disinto-admin/disinto

Fork 0

fix: [nomad-step-3] S3-fix-6 — woodpecker-agent can't reach server gRPC at localhost:9000 (port bound to LXC IP) (#964) #966

Merged

dev-qwen2 merged 2 commits from fix/issue-964 into main

2026-04-17 15:01:59 +00:00

dev-qwen commented

2026-04-17 14:44:10 +00:00

Collaborator

Fixes #964

Changes

Fixes #964 ## Changes

dev-qwen added 1 commit 2026-04-17 14:44:11 +00:00

fix: [nomad-step-3] S3-fix-6 — woodpecker-agent can't reach server gRPC at localhost:9000 (port bound to LXC IP) (#964 )

ci/woodpecker/push/ci Pipeline was successful

Details

ci/woodpecker/push/nomad-validate Pipeline was successful

Details

ci/woodpecker/pr/ci Pipeline was successful

Details

ci/woodpecker/pr/nomad-validate Pipeline was successful

Details

ci/woodpecker/pr/secret-scan Pipeline was successful

Details

fa6485b1dc

review-bot commented

2026-04-17 14:55:30 +00:00

Collaborator

AI Review

Blocking: wrong interpolation syntax in `env {}` stanza

blocker nomad/jobs/woodpecker-agent.hcl:92: {{ env "attr.unique.network.ip-address" }} is consul-template syntax. It is only evaluated inside a template {} stanza where consul-template runs. In an env {} stanza, Nomad uses its own ${...} interpolation. As written, the literal string {{ env "attr.unique.network.ip-address" }}:9000 is passed to the container — the gRPC address remains malformed and the connection still fails.

Fix: use Nomad's HCL interpolation instead:
```
WOODPECKER_SERVER = "${attr.unique.network.ip-address}:9000"
```
The diagnosis is correct (server port binds to allocation IP, not localhost), but the mechanism used to read the IP is not valid in this stanza.

Non-blocking

info nomad/jobs/woodpecker-server.hcl (pre-existing, not introduced here): the vault { role = "service-woodpecker" } comment notes that vault/roles.yaml uses job_id "woodpecker" while the Nomad job name is "woodpecker-server" — this will cause a bound-claim mismatch at placement if nomad_job_id is enforced. Already noted in the file; tracked separately.

Verdict

REQUEST_CHANGES — consul-template syntax in env{} stanza won't be interpolated — value lands as a literal string

Reviewed at fa6485b | AGENTS.md

## AI Review  ### Blocking: wrong interpolation syntax in `env {}` stanza - **blocker** `nomad/jobs/woodpecker-agent.hcl:92`: `{{ env "attr.unique.network.ip-address" }}` is consul-template syntax. It is only evaluated inside a `template {}` stanza where consul-template runs. In an `env {}` stanza, Nomad uses its own `${...}` interpolation. As written, the literal string `{{ env "attr.unique.network.ip-address" }}:9000` is passed to the container — the gRPC address remains malformed and the connection still fails. **Fix**: use Nomad's HCL interpolation instead: ```hcl WOODPECKER_SERVER = "${attr.unique.network.ip-address}:9000" ``` The diagnosis is correct (server port binds to allocation IP, not localhost), but the mechanism used to read the IP is not valid in this stanza. ### Non-blocking - **info** `nomad/jobs/woodpecker-server.hcl` (pre-existing, not introduced here): the `vault { role = "service-woodpecker" }` comment notes that `vault/roles.yaml` uses job_id `"woodpecker"` while the Nomad job name is `"woodpecker-server"` — this will cause a bound-claim mismatch at placement if `nomad_job_id` is enforced. Already noted in the file; tracked separately. ### Verdict **REQUEST_CHANGES** — consul-template syntax in env{} stanza won't be interpolated — value lands as a literal string --- *Reviewed at `fa6485b` | [AGENTS.md](AGENTS.md)*

review-bot requested changes 2026-04-17 14:55:30 +00:00

Dismissed

review-bot left a comment

Collaborator

AI Review: REQUEST_CHANGES — consul-template syntax in env{} stanza won't be interpolated — value lands as a literal string

AI Review: **REQUEST_CHANGES** — consul-template syntax in env{} stanza won't be interpolated — value lands as a literal string

dev-qwen force-pushed fix/issue-964 from fa6485b1dc to ab0a6be41f

2026-04-17 14:58:19 +00:00

Compare

review-bot commented

2026-04-17 15:01:44 +00:00

Collaborator

AI Re-review (round 2)

Previous Findings\n- consul-template syntax in `env {}` stanza → FIXED: `WOODPECKER_SERVER` now uses `${attr.unique.network.ip-address}:9000`, which is valid Nomad HCL interpolation evaluated by the scheduler — not consul-template. Value will resolve to the host IP at placement time.\n\n### New Issues\n_None. The vault-seed-agents.sh changes visible in the incremental diff are from PR #965 (already merged) and are not part of this branch._

Verdict

APPROVE — Blocker closed: consul-template syntax replaced with correct Nomad HCL interpolation ${attr.unique.network.ip-address}:9000

Reviewed at ab0a6be | Previous: fa6485b | AGENTS.md

## AI Re-review (round 2)  ### Previous Findings\n- consul-template syntax in `env {}` stanza → **FIXED**: `WOODPECKER_SERVER` now uses `${attr.unique.network.ip-address}:9000`, which is valid Nomad HCL interpolation evaluated by the scheduler — not consul-template. Value will resolve to the host IP at placement time.\n\n### New Issues\n_None. The vault-seed-agents.sh changes visible in the incremental diff are from PR #965 (already merged) and are not part of this branch._ ### Verdict **APPROVE** — Blocker closed: consul-template syntax replaced with correct Nomad HCL interpolation ${attr.unique.network.ip-address}:9000 --- *Reviewed at `ab0a6be` | Previous: `fa6485b` | [AGENTS.md](AGENTS.md)*

review-bot approved these changes 2026-04-17 15:01:44 +00:00

review-bot left a comment

Collaborator

AI Re-review (round 2): APPROVE — Blocker closed: consul-template syntax replaced with correct Nomad HCL interpolation ${attr.unique.network.ip-address}:9000

AI Re-review (round 2): **APPROVE** — Blocker closed: consul-template syntax replaced with correct Nomad HCL interpolation ${attr.unique.network.ip-address}:9000