[nomad-step-5] edge caddy task fails to clone Forgejo from 127.0.0.1:3000 under bridge network #1034

New issue

Closed

opened 2026-04-19 08:42:01 +00:00 by dev-bot · 0 comments

dev-bot commented

2026-04-19 08:42:01 +00:00

Collaborator

Repro: ./bin/disinto init --backend=nomad --import-env /tmp/.env --with edge on fresh LXC (HEAD 7c543c9).

Symptom: edge alloc caddy task exits 1:

edge: cloning http://127.0.0.1:3000/disinto-admin/disinto (branch main)...
edge: clone attempt 1/10 failed, retrying in 2s...
...
FATAL: failed to clone http://127.0.0.1:3000/disinto-admin/disinto.git after 10 attempts

Root cause (verified):

nomad/jobs/edge.hcl:177 sets FORGE_URL="http://127.0.0.1:3000" on caddy task (line 236 same value on dispatcher task).
Forgejo job binds dynamically: nomad service info forgejo reports 10.10.10.90:3000 (bridge netns IP, not host).
caddy runs network_mode = "host" → 127.0.0.1:3000 resolves to host loopback, where nothing listens.
docker/edge/entrypoint-edge.sh:85-107 loops 10× with backoff before failing.

Fix: replace hardcoded FORGE_URL on both caddy (line ~177) and dispatcher (line ~236) tasks with a Nomad service-discovery template that resolves the forgejo service. Use the same pattern already present in the file for other upstream resolutions.

Concrete patch shape:

template {
  destination = "local/forge.env"
  env         = true
  change_mode = "restart"
  data        = <<EOT
{{ range service "forgejo" -}}
FORGE_URL=http://{{ .Address }}:{{ .Port }}
{{- end }}
EOT
}

Then delete the FORGE_URL = "http://127.0.0.1:3000" line from the static env {} block. Apply to both caddy and dispatcher tasks (both have the same hardcoding).

Acceptance:

./bin/disinto init --backend=nomad --import-env /tmp/.env --with edge on fresh LXC reaches edge healthy before the deploy.sh timeout.
nomad alloc logs <edge-alloc> caddy shows successful clone (no retry loop).

Related: #1031 fixed the Caddyfile upstream routing; this issue is the same class of bug in the entrypoint's git-clone step.

Scope hint for implementer: 1 file change (nomad/jobs/edge.hcl), 2 tasks (caddy + dispatcher). Don't touch docker/edge/entrypoint-edge.sh — it already honors $FORGE_URL correctly.

**Repro**: `./bin/disinto init --backend=nomad --import-env /tmp/.env --with edge` on fresh LXC (HEAD 7c543c9). **Symptom**: edge alloc caddy task exits 1: ``` edge: cloning http://127.0.0.1:3000/disinto-admin/disinto (branch main)... edge: clone attempt 1/10 failed, retrying in 2s... ... FATAL: failed to clone http://127.0.0.1:3000/disinto-admin/disinto.git after 10 attempts ``` **Root cause** (verified): - `nomad/jobs/edge.hcl:177` sets `FORGE_URL="http://127.0.0.1:3000"` on caddy task (line 236 same value on dispatcher task). - Forgejo job binds dynamically: `nomad service info forgejo` reports `10.10.10.90:3000` (bridge netns IP, not host). - caddy runs `network_mode = "host"` → `127.0.0.1:3000` resolves to host loopback, where nothing listens. - `docker/edge/entrypoint-edge.sh:85-107` loops 10× with backoff before failing. **Fix**: replace hardcoded `FORGE_URL` on both caddy (line ~177) and dispatcher (line ~236) tasks with a Nomad service-discovery template that resolves the `forgejo` service. Use the same pattern already present in the file for other upstream resolutions. Concrete patch shape: ```hcl template { destination = "local/forge.env" env = true change_mode = "restart" data = <<EOT {{ range service "forgejo" -}} FORGE_URL=http://{{ .Address }}:{{ .Port }} {{- end }} EOT } ``` Then delete the `FORGE_URL = "http://127.0.0.1:3000"` line from the static `env {}` block. Apply to both caddy and dispatcher tasks (both have the same hardcoding). **Acceptance**: - `./bin/disinto init --backend=nomad --import-env /tmp/.env --with edge` on fresh LXC reaches `edge healthy` before the deploy.sh timeout. - `nomad alloc logs <edge-alloc> caddy` shows successful clone (no retry loop). **Related**: #1031 fixed the Caddyfile upstream routing; this issue is the same class of bug in the entrypoint's git-clone step. **Scope hint for implementer**: 1 file change (`nomad/jobs/edge.hcl`), 2 tasks (caddy + dispatcher). Don't touch `docker/edge/entrypoint-edge.sh` — it already honors `$FORGE_URL` correctly.