web-svc-coturn: Add resource limits and fix docker-compose template

- Set CPU, memory reservation/limit, and PID limit for coturn - Ensure docker_compose_file_creation_enabled and disable git repo pulling - Move certificate mounts to volumes and fix env var interpolation in command - Correct realm and user formatting See: https://chatgpt.com/share/66f65f18-799c-800a-95f4-b6b26511e9cb
2025-10-31 18:29:21 +00:00 · 2025-09-27 01:40:37 +02:00
parent 083b7d2914
commit 926def3d01
3 changed files with 14 additions and 7 deletions
--- a/roles/web-svc-coturn/config/main.yml
+++ b/roles/web-svc-coturn/config/main.yml
@@ -6,8 +6,12 @@ server:
 docker:
  services:
    coturn:
-      image:    "coturn/coturn"
-      version:  "latest"
+      image:            "coturn/coturn"
+      version:          "latest"
+      cpus:             1.0
+      mem_reservation:  512m
+      mem_limit:        1g
+      pids_limit:       256
    redis:
      enabled:  false
    database: 
--- a/roles/web-svc-coturn/tasks/01_core.yml
+++ b/roles/web-svc-coturn/tasks/01_core.yml
@@ -1,3 +1,6 @@
 - name: "Load 'sys-stk-semi-stateless' for '{{ application_id }}'"
  include_role:
-    name: sys-stk-semi-stateless
+    name: sys-stk-semi-stateless
+  vars:
+    docker_compose_file_creation_enabled: true
+    docker_pull_git_repository:           false
--- a/roles/web-svc-coturn/templates/docker-compose.yml.j2
+++ b/roles/web-svc-coturn/templates/docker-compose.yml.j2
@@ -4,26 +4,26 @@
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    image: {{ COTURN_IMAGE }}:{{ COTURN_VERSION }}
    container_name: {{ COTURN_VOLUME }}
-    {% include 'roles/docker-container/templates/base.yml.j2' %}
    ports:
      - "{{ COTURN_TURN_PORT }}:{{ COTURN_TURN_PORT }}/udp"
      - "{{ COTURN_TURN_PORT }}:{{ COTURN_TURN_PORT }}/tcp"
      - "{{ COTURN_STUN_PORT }}:{{ COTURN_STUN_PORT }}/tcp"
      - "{{ COTURN_STUN_PORT }}:{{ COTURN_STUN_PORT }}/udp"
      - "{{ COTURN_RELAY_PORT_RANGE }}/udp"
+    volumes:
      - "{{ COTURN_TLS_CERT_PATH }}:{{ COTURN_TLS_CERT_PATH }}:ro"
      - "{{ COTURN_TLS_KEY_PATH }}:{{ COTURN_TLS_KEY_PATH }}:ro"
    command: >
      --use-auth-secret
-      --static-auth-secret=${ COTURN_STATIC_AUTH_SECRET }
+      --static-auth-secret="${COTURN_STATIC_AUTH_SECRET}"
      --lt-cred-mech
-      --user=${ COTURN_USER_NAME }:${ COTURN_USER_PASSWORD }
+      --user="${COTURN_USER_NAME}:${COTURN_USER_PASSWORD}"
      --log-file=stdout
      --external-ip={{ networks.internet.ip4 }}
 {% if networks.internet.ip6|default('') %}
      --external-ip={{ networks.internet.ip6 }}
 {% endif %}
-      --realm=${ COTURN_REALM }
+      --realm="${COTURN_REALM}"
      --fingerprint
      --total-quota=100
      --stale-nonce