}
+    {% set awx_web_container_labels_list = awx_web_container_labels.split(',') %}
+    labels:
+      {% for awx_web_container_label in awx_web_container_labels_list %}
+      - {{ awx_web_container_label }}
+      {% endfor %}
+    {% elif awx_web_container_labels is defined %}
+    labels:
+      - {{ awx_web_container_labels }}
+    {% endif %}
+    volumes:
+      - supervisor-socket:/var/run/supervisor
+      - rsyslog-socket:/var/run/awx-rsyslog/
+      - rsyslog-config:/var/lib/awx/rsyslog/
+      - "{{ docker_compose_dir }}/SECRET_KEY:/etc/tower/SECRET_KEY"
+      - "{{ docker_compose_dir }}/environment.sh:/etc/tower/conf.d/environment.sh"
+      - "{{ docker_compose_dir }}/credentials.py:/etc/tower/conf.d/credentials.py"
+      - "{{ docker_compose_dir }}/nginx.conf:/etc/nginx/nginx.conf:ro"
+      - "{{ docker_compose_dir }}/redis_socket:/var/run/redis/:rw"
+    {% if project_data_dir is defined %}
+      - "{{ project_data_dir +':/var/lib/awx/projects:rw' }}"
+    {% endif %}
+    {% if custom_venv_dir is defined %}
+      - "{{ custom_venv_dir +':'+ custom_venv_dir +':rw' }}"
+    {% endif %}
+    {% if ca_trust_dir is defined %}
+      - "{{ ca_trust_dir +':/etc/pki/ca-trust/source/anchors:ro' }}"
+    {% endif %}
+    {% if (ssl_certificate is defined) and (ssl_certificate_key is defined) %}
+      - "{{ ssl_certificate +':/etc/nginx/awxweb.pem:ro' }}"
+      - "{{ ssl_certificate_key +':/etc/nginx/awxweb_key.pem:ro' }}"
+    {% elif (ssl_certificate is defined) and (ssl_certificate_key is not defined) %}
+      - "{{ ssl_certificate +':/etc/nginx/awxweb.pem:ro' }}"
+    {% endif %}
+    {% if (awx_container_search_domains is defined) and (',' in awx_container_search_domains) %}
+    {% set awx_container_search_domains_list = awx_container_search_domains.split(',') %}
+    dns_search:
+    {% for awx_container_search_domain in awx_container_search_domains_list %}
+      - {{ awx_container_search_domain }}
+    {% endfor %}
+    {% elif awx_container_search_domains is defined %}
+    dns_search: "{{ awx_container_search_domains }}"
+    {% endif %}
+    {% if (awx_alternate_dns_servers is defined) and (',' in awx_alternate_dns_servers) %}
+    {% set awx_alternate_dns_servers_list = awx_alternate_dns_servers.split(',') %}
+    dns:
+    {% for awx_alternate_dns_server in awx_alternate_dns_servers_list %}
+      - {{ awx_alternate_dns_server }}
+    {% endfor %}
+    {% elif awx_alternate_dns_servers is defined %}
+    dns: "{{ awx_alternate_dns_servers }}"
+    {% endif %}
+    {% if (docker_compose_extra_hosts is defined) and (':' in docker_compose_extra_hosts) %}
+    {% set docker_compose_extra_hosts_list = docker_compose_extra_hosts.split(',') %}
+    extra_hosts:
+    {% for docker_compose_extra_host in docker_compose_extra_hosts_list %}
+      - "{{ docker_compose_extra_host }}"
+    {% endfor %}
+    {% endif %}
+    environment:
+      http_proxy: {{ http_proxy | default('') }}
+      https_proxy: {{ https_proxy | default('') }}
+      no_proxy: {{ no_proxy | default('') }}
+    {% if docker_logger is defined %}
+    logging:
+      driver: {{ docker_logger }}
+    {% endif %}
+
+  task:
+    image: {{ awx_docker_actual_image }}
+    container_name: awx_task
+    depends_on:
+      - redis
+      - web
+      {% if pg_hostname is not defined %}
+      - postgres
+      {% endif %}
+    command: /usr/bin/launch_awx_task.sh
+    hostname: {{ awx_task_hostname }}
+    user: root
+    restart: unless-stopped
+    volumes:
+      - supervisor-socket:/var/run/supervisor
+      - rsyslog-socket:/var/run/awx-rsyslog/
+      - rsyslog-config:/var/lib/awx/rsyslog/
+      - "{{ docker_compose_dir }}/SECRET_KEY:/etc/tower/SECRET_KEY"
