From b13a52233aada081546663115916cc98d214e94a Mon Sep 17 00:00:00 2001 From: Adrian Cowan Date: Sun, 4 May 2025 21:19:31 +1000 Subject: [PATCH] Cleanup volume handling and fix write access --- 2-nomad-config/services.tf | 4 +- 2-nomad-config/terraform.tfstate | 12 ++-- 2-nomad-config/terraform.tfstate.backup | 81 ++++++++++++++++++++++--- 2-nomad-config/transfer.nomad.hcl | 4 ++ 4 files changed, 85 insertions(+), 16 deletions(-) diff --git a/2-nomad-config/services.tf b/2-nomad-config/services.tf index 4a8f0b7..dc40c51 100644 --- a/2-nomad-config/services.tf +++ b/2-nomad-config/services.tf @@ -38,9 +38,9 @@ resource "nomad_csi_volume_registration" "unraid_transfer" { plugin_id = "smb" volume_id = "unraid_transfer" - name = "unraid_transfer_name" + name = "unraid_transfer" - external_id = "unraid_transfer_ext" + external_id = "unraid_transfer" capability { access_mode = "single-node-writer" diff --git a/2-nomad-config/terraform.tfstate b/2-nomad-config/terraform.tfstate index c4355ae..a5a2f38 100644 --- a/2-nomad-config/terraform.tfstate +++ b/2-nomad-config/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.11.4", - "serial": 555, + "serial": 595, "lineage": "15e0900c-88bc-9754-4600-e3977d018ba0", "outputs": {}, "resources": [ @@ -64,10 +64,10 @@ "controllers_expected": 0, "controllers_healthy": 0, "deregister_on_destroy": true, - "external_id": "unraid_transfer_ext", + "external_id": "unraid_transfer", "id": "unraid_transfer", "mount_options": [], - "name": "unraid_transfer_name", + "name": "unraid_transfer", "namespace": "default", "nodes_expected": 1, "nodes_healthy": 1, @@ -411,9 +411,9 @@ "detach": true, "hcl2": [], "id": "transfer", - "jobspec": "job \"transfer\" {\n group \"transfer\" {\n network {\n port \"http\" {\n to = 80\n }\n }\n\n service {\n name = \"transfer\"\n port = \"http\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.volume-test.middlewares=auth@file\",\n ]\n\n check {\n type = \"http\"\n path = \"/\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"unraid_transfer\" {\n type = \"csi\"\n read_only = false\n source = \"unraid_transfer\"\n access_mode = \"single-node-writer\"\n attachment_mode = \"file-system\"\n }\n\n task \"filebrowser\" {\n driver = \"docker\"\n\n config {\n # Use the s6 tag for the linuxserver.io based image\n image = \"filebrowser/filebrowser:s6\"\n\n ports = [\"http\"]\n\n volumes = [\n \"local/config/settings.json:/config/settings.json\",\n ]\n }\n\n volume_mount {\n volume = \"unraid_transfer\"\n\t destination = \"/srv\"\n read_only = false\n }\n\n resources {\n cpu = 500\n memory = 256\n }\n\n template {\n data = \u003c\u003cEOF\n{\n \"port\": 80,\n \"baseURL\": \"\",\n \"address\": \"\",\n \"log\": \"stdout\",\n \"database\": \"/database/filebrowser.db\",\n \"root\": \"/srv\",\n \"auth\": {\n \"method\": \"noauth\"\n }\n}\nEOF\n\n destination = \"local/config/settings.json\"\n }\n }\n }\n}", + "jobspec": "job \"transfer\" {\n group \"transfer\" {\n network {\n port \"http\" {\n to = 80\n }\n }\n\n service {\n name = \"transfer\"\n port = \"http\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.volume-test.middlewares=auth@file\",\n ]\n\n check {\n type = \"http\"\n path = \"/\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"unraid_transfer\" {\n type = \"csi\"\n read_only = false\n source = \"unraid_transfer\"\n access_mode = \"single-node-writer\"\n attachment_mode = \"file-system\"\n\n