open-nomad/website/source/docs/configuration/client.html.md

388 lines
13 KiB
Markdown
Raw Normal View History

---
layout: "docs"
page_title: "client Stanza - Agent Configuration"
2018-06-22 20:47:33 +00:00
sidebar_current: "docs-configuration-client"
description: |-
The "client" stanza configures the Nomad agent to accept jobs as assigned by
the Nomad server, join the cluster, and specify driver-specific configuration.
---
# `client` Stanza
<table class="table table-bordered table-striped">
<tr>
<th width="120">Placement</th>
<td>
<code>**client**</code>
</td>
</tr>
</table>
The `client` stanza configures the Nomad agent to accept jobs as assigned by
the Nomad server, join the cluster, and specify driver-specific configuration.
```hcl
client {
enabled = true
servers = ["1.2.3.4:4647", "5.6.7.8:4647"]
}
```
add plugin content (docs) (#5186) * call out pluggable drivers in task drivers section and link/add info to plugin stanza * fix hyphenation * removing page and nav that tells users drivers are not pluggable * show new syntax for configuring raw_exec plugin on client * enabled option value for raw_exec is boolean * add plugin options section and mark client options as soon to be deprecated * fix typos * add plugin options for rkt task drivers and place deprecation warning in client options * add some plugin options with plugin configuration example + mark client options as soon to be deprecated * modify deprecation warning * replace colon with - for options * add docker plugin options * update links within docker task driver to point to plugin options * fix typo and clarify config options for lxc task driver * replace raw_exec plugin syntax example with docker example * create external section * restructure lxc docs and add backward incompatibility warning * update lxc driver doc * add redirect for lxc driver doc * call out plugin options and mark client config options for drivers as deprecated * add placeholder for lxc driver binary download * update data_dir/plugins reference with plugin_dir reference * Update website/source/docs/external/lxc.html.md Co-Authored-By: Omar-Khawaja <Omar-Khawaja@users.noreply.github.com> * corrections * remove lxc from built-in drivers navigation * reorganize doc structure and fix redirect * add detail about 0.9 changes * implement suggestions/fixes * removed extraneous punctuation * add official lxc driver link
2019-01-29 20:53:05 +00:00
## Plugin Options
Nomad 0.9 now supports pluggable drivers. Operators should use the new
[plugin][plugin-stanza] syntax to modify driver configuration. To find the
plugin options supported by each individual Nomad driver, please see the
[drivers documentation](/docs/drivers/index.html). The pre-0.9 `client.options`
stanza will be supported in 0.9 for backward compatibility (except for the `lxc`
driver) but will be removed in a future release.
## `client` Parameters
- `alloc_dir` `(string: "[data_dir]/alloc")` - Specifies the directory to use
2016-11-02 23:26:10 +00:00
for allocation data. By default, this is the top-level
2018-06-22 20:47:33 +00:00
[data_dir](/docs/configuration/index.html#data_dir) suffixed with
2018-08-30 21:20:32 +00:00
"alloc", like `"/opt/nomad/alloc"`. This must be an absolute path.
2016-11-02 23:26:10 +00:00
- `chroot_env` <code>([ChrootEnv](#chroot_env-parameters): nil)</code> -
Specifies a key-value mapping that defines the chroot environment for jobs
using the Exec and Java drivers.
- `enabled` `(bool: false)` - Specifies if client mode is enabled. All other
client configuration options depend on this value.
- `max_kill_timeout` `(string: "30s")` - Specifies the maximum amount of time a
job is allowed to wait to exit. Individual jobs may customize their own kill
timeout, but it may not exceed this value.
- `disable_remote_exec` `(bool: false)` - Specifies if the client should disable
remote task execution to tasks running on this client.
2016-12-08 18:35:40 +00:00
- `meta` `(map[string]string: nil)` - Specifies a key-value map that annotates
with user-defined metadata.
- `network_interface` `(string: varied)` - Specifies the name of the interface
2017-11-15 20:49:22 +00:00
to force network fingerprinting on. When run in dev mode, this defaults to the
loopback interface. When not in dev mode, the interface attached to the
default route is used. All IP addresses except those scoped local for IPV6 on
the chosen interface are fingerprinted. The scheduler chooses from those IP
addresses when allocating ports for tasks.
- `network_speed` `(int: 0)` - Specifies an override for the network link speed.
This value, if set, overrides any detected or defaulted link speed. Most
clients can determine their speed automatically, and thus in most cases this
should be left unset.
- `cpu_total_compute` `(int: 0)` - Specifies an override for the total CPU
2017-03-14 21:15:49 +00:00
compute. This value should be set to `# Cores * Core MHz`. For example, a
quad-core running at 2 GHz would have a total compute of 8000 (4 * 2000). Most
clients can determine their total CPU compute automatically, and thus in most
2017-03-14 21:15:49 +00:00
cases this should be left unset.
2018-03-28 15:15:33 +00:00
- `memory_total_mb` `(int:0)` - Specifies an override for the total memory. If set,
this value overrides any detected memory.
- `node_class` `(string: "")` - Specifies an arbitrary string used to logically
group client nodes by user-defined class. This can be used during job
placement as a filter.
- `options` <code>([Options](#options-parameters): nil)</code> - Specifies a
key-value mapping of internal configuration for clients, such as for driver
configuration.
- `reserved` <code>([Reserved](#reserved-parameters): nil)</code> - Specifies
that Nomad should reserve a portion of the node's resources from receiving
tasks. This can be used to target a certain capacity usage for the node. For
example, 20% of the node's CPU could be reserved to target a CPU utilization
of 80%.
- `servers` `(array<string>: [])` - Specifies an array of addresses to the Nomad
servers this client should join. This list is used to register the client with
the server nodes and advertise the available resources so that the agent can
receive work. This may be specified as an IP address or DNS, with or without
the port. If the port is omitted, the default port of `4647` is used.
2018-05-31 17:49:19 +00:00
- `server_join` <code>([server_join][server-join]: nil)</code> - Specifies
how the Nomad client will connect to Nomad servers. The `start_join` field
is not supported on the client. The retry_join fields may directly specify
the server address or use go-discover syntax for auto-discovery. See the
documentation for more detail.
2018-05-21 17:17:35 +00:00
- `state_dir` `(string: "[data_dir]/client")` - Specifies the directory to use
to store client state. By default, this is - the top-level
2018-06-22 20:47:33 +00:00
[data_dir](/docs/configuration/index.html#data_dir) suffixed with
"client", like `"/opt/nomad/client"`. This must be an absolute path.
2017-02-01 00:30:50 +00:00
- `gc_interval` `(string: "1m")` - Specifies the interval at which Nomad
attempts to garbage collect terminal allocation directories.
2017-02-01 00:30:50 +00:00
- `gc_disk_usage_threshold` `(float: 80)` - Specifies the disk usage percent which
Nomad tries to maintain by garbage collecting terminal allocations.
- `gc_inode_usage_threshold` `(float: 70)` - Specifies the inode usage percent
which Nomad tries to maintain by garbage collecting terminal allocations.
- `gc_max_allocs` `(int: 50)` - Specifies the maximum number of allocations
which a client will track before triggering a garbage collection of terminal
allocations. This will *not* limit the number of allocations a node can run at
a time, however after `gc_max_allocs` every new allocation will cause terminal
allocations to be GC'd.
- `gc_parallel_destroys` `(int: 2)` - Specifies the maximum number of
parallel destroys allowed by the garbage collector. This value should be
relatively low to avoid high resource usage during garbage collections.
- `no_host_uuid` `(bool: true)` - By default a random node UUID will be
generated, but setting this to `false` will use the system's UUID. Before
Nomad 0.6 the default was to use the system UUID.
- `cni_path` `(string: "/opt/cni/bin")` - Sets the search path that is used for
CNI plugin discovery. Multiple paths can be searched using colon delimited
paths
- `bridge_network name` `(string: "nomad")` - Sets the name of the bridge to be
created by nomad for allocations running with bridge networking mode on the
client.
- `bridge_network_subnet` `(string: "172.26.66.0/23")` - Specifies the subnet
which the client will use to allocate IP addresses from.
2017-02-27 21:42:37 +00:00
### `chroot_env` Parameters
Drivers based on [isolated fork/exec](/docs/drivers/exec.html) implement file
system isolation using chroot on Linux. The `chroot_env` map allows the chroot
environment to be configured using source paths on the host operating system.
The mapping format is:
```text
source_path -> dest_path
```
The following example specifies a chroot which contains just enough to run the
`ls` utility:
```hcl
client {
chroot_env {
"/bin/ls" = "/bin/ls"
"/etc/ld.so.cache" = "/etc/ld.so.cache"
"/etc/ld.so.conf" = "/etc/ld.so.conf"
"/etc/ld.so.conf.d" = "/etc/ld.so.conf.d"
"/lib" = "/lib"
"/lib64" = "/lib64"
}
}
```
When `chroot_env` is unspecified, the `exec` driver will use a default chroot
environment with the most commonly used parts of the operating system. Please
see the [Nomad `exec` driver documentation](/docs/drivers/exec.html#chroot) for
the full list.
### `options` Parameters
add plugin content (docs) (#5186) * call out pluggable drivers in task drivers section and link/add info to plugin stanza * fix hyphenation * removing page and nav that tells users drivers are not pluggable * show new syntax for configuring raw_exec plugin on client * enabled option value for raw_exec is boolean * add plugin options section and mark client options as soon to be deprecated * fix typos * add plugin options for rkt task drivers and place deprecation warning in client options * add some plugin options with plugin configuration example + mark client options as soon to be deprecated * modify deprecation warning * replace colon with - for options * add docker plugin options * update links within docker task driver to point to plugin options * fix typo and clarify config options for lxc task driver * replace raw_exec plugin syntax example with docker example * create external section * restructure lxc docs and add backward incompatibility warning * update lxc driver doc * add redirect for lxc driver doc * call out plugin options and mark client config options for drivers as deprecated * add placeholder for lxc driver binary download * update data_dir/plugins reference with plugin_dir reference * Update website/source/docs/external/lxc.html.md Co-Authored-By: Omar-Khawaja <Omar-Khawaja@users.noreply.github.com> * corrections * remove lxc from built-in drivers navigation * reorganize doc structure and fix redirect * add detail about 0.9 changes * implement suggestions/fixes * removed extraneous punctuation * add official lxc driver link
2019-01-29 20:53:05 +00:00
~> Note: client configuration options for drivers will soon be deprecated. See
the [plugin stanza][plugin-stanza] documentation for more information.
2016-11-02 23:26:10 +00:00
The following is not an exhaustive list of options for only the Nomad
client. To find the options supported by each individual Nomad driver, please
see the [drivers documentation](/docs/drivers/index.html).
- `"driver.whitelist"` `(string: "")` - Specifies a comma-separated list of
whitelisted drivers . If specified, drivers not in the whitelist will be
disabled. If the whitelist is empty, all drivers are fingerprinted and enabled
where applicable.
```hcl
client {
options = {
"driver.whitelist" = "docker,qemu"
}
}
```
2016-11-08 17:30:07 +00:00
- `"driver.blacklist"` `(string: "")` - Specifies a comma-separated list of
blacklisted drivers . If specified, drivers in the blacklist will be
2016-11-09 10:50:16 +00:00
disabled.
2016-11-08 17:30:07 +00:00
```hcl
client {
options = {
"driver.blacklist" = "docker,qemu"
}
}
```
- `"env.blacklist"` `(string: see below)` - Specifies a comma-separated list of
environment variable keys not to pass to these tasks. Nomad passes the host
environment variables to `exec`, `raw_exec` and `java` tasks. If specified,
the defaults are overridden. If a value is provided, **all** defaults are
overridden (they are not merged).
```hcl
client {
options = {
"env.blacklist" = "MY_CUSTOM_ENVVAR"
}
}
```
The default list is:
```text
CONSUL_TOKEN
VAULT_TOKEN
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN
GOOGLE_APPLICATION_CREDENTIALS
```
- `"user.blacklist"` `(string: see below)` - Specifies a comma-separated
blacklist of usernames for which a task is not allowed to run. This only
applies if the driver is included in `"user.checked_drivers"`. If a value is
provided, **all** defaults are overridden (they are not merged).
