Volumes are not enabled & Traefik watch

Nomad
1

Hello,

I try to migrate my home server from ansible + docker compose to Nomad & Consul.

I tried to understand and read doc and examples about volumes but something I missed.

My job:

job "traefik" {
  region      = "global"
  datacenters = ["dc1"]
  type        = "service"

  group "traefik" {
    count = 1

    task "traefik" {
      driver = "docker"

      config {
        image        = "traefik:latest"
        network_mode = "host"

        volumes = [
          "/srv/live/traefik/config/traefik.yaml:/etc/traefik/traefik.yaml",
          "/srv/live/traefik/config/conf/:/etc/traefik/conf/",
          "/srv/live/traefik/config/acme.json:/etc/traefik/acme.json",
          "/var/run/docker.sock:/var/run/docker.sock",
        ]
      }

      resources {
        cpu    = 100
        memory = 1024

        network {
          mbits = 100

          port "http" {
            static = 80
          }

          port "https" {
            static = 443
          }

          port "metrics" {
            static = 8082
          }

          port "api" {
            static = 8081
          }
        }
      }

      service {
        name = "traefik"

        tags = [
            "traefik.http.routers.dashboard.entrypoints=https",
            "traefik.http.routers.dashboard.rule=Host(`traefik.xxxxxxx.com`)",
            "traefik.http.routers.dashboard.service=api@internal",
            "traefik.http.routers.dashboard.middlewares=auth,compress",
            "traefik.http.routers.dashboard.tls=true",
            "traefik.http.routers.dashboard.tls.certresolver=letsencrypt",
            "traefik.http.middlewares.auth.basicauth.users=548b83ed3af40214b59105c4af669a6e",
            "traefik.http.middlewares.compress.compress=true",
        ]

        check {
          name     = "alive"
          type     = "tcp"
          port     = "http"
          interval = "10s"
          timeout  = "2s"
        }
      }
    }
  }
}

When I used docker-compose, I have volume with all configs for all dockers containers in /srv/live/{{ APP_NAME }}/and very important, I used directory watch for traefik, because I used lot of services (NAS, HomeAutomation etc.) in my LAN. And I create file for every externals services. And I would like to re-use these configs that work.

I have this error:

Oct 17, '20 16:58:43 +0200 	Driver Failure 	Failed to create container configuration for image "traefik:latest" ("sha256:1a3f0281f41e2971ef15020097b1121131936f33ffe2fe51c45f0dd41307d1ab"): volumes are not enabled; cannot mount host paths: "/srv/live/traefik/config/traefik.yaml:/etc/traefik/traefik.yaml"

It’s the same user for docker and nomad

What is your advice? I’m little bit lost in this transition.

Does I needed to create volume? But I would like to be able to write directly from terminal in directory of traefik.

Thanks a lot for the newbie!

2

bind mounts are disabled for security reasons. You need to explicitly enabled them; the relevant documentation is at https://www.nomadproject.io/docs/drivers/docker#enabled-1

1 Like
3

Thanks a lot, I didn’t read the last part, it’s my fault, sorry.

If there are security reasons OK, I will try to respect security advices.

So I tried this:

In client.hcl

    host_volume "data" {
        path = "/srv/live/"
        read_only = false
    }

/srv/live/ is where I store all my docker config and volumes

I can’t see how to organize volume mount to use my /srv/live/traefik/config/traefik.yaml to my container traefik.

I tried this: (part of my job file)

    volume "data" {
      type      = "host"
      read_only = false
      source    = "data"
    }

    task "traefik" {
      driver = "docker"

      volume_mount {
        volume      = "data"
        destination = "/etc/traefik/"
        read_only   = false
      }

      config {
        image        = "traefik:latest"
        network_mode = "host"

        volumes = [
          "data/config/traefik.yaml:/etc/traefik/traefik.yaml",
        ]
      }

But I have this error:

2020/10/18 09:47:18 command traefik error: read /etc/traefik/traefik.yaml: is a directory

Simply I would like to create a volume use by all my containers.

Thanks!

1 Like
4

data/config/traefik.yaml just refers to a normal bind mount, it will create the directories if they don’t exist (that is the reason for your error) – but that is normal docker behavior. Also you cannot choose subdirectories in volumes, you’d have to use them as is.

So you’d need to specify one host-volume per container/whatever. Or you can enable the “insecure” bind mounts. It is not worse than running docker-compose :wink: