mirror of
https://github.com/scottlamb/moonfire-nvr.git
synced 2024-12-24 22:25:55 -05:00
avoid clock problems on some Docker setups
In particular, this was happening out of the box on Raspberry Pi OS Lite 20210304, as reported by ironoxidizer@gmail.com here: https://groups.google.com/g/moonfire-nvr-users/c/2j9LvfFl2u8/m/tJcNS2WfCQAJ * adjust main.rs to make the problem more obvious * mention it in the troubleshooting guide * sidestep it in the nvr docker wrapper script also just use --networking=host rather than --publish (avoiding a proxy process). I'm using Docker to simplify the build and deployment process, not as a security boundary, so just do the simpler thing.
This commit is contained in:
parent
0c34ea8314
commit
7c0a634bed
@ -13,20 +13,9 @@ instead want to build Moonfire NVR yourself, see the [Build
|
||||
instructions](build.md).
|
||||
|
||||
First, install [Docker](https://www.docker.com/) if you haven't already,
|
||||
and verify you can run the container.
|
||||
and verify `docker run --rm hello-world` works.
|
||||
|
||||
```
|
||||
$ docker run --rm -it scottlamb/moonfire-nvr:latest
|
||||
moonfire-nvr 0.6.2
|
||||
security camera network video recorder
|
||||
|
||||
USAGE:
|
||||
moonfire-nvr <SUBCOMMAND>
|
||||
|
||||
...
|
||||
```
|
||||
|
||||
Next, you'll need to set up your filesystem and the Monfire NVR user.
|
||||
Next, you'll need to set up your filesystem and the Moonfire NVR user.
|
||||
|
||||
Moonfire NVR keeps two kinds of state:
|
||||
|
||||
@ -56,12 +45,13 @@ time zone.
|
||||
sudo sh -c 'cat > /usr/local/bin/nvr' <<'EOF'
|
||||
#!/bin/bash -e
|
||||
|
||||
tz=America/Los_Angeles
|
||||
container_name=moonfire-nvr
|
||||
image_name=scottlamb/moonfire-nvr:latest
|
||||
tz="America/Los_Angeles"
|
||||
container_name="moonfire-nvr"
|
||||
image_name="scottlamb/moonfire-nvr:latest"
|
||||
common_docker_run_args=(
|
||||
--mount=type=bind,source=/var/lib/moonfire-nvr,destination=/var/lib/moonfire-nvr
|
||||
--user="$(id -u moonfire-nvr):$(id -g moonfire-nvr)"
|
||||
--security-opt=seccomp:unconfined
|
||||
--env=RUST_BACKTRACE=1
|
||||
--env=TZ=":${tz}"
|
||||
)
|
||||
@ -73,7 +63,7 @@ run)
|
||||
--detach=true \
|
||||
--restart=on-failure \
|
||||
"${common_docker_run_args[@]}" \
|
||||
--publish=8080:8080 \
|
||||
--network=host \
|
||||
--name="${container_name}" \
|
||||
"${image_name}" \
|
||||
run \
|
||||
|
@ -11,6 +11,7 @@ need more help.
|
||||
* [Camera stream errors](#camera-stream-errors)
|
||||
* [Problems](#problems)
|
||||
* [Server errors](#server-errors)
|
||||
* [`clock_gettime failed: EPERM: Operation not permitted`](#clock_gettime-failed-eperm-operation-not-permitted)
|
||||
* [`Error: pts not monotonically increasing; got 26615520 then 26539470`](#error-pts-not-monotonically-increasing-got-26615520-then-26539470)
|
||||
* [Out of disk space](#out-of-disk-space)
|
||||
* [Database or filesystem corruption errors](#database-or-filesystem-corruption-errors)
|
||||
@ -213,6 +214,23 @@ W20210309 00:28:55.527 s-courtyard-sub moonfire_nvr::streamer] courtyard-sub: sl
|
||||
|
||||
### Server errors
|
||||
|
||||
#### `clock_gettime failed: EPERM: Operation not permitted`
|
||||
|
||||
If commands fail with an error like the following, you're likely running
|
||||
Docker with an overly restrictive `seccomp` setup. [This stackoverflow
|
||||
answer](https://askubuntu.com/questions/1263284/apt-update-throws-signature-error-in-ubuntu-20-04-container-on-arm/1264921#1264921) describes the
|
||||
problem in more detail. The simplest solution is to add
|
||||
`--security-opt=seccomp:unconfined` to your Docker commandline.
|
||||
If you are using the recommended `/usr/local/bin/nvr` wrapper script,
|
||||
add this option to the `common_docker_run_args` section.
|
||||
|
||||
```
|
||||
$ docker run --rm -it moonfire-nvr:latest
|
||||
clock_gettime failed: EPERM: Operation not permitted
|
||||
|
||||
This indicates a broken environment. See the troubleshooting guide.
|
||||
```
|
||||
|
||||
#### `Error: pts not monotonically increasing; got 26615520 then 26539470`
|
||||
|
||||
If your streams cut out and you see error messages like this one in Moonfire
|
||||
|
@ -137,6 +137,15 @@ fn panic_hook(p: &std::panic::PanicInfo) {
|
||||
}
|
||||
|
||||
fn main() {
|
||||
if let Err(e) = nix::time::clock_gettime(nix::time::ClockId::CLOCK_MONOTONIC) {
|
||||
eprintln!(
|
||||
"clock_gettime failed: {}\n\n\
|
||||
This indicates a broken environment. See the troubleshooting guide.",
|
||||
e
|
||||
);
|
||||
std::process::exit(1);
|
||||
}
|
||||
|
||||
let args = Args::from_args();
|
||||
let mut h = mylog::Builder::new()
|
||||
.set_format(
|
||||
|
Loading…
Reference in New Issue
Block a user