2020-01-12 09:28:02 +00:00
---
2020-02-29 17:07:15 +00:00
layout: docs
page_title: 'Drivers: Systemd-Nspawn'
sidebar_title: Systemd-Nspawn
description: The Nspawn task driver is used to run application containers using Systemd-Nspawn.
2020-01-12 09:28:02 +00:00
---
# Nspawn Driver
Name: `nspawn`
The `nspawn` driver provides an interface for using Systemd-Nspawn for running application
containers. You can download the external Systemd-Nspawn driver [here][nspawn-driver]. For more detailed instructions on how to set up and use this driver, please refer to the [guide][nspawn-guide].
## Task Configuration
```hcl
task "debian" {
driver = "nspawn"
config {
image = "/var/lib/machines/Debian"
resolv_conf = "copy-host"
}
}
```
The `nspawn` driver supports the following configuration in the job spec:
2020-09-30 13:48:40 +00:00
- [`boot`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-b) -
2020-01-12 09:28:02 +00:00
(Optional) `true` (default) or `false`. Search for an init program and invoke
it as PID 1. Arguments specified in `command` will be used as arguments for
the init program.
2020-09-30 13:48:40 +00:00
- [`ephemeral`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-x) -
2020-01-12 09:28:02 +00:00
(Optional) `true` or `false` (default). Make an ephemeral copy of the image
before staring the container.
2020-09-30 13:48:40 +00:00
- [`process_two`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-a) -
2020-01-12 09:28:02 +00:00
(Optional) `true` or `false` (default). Start the command specified with
`command` as PID 2, using a minimal stub init as PID 1.
2020-09-30 13:48:40 +00:00
- [`read_only`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--read-only) -
2020-01-12 09:28:02 +00:00
(Optional) `true` or `false` (default). Mount the used image as read only.
2020-09-30 13:48:40 +00:00
- [`user_namespacing`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-U) -
2020-01-12 09:28:02 +00:00
(Optional) `true` (default) or `false`. Enable user namespacing features
inside the container.
2020-09-30 13:48:40 +00:00
- `command` - (Optional) A list of strings to pass as the used command to the
2020-01-12 09:28:02 +00:00
container.
```hcl
config {
command = [ "/bin/bash", "-c", "dhclient && nginx && tail -f /var/log/nginx/access.log" ]
}
```
2020-09-30 13:48:40 +00:00
- [`console`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--console=MODE) -
2020-01-12 09:28:02 +00:00
(Optional) Configures how to set up standard input, output and error output
for the container.
2020-09-30 13:48:40 +00:00
- `image` - The image to be used in the container. This can either be the path
2020-08-12 18:28:03 +00:00
to a
[directory](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-D),
the path to a file system
2020-01-12 09:28:02 +00:00
[image](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-i)
2020-08-12 18:28:03 +00:00
or block device or the name of an image registered with
[`systemd-machined`](https://www.freedesktop.org/software/systemd/man/systemd-machined.service.html).
A path can be specified as a relative path from the configured Nomad plugin
directory. **This option is mandatory**.
2020-09-30 13:48:40 +00:00
- `image_download` - (Optional) Download the used image according to the
2020-08-12 18:28:03 +00:00
settings defined in this block. Structure is documented below.
2020-09-30 13:48:40 +00:00
- [`pivot_root`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--pivot-root=) -
2020-01-12 09:28:02 +00:00
(Optional) Pivot the specified directory to the be containers root directory.
2020-09-30 13:48:40 +00:00
- [`resolv_conf`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--resolv-conf=) -
2020-01-12 09:28:02 +00:00
(Optional) Configure how `/etc/resolv.conf` is handled inside the container.
2020-09-30 13:48:40 +00:00
- [`user`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-u) -
2020-01-12 09:28:02 +00:00
(Optional) Change to the specified user in the containers user database.
2020-09-30 13:48:40 +00:00
- [`volatile`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--volatile) -
2020-01-12 09:28:02 +00:00
(Optional) Boot the container in volatile mode.
2020-09-30 13:48:40 +00:00
- [`working_directory`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--chdir=) -
2020-01-12 09:28:02 +00:00
(Optional) Set the working directory inside the container.
2020-09-30 13:48:40 +00:00
- [`bind`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--bind=) -
2020-01-12 09:28:02 +00:00
(Optional) Files or directories to bind mount inside the container.