+      - "{{ docker_compose_dir }}/environment.sh:/etc/tower/conf.d/environment.sh"
+      - "{{ docker_compose_dir }}/credentials.py:/etc/tower/conf.d/credentials.py"
+      - "{{ docker_compose_dir }}/redis_socket:/var/run/redis/:rw"
+    {% if project_data_dir is defined %}
+      - "{{ project_data_dir +':/var/lib/awx/projects:rw' }}"
+    {% endif %}
+    {% if custom_venv_dir is defined %}
+      - "{{ custom_venv_dir +':'+ custom_venv_dir +':rw' }}"
+    {% endif %}
+    {% if ca_trust_dir is defined %}
+      - "{{ ca_trust_dir +':/etc/pki/ca-trust/source/anchors:ro' }}"
+    {% endif %}
+    {% if ssl_certificate is defined %}
+      - "{{ ssl_certificate +':/etc/nginx/awxweb.pem:ro' }}"
+    {% endif %}
+    {% if (awx_container_search_domains is defined) and (',' in awx_container_search_domains) %}
+    {% set awx_container_search_domains_list = awx_container_search_domains.split(',') %}
+    dns_search:
+    {% for awx_container_search_domain in awx_container_search_domains_list %}
+      - {{ awx_container_search_domain }}
+    {% endfor %}
+    {% elif awx_container_search_domains is defined %}
+    dns_search: "{{ awx_container_search_domains }}"
+    {% endif %}
+    {% if (awx_alternate_dns_servers is defined) and (',' in awx_alternate_dns_servers) %}
+    {% set awx_alternate_dns_servers_list = awx_alternate_dns_servers.split(',') %}
+    dns:
+    {% for awx_alternate_dns_server in awx_alternate_dns_servers_list %}
+      - {{ awx_alternate_dns_server }}
+    {% endfor %}
+    {% elif awx_alternate_dns_servers is defined %}
+    dns: "{{ awx_alternate_dns_servers }}"
+    {% endif %}
+    {% if (docker_compose_extra_hosts is defined) and (':' in docker_compose_extra_hosts) %}
+    {% set docker_compose_extra_hosts_list = docker_compose_extra_hosts.split(',') %}
+    extra_hosts:
+    {% for docker_compose_extra_host in docker_compose_extra_hosts_list %}
+      - "{{ docker_compose_extra_host }}"
+    {% endfor %}
+    {% endif %}
+    environment:
+      AWX_SKIP_MIGRATIONS: "1"
+      http_proxy: {{ http_proxy | default('') }}
+      https_proxy: {{ https_proxy | default('') }}
+      no_proxy: {{ no_proxy | default('') }}
+      SUPERVISOR_WEB_CONFIG_PATH: '/etc/supervisord.conf'
+
+  redis:
+    image: {{ redis_image }}
+    container_name: awx_redis
+    restart: unless-stopped
+    environment:
+      http_proxy: {{ http_proxy | default('') }}
+      https_proxy: {{ https_proxy | default('') }}
+      no_proxy: {{ no_proxy | default('') }}
+    command: ["/usr/local/etc/redis/redis.conf"]
+    volumes:
+      - "{{ docker_compose_dir }}/redis.conf:/usr/local/etc/redis/redis.conf:ro"
+      - "{{ docker_compose_dir }}/redis_socket:/var/run/redis/:rw"
+    {% if docker_logger is defined %}
+    logging:
+      driver: {{ docker_logger }}
+    {% endif %}
+
+  {% if pg_hostname is not defined %}
+  postgres:
+    image: {{ postgresql_image }}
+    container_name: awx_postgres
+    restart: unless-stopped
+    volumes:
+      - "{{ postgres_data_dir }}/12/data/:/var/lib/postgresql/data:Z"
+    environment:
+      POSTGRES_USER: {{ pg_username }}
+      POSTGRES_PASSWORD: {{ pg_password }}
+      POSTGRES_DB: {{ pg_database }}
+      http_proxy: {{ http_proxy | default('') }}
+      https_proxy: {{ https_proxy | default('') }}
+      no_proxy: {{ no_proxy | default('') }}
+    {% if docker_logger is defined %}
+    logging:
+      driver: {{ docker_logger }}
+    {% endif %}
+  {% endif %}
+
+{% if docker_compose_subnet is defined %}
+networks:
+  default:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+      - subnet:  {{ docker_compose_subnet }}
+{% endif %}
+
+volumes:
+  supervisor-socket:
+  rsyslog-socket:
+  rsyslog-config:

examples/awx17/roles/local_docker/templates/environment.sh.j2

@@ -0,0 +1,10 @@
+DATABASE_USER={{ pg_username|quote }}
+DATABASE_NAME={{ pg_database|quote }}
+DATABASE_HOST={{ pg_hostname|default('postgres')|quote }}
+DATABASE_PORT={{ pg_port|default('5432')|quote }}
+DATABASE_PASSWORD={{ pg_password|default('awxpass')|quote }}
+{% if pg_admin_password is defined %}
+DATABASE_ADMIN_PASSWORD={{ pg_admin_password|quote }}
+{% endif %}
+AWX_ADMIN_USER={{ admin_user|quote }}
+AWX_ADMIN_PASSWORD={{ admin_password|quote }}

examples/awx17/roles/local_docker/templates/nginx.conf.j2

@@ -0,0 +1,122 @@
+#user awx;
+
+worker_processes  1;
+
+pid        /tmp/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    server_tokens off;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /dev/stdout main;
+
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+    }
+
+    sendfile        on;
+    #tcp_nopush     on;
+    #gzip  on;
+
+    upstream uwsgi {
+        server 127.0.0.1:8050;
+        }
+
+    upstream daphne {
+        server 127.0.0.1:8051;
+    }
+
+    {% if ssl_certificate is defined %}
+    server {
+        listen 8052 default_server;
+        server_name _;
+
+        # Redirect all HTTP links to the matching HTTPS page
+        return 301 https://$host$request_uri;
+    }
+    {%endif %}
+
+    server {
+        {% if (ssl_certificate is defined) and (ssl_certificate_key is defined) %}
+        listen 8053 ssl;
+
+        ssl_certificate /etc/nginx/awxweb.pem;
+        ssl_certificate_key /etc/nginx/awxweb_key.pem;
+        {% elif (ssl_certificate is defined) and (ssl_certificate_key is not defined) %}
+        listen 8053 ssl;
+
+        ssl_certificate /etc/nginx/awxweb.pem;
+        ssl_certificate_key /etc/nginx/awxweb.pem;
+        {% else %}
+        listen 8052 default_server;
+        {% endif %}
+
+        # If you have a domain name, this is where to add it
+        server_name _;
+        keepalive_timeout 65;
+
+        # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
+        add_header Strict-Transport-Security max-age=15768000;
+
+        # Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
+        add_header X-Frame-Options "DENY";
+
+        location /nginx_status {
+          stub_status on;
+          access_log off;
+          allow 127.0.0.1;
+          deny all;
+        }
+
+        location /static/ {
+            alias /var/lib/awx/public/static/;
+        }
+
+        location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; }
+
+        location /websocket {
+            # Pass request to the upstream alias
+            proxy_pass http://daphne;
+            # Require http version 1.1 to allow for upgrade requests
+            proxy_http_version 1.1;
+            # We want proxy_buffering off for proxying to websockets.
+            proxy_buffering off;
+            # http://en.wikipedia.org/wiki/X-Forwarded-For
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            # enable this if you use HTTPS:
+            proxy_set_header X-Forwarded-Proto https;
+            # pass the Host: header from the client for the sake of redirects
+            proxy_set_header Host $http_host;
+            # We've set the Host header, so we don't need Nginx to muddle
+            # about with redirects
+            proxy_redirect off;
+            # Depending on the request value, set the Upgrade and
+            # connection headers
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection $connection_upgrade;
+        }
+
+        location / {
+            # Add trailing / if missing
+            rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent;
+            uwsgi_read_timeout 120s;
+            uwsgi_pass uwsgi;
+            include /etc/nginx/uwsgi_params;
+            {%- if extra_nginx_include is defined %}
+            include {{ extra_nginx_include }};
+            {%- endif %}
+            proxy_set_header X-Forwarded-Port 443;
+            uwsgi_param HTTP_X_FORWARDED_PORT 443;
+        }
+    }
+}

examples/awx17/roles/local_docker/templates/redis.conf.j2

@@ -0,0 +1,4 @@
+unixsocket /var/run/redis/redis.sock
+unixsocketperm 660
+port 0
+bind 127.0.0.1

podman_compose.py

@@ -1485,7 +1485,7 @@ def compose_run(compose, args):
     create_pods(compose, args)
     container_names=compose.container_names_by_service[args.service]
     container_name=container_names[0]
-    cnt = compose.container_by_name[container_name]
+    cnt = dict(compose.container_by_name[container_name])
     deps = cnt["_deps"]
     if not args.no_deps:
         up_args = argparse.Namespace(**dict(args.__dict__,
@@ -1516,6 +1516,9 @@ def compose_run(compose, args):
     cnt['tty']=False if args.T else True
     if args.cnt_command is not None and len(args.cnt_command) > 0:
         cnt['command']=args.cnt_command
+    # can't restart and --rm 
+    if args.rm and 'restart' in cnt:
+        del cnt['restart']
     # run podman
     podman_args = container_to_args(compose, cnt, args.detach)
     if not args.detach: