Find a file
Danielle Lancashire 4fbcc668d0
volumes: Add support for mount propagation
This commit introduces support for configuring mount propagation when
mounting volumes with the `volume_mount` stanza on Linux targets.

Similar to Kubernetes, we expose 3 options for configuring mount
propagation:

- private, which is equivalent to `rprivate` on Linux, which does not allow the
           container to see any new nested mounts after the chroot was created.

- host-to-task, which is equivalent to `rslave` on Linux, which allows new mounts
                that have been created _outside of the container_ to be visible
                inside the container after the chroot is created.

- bidirectional, which is equivalent to `rshared` on Linux, which allows both
                 the container to see new mounts created on the host, but
                 importantly _allows the container to create mounts that are
                 visible in other containers an don the host_

private and host-to-task are safe, but bidirectional mounts can be
dangerous, as if the code inside a container creates a mount, and does
not clean it up before tearing down the container, it can cause bad
things to happen inside the kernel.

To add a layer of safety here, we require that the user has ReadWrite
permissions on the volume before allowing bidirectional mounts, as a
defense in depth / validation case, although creating mounts should also require
a priviliged execution environment inside the container.
2019-10-14 14:09:58 +02:00
.circleci Use golang to 1.12.10 2019-09-26 10:46:07 -04:00
.github stalebot: Add 'thinking' as an exempt label (#5684) 2019-05-10 11:00:35 -04:00
.netlify Remove most Netlify configuration (#6194) 2019-08-22 15:54:23 -05:00
acl acls: Break mount acl into mount-rw and mount-ro 2019-08-21 21:17:30 +02:00
api volumes: Add support for mount propagation 2019-10-14 14:09:58 +02:00
client simplify logic to check for vault read event 2019-09-30 11:02:14 -07:00
command volumes: Add support for mount propagation 2019-10-14 14:09:58 +02:00
contributing checklist NodeDeregisterBatchRequestType must go at the end 2019-07-10 13:56:20 -04:00
demo Update GNUmakefile 2019-09-17 22:05:53 +01:00
dev chore: Format hcl configurations 2019-07-20 16:55:07 +02:00
devices/gpu/nvidia Update devices/gpu/nvidia/README.md 2019-01-23 17:44:24 -08:00
dist chore: Format hcl configurations 2019-07-20 16:55:07 +02:00
drivers volumes: Add support for mount propagation 2019-10-14 14:09:58 +02:00
e2e Merge pull request #6373 from hashicorp/b-raft-proto-upgrade 2019-09-26 14:33:09 -04:00
helper test: add NOMAD_TEST_LOG_LEVEL env var to tune log levels 2019-08-30 13:25:36 -04:00
integrations spelling: registrations 2018-03-11 18:40:53 +00:00
internal/testing/apitests Merge pull request #5664 from hashicorp/f-http-hcl-region 2019-06-13 12:25:01 -07:00
jobspec volumes: Add support for mount propagation 2019-10-14 14:09:58 +02:00
lib circbufwritter: add defer to stop ticker in flush loop 2019-01-28 14:33:20 -05:00
nomad volumes: Add support for mount propagation 2019-10-14 14:09:58 +02:00
plugins volumes: Add support for mount propagation 2019-10-14 14:09:58 +02:00
scheduler config: Hoist volume.config.source into volume 2019-09-13 04:37:59 +02:00
scripts Use golang to 1.12.10 2019-09-26 10:46:07 -04:00
terraform Upgrade Nomad terraform directory for TF 0.12+ (#6424) 2019-10-07 12:43:42 -04:00
testutil tests: attempt to fix TestAutopilot_CleanupStaleRaftServer 2019-09-04 08:49:33 -04:00
ui UI: Change Mirage data to be stable in development (#6389) 2019-10-03 09:13:08 -05:00
vendor Fix hashicorp/go-msgpack import 2019-09-27 09:08:30 -04:00
version remove generated code 2019-09-06 19:24:15 +00:00
website docs: Add missing double-quote (#6418) 2019-10-02 19:58:10 -05:00
.gitattributes Remove invalid gitattributes 2018-02-14 14:47:43 -08:00
.gitignore Allow per-user local customizations of makefile 2019-08-13 10:12:57 -04:00
appveyor.yml Use golang to 1.12.10 2019-09-26 10:46:07 -04:00
build_linux_arm.go Fix 32bit arm build 2017-02-09 11:22:17 -08:00
CHANGELOG.md remove redundant changelog entries 2019-09-26 15:47:45 -04:00
GNUmakefile ignore nested pkgs in GOTEST_PKGS_EXCLUDE 2019-09-03 11:04:27 -04:00
LICENSE Initial commit 2015-06-01 12:21:00 +02:00
main.go fix comment typo 2019-09-18 09:11:08 -04:00
main_test.go Adding initial skeleton 2015-06-01 13:46:21 +02:00
README.md Use golang to 1.12.10 2019-09-26 10:46:07 -04:00
Vagrantfile dev: expose Consul port 8500 in linux-ui Vagrantfile (#6292) 2019-09-11 14:53:30 -04:00

