bsdpot / nomad-pot-driver

Nomad task driver for launching freebsd jails.
Apache License 2.0
84 stars 14 forks source link

port_map reverses order of ports #48

Closed einsibjarni closed 11 months ago

einsibjarni commented 11 months ago

This is my job file:

job "whoisd" {
  datacenters = ["dc1"]
  type        = "service"

  group "group1" {
    count = 1
    network {
      mode = "host"
      port "whois" {
        to = 20043
      }
    }
    task "whoisd-pot" {
      driver = "pot"
      service {
        tags = ["whoisd"]
        name = "whois-service"
        port = "whois"

         check {
            type     = "script"
            name     = "whois health check"
            interval = "60s"
            timeout  = "30s"
            command  = "/bin/sh"
            args     = ["-c", "echo health | nc -w 1 localhost 20043 | grep OK"]
         }
      }
      config {
        image = "file://./images"
        pot = "whoisd"
        tag = "82ec17054d9a94f37ac86bb6ea267c478656b2eb"
        command = "/usr/local/whoisd/registry/bin/whoisd"
        args = []
        network_mode = "public-bridge"
        port_map = {
          whois = "20043"
        }
      }
      resources {
        cpu = 300
        memory = 500
      }
    }
  }
}

What I expect to happen is that nomad reserves dynamically a port, which it will route to port 20043 inside the jail.

What I see in the logs is this:

pot-prepare -U file://./images -p whoisd -t 82ec17054d9a94f37ac86bb6ea267c478656b2eb -c "/usr/local/whoisd/registry/bin/whoisd" -N public-bridge -e 20043:28443 -a a510890d_4fe1de8e-eab5-e238-709c-a288e9b567ac -n whoisd-pot -v

I might be misunderstanding, but according to pot help export-ports:

-e [proto:]port[:pot_port] : port(s) to export
         proto can be tcp (default) or udp
         port is the port to export
         pot_port : a static port to NAT to inside the pot
                    dynamically allocated by default

So, shouldn't the pot-prepare command above have -e 28443:20043?

einsibjarni commented 11 months ago

Nvm, the code is correct. The problem was using to = 20043 in network stanza. Removing that fixed the problem