github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/website/content/plugins/drivers/community/nspawn.mdx (about) 1 --- 2 layout: docs 3 page_title: 'Drivers: systemd-nspawn' 4 description: The nspawn task driver is used to run application containers using systemd-nspawn. 5 --- 6 7 # nspawn Driver 8 9 Name: `nspawn` 10 11 The `nspawn` driver provides an interface for using systemd-nspawn for running 12 application containers. You can download the external systemd-nspawn driver 13 [here][nspawn-driver]. For more detailed instructions on how to set up and use 14 this driver, please refer to the [guide][nspawn-guide]. 15 16 ## Task Configuration 17 18 ```hcl 19 task "debian" { 20 driver = "nspawn" 21 config { 22 image = "/var/lib/machines/Debian" 23 resolv_conf = "copy-host" 24 } 25 } 26 ``` 27 28 The `nspawn` driver supports the following configuration in the job spec: 29 30 - [`boot`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-b) - 31 (Optional) `true` (default) or `false`. Search for an init program and invoke 32 it as PID 1. Arguments specified in `command` will be used as arguments for 33 the init program. 34 35 - [`ephemeral`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-x) - 36 (Optional) `true` or `false` (default). Make an ephemeral copy of the image 37 before staring the container. 38 39 - [`process_two`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-a) - 40 (Optional) `true` or `false` (default). Start the command specified with 41 `command` as PID 2, using a minimal stub init as PID 1. 42 43 - [`read_only`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--read-only) - 44 (Optional) `true` or `false` (default). Mount the used image as read only. 45 46 - [`user_namespacing`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-U) - 47 (Optional) `true` (default) or `false`. Enable user namespacing features 48 inside the container. 49 50 - `command` - (Optional) A list of strings to pass as the used command to the 51 container. 52 53 ```hcl 54 config { 55 command = [ "/bin/bash", "-c", "dhclient && nginx && tail -f /var/log/nginx/access.log" ] 56 } 57 ``` 58 59 - [`console`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--console=MODE) - 60 (Optional) Configures how to set up standard input, output and error output 61 for the container. 62 63 - `image` - The image to be used in the container. This can either be the path 64 to a 65 [directory](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-D), 66 the path to a file system 67 [image](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-i) 68 or block device or the name of an image registered with 69 [`systemd-machined`](https://www.freedesktop.org/software/systemd/man/systemd-machined.service.html). 70 A path can be specified as a relative path from the configured Nomad plugin 71 directory. **This option is mandatory**. 72 73 - `image_download` - (Optional) Download the used image according to the 74 settings defined in this block. Structure is documented below. 75 76 - [`pivot_root`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--pivot-root=) - 77 (Optional) Pivot the specified directory to the be containers root directory. 78 79 - [`resolv_conf`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--resolv-conf=) - 80 (Optional) Configure how `/etc/resolv.conf` is handled inside the container. 81 82 - [`user`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-u) - 83 (Optional) Change to the specified user in the containers user database. 84 85 - [`volatile`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--volatile) - 86 (Optional) Boot the container in volatile mode. 87 88 - [`working_directory`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--chdir=) - 89 (Optional) Set the working directory inside the container. 90 91 - [`bind`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--bind=) - 92 (Optional) Files or directories to bind mount inside the container. 93 94 ```hcl 95 config { 96 bind { 97 "/var/lib/postgresql" = "/postgres" 98 } 99 } 100 ``` 101 102 - [`bind_read_only`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--bind=) - 103 (Optional) Files or directories to bind mount read only inside the container. 104 105 ```hcl 106 config { 107 bind_read_only { 108 "/etc/passwd" = "/etc/passwd" 109 } 110 } 111 112 ``` 113 114 - `environment` - (Optional) Environment variables to pass to the init process 115 in the container. 116 117 ```hcl 118 config { 119 environment = { 120 FOO = "bar" 121 } 122 } 123 ``` 124 125 - `port_map` - (Optional) A key-value map of port labels. Works the same way as 126 in the [docker driver][docker_driver]. 127 128 **Note:** `systemd-nspawn` will not expose ports to the loopback interface 129 of your host. 130 131 ```hcl 132 config { 133 port_map { 134 http = 80 135 } 136 } 137 ``` 138 139 The `image_download` block supports the following arguments: 140 141 - `url` - The URL of the image to download. The URL must be of type `http://` or 142 `https://`. **This option is mandatory**. 143 144 - [`verify`](https://www.freedesktop.org/software/systemd/man/machinectl.html#pull-tar%20URL%20%5BNAME%5D) - 145 (Optional) `no` (default), `signature` or `checksum`. Whether to verify the 146 image before making it available. 147 148 - `force` - (Optional) `true` or `false` (default) If a local copy already 149 exists, delete it first and replace it by the newly downloaded image. 150 151 - `type` - (Optional) `tar` (default) or `raw`. The type of image to download. 152 153 ## Networking 154 155 The `nspawn` driver has support for host networking and also bridge mode 156 networking. It can therefore be used with Nomad's [Consul Connect 157 integration][consul_connect_integration]. 158 159 ## Client Requirements 160 161 The `nspawn` driver requires the following: 162 163 - 64-bit Linux host 164 - The `linux_amd64` Nomad binary 165 - The nspawn driver binary placed in the [plugin_dir][plugin_dir] directory. 166 - `systemd-nspawn` to be installed 167 - Nomad running with root privileges 168 169 ## Plugin Options 170 171 - `enabled` - The `nspawn` driver may be disabled on hosts by setting this 172 option to `false` (defaults to `true`). 173 174 - `volumes` - Enable support for Volumes in the driver (defaults to `true`). 175 176 An example of using these plugin options with the new [plugin syntax][plugin] is 177 shown below: 178 179 ```hcl 180 plugin "nspawn" { 181 config { 182 enabled = true 183 volumes = true 184 } 185 } 186 ``` 187 188 ## Client Attributes 189 190 The `nspawn` driver will set the following client attributes: 191 192 - `driver.nspawn` - Set to `true` if systemd-nspawn is found and enabled on the 193 host node and Nomad is running with root privileges. 194 195 - `driver.nspawn.version` - Version of `systemd-nspawn` e.g.: `244`. 196 197 [nspawn-driver]: https://github.com/JanMa/nomad-driver-nspawn/releases 198 [nspawn-guide]: https://github.com/JanMa/nomad-driver-nspawn 199 [plugin]: /docs/configuration/plugin 200 [plugin_dir]: /docs/configuration#plugin_dir 201 [plugin-options]: #plugin-options 202 [client_options]: /docs/configuration/client#options 203 [docker_driver]: /docs/drivers/docker#using-the-port-map 204 [consul_connect_integration]: /docs/integrations/consul-connect