othrayte/infra
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Cleanup volume handling and fix write access

Browse Source
This commit is contained in:
Adrian Cowan
2025-05-04 21:19:31 +10:00
parent 66306e2428
commit b13a52233a
4 changed files with 85 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
2-nomad-config/services.tf
View File

@@ -38,9 +38,9 @@ resource "nomad_csi_volume_registration" "unraid_transfer" {
plugin_id = "smb"
volume_id = "unraid_transfer"
name = "unraid_transfer_name"
name = "unraid_transfer"
external_id = "unraid_transfer_ext"
external_id = "unraid_transfer"
capability {
access_mode = "single-node-writer"

12
2-nomad-config/terraform.tfstate
View File

@@ -1,7 +1,7 @@
{
"version": 4,
"terraform_version": "1.11.4",
"serial": 555,
"serial": 595,
"lineage": "15e0900c-88bc-9754-4600-e3977d018ba0",
"outputs": {},
"resources": [
@@ -64,10 +64,10 @@
"controllers_expected": 0,
"controllers_healthy": 0,
"deregister_on_destroy": true,
"external_id": "unraid_transfer_ext",
"external_id": "unraid_transfer",
"id": "unraid_transfer",
"mount_options": [],
"name": "unraid_transfer_name",
"name": "unraid_transfer",
"namespace": "default",
"nodes_expected": 1,
"nodes_healthy": 1,
@@ -411,9 +411,9 @@
"detach": true,
"hcl2": [],
"id": "transfer",
"jobspec": "job \"transfer\" {\n group \"transfer\" {\n network {\n port \"http\" {\n to = 80\n }\n }\n\n service {\n name = \"transfer\"\n port = \"http\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.volume-test.middlewares=auth@file\",\n ]\n\n check {\n type = \"http\"\n path = \"/\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"unraid_transfer\" {\n type = \"csi\"\n read_only = false\n source = \"unraid_transfer\"\n access_mode = \"single-node-writer\"\n attachment_mode = \"file-system\"\n }\n\n task \"filebrowser\" {\n driver = \"docker\"\n\n config {\n # Use the s6 tag for the linuxserver.io based image\n image = \"filebrowser/filebrowser:s6\"\n\n ports = [\"http\"]\n\n volumes = [\n \"local/config/settings.json:/config/settings.json\",\n ]\n }\n\n volume_mount {\n volume = \"unraid_transfer\"\n\t destination = \"/srv\"\n read_only = false\n }\n\n resources {\n cpu = 500\n memory = 256\n }\n\n template {\n data = \u003c\u003cEOF\n{\n \"port\": 80,\n \"baseURL\": \"\",\n \"address\": \"\",\n \"log\": \"stdout\",\n \"database\": \"/database/filebrowser.db\",\n \"root\": \"/srv\",\n \"auth\": {\n \"method\": \"noauth\"\n }\n}\nEOF\n\n destination = \"local/config/settings.json\"\n }\n }\n }\n}",
"jobspec": "job \"transfer\" {\n group \"transfer\" {\n network {\n port \"http\" {\n to = 80\n }\n }\n\n service {\n name = \"transfer\"\n port = \"http\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.volume-test.middlewares=auth@file\",\n ]\n\n check {\n type = \"http\"\n path = \"/\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"unraid_transfer\" {\n type = \"csi\"\n read_only = false\n source = \"unraid_transfer\"\n access_mode = \"single-node-writer\"\n attachment_mode = \"file-system\"\n\n mount_options {\n mount_flags = [\"uid=911\",\"gid=1000\"] # linuxserver.io container services run as uid 911\n }\n }\n\n task \"filebrowser\" {\n driver = \"docker\"\n\n config {\n # Use the s6 tag for the linuxserver.io based image\n image = \"filebrowser/filebrowser:s6\"\n\n ports = [\"http\"]\n\n volumes = [\n \"local/config/settings.json:/config/settings.json\",\n ]\n }\n\n volume_mount {\n volume = \"unraid_transfer\"\n\t destination = \"/srv\"\n read_only = false\n }\n\n resources {\n cpu = 500\n memory = 256\n }\n\n template {\n data = \u003c\u003cEOF\n{\n \"port\": 80,\n \"baseURL\": \"\",\n \"address\": \"\",\n \"log\": \"stdout\",\n \"database\": \"/database/filebrowser.db\",\n \"root\": \"/srv\",\n \"auth\": {\n \"method\": \"noauth\"\n }\n}\nEOF\n\n destination = \"local/config/settings.json\"\n }\n }\n }\n}",
"json": null,
"modify_index": "20353",
"modify_index": "21245",
"name": "transfer",
"namespace": "default",
"policy_override": null,
@@ -421,7 +421,7 @@
"read_allocation_ids": false,
"region": "global",
"rerun_if_dead": false,
"status": "dead",
"status": "running",
"task_groups": [
{
"count": 1,

81
2-nomad-config/terraform.tfstate.backup
View File

@@ -1,7 +1,7 @@
{
"version": 4,
"terraform_version": "1.11.4",
"serial": 554,
"serial": 593,
"lineage": "15e0900c-88bc-9754-4600-e3977d018ba0",
"outputs": {},
"resources": [
@@ -64,10 +64,10 @@
"controllers_expected": 0,
"controllers_healthy": 0,
"deregister_on_destroy": true,
"external_id": "unraid_transfer_ext",
"external_id": "unraid_transfer",
"id": "unraid_transfer",
"mount_options": [],
"name": "unraid_transfer_name",
"name": "unraid_transfer",
"namespace": "default",
"nodes_expected": 1,
"nodes_healthy": 1,
@@ -103,6 +103,73 @@
}
]
},
{
"mode": "managed",
"type": "nomad_csi_volume_registration",
"name": "unraid_transfer_subdir",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"capability": [
{
"access_mode": "single-node-writer",
"attachment_mode": "file-system"
}
],
"capacity": 0,
"capacity_max": null,
"capacity_max_bytes": 0,
"capacity_min": null,
"capacity_min_bytes": 0,
"context": {
"source": "//192.168.1.192/transfer",
"subDir": "subdir"
},
"controller_required": false,
"controllers_expected": 0,
"controllers_healthy": 0,
"deregister_on_destroy": true,
"external_id": "unraid_transfer_subdir",
"id": "unraid_transfer_subdir",
"mount_options": [],
"name": "unraid_transfer_subdir",
"namespace": "default",
"nodes_expected": 1,
"nodes_healthy": 1,
"parameters": {
"csi.storage.k8s.io/node-stage-secret-name": "smbcreds",
"csi.storage.k8s.io/node-stage-secret-namespace": "default"
},
"plugin_id": "smb",
"plugin_provider": "smb.csi.k8s.io",
"plugin_provider_version": "v1.7.0",
"schedulable": true,
"secrets": {
"password": "$lUPyJw1Yc\u0026B997i",
"username": "othrayte"
},
"timeouts": null,
"topologies": [],
"topology_request": [],
"volume_id": "unraid_transfer_subdir"
},
"sensitive_attributes": [
[
{
"type": "get_attr",
"value": "secrets"
}
]
],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=",
"dependencies": [
"data.nomad_plugin.smb"
]
}
]
},
{
"mode": "managed",
"type": "nomad_job",
@@ -401,9 +468,7 @@
"schema_version": 0,
"attributes": {
"allocation_ids": [],
"datacenters": [
"*"
],
"datacenters": [],
"deployment_id": null,
"deployment_status": null,
"deregister_on_destroy": true,
@@ -411,9 +476,9 @@
"detach": true,
"hcl2": [],
"id": "transfer",
"jobspec": "job \"transfer\" {\n group \"transfer\" {\n network {\n port \"http\" {\n to = 80\n }\n }\n\n service {\n name = \"transfer\"\n port = \"http\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.volume-test.middlewares=auth@file\",\n ]\n\n check {\n type = \"http\"\n path = \"/\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"unraid_transfer\" {\n type = \"csi\"\n read_only = false\n source = \"unraid_transfer\"\n access_mode = \"single-node-writer\"\n attachment_mode = \"file-system\"\n }\n\n task \"filebrowser\" {\n driver = \"docker\"\n\n config {\n # Use the s6 tag for the linuxserver.io based image\n image = \"filebrowser/filebrowser:s6\"\n\n ports = [\"http\"]\n\n volumes = [\n \"local/config/settings.json:/config/settings.json\",\n ]\n }\n\n volume_mount {\n volume = \"unraid_transfer\"\n\t destination = \"/srv\"\n read_only = false\n }\n\n resources {\n cpu = 500\n memory = 256\n }\n\n template {\n data = \u003c\u003cEOF\n{\n \"port\": 80,\n \"baseURL\": \"\",\n \"address\": \"\",\n \"log\": \"stdout\",\n \"database\": \"/database/filebrowser.db\",\n \"root\": \"/srv\",\n \"auth\": {\n \"method\": \"noauth\"\n }\n}\nEOF\n\n destination = \"local/config/settings.json\"\n }\n }\n }\n}",
"jobspec": "job \"transfer\" {\n group \"transfer\" {\n network {\n port \"http\" {\n to = 80\n }\n }\n\n service {\n name = \"transfer\"\n port = \"http\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.volume-test.middlewares=auth@file\",\n ]\n\n check {\n type = \"http\"\n path = \"/\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"unraid_transfer\" {\n type = \"csi\"\n read_only = false\n source = \"unraid_transfer\"\n access_mode = \"single-node-writer\"\n attachment_mode = \"file-system\"\n\n mount_options {\n mount_flags = [\"uid=911\",\"gid=1000\"] # linuxserver.io container services run as uid 911\n }\n }\n\n task \"filebrowser\" {\n driver = \"docker\"\n\n config {\n # Use the s6 tag for the linuxserver.io based image\n image = \"filebrowser/filebrowser:s6\"\n\n ports = [\"http\"]\n\n volumes = [\n \"local/config/settings.json:/config/settings.json\",\n ]\n }\n\n volume_mount {\n volume = \"unraid_transfer\"\n\t destination = \"/srv\"\n read_only = false\n }\n\n resources {\n cpu = 500\n memory = 256\n }\n\n template {\n data = \u003c\u003cEOF\n{\n \"port\": 80,\n \"baseURL\": \"\",\n \"address\": \"\",\n \"log\": \"stdout\",\n \"database\": \"/database/filebrowser.db\",\n \"root\": \"/srv\",\n \"auth\": {\n \"method\": \"noauth\"\n }\n}\nEOF\n\n destination = \"local/config/settings.json\"\n }\n }\n }\n}",
"json": null,
"modify_index": "20342",
"modify_index": "21193",
"name": "transfer",
"namespace": "default",
"policy_override": null,

4
2-nomad-config/transfer.nomad.hcl
View File

@@ -29,6 +29,10 @@ job "transfer" {
source = "unraid_transfer"
access_mode = "single-node-writer"
attachment_mode = "file-system"
mount_options {
mount_flags = ["uid=911","gid=1000"] # linuxserver.io container services run as uid 911
}
}
task "filebrowser" {