mount_options {\n mount_flags = [\"uid=911\",\"gid=1000\"] # linuxserver.io container services run as uid 911\n }\n }\n\n task \"filebrowser\" {\n driver = \"docker\"\n\n config {\n # Use the s6 tag for the linuxserver.io based image\n image = \"filebrowser/filebrowser:s6\"\n\n ports = [\"http\"]\n\n volumes = [\n \"local/config/settings.json:/config/settings.json\",\n ]\n }\n\n volume_mount {\n volume = \"unraid_transfer\"\n\t destination = \"/srv\"\n read_only = false\n }\n\n resources {\n cpu = 500\n memory = 256\n }\n\n template {\n data = \u003c\u003cEOF\n{\n \"port\": 80,\n \"baseURL\": \"\",\n \"address\": \"\",\n \"log\": \"stdout\",\n \"database\": \"/database/filebrowser.db\",\n \"root\": \"/srv\",\n \"auth\": {\n \"method\": \"noauth\"\n }\n}\nEOF\n\n destination = \"local/config/settings.json\"\n }\n }\n }\n}", "json": null, - "modify_index": "20353", + "modify_index": "21245", "name": "transfer", "namespace": "default", "policy_override": null, @@ -421,7 +421,7 @@ "read_allocation_ids": false, "region": "global", "rerun_if_dead": false, - "status": "dead", + "status": "running", "task_groups": [ { "count": 1, diff --git a/2-nomad-config/terraform.tfstate.backup b/2-nomad-config/terraform.tfstate.backup index d9a390a..c389beb 100644 --- a/2-nomad-config/terraform.tfstate.backup +++ b/2-nomad-config/terraform.tfstate.backup @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.11.4", - "serial": 554, + "serial": 593, "lineage": "15e0900c-88bc-9754-4600-e3977d018ba0", "outputs": {}, "resources": [ @@ -64,10 +64,10 @@ "controllers_expected": 0, "controllers_healthy": 0, "deregister_on_destroy": true, - "external_id": "unraid_transfer_ext", + "external_id": "unraid_transfer", "id": "unraid_transfer", "mount_options": [], - "name": "unraid_transfer_name", + "name": "unraid_transfer", "namespace": "default", "nodes_expected": 1, "nodes_healthy": 1, @@ -103,6 +103,73 @@ } ] }, + { + "mode": "managed", + "type": "nomad_csi_volume_registration", + "name": "unraid_transfer_subdir", + "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "capability": [ + { + "access_mode": "single-node-writer", + "attachment_mode": "file-system" + } + ], + "capacity": 0, + "capacity_max": null, + "capacity_max_bytes": 0, + "capacity_min": null, + "capacity_min_bytes": 0, + "context": { + "source": "//192.168.1.192/transfer", + "subDir": "subdir" + }, + "controller_required": false, + "controllers_expected": 0, + "controllers_healthy": 0, + "deregister_on_destroy": true, + "external_id": "unraid_transfer_subdir", + "id": "unraid_transfer_subdir", + "mount_options": [], + "name": "unraid_transfer_subdir", + "namespace": "default", + "nodes_expected": 1, + "nodes_healthy": 1, + "parameters": { + "csi.storage.k8s.io/node-stage-secret-name": "smbcreds", + "csi.storage.k8s.io/node-stage-secret-namespace": "default" + }, + "plugin_id": "smb", + "plugin_provider": "smb.csi.k8s.io", + "plugin_provider_version": "v1.7.0", + "schedulable": true, + "secrets": { + "password": "$lUPyJw1Yc\u0026B997i", + "username": "othrayte" + }, + "timeouts": null, + "topologies": [], + "topology_request": [], + "volume_id": "unraid_transfer_subdir" + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "secrets" + } + ] + ], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "data.nomad_plugin.smb" + ] + } + ] + }, { "mode": "managed", "type": "nomad_job", @@ -401,9 +468,7 @@ "schema_version": 