github.com/Ilhicas/nomad@v1.0.4-0.20210304152020-e86851182bc3/website/content/docs/drivers/podman.mdx (about) 1 --- 2 layout: docs 3 page_title: 'Drivers: podman' 4 sidebar_title: Podman 5 description: >- 6 The Podman task driver uses podman (https://podman.io/) for containerizing 7 tasks. 8 --- 9 10 # Podman Task Driver 11 12 Name: `podman` 13 14 Homepage: https://github.com/hashicorp/nomad-driver-podman 15 16 The Podman task driver plugin for Nomad uses the [Pod Manager (podman)][podman] 17 daemonless container runtime for executing Nomad tasks. Podman supports OCI 18 containers and its command line tool is meant to be [a drop-in replacement for 19 Docker's][podman-cli]. 20 21 See the project's [homepage][homepage] for details. 22 23 ## Client Requirements 24 25 The Podman task driver is not builtin to Nomad. It must be [downloaded][downloaded] onto the client host 26 in the configured plugin directory. 27 28 - Linux host with [`podman`][podman] installed. 29 - [`nomad-driver-podman`][releases] binary in Nomad's [`plugin_dir`][plugin_dir]. 30 31 ## Capabilities 32 33 The `podman` driver implements the following [capabilities](/docs/internals/plugins/task-drivers#capabilities-capabilities-error). 34 35 | Feature | Implementation | 36 | -------------------- | ----------------------- | 37 | `nomad alloc signal` | true | 38 | `nomad alloc exec` | false | 39 | filesystem isolation | image | 40 | network isolation | host, group, task, none | 41 | volume mounting | none | 42 43 ## Known Limitations 44 45 The Podman task driver is under active development. It currently does not support [stderr logging][stderr-logging] and [devices][devices]. 46 47 ## Task Configuration 48 49 Due to Podman's similarity to Docker, the example job created by [`nomad init -short`][nomad-init] is easily adapted to use Podman instead: 50 51 ```hcl 52 job "redis" { 53 datacenters = ["dc1"] 54 type = "service" 55 56 group "cache" { 57 network { 58 port "redis" { to = 6379 } 59 } 60 61 task "redis" { 62 driver = "podman" 63 64 config { 65 image = "docker://redis" 66 ports = ["redis"] 67 } 68 } 69 } 70 } 71 ``` 72 73 - `image` - The image to run. 74 75 ```hcl 76 config { 77 image = "docker://redis" 78 } 79 ``` 80 81 - `command` - (Optional) The command to run when starting the container. 82 83 ```hcl 84 config { 85 command = "some-command" 86 } 87 ``` 88 89 - `args` - (Optional) A list of arguments to the optional command. If no 90 _command_ is specified, the arguments are passed directly to the container. 91 92 ```hcl 93 config { 94 args = [ 95 "arg1", 96 "arg2", 97 ] 98 } 99 ``` 100 101 - `volumes` - (Optional) A list of `host_path:container_path` strings to bind 102 host paths to container paths. 103 104 ```hcl 105 config { 106 volumes = [ 107 "/some/host/data:/container/data" 108 ] 109 } 110 ``` 111 112 - `tmpfs` - (Optional) A list of `/container_path` strings for tmpfs mount 113 points. See `podman run --tmpfs` options for details. 114 115 ```hcl 116 config { 117 tmpfs = [ 118 "/var" 119 ] 120 } 121 ``` 122 123 - `hostname` - (Optional) The hostname to assign to the container. When 124 launching more than one of a task (using count) with this option set, every 125 container the task starts will have the same hostname. 126 127 - `init` - Run an init inside the container that forwards signals and reaps processes. 128 129 ```hcl 130 config { 131 init = true 132 } 133 ``` 134 135 - `init_path` - Path to the container-init binary. 136 137 ```hcl 138 config { 139 init = true 140 init_path = "/usr/libexec/podman/catatonit" 141 } 142 ``` 143 144 - `user` - Run the command as a specific user/uid within the container. See 145 [task configuration][task]. 146 147 - `memory_reservation` - Memory soft limit (unit = b (bytes), k (kilobytes), m 148 (megabytes), or g (gigabytes)) 149 150 After setting memory reservation, when the system detects memory contention or 151 low memory, containers are forced to restrict their consumption to their 152 reservation. So you should always set the value below --memory, otherwise the 153 hard limit will take precedence. By default, memory reservation will be the 154 same as memory limit. 