4caac1a92f
* Add `bridge_network_hairpin_mode` client config setting * Add node attribute: `nomad.bridge.hairpin_mode` * Changed format string to use `%q` to escape user provided data * Add test to validate template JSON for developer safety Co-authored-by: Daniel Bennett <dbennett@hashicorp.com>
661 lines
25 KiB
Plaintext
661 lines
25 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: client Block - Agent Configuration
|
|
description: |-
|
|
The "client" block configures the Nomad agent to accept jobs as assigned by
|
|
the Nomad server, join the cluster, and specify driver-specific configuration.
|
|
---
|
|
|
|
# `client` Block
|
|
|
|
<Placement groups={['client']} />
|
|
|
|
The `client` block configures the Nomad agent to accept jobs as assigned by
|
|
the Nomad server, join the cluster, and specify driver-specific configuration.
|
|
|
|
```hcl
|
|
client {
|
|
enabled = true
|
|
servers = ["1.2.3.4:4647", "5.6.7.8:4647"]
|
|
}
|
|
```
|
|
|
|
## `client` Parameters
|
|
|
|
- `alloc_dir` `(string: "[data_dir]/alloc")` - Specifies the directory to use
|
|
for allocation data. By default, this is the top-level
|
|
[data_dir](/nomad/docs/configuration#data_dir) suffixed with
|
|
"alloc", like `"/opt/nomad/alloc"`. This must be an absolute path.
|
|
|
|
- `chroot_env` <code>([ChrootEnv](#chroot_env-parameters): nil)</code> -
|
|
Specifies a key-value mapping that defines the chroot environment for jobs
|
|
using the Exec and Java drivers.
|
|
|
|
- `enabled` `(bool: false)` - Specifies if client mode is enabled. All other
|
|
client configuration options depend on this value.
|
|
|
|
- `max_kill_timeout` `(string: "30s")` - Specifies the maximum amount of time a
|
|
job is allowed to wait to exit. Individual jobs may customize their own kill
|
|
timeout, but it may not exceed this value.
|
|
|
|
- `disable_remote_exec` `(bool: false)` - Specifies if the client should disable
|
|
remote task execution to tasks running on this client.
|
|
|
|
- `meta` `(map[string]string: nil)` - Specifies a key-value map that annotates
|
|
with user-defined metadata.
|
|
|
|
- `network_interface` `(string: varied)` - Specifies the name of the interface
|
|
to force network fingerprinting on. When run in dev mode, this defaults to the
|
|
loopback interface. When not in dev mode, the interface attached to the
|
|
default route is used. The scheduler chooses from these fingerprinted IP
|
|
addresses when allocating ports for tasks. This value support [go-sockaddr/template
|
|
format][go-sockaddr/template].
|
|
|
|
If no non-local IP addresses are found, Nomad could fingerprint link-local IPv6
|
|
addresses depending on the client's
|
|
[`"fingerprint.network.disallow_link_local"`](#fingerprint-network-disallow_link_local)
|
|
configuration value.
|
|
|
|
- `cpu_total_compute` `(int: 0)` - Specifies an override for the total CPU
|
|
compute. This value should be set to `# Cores * Core MHz`. For example, a
|
|
quad-core running at 2 GHz would have a total compute of 8000 (4 \* 2000). Most
|
|
clients can determine their total CPU compute automatically, and thus in most
|
|
cases this should be left unset.
|
|
|
|
- `memory_total_mb` `(int:0)` - Specifies an override for the total memory. If set,
|
|
this value overrides any detected memory.
|
|
|
|
- `disk_total_mb` `(int:0)` - Specifies an override for the total disk space
|
|
fingerprint attribute. This value is not used by the scheduler unless you have
|
|
constraints set on the attribute `unique.storage.bytestotal`. The actual total
|
|
disk space can be determined via the [Read Stats API](https://github.com/api-docs/client#read-stats)
|
|
|
|
- `disk_free_mb` `(int:0)` - Specifies the disk space free for scheduling
|
|
allocations. If set, this value overrides any detected free disk space. This
|
|
value can be seen in `nomad node status` under Allocated Resources.
|
|
|
|
- `min_dynamic_port` `(int:20000)` - Specifies the minimum dynamic port to be
|
|
assigned. Individual ports and ranges of ports may be excluded from dynamic
|
|
port assignment via [`reserved`](#reserved-parameters) parameters.