```hcl
config {
bind {
"/var/lib/postgresql" = "/postgres"
}
}
```
2020-09-30 13:48:40 +00:00
- [`bind_read_only`](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--bind=) -
2020-01-12 09:28:02 +00:00
(Optional) Files or directories to bind mount read only inside the container.
```hcl
config {
bind_read_only {
"/etc/passwd" = "/etc/passwd"
}
}
```
2020-09-30 13:48:40 +00:00
- `environment` - (Optional) Environment variables to pass to the init process
2020-01-12 09:28:02 +00:00
in the container.
```hcl
config {
environment = {
FOO = "bar"
}
}
```
2020-09-30 13:48:40 +00:00
- `port_map` - (Optional) A key-value map of port labels. Works the same way as
2020-01-12 09:28:02 +00:00
in the [docker
driver][docker_driver].
**Note:** `systemd-nspawn` will not expose ports to the loopback interface of
your host.
```hcl
config {
port_map {
http = 80
}
}
```
2020-08-12 18:28:03 +00:00
The `image_download` block supports the following arguments:
2020-09-30 13:48:40 +00:00
- `url` - The URL of the image to download. The URL must be of type `http://` or
2020-08-12 18:28:03 +00:00
`https://`. **This option is mandatory**.
2020-09-30 13:48:40 +00:00
- [`verify`](https://www.freedesktop.org/software/systemd/man/machinectl.html#pull-tar%20URL%20%5BNAME%5D) -
2020-08-12 18:28:03 +00:00
(Optional) `no` (default), `signature` or `checksum`. Whether to verify the
image before making it available.
2020-09-30 13:48:40 +00:00
- `force` - (Optional) `true` or `false` (default) If a local copy already
2020-08-12 18:28:03 +00:00
exists, delete it first and replace it by the newly downloaded image.
2020-09-30 13:48:40 +00:00
- `type` - (Optional) `tar` (default) or `raw`. The type of image to download.
2020-01-12 09:28:02 +00:00
## Networking
2020-08-12 18:28:03 +00:00
The `nspawn` driver has support for host networking and also bridge mode
networking. It can therefore be used with Nomad's [Consul Connect
integration][consul_connect_integration].
2020-01-12 09:28:02 +00:00
## Client Requirements
The `nspawn` driver requires the following:
2020-09-30 13:48:40 +00:00
- 64-bit Linux host
- The `linux_amd64` Nomad binary
- The Nspawn driver binary placed in the [plugin_dir][plugin_dir] directory.
- `systemd-nspawn` to be installed
- Nomad running with root privileges
2020-01-12 09:28:02 +00:00
## Plugin Options
2020-09-30 13:48:40 +00:00
- `enabled` - The `nspawn` driver may be disabled on hosts by setting this option to `false` (defaults to `true`).
- `volumes` - Enable support for Volumes in the driver (defaults to `true`).
2020-01-12 09:28:02 +00:00
An example of using these plugin options with the new [plugin
syntax][plugin] is shown below:
```hcl
plugin "nspawn" {
config {
enabled = true
2020-08-12 18:28:03 +00:00
volumes = true
2020-01-12 09:28:02 +00:00
}
}
```
## Client Attributes
The `nspawn` driver will set the following client attributes:
2020-09-30 13:48:40 +00:00
- `driver.nspawn` - Set to `true` if Systemd-Nspawn is found and enabled on the
2020-01-12 09:28:02 +00:00
host node and Nomad is running with root privileges.
2020-09-30 13:48:40 +00:00
- `driver.nspawn.version` - Version of `systemd-nspawn` e.g.: `244`.
2020-01-12 09:28:02 +00:00
[nspawn-driver]: https://github.com/JanMa/nomad-driver-nspawn/releases
[nspawn-guide]: https://github.com/JanMa/nomad-driver-nspawn
[plugin]: /docs/configuration/plugin
[plugin_dir]: /docs/configuration#plugin_dir
[plugin-options]: #plugin-options
[client_options]: /docs/configuration/client#options
[docker_driver]: /docs/drivers/docker#using-the-port-map
2020-08-12 18:28:03 +00:00
[consul_connect_integration]: /docs/integrations/consul-connect