155 156 ```hcl 157 config { 158 memory_reservation = "100m" 159 } 160 ``` 161 162 - `memory_swap` - A limit value equal to memory plus swap. The swap limit 163 should always be larger than the [memory value][memory-value]. 164 165 Unit can be b (bytes), k (kilobytes), m (megabytes), or g (gigabytes). If you 166 don't specify a unit, b is used. Set LIMIT to -1 to enable unlimited swap. 167 168 ```hcl 169 config { 170 memory_swap = "180m" 171 } 172 ``` 173 174 - `memory_swappiness` - Tune a container's memory swappiness behavior. Accepts 175 an integer between 0 and 100. 176 177 ```hcl 178 config { 179 memory_swappiness = 60 180 } 181 ``` 182 183 - `network_mode` - Set the [network mode][network-mode] for the container. This will be 184 overridden by nomad if a group network is created and passed in by Nomad. 185 186 - `bridge` - (default for rootful) create a network stack on the default bridge 187 - `none` - no networking 188 - `container:id` - reuse another container's network stack 189 - `host` - use the Podman host network stack. Note: the host mode gives the container 190 full access to local system services such as D-bus and is therefore considered insecure. 191 - `slirp4netns` - use `slirp4netns` to create a user network stack. This is the default for 192 rootless containers. Podman currently does not support this option for rootful containers ([issue][slirp-issue]) 193 194 ## Networking 195 196 Podman supports forwarding and exposing ports like Docker. See [Docker Driver 197 configuration][docker-ports] for details. 198 199 ## Plugin Options 200 201 The Podman plugin has options which may be customized in the agent's 202 configuration file. 203 204 - `volumes` stanza: 205 206 - `enabled` - Defaults to `true`. Allows tasks to bind host paths (volumes) 207 inside their container. 208 - `selinuxlabel` - Allows the operator to set a SELinux label to the 209 allocation and task local bind-mounts to containers. If used with 210 `volumes.enabled` set to false, the labels will still be applied to the 211 standard binds in the container. 212 213 ```hcl 214 plugin "nomad-driver-podman" { 215 config { 216 volumes { 217 enabled = true 218 selinuxlabel = "z" 219 } 220 } 221 } 222 ``` 223 224 - `gc` stanza: 225 226 - `container` - Defaults to `true`. This option can be used to disable 227 Nomad from removing a container when the task exits. 228 229 ```hcl 230 plugin "nomad-driver-podman" { 231 config { 232 gc { 233 container = false 234 } 235 } 236 } 237 ``` 238 239 - `recover_stopped` - Defaults to `true`. Allows the driver to start and reuse 240 a previously stopped container after a Nomad client restart. 241 Consider a simple single node system and a complete reboot. All previously managed containers 242 will be reused instead of disposed and recreated. 243 244 ```hcl 245 plugin "nomad-driver-podman" { 246 config { 247 recover_stopped = false 248 } 249 } 250 ``` 251 252 [docker-ports]: /docs/drivers/docker#forwarding-and-exposing-ports 253 [homepage]: https://github.com/hashicorp/nomad-driver-podman 254 [memory-value]: /docs/job-specification/resources#memory 255 [nomad-init]: /docs/commands/job/init 256 [plugin_dir]: /docs/configuration#plugin_dir 257 [podman]: https://podman.io/ 258 [podman-cli]: https://podman.io/whatis.html 259 [releases]: https://releases.hashicorp.com/nomad-driver-podman 260 [task]: /docs/job-specification/task#user 261 [network-mode]: http://docs.podman.io/en/latest/markdown/podman-run.1.html#options 262 [slirp-issue]: https://github.com/containers/libpod/issues/6097 263 [stderr-logging]: https://github.com/hashicorp/nomad-driver-podman/issues/4 264 [devices]: https://github.com/hashicorp/nomad-driver-podman/issues/41 265 [downloaded]: https://releases.hashicorp.com/nomad-driver-podman