github.com/Ilhicas/nomad@v1.0.4-0.20210304152020-e86851182bc3/website/content/docs/drivers/external/nspawn.mdx (about) 1 --- 2 layout: docs 3 page_title: 'Drivers: systemd-nspawn' 4 sidebar_title: systemd-nspawn 5 description: The nspawn task driver is used to run application containers using systemd-nspawn. 6 --- 7 8 # nspawn Driver 9 10 Name: `nspawn` 11 12 The `nspawn` driver provides an interface for using systemd-nspawn for running 13 application containers. You can download the external systemd-nspawn driver 14 [here][nspawn-driver]. For more detailed instructions on how to set up and use 15 this driver, please refer to the [guide][nspawn-guide]. 16 17 ## Task Configuration 18 19 ```hcl 20 task "debian" { 21 driver = "nspawn" 22 config { 23 image = "/var/lib/machines/Debian" 24 resolv_conf = "copy-host" 25 } 26 } 27 ``` 28 29 The `nspawn` driver supports the following configuration in the job spec: 30 31 - [`boot`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-b) - 32 (Optional) `true` (default) or `false`. Search for an init program and invoke 33 it as PID 1. Arguments specified in `command` will be used as arguments for 34 the init program. 35 36 - [`ephemeral`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-x) - 37 (Optional) `true` or `false` (default). Make an ephemeral copy of the image 38 before staring the container. 39 40 - [`process_two`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-a) - 41 (Optional) `true` or `false` (default). Start the command specified with 42 `command` as PID 2, using a minimal stub init as PID 1. 43 44 - [`read_only`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--read-only) - 45 (Optional) `true` or `false` (default). Mount the used image as read only. 46 47 - [`user_namespacing`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-U) - 48 (Optional) `true` (default) or `false`. Enable user namespacing features 49 inside the container. 50 51 - `command` - (Optional) A list of strings to pass as the used command to the 52 container. 53 54 ```hcl 55 config { 56 command = [ "/bin/bash", "-c", "dhclient && nginx && tail -f /var/log/nginx/access.log" ] 57 } 58 ``` 59 60 - [`console`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--console=MODE) - 61 (Optional) Configures how to set up standard input, output and error output 62 for the container. 63 64 - `image` - The image to be used in the container. This can either be the path 65 to a 66 [directory](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-D), 67 the path to a file system 68 [image](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-i) 69 or block device or the name of an image registered with 70 [`systemd-machined`](https://www.freedesktop.org/software/systemd/man/systemd-machined.service.html). 71 A path can be specified as a relative path from the configured Nomad plugin 72 directory. **This option is mandatory**. 73 74 - `image_download` - (Optional) Download the used image according to the 75 settings defined in this block. Structure is documented below. 76 77 - [`pivot_root`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--pivot-root=) - 78 (Optional) Pivot the specified directory to the be containers root directory. 79 80 - [`resolv_conf`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--resolv-conf=) - 81 (Optional) Configure how `/etc/resolv.conf` is handled inside the container. 82 83 - [`user`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-u) - 84 (Optional) Change to the specified user in the containers user database. 85 86 - [`volatile`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--volatile) - 87 (Optional) Boot the container in volatile mode. 88 89 - [`working_directory`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--chdir=) - 90 (Optional) Set the working directory inside the container. 91 92 - [`bind`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--bind=) - 93 (Optional) Files or directories to bind mount inside the container. 94 95 ```hcl 96 config { 97 bind { 98 "/var/lib/postgresql" = "/postgres" 99 } 100 } 101 ``` 102 103 - [`bind_read_only`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--bind=) - 104 (Optional) Files or directories to bind mount read only inside the container. 105 106 ```hcl 107 config { 108 bind_read_only { 109 "/etc/passwd" = "/etc/passwd" 110 } 111 } 112 113 ``` 114 115 - `environment` - (Optional) Environment variables to pass to the init process 116 in the container. 117 118 ```hcl 119 config { 120 environment = { 121 FOO = "bar" 122 } 123 } 124 ``` 125 126 - `port_map` - (Optional) A key-value map of port labels. Works the same way as 127 in the [docker driver][docker_driver]. 128 129 **Note:** `systemd-nspawn` will not expose ports to the loopback interface 130 of your host. 131 132 ```hcl 133 config { 134 port_map { 135 http = 80 136 } 137 } 138 ``` 139 140 The `image_download` block supports the following arguments: 141 142 - `url` - The URL of the image to download. The URL must be of type `http://` or 143 `https://`. **This option is mandatory**. 144 145 - [`verify`](https://www.freedesktop.org/software/systemd/man/machinectl.html#pull-tar%20URL%20%5BNAME%5D) - 146 (Optional) `no` (default), `signature` or `checksum`. Whether to verify the 147 image before making it available. 148 149 - `force` - (Optional) `true` or `false` (default) If a local copy already 150 exists, delete it first and replace it by the newly downloaded image. 151 152 - `type` - (Optional) `tar` (default) or `raw`. The type of image to download. 153 154 ## Networking 155 156 The `nspawn` driver has support for host networking and also bridge mode 157 networking. It can therefore be used with Nomad's [Consul Connect 158 integration][consul_connect_integration]. 159 160 ## Client Requirements 161 162 The `nspawn` driver requires the following: 163 164 - 64-bit Linux host 165 - The `linux_amd64` Nomad binary 166 - The nspawn driver binary placed in the [plugin_dir][plugin_dir] directory. 167 - `systemd-nspawn` to be installed 168 - Nomad running with root privileges 169 170 ## Plugin Options 171 172 - `enabled` - The `nspawn` driver may be disabled on hosts by setting this 173 option to `false` (defaults to `true`). 174 175 - `volumes` - Enable support for Volumes in the driver (defaults to `true`). 176 177 An example of using these plugin options with the new [plugin syntax][plugin] is 178 shown below: 179 180 ```hcl 181 plugin "nspawn" { 182 config { 183 enabled = true 184 volumes = true 185 } 186 } 187 ``` 188 189 ## Client Attributes 190 191 The `nspawn` driver will set the following client attributes: 192 193 - `driver.nspawn` - Set to `true` if systemd-nspawn is found and enabled on the 194 host node and Nomad is running with root privileges. 195 196 - `driver.nspawn.version` - Version of `systemd-nspawn` e.g.: `244`. 197 198 [nspawn-driver]: https://github.com/JanMa/nomad-driver-nspawn/releases 199 [nspawn-guide]: https://github.com/JanMa/nomad-driver-nspawn 200 [plugin]: /docs/configuration/plugin 201 [plugin_dir]: /docs/configuration#plugin_dir 202 [plugin-options]: #plugin-options 203 [client_options]: /docs/configuration/client#options 204 [docker_driver]: /docs/drivers/docker#using-the-port-map 205 [consul_connect_integration]: /docs/integrations/consul-connect