```hcl
client {
options = {
"user.blacklist" = "root,ubuntu"
}
}
```
The default list is:
```text
root
Administrator
```
- `"user.checked_drivers"` `(string: see below)` - Specifies a comma-separated
list of drivers for which to enforce the `"user.blacklist"`. For drivers using
containers, this enforcement is usually unnecessary. If a value is provided,
**all** defaults are overridden (they are not merged).
```hcl
client {
options = {
"user.checked_drivers" = "exec,raw_exec"
}
}
```
The default list is:
```text
exec
qemu
java
```
- `"fingerprint.whitelist"` `(string: "")` - Specifies a comma-separated list of
whitelisted fingerprinters. If specified, any fingerprinters not in the
whitelist will be disabled. If the whitelist is empty, all fingerprinters are
used.
```hcl
client {
options = {
"fingerprint.whitelist" = "network"
}
}
```
2016-11-08 17:29:44 +00:00
- `"fingerprint.blacklist"` `(string: "")` - Specifies a comma-separated list of
blacklisted fingerprinters. If specified, any fingerprinters in the blacklist
2016-11-09 10:50:16 +00:00
will be disabled.
2016-11-08 17:29:44 +00:00
```hcl
client {
options = {
"fingerprint.blacklist" = "network"
}
}
```
- `"fingerprint.network.disallow_link_local"` `(string: "false")` - Specifies
whether the network fingerprinter should ignore link-local addresses in the
case that no globally routable address is found. The fingerprinter will always
prefer globally routable addresses.
```hcl
client {
options = {
"fingerprint.network.disallow_link_local" = "true"
}
}
```
### `reserved` Parameters
- `cpu` `(int: 0)` - Specifies the amount of CPU to reserve, in MHz.
- `memory` `(int: 0)` - Specifies the amount of memory to reserve, in MB.
- `disk` `(int: 0)` - Specifies the amount of disk to reserve, in MB.
- `reserved_ports` `(string: "")` - Specifies a comma-separated list of ports to
reserve on all fingerprinted network devices. Ranges can be specified by using
a hyphen separated the two inclusive ends.
## `client` Examples
### Common Setup
This example shows the most basic configuration for a Nomad client joined to a
cluster.
```hcl
client {
enabled = true
2018-05-25 20:04:32 +00:00
server_join {
retry_join = [ "1.1.1.1", "2.2.2.2" ]
retry_max = 3
retry_interval = "15s"
}
}
```
### Reserved Resources
This example shows a sample configuration for reserving resources to the client.
This is useful if you want to allocate only a portion of the client's resources
to jobs.
```hcl
client {
enabled = true
reserved {
cpu = 500
memory = 512
disk = 1024
reserved_ports = "22,80,8500-8600"
}
}
```
### Custom Metadata, Network Speed, and Node Class
This example shows a client configuration which customizes the metadata, network
speed, and node class.
```hcl
client {
enabled = true
network_speed = 500
node_class = "prod"
meta {
"owner" = "ops"
}
}
```
add plugin content (docs) (#5186) * call out pluggable drivers in task drivers section and link/add info to plugin stanza * fix hyphenation * removing page and nav that tells users drivers are not pluggable * show new syntax for configuring raw_exec plugin on client * enabled option value for raw_exec is boolean * add plugin options section and mark client options as soon to be deprecated * fix typos * add plugin options for rkt task drivers and place deprecation warning in client options * add some plugin options with plugin configuration example + mark client options as soon to be deprecated * modify deprecation warning * replace colon with - for options * add docker plugin options * update links within docker task driver to point to plugin options * fix typo and clarify config options for lxc task driver * replace raw_exec plugin syntax example with docker example * create external section * restructure lxc docs and add backward incompatibility warning * update lxc driver doc * add redirect for lxc driver doc * call out plugin options and mark client config options for drivers as deprecated * add placeholder for lxc driver binary download * update data_dir/plugins reference with plugin_dir reference * Update website/source/docs/external/lxc.html.md Co-Authored-By: Omar-Khawaja <Omar-Khawaja@users.noreply.github.com> * corrections * remove lxc from built-in drivers navigation * reorganize doc structure and fix redirect * add detail about 0.9 changes * implement suggestions/fixes * removed extraneous punctuation * add official lxc driver link
2019-01-29 20:53:05 +00:00
[plugin-options]: #plugin-options
[plugin-stanza]: /docs/configuration/plugin.html
2018-06-22 20:47:33 +00:00
[server-join]: /docs/configuration/server_join.html "Server Join"