github.com/Ilhicas/nomad@v1.0.4-0.20210304152020-e86851182bc3/website/content/docs/drivers/java.mdx (about) 1 --- 2 layout: docs 3 page_title: 'Drivers: Java' 4 sidebar_title: Java 5 description: The Java task driver is used to run Jars using the JVM. 6 --- 7 8 # Java Driver 9 10 Name: `java` 11 12 The `java` driver is used to execute Java applications packaged into a Java Jar 13 file. The driver requires the Jar file to be accessible from the Nomad 14 client via the [`artifact` downloader](/docs/job-specification/artifact). 15 16 ## Task Configuration 17 18 ```hcl 19 task "webservice" { 20 driver = "java" 21 22 config { 23 jar_path = "local/example.jar" 24 jvm_options = ["-Xmx2048m", "-Xms256m"] 25 } 26 } 27 ``` 28 29 The `java` driver supports the following configuration in the job spec: 30 31 - `class` - (Optional) The name of the class to run. If `jar_path` is specified 32 and the manifest specifies a main class, this is optional. If shipping classes 33 rather than a Jar, please specify the class to run and the `class_path`. 34 35 - `class_path` - (Optional) The `class_path` specifies the class path used by 36 Java to lookup classes and Jars. 37 38 - `jar_path` - (Optional) The path to the downloaded Jar. In most cases this will just be 39 the name of the Jar. However, if the supplied artifact is an archive that 40 contains the Jar in a subfolder, the path will need to be the relative path 41 (`subdir/from_archive/my.jar`). 42 43 - `args` - (Optional) A list of arguments to the Jar's main method. References 44 to environment variables or any [interpretable Nomad 45 variables](/docs/runtime/interpolation) will be interpreted before 46 launching the task. 47 48 - `jvm_options` - (Optional) A list of JVM options to be passed while invoking 49 java. These options are passed without being validated in any way by Nomad. 50 51 - `pid_mode` - (Optional) Set to `"private"` to enable PID namespace isolation for 52 this task, or `"host"` to disable isolation. If left unset, the behavior is 53 determined from the [`default_pid_mode`][default_pid_mode] in plugin configuration. 54 55 !> **Warning:** If set to `"host"`, other processes running as the same user will 56 be able to access sensitive process information like environment variables. 57 58 - `ipc_mode` - (Optional) Set to `"private"` to enable IPC namespace isolation for 59 this task, or `"host"` to disable isolation. If left unset, the behavior is 60 determined from the [`default_ipc_mode`][default_ipc_mode] in plugin configuration. 61 62 !> **Warning:** If set to `"host"`, other processes running as the same user will be 63 able to make use of IPC features, like sending unexpected POSIX signals. 64 65 ## Examples 66 67 A simple config block to run a Java Jar: 68 69 ```hcl 70 task "web" { 71 driver = "java" 72 73 config { 74 jar_path = "local/hello.jar" 75 jvm_options = ["-Xmx2048m", "-Xms256m"] 76 } 77 78 # Specifying an artifact is required with the "java" driver. This is the 79 # mechanism to ship the Jar to be run. 80 artifact { 81 source = "https://internal.file.server/hello.jar" 82 83 options { 84 checksum = "md5:123445555555555" 85 } 86 } 87 } 88 ``` 89 90 A simple config block to run a Java class: 91 92 ```hcl 93 task "web" { 94 driver = "java" 95 96 config { 97 class = "Hello" 98 class_path = "${NOMAD_TASK_DIR}" 99 jvm_options = ["-Xmx2048m", "-Xms256m"] 100 } 101 102 # Specifying an artifact is required with the "java" driver. This is the 103 # mechanism to ship the Jar to be run. 104 artifact { 105 source = "https://internal.file.server/Hello.class" 106 107 options { 108 checksum = "md5:123445555555555" 109 } 110 } 111 } 112 ``` 113 114 ## Capabilities 115 116 The `java` driver implements the following [capabilities](/docs/internals/plugins/task-drivers#capabilities-capabilities-error). 117 118 | Feature | Implementation | 119 | -------------------- | ----------------------------- | 120 | `nomad alloc signal` | false | 121 | `nomad alloc exec` | false | 122 | filesystem isolation | none, chroot (only for linux) | 123 | network isolation | host, group | 124 | volume mounting | none, all (only for linux) | 125 126 ## Plugin Options 127 128 - `default_pid_mode` `(string: optional)` - Defaults to `"private"`. Set to 129 `"private"` to enable PID namespace isolation for tasks by default, or `"host"` to 130 disable isolation. 131 132 !> **Warning:** If set to `"host"`, other processes running as the same user will 133 be able to access sensitive process information like environment variables. 134 135 - `default_ipc_mode` `(string: optional)` - Defaults to `"private"`. Set to 136 `"private"` to enable IPC namespace isolation for tasks by default, 137 or `"host"` to disable isolation. 138 139 !> **Warning:** If set to `"host"`, other processes running as the same user will be 140 able to make use of IPC features, like sending unexpected POSIX signals. 141 142 ## Client Requirements 143 144 The `java` driver requires Java to be installed and in your system's `$PATH`. On 145 Linux, Nomad must run as root since it will use `chroot` and `cgroups` which 146 require root privileges. The task must also specify at least one artifact to 147 download, as this is the only way to retrieve the Jar being run. 148 149 ## Client Attributes 150 151 The `java` driver will set the following client attributes: 152 153 - `driver.java` - Set to `1` if Java is found on the host node. Nomad determines 154 this by executing `java -version` on the host and parsing the output 155 - `driver.java.version` - Version of Java, ex: `1.6.0_65` 156 - `driver.java.runtime` - Runtime version, ex: `Java(TM) SE Runtime Environment (build 1.6.0_65-b14-466.1-11M4716)` 157 - `driver.java.vm` - Virtual Machine information, ex: `Java HotSpot(TM) 64-Bit Server VM (build 20.65-b04-466.1, mixed mode)` 158 159 Here is an example of using these properties in a job file: 160 161 ```hcl 162 job "docs" { 163 # Only run this job where the JVM is higher than version 1.6.0. 164 constraint { 165 attribute = "${driver.java.version}" 166 operator = ">" 167 value = "1.6.0" 168 } 169 } 170 ``` 171 172 ## Resource Isolation 173 174 The resource isolation provided varies by the operating system of 175 the client and the configuration. 176 177 On Linux, Nomad will attempt to use cgroups, namespaces, and chroot 178 to isolate the resources of a process. If the Nomad agent is not 179 running as root, many of these mechanisms cannot be used. 180 181 As a baseline, the Java jars will be run inside a Java Virtual Machine, 182 providing a minimum amount of isolation. 183 184 ### Chroot 185 186 The chroot created on Linux is populated with data in the following 187 directories from the host machine: 188 189 ``` 190 [ 191 "/bin", 192 "/etc", 193 "/lib", 194 "/lib32", 195 "/lib64", 196 "/run/resolvconf", 197 "/sbin", 198 "/usr", 199 ] 200 ``` 201 202 The task's chroot is populated by linking or copying the data from the host into 203 the chroot. Note that this can take considerable disk space. Since Nomad v0.5.3, 204 the client manages garbage collection locally which mitigates any issue this may 205 create. 206 207 This list is configurable through the agent client 208 [configuration file](/docs/configuration/client#chroot_env). 209 210 [default_pid_mode]: /docs/drivers/java#default_pid_mode 211 [default_ipc_mode]: /docs/drivers/java#default_ipc_mode