0, "attributes": { "allocation_ids": [], - "datacenters": [ - "*" - ], + "datacenters": [], "deployment_id": null, "deployment_status": null, "deregister_on_destroy": true, @@ -411,9 +476,9 @@ "detach": true, "hcl2": [], "id": "transfer", - "jobspec": "job \"transfer\" {\n group \"transfer\" {\n network {\n port \"http\" {\n to = 80\n }\n }\n\n service {\n name = \"transfer\"\n port = \"http\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.volume-test.middlewares=auth@file\",\n ]\n\n check {\n type = \"http\"\n path = \"/\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"unraid_transfer\" {\n type = \"csi\"\n read_only = false\n source = \"unraid_transfer\"\n access_mode = \"single-node-writer\"\n attachment_mode = \"file-system\"\n }\n\n task \"filebrowser\" {\n driver = \"docker\"\n\n config {\n # Use the s6 tag for the linuxserver.io based image\n image = \"filebrowser/filebrowser:s6\"\n\n ports = [\"http\"]\n\n volumes = [\n \"local/config/settings.json:/config/settings.json\",\n ]\n }\n\n volume_mount {\n volume = \"unraid_transfer\"\n\t destination = \"/srv\"\n read_only = false\n }\n\n resources {\n cpu = 500\n memory = 256\n }\n\n template {\n data = \u003c\u003cEOF\n{\n \"port\": 80,\n \"baseURL\": \"\",\n \"address\": \"\",\n \"log\": \"stdout\",\n \"database\": \"/database/filebrowser.db\",\n \"root\": \"/srv\",\n \"auth\": {\n \"method\": \"noauth\"\n }\n}\nEOF\n\n destination = \"local/config/settings.json\"\n }\n }\n }\n}", + "jobspec": "job \"transfer\" {\n group \"transfer\" {\n network {\n port \"http\" {\n to = 80\n }\n }\n\n service {\n name = \"transfer\"\n port = \"http\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.volume-test.middlewares=auth@file\",\n ]\n\n check {\n type = \"http\"\n path = \"/\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"unraid_transfer\" {\n type = \"csi\"\n read_only = false\n source = \"unraid_transfer\"\n access_mode = \"single-node-writer\"\n attachment_mode = \"file-system\"\n\n mount_options {\n mount_flags = [\"uid=911\",\"gid=1000\"] # linuxserver.io container services run as uid 911\n }\n }\n\n task \"filebrowser\" {\n driver = \"docker\"\n\n config {\n # Use the s6 tag for the linuxserver.io based image\n image = \"filebrowser/filebrowser:s6\"\n\n ports = [\"http\"]\n\n volumes = [\n \"local/config/settings.json:/config/settings.json\",\n ]\n }\n\n volume_mount {\n volume = \"unraid_transfer\"\n\t destination = \"/srv\"\n read_only = false\n }\n\n resources {\n cpu = 500\n memory = 256\n }\n\n template {\n data = \u003c\u003cEOF\n{\n \"port\": 80,\n \"baseURL\": \"\",\n \"address\": \"\",\n \"log\": \"stdout\",\n \"database\": \"/database/filebrowser.db\",\n \"root\": \"/srv\",\n \"auth\": {\n \"method\": \"noauth\"\n }\n}\nEOF\n\n destination = \"local/config/settings.json\"\n }\n }\n }\n}", "json": null, - "modify_index": "20342", + "modify_index": "21193", "name": "transfer", "namespace": "default", "policy_override": null, diff --git a/2-nomad-config/transfer.nomad.hcl b/2-nomad-config/transfer.nomad.hcl index f2d9a11..25bd994 100644 --- a/2-nomad-config/transfer.nomad.hcl +++ b/2-nomad-config/transfer.nomad.hcl @@ -29,6 +29,10 @@ job "transfer" { source = "unraid_transfer" access_mode = "single-node-writer" attachment_mode = "file-system" + + mount_options { + mount_flags = ["uid=911","gid=1000"] # linuxserver.io container services run as uid 911 + } } task "filebrowser" {