forked from Deuxfleurs/nixcfg
Fix coturn that was failing with newer Nomad/Docker
Coturn was failing to start with the following error: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/usr/local/bin/docker-entrypoint.sh": permission denied: unknown It seems to be caused by the recent NixOS update. Either because Docker/runc is now more strict when checking if the entrypoint is executable [1] And/or because Nomad may mount the secrets directory with "noexec" [2]. In any case, the "local" directory [2] looks more appropriate, because it's shared with the task while not being accessible to other tasks. [1] https://github.com/opencontainers/runc/issues/3715 [2] https://developer.hashicorp.com/nomad/docs/concepts/filesystem
This commit is contained in:
parent
c56ce9134c
commit
7db40a8dcf
1 changed files with 2 additions and 4 deletions
|
@ -34,15 +34,13 @@ job "coturn" {
|
||||||
ports = [ "prometheus", "turn_ctrl", "turn_data0", "turn_data1", "turn_data2",
|
ports = [ "prometheus", "turn_ctrl", "turn_data0", "turn_data1", "turn_data2",
|
||||||
"turn_data3", "turn_data4", "turn_data5", "turn_data6", "turn_data7",
|
"turn_data3", "turn_data4", "turn_data5", "turn_data6", "turn_data7",
|
||||||
"turn_data8", "turn_data9" ]
|
"turn_data8", "turn_data9" ]
|
||||||
|
entrypoint = ["/local/docker-entrypoint.sh"]
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
volumes = [
|
|
||||||
"secrets/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh",
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = file("../config/docker-entrypoint.sh")
|
data = file("../config/docker-entrypoint.sh")
|
||||||
destination = "secrets/docker-entrypoint.sh"
|
destination = "local/docker-entrypoint.sh"
|
||||||
perms = 555
|
perms = 555
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue