open-nomad/website/content/docs/drivers/external/lxc.mdx

195 lines
6.6 KiB
Plaintext

---
layout: docs
page_title: 'Drivers: LXC'
description: The LXC task driver is used to run application containers using LXC.
---
# LXC Driver
Name: `lxc`
The `lxc` driver provides an interface for using LXC for running application
containers. You can download the external LXC driver [here][lxc-driver]. For more detailed instructions on how to set up and use this driver, please refer to the [LXC guide][lxc-guide].
~> **Note:** The LXC client set up has changed in Nomad 0.9. You must use the new [plugin syntax][plugin] and install the external LXC driver in the [plugin_dir][plugin_dir] prior to upgrading. See [plugin options][plugin-options] below for an example. Note the job specification remains the same.
## Task Configuration
```hcl
task "busybox" {
driver = "lxc"
config {
log_level = "trace"
verbosity = "verbose"
template = "/usr/share/lxc/templates/lxc-busybox"
template_args = []
# these optional values can be set in the template
distro = ""
release = ""
arch = ""
image_variant = "default"
image_server = "images.linuxcontainers.org"
gpg_key_id = ""
gpg_key_server = ""
disable_gpg = false
flush_cache = false
force_cache = false
}
}
```
The `lxc` driver supports the following configuration in the job spec:
- `template` - The LXC template to run.
```hcl
config {
template = "/usr/share/lxc/templates/lxc-alpine"
}
```
- `template_args` - A list of argument strings to pass into the template.
- `log_level` - (Optional) LXC library's logging level. Defaults to `error`.
Must be one of `trace`, `debug`, `info`, `warn`, or `error`.
```hcl
config {
log_level = "debug"
}
```
- `verbosity` - (Optional) Enables extra verbosity in the LXC library's
logging. Defaults to `quiet`. Must be one of `quiet` or `verbose`.
```hcl
config {
verbosity = "quiet"
}
```
- `volumes` - (Optional) A list of `host_path:container_path` strings to
bind-mount host paths to container paths. Mounting host paths outside of the
[allocation working directory] is allowed by default. You can prevent
mounting host paths outside of the [allocation working directory] on
individual clients by setting the [`volumes_enabled`](#volumes_enabled)
option to `false` in the client's configuration
~> **Note:** Unlike the similar option for the docker driver, this
option must not have an absolute path as the `container_path`
component. This will cause an error when submitting a job.
Setting this does not affect the standard bind-mounts of `alloc`,
`local`, and `secrets`, which are always created.
```hcl
config {
volumes = [
# Use absolute paths to mount arbitrary paths on the host
"/path/on/host:path/in/container",
# Use relative paths to rebind paths already in the allocation dir
"relative/to/task:also/in/container"
]
}
```
- `release` - (Optional) The name/version of the distribution. By default this is set by the template.
- `arch` - (Optional) The architecture of the container. By default this is set by the template.
- `image_server` - (Optional) The hostname of the image server. Defaults to `images.linuxcontainers.org`.
- `image_variant` - (Optional) The variant of the image. Defaults to `default` or as set by the template.
- `disable_gpg` - (Optional) Disable GPG validation of images. Defaults to `false`, and enabling this flag is not recommended.
- `flush_cache` - (Optional) Flush the local copy of the image (if present) and force it to be fetched from the image server. Defaults to `false`.
- `force_cache` - (Optional) Force the use of the local copy even if expired. Defaults to `false`.
- `gpg_key_server`: GPG key server used for checking image signatures. Default is set by the underlying LXC library.
- `gpg_key_id`: GPG key ID used for checking image signatures. Default is set by the underlying LXC library.
## Networking
Currently the `lxc` driver only supports host networking. See the `none`
networking type in the `lxc.container.conf` [manual][lxc_man] for more
information.
## Client Requirements
The `lxc` driver requires the following:
- 64-bit Linux host
- The `linux_amd64` Nomad binary
- The LXC driver binary placed in the [plugin_dir][plugin_dir] directory.
- `liblxc` to be installed
- `lxc-templates` to be installed
## Plugin Options
- `enabled` - The `lxc` driver may be disabled on hosts by setting this option to `false` (defaults to `true`).
- `volumes_enabled`<a id="volumes_enabled"></a> - Specifies whether host can bind-mount host paths to container paths (defaults to `true`).
- `lxc_path` - The location in which all containers are stored (commonly defaults to `/var/lib/lxc`). See [`lxc-create`][lxc-create] for more details.
- `gc` stanza:
- `container` - Defaults to `true`. This option can be used to disable Nomad
from removing a container when the task exits. Under a name conflict,
Nomad may still remove the dead container.
An example of using these plugin options with the new [plugin
syntax][plugin] is shown below:
```hcl
plugin "nomad-driver-lxc" {
config {
enabled = true
volumes_enabled = true
lxc_path = "/var/lib/lxc"
gc {
container = false
}
}
}
```
Please note the plugin name should match whatever name you have specified for the external driver in the [plugin_dir][plugin_dir] directory.
## Client Configuration
-> Only use this section for pre-0.9 releases of Nomad. If you are using Nomad
0.9 or above, please see [plugin options][plugin-options]
The `lxc` driver has the following [client-level options][client_options]:
- `lxc.enable` - The `lxc` driver may be disabled on hosts by setting this
option to `false` (defaults to `true`).
## Client Attributes
The `lxc` driver will set the following client attributes:
- `driver.lxc` - Set to `1` if LXC is found and enabled on the host node.
- `driver.lxc.version` - Version of `lxc` e.g.: `1.1.0`.
## Resource Isolation
This driver supports CPU and memory isolation via the `lxc` library. Network
isolation is not supported as of now.
[lxc-create]: https://linuxcontainers.org/lxc/manpages/man1/lxc-create.1.html
[lxc-driver]: https://releases.hashicorp.com/nomad-driver-lxc
[lxc-guide]: https://learn.hashicorp.com/tutorials/nomad/plugin-lxc
[lxc_man]: https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html#lbAM
[plugin]: /docs/configuration/plugin
[plugin_dir]: /docs/configuration#plugin_dir
[plugin-options]: #plugin-options
[client_options]: /docs/configuration/client#options
[allocation working directory]: /docs/runtime/environment#task-directories 'Task Directories'