jail-task-driver
jail-task-driver copied to clipboard
cneira
nomad task driver that uses FreeBSD jails
FreeBSD Jail Task Driver
Task driver for FreeBSD jails.
- Website: https://www.nomadproject.io
Requirements
- Nomad 0.9+
- Go 1.11 (to build the provider plugin)
- FreeBSD 12.0-RELEASE Should work with 11
- Consul
Installation
Install(and compile) the jail-task-driver binary and put it in plugin_dir and then add a plugin "jail-task-driver" {} line in your nomad config file.
go get github.com/cneira/jail-task-driver
cp $GOPATH/bin/jail-task-driver YOURPLUGINDIR
Then in your nomad config file, set
plugin "jail-task-driver" {}
In developer/test mode(nomad agent -dev) , plugin_dir is unset it seems, so you will need to mkdir plugins and then copy the jail-task-driver binary to plugins and add a plugins_dir = "path/to/plugins" to the above config file.
then you can run it like:
nomad agent -dev -config nomad.config
For more details see the nomad docs.
Parameters
Parameters used by the driver support most of JAIL(8) functionality, parameter names closely match the ones in JAIL(8).
Examples
Basic jail
job "test" {
datacenters = ["dc1"]
type = "service"
group "test" {
restart {
attempts = 0
mode = "fail"
}
task "test01" {
driver = "jail-task-driver"
config {
Path = "/zroot/iocage/jails/myjail/root"
Persist = true
}
}
}
}
Non vnet jail
job "non-vnet" {
datacenters = ["dc1"]
type = "service"
group "test" {
restart {
attempts = 0
mode = "fail"
}
task "test01" {
driver = "jail-task-driver"
config {
Path = "/zroot/iocage/jails/myjail/root"
Ip4 = "new"
Allow_raw_sockets = true
Allow_chflags = true
Ip4_addr = "em1|192.168.1.102"
Exec_start = "/usr/local/bin/http-echo -listen :9999 -text hello"
}
}
}
}
Vnet jail example
job "vnet-example" {
datacenters = ["dc1"]
type = "service"
group "test" {
restart {
attempts = 0
mode = "fail"
}
task "test01" {
driver = "jail-task-driver"
config {
Path = "/zroot/iocage/jails/myjail/root"
Persist = true
Host_hostname = "mwl.io"
Exec_clean = true
Exec_start = "sh /etc/rc"
Exec_stop = "sh /etc/rc.shutdown"
Mount_devfs = true
Exec_prestart = "logger trying to start "
Exec_poststart = "logger jail has started"
Exec_prestop = "logger shutting down jail "
Exec_poststop = "logger has shut down jail "
Exec_consolelog ="/var/tmp/vnet-example"
Vnet = true
Vnet_nic = "e0b_loghost"
Exec_prestart = "/usr/share/examples/jails/jib addm loghost em1"
Exec_poststop = "/usr/share/examples/jails/jib destroy loghost "
}
}
}
}
Setting resource limits
job "vnet-example2" {
datacenters = ["dc1"]
type = "service"
group "test" {
restart {
attempts = 0
mode = "fail"
}
task "test01" {
driver = "jail-task-driver"
config {
Path = "/zroot/iocage/jails/myjail/root"
Host_hostname = "mwl.io"
Exec_clean = true
Exec_start = "sh /etc/rc"
Exec_stop = "sh /etc/rc.shutdown"
Mount_devfs = true
Exec_prestart = "logger trying to start "
Exec_poststart = "logger jail has started"
Exec_prestop = "logger shutting down jail "
Exec_poststop = "logger has shut down jail "
Exec_consolelog = "/var/tmp/vnet-example"
Vnet = true
Vnet_nic = "e0b_loghost"
Exec_prestart = "/usr/share/examples/jails/jib addm loghost em1"
Exec_poststop = "/usr/share/examples/jails/jib destroy loghost "
Rctl = {
Vmemoryuse = {
Action = "deny"
Amount = "1G"
Per = "process"
}
Openfiles = {
Action = "deny"
Amount = "500"
}
}
}
}
}
}
Demo
Support
It's also possible to support the project on Patreon
References
TODO:
- ~~Implement exec interface~~
- ~~Implement RecoverTask interface~~
- Test All jail options
- Refactor to match parameters as closely as JAIL(8)
- Create jails using docker images
cneira