|
|
|
|
- `max_dynamic_port` `(int:32000)` - Specifies the maximum dynamic port to be
|
|
assigned. Individual ports and ranges of ports may be excluded from dynamic
|
|
port assignment via [`reserved`](#reserved-parameters) parameters.
|
|
|
|
- `node_class` `(string: "")` - Specifies an arbitrary string used to logically
|
|
group client nodes by user-defined class. This can be used during job
|
|
placement as a filter.
|
|
|
|
- `options` <code>([Options](#options-parameters): nil)</code> - Specifies a
|
|
key-value mapping of internal configuration for clients, such as for driver
|
|
configuration.
|
|
|
|
- `reserved` <code>([Reserved](#reserved-parameters): nil)</code> - Specifies
|
|
that Nomad should reserve a portion of the node's resources from receiving
|
|
tasks. This can be used to target a certain capacity usage for the node. For
|
|
example, a value equal to 20% of the node's CPU could be reserved to target
|
|
a CPU utilization of 80%.
|
|
|
|
- `servers` `(array<string>: [])` - Specifies an array of addresses to the Nomad
|
|
servers this client should join. This list is used to register the client with
|
|
the server nodes and advertise the available resources so that the agent can
|
|
receive work. This may be specified as an IP address or DNS, with or without
|
|
the port. If the port is omitted, the default port of `4647` is used.
|
|
|
|
- `server_join` <code>([server_join][server-join]: nil)</code> - Specifies
|
|
how the Nomad client will connect to Nomad servers. The `start_join` field
|
|
is not supported on the client. The retry_join fields may directly specify
|
|
the server address or use go-discover syntax for auto-discovery. See the
|
|
documentation for more detail.
|
|
|
|
- `state_dir` `(string: "[data_dir]/client")` - Specifies the directory to use
|
|
to store client state. By default, this is - the top-level
|
|
[data_dir](/nomad/docs/configuration#data_dir) suffixed with
|
|
"client", like `"/opt/nomad/client"`. This must be an absolute path.
|
|
|
|
- `gc_interval` `(string: "1m")` - Specifies the interval at which Nomad
|
|
attempts to garbage collect terminal allocation directories.
|
|
|
|
- `gc_disk_usage_threshold` `(float: 80)` - Specifies the disk usage percent which
|
|
Nomad tries to maintain by garbage collecting terminal allocations.
|
|
|
|
- `gc_inode_usage_threshold` `(float: 70)` - Specifies the inode usage percent
|
|
which Nomad tries to maintain by garbage collecting terminal allocations.
|
|
|
|
- `gc_max_allocs` `(int: 50)` - Specifies the maximum number of allocations
|
|
which a client will track before triggering a garbage collection of terminal
|
|
allocations. This will _not_ limit the number of allocations a node can run at
|
|
a time, however after `gc_max_allocs` every new allocation will cause terminal
|
|
allocations to be GC'd.
|
|
|
|
- `gc_parallel_destroys` `(int: 2)` - Specifies the maximum number of
|
|
parallel destroys allowed by the garbage collector. This value should be
|
|
relatively low to avoid high resource usage during garbage collections.
|
|
|
|
- `no_host_uuid` `(bool: true)` - By default a random node UUID will be
|
|
generated, but setting this to `false` will use the system's UUID. Before
|
|
Nomad 0.6 the default was to use the system UUID.
|
|
|
|
- `cni_path` `(string: "/opt/cni/bin")` - Sets the search path that is used for
|
|
CNI plugin discovery. Multiple paths can be searched using colon delimited
|
|
paths
|
|
|
|
- `cni_config_dir` `(string: "/opt/cni/config")` - Sets the directory where CNI
|
|
network configuration is located. The client will use this path when fingerprinting
|
|
CNI networks. Filenames should use the `.conflist` extension. Filenames with
|
|
the `.conf` or `.json` extensions are loaded as individual plugin
|
|
configuration.
|
|
|
|
- `bridge_network_name` `(string: "nomad")` - Sets the name of the bridge to be
|
|
created by Nomad for allocations running with bridge networking mode on the
|
|
client.
|
|
|
|
- `bridge_network_subnet` `(string: "172.26.64.0/20")` - Specifies the subnet
|
|
which the client will use to allocate IP addresses from.
