Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cannot start the recored #63

Open
vv0rk0ffice opened this issue Jan 8, 2025 · 1 comment
Open

cannot start the recored #63

vv0rk0ffice opened this issue Jan 8, 2025 · 1 comment

Comments

@vv0rk0ffice
Copy link

vv0rk0ffice commented Jan 8, 2025
edited
Loading

when the call-offloader create record contender from call-recorder image, it stops immediately with the following logs:

+ rm -rf /var/run/pulse /var/lib/pulse /root/.config/pulse
+ pulseaudio -D --verbose --exit-idle-time=-1 --system --disallow-exit --disable-shm=true --log-time=true
W: [pulseaudio] core-util.c: Uh, personality() failed: Operation not permitted
(   0.000|   0.000) W: [pulseaudio] main.c: Running in system mode, but --disallow-module-loading not set.
(   0.009|   0.009) I: [pulseaudio] main.c: Daemon startup successful.
+ pactl load-module module-null-sink sink_name=grab sink_properties=device.description=monitorOUT
10
+ RECORDER_PID=0
+ RECORDER_PID_FILE=/tmp/recorder.pid
+ RECORDER_EXIT_CODE_FILE=/tmp/recorder.ecode
+ trap 'kill ${!}; term_handler' SIGTERM
+ RECORDER_USER=calls
+ chown -R calls:calls /data
+ chown -R calls:calls /home/calls
+ set +x
+ wait 16
time=2025-01-08T14:12:03.670Z level=INFO source=main.go:42 msg="starting recording" recID=oq8ooj4soby5bkffzgo1pc5amo jobID=oq8ooj4soby5bkffzgo1pc5amo
time=2025-01-08T14:12:03.670Z level=WARN source=utils.go:51 msg="failed to read sysctl" recID=oq8ooj4soby5bkffzgo1pc5amo jobID=oq8ooj4soby5bkffzgo1pc5amo err="open /proc/sys/kernel/unprivileged_userns_clone: no such file or directory"
time=2025-01-08T14:12:03.693Z level=ERROR source=utils.go:137 msg="request failed with error" recID=oq8ooj4soby5bkffzgo1pc5amo jobID=oq8ooj4soby5bkffzgo1pc5amo err="tls: failed to verify certificate: x509: certificate signed by unknown authority" url=https://mydomain:8444/plugins/com.mattermost.calls/bot/calls/p3y41g5hdpbn3yqysm6ptdz1dy/filename method=GET
time=2025-01-08T14:12:03.693Z level=ERROR source=main.go:45 msg="failed to start recording" recID=oq8ooj4soby5bkffzgo1pc5amo jobID=oq8ooj4soby5bkffzgo1pc5amo err="failed to get filename for call: failed to get filename: Get \"https://mydomain:8444/plugins/com.mattermost.calls/bot/calls/p3y41g5hdpbn3yqysm6ptdz1dy/filename\": tls: failed to verify certificate: x509: certificate signed by unknown authority"
time=2025-01-08T14:12:03.701Z level=ERROR source=utils.go:137 msg="request failed with error" recID=oq8ooj4soby5bkffzgo1pc5amo jobID=oq8ooj4soby5bkffzgo1pc5amo err="tls: failed to verify certificate: x509: certificate signed by unknown authority" url=https://mydomain:8444/plugins/com.mattermost.calls/bot/calls/p3y41g5hdpbn3yqysm6ptdz1dy/jobs/oq8ooj4soby5bkffzgo1pc5amo/status method=POST
time=2025-01-08T14:12:03.701Z level=ERROR source=main.go:47 msg="failed to report job failure" recID=oq8ooj4soby5bkffzgo1pc5amo jobID=oq8ooj4soby5bkffzgo1pc5amo err="request failedPost \"https://mydomain:8444/plugins/com.mattermost.calls/bot/calls/p3y41g5hdpbn3yqysm6ptdz1dy/jobs/oq8ooj4soby5bkffzgo1pc5amo/status\": tls: failed to verify certificate: x509: certificate signed by unknown authority"
time=2025-01-08T14:12:13.706Z level=ERROR source=main.go:52 msg="failed to stop recorder" recID=oq8ooj4soby5bkffzgo1pc5amo jobID=oq8ooj4soby5bkffzgo1pc5amo err="timed out waiting for stopped event"
+ exit_handler
+ '[' '!' -f /tmp/recorder.ecode ']'
++ cat /tmp/recorder.ecode
+ EXIT_CODE=0
+ exit 0
  • note:
    • my ssl cert is valid from lets encrypt

config.toml

[api]
# The address and port to which the HTTP API server will be listening on.
http.listen_address = ":4545"
# A boolean controlling whether the HTTP API should be served on a TLS secure connection.
http.tls.enable = false
# A path to the certificate file used to serve the HTTP API.
http.tls.cert_file = ""
# A path to the certificate key used to serve the HTTP API.
http.tls.cert_key = ""
# A boolean controlling whether clients are allowed to self register.
# If this service sits in the internal (private) network this can be safely
# turned on to avoid the extra complexity of setting up credentials.
security.allow_self_registration = true
# A boolean controlling whether a superuser client should be allowed.
# The admin client can be used to generate the aforementioned crendetials.
# Example:
#   curl -H 'Authorization: Basic $(echo -n ':admin_secret_key' | base64)' \
#   http://localhost:8045/register -d '{"clientID": "clientA", "authKey": "Ey4-H_BJA00_TVByPi8DozE12ekN3S7A"}'
security.enable_admin = false
# A key used to authenticate as the admin client.
security.admin_secret_key = ""
# The expiration, in minutes, of the cached auth session and their tokens.
security.session_cache.expiration_minutes = 1440

[store]
# A path to a directory the service will use to store persistent data such as registered client IDs and hashed credentials.
data_source = "./calls-offloader-db"

[jobs]
# The underlying API used to create and manage jobs. Allowed values are "docker" and "kubernetes".
api_type = "docker"
# Maximum number of jobs allowed to be running at one time.
max_concurrent_jobs = 20
# The time to retain failed jobs before automatically deleting them and their
# resources (i.e. volumes containing recordings). Succeeded jobs are automatically deleted upon
# completion. A zero value means keeping failed jobs indefinitely.
# The supported units of time are "m" (minutes), "h" (hours) and "d" (days).
failed_jobs_retention_time = "30d"
# The image registry used to validate job runners. Defaults to the public
# Mattermost Docker registry (https://hub.docker.com/u/mattermost).
image_registry = "mattermost"

# Kubernetes API optionally supports definining resource limits and requests on
# a per job type basis. Example:
#[jobs.kubernetes]
#jobs_resource_requirements = '{"transcribing":{"limits":{"cpu":"4000m"},"requests":{"cpu":"2000m"}},"recording":{"limits":{"cpu":"2000m"},"requests":{"cpu":"1000m"}}}'
#
# The Persistent Volume Claim name to use to store data produced by jobs (e.g. recording files).
#persistent_volume_claim_name = "my-pvc"
#
# A comma separated list of Sysctls to apply on the node through priviledged init container before starting jobs.
# For example, enabling the `kernel.unprivileged_userns_clone` at node level was necessary
# on Debian based systems (pre kernel 5.10) in order to run Chromium sandbox.
#node_sysctls = "kernel.unprivileged_userns_clone=1"

[logger]
# A boolean controlling whether to log to the console.
enable_console = true
# A boolean controlling whether to use the JSON format for logging to the console.
console_json = false
# The logging level for the console.
console_level = "DEBUG"
# A boolean controlling whether to log to a file.
enable_file = true
# A boolean controlling whether to use the JSON format for logging to file
file_json = true
# The logging level for the file.
file_level = "DEBUG"
# The path to the log file.
file_location = ".//calls-offloader.log"
# A boolean controlling whether to display colors when logging to the console.
enable_color = true
@streamer45
Copy link
Contributor

Looks like the certificate is not trusted. You should ensure it's installed globally on the system. Does running curl -v https://mydomain:8444/plugins/com.mattermost.calls/version on the same host work?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@streamer45 @vv0rk0ffice