commit dad5b0dade274391bab6d4ccadfa6de0cd2b61f0
parent 843f915778a8bb3e504020fe689765d10e8c7125
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date: Sat, 27 Jul 2024 17:43:57 +0200
fix(exec): wrong chroot env
Accidentally implemented the wrong list of chroot mounts. The example in
[0] is way too specific. The exec tasks will not start this way, since
the chroot only contains the requirements to run `ls`.
The list in [1] is a better suitable default that allows to run `sh`,
among others. `opt` is added again, so we can modify the bao tls certs.
[0]
https://developer.hashicorp.com/nomad/docs/configuration/client#chroot_env-parameters
[1]
https://developer.hashicorp.com/nomad/docs/drivers/exec#chroot
Diffstat:
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/nomad.sh b/nomad.sh
@@ -150,13 +150,14 @@ client {
# Allow to chroot the /opt directory to renew bao tls certificates:
# https://developer.hashicorp.com/nomad/docs/configuration/client#chroot_env-parameters
chroot_env {
- "/bin/ls" = "/bin/ls"
- "/etc/ld.so.cache" = "/etc/ld.so.cache"
- "/etc/ld.so.conf" = "/etc/ld.so.conf"
- "/etc/ld.so.conf.d" = "/etc/ld.so.conf.d"
- "/etc/passwd" = "/etc/passwd"
+ "/bin" = "/bin"
+ "/etc" = "/etc"
"/lib" = "/lib"
+ "/lib32" = "/lib32"
"/lib64" = "/lib64"
+ "/run/resolvconf" = "/run/resolvconf"
+ "/sbin" = "/sbin"
+ "/usr" = "/usr"
"/opt" = "/opt"
}
}