|
|
|
|
- `bridge_network_hairpin_mode` `(bool: false)` - Specifies if hairpin mode
|
|
is enabled on the network bridge created by Nomad for allocations running
|
|
with bridge networking mode on this client. You may use the corresponding
|
|
node attribute `nomad.bridge.hairpin_mode` in constraints.
|
|
|
|
- `artifact` <code>([Artifact](#artifact-parameters): varied)</code> -
|
|
Specifies controls on the behavior of task
|
|
[`artifact`](/nomad/docs/job-specification/artifact) blocks.
|
|
|
|
- `template` <code>([Template](#template-parameters): nil)</code> - Specifies
|
|
controls on the behavior of task
|
|
[`template`](/nomad/docs/job-specification/template) blocks.
|
|
|
|
- `host_volume` <code>([host_volume](#host_volume-block): nil)</code> - Exposes
|
|
paths from the host as volumes that can be mounted into jobs.
|
|
|
|
- `host_network` <code>([host_network](#host_network-block): nil)</code> - Registers
|
|
additional host networks with the node that can be selected when port mapping.
|
|
|
|
- `cgroup_parent` `(string: "/nomad")` - Specifies the cgroup parent for which cgroup
|
|
subsystems managed by Nomad will be mounted under. Currently this only applies to the
|
|
`cpuset` subsystems. This field is ignored on non Linux platforms.
|
|
|
|
### `chroot_env` Parameters
|
|
|
|
Drivers based on [isolated fork/exec](/nomad/docs/drivers/exec) implement file
|
|
system isolation using chroot on Linux. The `chroot_env` map allows the chroot
|
|
environment to be configured using source paths on the host operating system.
|
|
The mapping format is:
|
|
|
|
```text
|
|
source_path -> dest_path
|
|
```
|
|
|
|
The following example specifies a chroot which contains just enough to run the
|
|
`ls` utility:
|
|
|
|
```hcl
|
|
client {
|
|
chroot_env {
|
|
"/bin/ls" = "/bin/ls"
|
|
"/etc/ld.so.cache" = "/etc/ld.so.cache"
|
|
"/etc/ld.so.conf" = "/etc/ld.so.conf"
|
|
"/etc/ld.so.conf.d" = "/etc/ld.so.conf.d"
|
|
"/etc/passwd" = "/etc/passwd"
|
|
"/lib" = "/lib"
|
|
"/lib64" = "/lib64"
|
|
}
|
|
}
|
|
```
|
|
|
|
When `chroot_env` is unspecified, the `exec` driver will use a default chroot
|
|
environment with the most commonly used parts of the operating system. Please
|
|
see the [Nomad `exec` driver documentation](/nomad/docs/drivers/exec#chroot) for
|
|
the full list.
|
|
|
|
As of Nomad 1.2, Nomad will never attempt to embed the `alloc_dir` in the
|
|
chroot as doing so would cause infinite recursion.
|
|
|
|
### `options` Parameters
|
|
|
|
~> Note: In Nomad 0.9 client configuration options for drivers were deprecated.
|
|
See the [plugin block][plugin-block] documentation for more information.
|
|
|
|
The following is not an exhaustive list of options for only the Nomad
|
|
client. To find the options supported by each individual Nomad driver, please
|
|
see the [drivers documentation](/nomad/docs/drivers).
|
|
|
|
- `"driver.allowlist"` `(string: "")` - Specifies a comma-separated list of
|
|
allowlisted drivers . If specified, drivers not in the allowlist will be
|
|
disabled. If the allowlist is empty, all drivers are fingerprinted and enabled
|
|
where applicable.
|
|
|
|
```hcl
|
|
client {
|
|
options = {
|
|
"driver.allowlist" = "docker,qemu"
|
|
}
|
|
}
|
|
```
|
|
|
|
- `"driver.denylist"` `(string: "")` - Specifies a comma-separated list of
|
|
denylisted drivers . If specified, drivers in the denylist will be
|
|
disabled.
|
|
|
|
```hcl
|
|
client {
|
|
options = {
|
|
"driver.denylist" = "docker,qemu"
|
|
}
|
|
}
|
|
```
|
|
|
|
- `"env.denylist"` `(string: see below)` - Specifies a comma-separated list of
|
|
environment variable keys not to pass to these tasks. Nomad passes the host
|
|
environment variables to `exec`, `raw_exec` and `java` tasks. If specified,
|
|
the defaults are overridden. If a value is provided, **all** defaults are
|
|
overridden (they are not merged).
|
|
|
|
```hcl
|
|
client {
|
|
options = {
|
|
"env.denylist" = "MY_CUSTOM_ENVVAR"
|
|
}
|
|
}
|
|
```
|
|
|
|
The default list is:
|
|
|
|
```text
|
|
CONSUL_TOKEN
|
|
CONSUL_HTTP_TOKEN
|
|
VAULT_TOKEN
|
|
NOMAD_LICENSE
|
|
AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY
|
|
AWS_SESSION_TOKEN
|
|
GOOGLE_APPLICATION_CREDENTIALS
|
|
```
|
|
|
|
- `"user.denylist"` `(string: see below)` - Specifies a comma-separated
|
|
denylist of usernames for which a task is not allowed to run. This only
|
|
applies if the driver is included in `"user.checked_drivers"`. If a value is
|
|
provided, **all** defaults are overridden (they are not merged).
|
|
|
|
```hcl
|
|
client {
|
|
options = {
|
|
"user.denylist" = "root,ubuntu"
|
|
}
|
|
}
|
|
```
|
|
|
|
The default list is:
|
|
|
|
```text
|
|
root
|
|
Administrator
|
|
```
|
|
|
|
- `"user.checked_drivers"` `(string: see below)` - Specifies a comma-separated
|
|
list of drivers for which to enforce the `"user.denylist"`. For drivers using
|
|
containers, this enforcement is usually unnecessary. If a value is provided,
|
|
**all** defaults are overridden (they are not merged).
|
|
|
|
```hcl
|
|
client {
|
|
options = {
|
|
"user.checked_drivers" = "exec,raw_exec"
|
|
}
|
|
}
|
|
```
|
|
|
|
The default list is:
|
|
|
|
```text
|
|
exec
|
|
qemu
|
|
java
|
|
```
|
|
|
|
- `"fingerprint.allowlist"` `(string: "")` - Specifies a comma-separated list of
|
|
allowlisted fingerprinters. If specified, any fingerprinters not in the
|
|
allowlist will be disabled. If the allowlist is empty, all fingerprinters are
|
|
used.
|
|
|
|
```hcl
|
|
client {
|
|
options = {
|
|
"fingerprint.allowlist" = "network"
|
|
}
|
|
}
|
|
```
|
|
|
|
- `"fingerprint.denylist"` `(string: "")` - Specifies a comma-separated list of
|
|
denylisted fingerprinters. If specified, any fingerprinters in the denylist
|
|
will be disabled.
|
|
|
|
```hcl
|
|
client {
|
|
options = {
|
|
"fingerprint.denylist" = "network"
|
|
}
|
|
}
|
|
```
|
|
|
|
- `"fingerprint.network.disallow_link_local"` `(string: "false")` - Specifies
|
|
whether the network fingerprinter should ignore link-local addresses in the
|
|
case that no globally routable address is found. The fingerprinter will always
|
|
prefer globally routable addresses.
|
|
|
|
```hcl
|
|
client {
|
|
options = {
|
|
"fingerprint.network.disallow_link_local" = "true"
|
|
}
|
|
}
|
|
```
|
|
|
|
### `reserved` Parameters
|
|
|
|
- `cpu` `(int: 0)` - Specifies the amount of CPU to reserve, in MHz.
|
|
|
|
- `cores` `(int: 0)` - Specifies the number of CPU cores to reserve.
|
|
|
|
- `memory` `(int: 0)` - Specifies the amount of memory to reserve, in MB.
|
|
|
|
- `disk` `(int: 0)` - Specifies the amount of disk to reserve, in MB.
|
|
|
|
- `reserved_ports` `(string: "")` - Specifies a comma-separated list of ports
|
|
to reserve on all fingerprinted network devices. Ranges can be specified by
|
|
using a hyphen separating the two inclusive ends. See also
|
|
[`host_network`](#host_network-block) for reserving ports on specific host
|
|
networks.
|
|
|
|
|
|
### `artifact` Parameters
|
|
|
|
- `http_read_timeout` `(string: "30m")` - Specifies the maximum duration in
|
|
which an HTTP download request must complete before it is canceled. Set to
|
|
`0` to not enforce a limit.
|
|
|
|
- `http_max_size` `(string: "100GB")` - Specifies the maximum size allowed for
|
|
artifacts downloaded via HTTP. Set to `0` to not enforce a limit.
|
|
|
|
- `gcs_timeout` `(string: "30m")` - Specifies the maximum duration in which a
|
|
Google Cloud Storate operation must complete before it is canceled. Set to
|
|
`0` to not enforce a limit.
|
|
|
|
- `git_timeout` `(string: "30m")` - Specifies the maximum duration in which a
|
|
Git operation must complete before it is canceled. Set to `0` to not enforce
|
|
a limit.
|
|
|
|
- `hg_timeout` `(string: "30m")` - Specifies the maximum duration in which a
|
|
Mercurial operation must complete before it is canceled. Set to `0` to not
|
|
enforce a limit.
|
|
|
|
- `s3_timeout` `(string: "30m")` - Specifies the maximum duration in which an
|
|
S3 operation must complete before it is canceled. Set to `0` to not enforce a
|
|
limit.
|
|
|
|
- `disable_filesystem_isolation` `(bool: false)` - Specifies whether filesystem
|
|
isolation should be disabled for artifact downloads. Applies only to systems
|
|
where filesystem isolation via [landlock] is possible (Linux kernel 5.13+).
|
|
|
|
- `set_environment_variables` `(string:"")` - Specifies a comma separated list
|
|
of environment variables that should be inherited by the artifact sandbox from
|
|
the Nomad client's environment. By default a minimal environment is set including
|
|
a `PATH` appropriate for the operating system.
|
|
|
|
### `template` Parameters
|
|
|
|
- `function_denylist` `([]string: ["plugin", "writeToFile"])` - Specifies a
|
|
list of template rendering functions that should be disallowed in job specs.
|
|
By default the `plugin` and `writeToFile` functions are disallowed as they
|
|
allow unrestricted root access to the host.
|
|
|
|
- `disable_file_sandbox` `(bool: false)` - Allows templates access to arbitrary
|
|
files on the client host via the `file` function. By default, templates can
|
|
access files only within the [task working directory].
|
|
|
|
- `max_stale` `(string: "87600h")` - This is the maximum interval to allow "stale"
|
|
data. If `max_stale` is set to `0`, only the Consul leader will respond to queries, and
|
|
requests that reach a follower will forward to the leader. In large clusters with
|
|
many requests, this is not as scalable. This option allows any follower to respond
|
|
to a query, so long as the last-replicated data is within this bound. Higher values
|
|
result in less cluster load, but are more likely to have outdated data. This default
|
|
of 10 years (`87600h`) matches the default Consul configuration.
|
|
|
|
- `wait` `(map: { min = "5s" max = "4m" })` - Defines the minimum and maximum amount
|
|
of time to wait before attempting to re-render a template. Consul Template re-renders
|
|
templates whenever rendered variables from Consul, Nomad, or Vault change. However in
|
|
order to minimize how often tasks are restarted or reloaded, Nomad will configure Consul
|
|
Template with a backoff timer that will tick on an interval equal to the specified `min`
|
|
value. Consul Template will always wait at least the as long as the `min` value specified.
|
|
If the underlying data has not changed between two tick intervals, Consul Template will
|
|
re-render. If the underlying data has changed, Consul Template will delay re-rendering
|
|
until the underlying data stabilizes for at least one tick interval, or the configured
|
|
`max` duration has elapsed. Once the `max` duration has elapsed, Consul Template will
|
|
re-render the template with the data available at the time. This is useful to enable in
|
|
systems where Consul is in a degraded state, or the referenced data values are changing
|
|
rapidly, because it will reduce the number of times a template is rendered. This
|
|
configuration is also exposed in the _task template block_ to allow overrides per task.
|
|
|
|
```hcl
|
|
wait {
|
|
min = "5s"
|
|
max = "4m"
|
|
}
|
|
```
|
|
|
|
- `wait_bounds` `(map: nil)` - Defines client level lower and upper bounds for
|
|
per-template `wait` configuration. If the individual template configuration has
|
|
a `min` lower than `wait_bounds.min` or a `max` greater than the `wait_bounds.max`,
|
|
the bounds will be enforced, and the template `wait` will be adjusted before being
|
|
sent to `consul-template`.
|
|
|
|
```hcl
|
|
wait_bounds {
|
|
min = "5s"
|
|
max = "10s"
|
|
}
|
|
```
|
|
|
|
- `block_query_wait` `(string: "5m")` - This is amount of time in seconds to wait
|
|
for the results of a blocking query. Many endpoints in Consul support a feature known as
|
|
"blocking queries". A blocking query is used to wait for a potential change
|
|
using long polling.
|
|
|
|
- `consul_retry` `(map: { attempts = 0 backoff = "250ms" max_backoff = "1m" })`-
|
|
This controls the retry behavior when an error is returned from Consul. The template
|
|
runner will not exit in the face of failure. Instead, it uses exponential back-off
|
|
and retry functions to wait for the Consul cluster to become available, as is
|
|
customary in distributed systems.
|
|
|
|
```hcl
|
|
consul_retry {
|
|
# This specifies the number of attempts to make before giving up. Each
|
|
# attempt adds the exponential backoff sleep time. Setting this to
|
|
# zero will implement an unlimited number of retries.
|
|
attempts = 0
|
|
# This is the base amount of time to sleep between retry attempts. Each
|
|
# retry sleeps for an exponent of 2 longer than this base. For 5 retries,
|
|
# the sleep times would be: 250ms, 500ms, 1s, 2s, then 4s.
|
|
backoff = "250ms"
|
|
# This is the maximum amount of time to sleep between retry attempts.
|
|
# When max_backoff is set to zero, there is no upper limit to the
|
|
# exponential sleep between retry attempts.
|
|
# If max_backoff is set to 10s and backoff is set to 1s, sleep times
|
|
# would be: 1s, 2s, 4s, 8s, 10s, 10s, ...
|
|
max_backoff = "1m"
|
|
}
|
|
```
|
|
|
|
- `vault_retry` `(map: { attempts = 0 backoff = "250ms" max_backoff = "1m" })` -
|
|
This controls the retry behavior when an error is returned from Vault. Consul
|
|
Template is highly fault tolerant, meaning it does not exit in the face of failure.
|
|
Instead, it uses exponential back-off and retry functions to wait for the cluster
|
|
to become available, as is customary in distributed systems.
|
|
|
|
```hcl
|
|
vault_retry {
|
|
# This specifies the number of attempts to make before giving up. Each
|
|
# attempt adds the exponential backoff sleep time. Setting this to
|
|
# zero will implement an unlimited number of retries.
|
|
attempts = 0
|
|
# This is the base amount of time to sleep between retry attempts. Each
|
|
# retry sleeps for an exponent of 2 longer than this base. For 5 retries,
|
|
# the sleep times would be: 250ms, 500ms, 1s, 2s, then 4s.
|
|
backoff = "250ms"
|
|
# This is the maximum amount of time to sleep between retry attempts.
|
|
# When max_backoff is set to zero, there is no upper limit to the
|
|
# exponential sleep between retry attempts.
|
|
# If max_backoff is set to 10s and backoff is set to 1s, sleep times
|
|
# would be: 1s, 2s, 4s, 8s, 10s, 10s, ...
|
|
max_backoff = "1m"
|
|
}
|
|
```
|
|
|
|
- `nomad_retry` `(map: { attempts = 0 backoff = "250ms" max_backoff = "1m" })` -
|
|
This controls the retry behavior when an error is returned from Nomad. Consul
|
|
Template is highly fault tolerant, meaning it does not exit in the face of failure.
|
|
Instead, it uses exponential back-off and retry functions to wait for the cluster
|
|
to become available, as is customary in distributed systems.
|
|
|
|
```hcl
|
|
nomad_retry {
|
|
# This specifies the number of attempts to make before giving up. Each
|
|
# attempt adds the exponential backoff sleep time. Setting this to
|
|
# zero will implement an unlimited number of retries.
|
|
attempts = 0
|
|
# This is the base amount of time to sleep between retry attempts. Each
|
|
# retry sleeps for an exponent of 2 longer than this base. For 5 retries,
|
|
# the sleep times would be: 250ms, 500ms, 1s, 2s, then 4s.
|
|
backoff = "250ms"
|
|
# This is the maximum amount of time to sleep between retry attempts.
|
|
# When max_backoff is set to zero, there is no upper limit to the
|
|
# exponential sleep between retry attempts.
|
|
# If max_backoff is set to 10s and backoff is set to 1s, sleep times
|
|
# would be: 1s, 2s, 4s, 8s, 10s, 10s, ...
|
|
max_backoff = "1m"
|
|
}
|
|
```
|
|
|
|
### `host_volume` Block
|
|
|
|
The `host_volume` block is used to make volumes available to jobs.
