github.com/iqoqo/nomad@v0.11.3-0.20200911112621-d7021c74d101/website/pages/docs/drivers/external/nspawn.mdx

github.com/iqoqo/nomad@v0.11.3-0.20200911112621-d7021c74d101/website/pages/docs/drivers/external/nspawn.mdx (about)

     1  ---
     2  layout: docs
     3  page_title: 'Drivers: Systemd-Nspawn'
     4  sidebar_title: Systemd-Nspawn
     5  description: The Nspawn task driver is used to run application containers using Systemd-Nspawn.
     6  ---
     7  
     8  # Nspawn Driver
     9  
    10  Name: `nspawn`
    11  
    12  The `nspawn` driver provides an interface for using Systemd-Nspawn for running application
    13  containers. You can download the external Systemd-Nspawn driver [here][nspawn-driver]. For more detailed instructions on how to set up and use this driver, please refer to the [guide][nspawn-guide].
    14  
    15  ## Task Configuration
    16  
    17  ```hcl
    18  task "debian" {
    19    driver = "nspawn"
    20    config {
    21      image = "/var/lib/machines/Debian"
    22      resolv_conf = "copy-host"
    23    }
    24  }
    25  ```
    26  
    27  The `nspawn` driver supports the following configuration in the job spec:
    28  
    29  * [`boot`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-b) -
    30    (Optional) `true` (default) or `false`. Search for an init program and invoke
    31    it as PID 1. Arguments specified in `command` will be used as arguments for
    32    the init program.
    33  * [`ephemeral`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-x) -
    34    (Optional) `true` or `false` (default). Make an ephemeral copy of the image
    35    before staring the container.
    36  * [`process_two`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-a) -
    37    (Optional) `true` or `false` (default). Start the command specified with
    38    `command` as PID 2, using a minimal stub init as PID 1.
    39  * [`read_only`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--read-only) -
    40    (Optional) `true` or `false` (default). Mount the used image as read only.
    41  * [`user_namespacing`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-U) -
    42    (Optional) `true` (default) or `false`. Enable user namespacing features
    43    inside the container.
    44  * `command` - (Optional) A list of strings to pass as the used command to the
    45    container.
    46  
    47    ```hcl
    48    config {
    49      command = [ "/bin/bash", "-c", "dhclient && nginx && tail -f /var/log/nginx/access.log" ]
    50    }
    51    ```
    52  * [`console`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--console=MODE) -
    53    (Optional) Configures how to set up standard input, output and error output
    54    for the container.
    55  * `image` - Path to the image to be used in the container. This can either be a
    56    [directory](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-D)
    57    or the path to a file system
    58    [image](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-i)
    59    or block device. Can be specified as a relative path from the configured Nomad
    60    plugin directory. **This option is mandatory**.
    61  * [`pivot_root`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--pivot-root=) -
    62    (Optional) Pivot the specified directory to the be containers root directory.
    63  * [`resolv_conf`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--resolv-conf=) -
    64    (Optional) Configure how `/etc/resolv.conf` is handled inside the container.
    65  * [`user`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-u) -
    66    (Optional) Change to the specified user in the containers user database.
    67  * [`volatile`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--volatile) -
    68    (Optional) Boot the container in volatile mode.
    69  * [`working_directory`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--chdir=) -
    70    (Optional) Set the working directory inside the container.
    71  * [`bind`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--bind=) -
    72    (Optional) Files or directories to bind mount inside the container.
    73  
    74    ```hcl
    75    config {
    76      bind {
    77        "/var/lib/postgresql" = "/postgres"
    78      }
    79    }
    80    ```
    81  * [`bind_read_only`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--bind=) -
    82    (Optional) Files or directories to bind mount read only inside the container.
    83  
    84    ```hcl
    85    config {
    86      bind_read_only {
    87        "/etc/passwd" = "/etc/passwd"
    88      }
    89    }
    90  
    91    ```
    92  * `environment` - (Optional) Environment variables to pass to the init process
    93    in the container.
    94  
    95    ```hcl
    96    config {
    97      environment = {
    98        FOO = "bar"
    99      }
   100    }
   101    ```
   102  * `port_map` - (Optional) A key-value map of port labels. Works the same way as
   103    in the [docker
   104    driver][docker_driver].
   105    **Note:** `systemd-nspawn` will not expose ports to the loopback interface of
   106    your host.
   107  
   108    ```hcl
   109    config {
   110      port_map {
   111        http = 80
   112      }
   113    }
   114    ```
   115  
   116  
   117  ## Networking
   118  
   119  Currently the `nspawn` driver only supports host networking.
   120  
   121  ## Client Requirements
   122  
   123  The `nspawn` driver requires the following:
   124  
   125  * 64-bit Linux host
   126  * The `linux_amd64` Nomad binary
   127  * The Nspawn driver binary placed in the [plugin_dir][plugin_dir] directory.
   128  * `systemd-nspawn` to be installed
   129  * Nomad running with root privileges
   130  
   131  ## Plugin Options
   132  
   133  * `enabled` - The `nspawn` driver may be disabled on hosts by setting this option to `false` (defaults to `true`).
   134  
   135  An example of using these plugin options with the new [plugin
   136  syntax][plugin] is shown below:
   137  
   138  ```hcl
   139  plugin "nspawn" {
   140    config {
   141      enabled = true
   142    }
   143  }
   144  ```
   145  
   146  
   147  ## Client Attributes
   148  
   149  The `nspawn` driver will set the following client attributes:
   150  
   151  * `driver.nspawn` - Set to `true` if Systemd-Nspawn is found and enabled on the
   152    host node and Nomad is running with root privileges.
   153  * `driver.nspawn.version` - Version of `systemd-nspawn` e.g.: `244`.
   154  
   155  
   156  [nspawn-driver]: https://github.com/JanMa/nomad-driver-nspawn/releases
   157  [nspawn-guide]: https://github.com/JanMa/nomad-driver-nspawn
   158  [plugin]: /docs/configuration/plugin
   159  [plugin_dir]: /docs/configuration#plugin_dir
   160  [plugin-options]: #plugin-options
   161  [client_options]: /docs/configuration/client#options
   162  [docker_driver]: /docs/drivers/docker#using-the-port-map