|
|
|
|
The key of the block corresponds to the name of the volume for use in the
|
|
`source` parameter of a `"host"` type [`volume`](/nomad/docs/job-specification/volume)
|
|
and ACLs.
|
|
|
|
```hcl
|
|
client {
|
|
host_volume "ca-certificates" {
|
|
path = "/etc/ssl/certs"
|
|
read_only = true
|
|
}
|
|
}
|
|
```
|
|
|
|
#### `host_volume` Parameters
|
|
|
|
- `path` `(string: "", required)` - Specifies the path on the host that should
|
|
be used as the source when this volume is mounted into a task. The path must
|
|
exist on client startup.
|
|
|
|
- `read_only` `(bool: false)` - Specifies whether the volume should only ever be
|
|
allowed to be mounted `read_only`, or if it should be writeable.
|
|
|
|
### `host_network` Block
|
|
|
|
The `host_network` block is used to register additional host networks with
|
|
the node that can be used when port mapping.
|
|
|
|
The key of the block corresponds to the name of the network used in the
|
|
[`host_network`](/nomad/docs/job-specification/network#host-networks).
|
|
|
|
```hcl
|
|
client {
|
|
host_network "public" {
|
|
cidr = "203.0.113.0/24"
|
|
reserved_ports = "22,80"
|
|
}
|
|
}
|
|
```
|
|
|
|
#### `host_network` Parameters
|
|
|
|
- `cidr` `(string: "")` - Specifies a cidr block of addresses to match against.
|
|
If an address is found on the node that is contained by this cidr block, the
|
|
host network will be registered with it.
|
|
|
|
- `interface` `(string: "")` - Filters searching of addresses to a specific interface.
|
|
|
|
- `reserved_ports` `(string: "")` - Specifies a comma-separated list of ports to
|
|
reserve on all addresses associated with this network. Ranges can be specified by using
|
|
a hyphen separating the two inclusive ends.
|
|
[`reserved.reserved_ports`](#reserved_ports) are also reserved on each host
|
|
network.
|
|
|
|
## `client` Examples
|
|
|
|
### Common Setup
|
|
|
|
This example shows the most basic configuration for a Nomad client joined to a
|
|
cluster.
|
|
|
|
```hcl
|
|
client {
|
|
enabled = true
|
|
server_join {
|
|
retry_join = [ "1.1.1.1", "2.2.2.2" ]
|
|
retry_max = 3
|
|
retry_interval = "15s"
|
|
}
|
|
}
|
|
```
|
|
|
|
### Reserved Resources
|
|
|
|
This example shows a sample configuration for reserving resources to the client.
|
|
This is useful if you want to allocate only a portion of the client's resources
|
|
to jobs.
|
|
|
|
```hcl
|
|
client {
|
|
enabled = true
|
|
|
|
reserved {
|
|
cpu = 500
|
|
memory = 512
|
|
disk = 1024
|
|
reserved_ports = "22,80,8500-8600"
|
|
}
|
|
}
|
|
```
|
|
|
|
### Custom Metadata, Network Speed, and Node Class
|
|
|
|
This example shows a client configuration which customizes the metadata, network
|
|
speed, and node class. The scheduler can use this information while processing
|
|
[constraints][metadata_constraint]. The metadata is completely user configurable;
|
|
the values below are for illustrative purposes only.
|
|
|
|
```hcl
|
|
client {
|
|
enabled = true
|
|
node_class = "prod"
|
|
|
|
meta {
|
|
owner = "ops"
|
|
cached_binaries = "redis,apache,nginx,jq,cypress,nodejs"
|
|
rack = "rack-12-1"
|
|
}
|
|
}
|
|
```
|
|
|
|
[plugin-options]: #plugin-options
|
|
[plugin-block]: /nomad/docs/configuration/plugin
|
|
[server-join]: /nomad/docs/configuration/server_join 'Server Join'
|
|
[metadata_constraint]: /nomad/docs/job-specification/constraint#user-specified-metadata 'Nomad User-Specified Metadata Constraint Example'
|
|
[task working directory]: /nomad/docs/runtime/environment#task-directories 'Task directories'
|
|
[go-sockaddr/template]: https://godoc.org/github.com/hashicorp/go-sockaddr/template
|
|
[landlock]: https://docs.kernel.org/userspace-api/landlock.html
|