Nomad Build Status Join the chat at https://gitter.im/hashicorp-nomad/Lobby

Overview

Nomad is an easy-to-use, flexible, and performant workload orchestrator that deploys:

Nomad enables developers to use declarative infrastructure-as-code for deploying their applications (jobs). Nomad uses bin packing to efficiently schedule jobs and optimize for resource utilization. Nomad is supported on macOS, Windows, and Linux.

Nomad is widely adopted and used in production by PagerDuty, Target, Citadel, Trivago, SAP, Pandora, Roblox, eBay, Deluxe Entertainment, and more.

  • Deploy Containers and Legacy Applications: Nomads flexibility as an orchestrator enables an organization to run containers, legacy, and batch applications together on the same infrastructure. Nomad brings core orchestration benefits to legacy applications without needing to containerize via pluggable task drivers.

  • Simple & Reliable: Nomad runs as a single 75MB binary and is entirely self contained - combining resource management and scheduling into a single system. Nomad does not require any external services for storage or coordination. Nomad automatically handles application, node, and driver failures. Nomad is distributed and resilient, using leader election and state replication to provide high availability in the event of failures.

  • Device Plugins & GPU Support: Nomad offers built-in support for GPU workloads such as machine learning (ML) and artificial intelligence (AI). Nomad uses device plugins to automatically detect and utilize resources from hardware devices such as GPU, FPGAs, and TPUs.

  • Federation for Multi-Region, Multi-Cloud: Nomad was designed to support infrastructure at a global scale. Nomad supports federation out-of-the-box and can deploy jobs across multiple regions and clouds.

  • Proven Scalability: Nomad is optimistically concurrent, which increases throughput and reduces latency for workloads. Nomad has been proven to scale to clusters of 10K+ nodes in real-world production environments.

  • HashiCorp Ecosystem: Nomad integrates seamlessly with Terraform, Consul, Vault for provisioning, service discovery, and secrets management.

Getting Started

Get started with Nomad quickly in a sandbox environment on the public cloud or on your computer.

These methods are not meant for production.

Documentation & Guides

Documentation is available on the Nomad website here.

Resources

Who Uses Nomad

...and more!

Contributing to Nomad

If you wish to contribute to Nomad, you will need Go installed on your machine (version 1.12.10+ is required).

See the contributing directory for more developer documentation.

Developing with Vagrant There is an included Vagrantfile that can help bootstrap the process. The created virtual machine is based off of Ubuntu 16, and installs several of the base libraries that can be used by Nomad.

To use this virtual machine, checkout Nomad and run vagrant up from the root of the repository:

$ git clone https://github.com/hashicorp/nomad.git
$ cd nomad
$ vagrant up

The virtual machine will launch, and a provisioning script will install the needed dependencies.

Developing locally For local dev first make sure Go is properly installed, including setting up a GOPATH. After setting up Go, clone this repository into $GOPATH/src/github.com/hashicorp/nomad. Then you can download the required build tools such as vet, cover, godep etc by bootstrapping your environment.

$ make bootstrap
...

Nomad creates many file handles for communicating with tasks, log handlers, etc. In some development environments, particularly macOS, the default number of file descriptors is too small to run Nomad's test suite. You should set ulimit -n 1024 or higher in your shell. This setting is scoped to your current shell and doesn't affect other running shells or future shells.

Afterwards type make test. This will run the tests. If this exits with exit status 0, then everything is working!

$ make test
...

To compile a development version of Nomad, run make dev. This will put the Nomad binary in the bin and $GOPATH/bin folders:

$ make dev

Optionally run Consul to enable service discovery and health checks:

$ sudo consul agent -dev

And finally start the nomad agent:

$ sudo bin/nomad agent -dev

If the Nomad UI is desired in the development version, run make dev-ui. This will build the UI from source and compile it into the dev binary.

$ make dev-ui
...
$ bin/nomad
...

To compile protobuf files, installing protoc is required: See
https://github.com/google/protobuf for more information.

Note: Building the Nomad UI from source requires Node, Yarn, and Ember CLI. These tools are already in the Vagrant VM. Read the UI README for more info.

To cross-compile Nomad, run make prerelease and make release. This will generate all the static assets, compile Nomad for multiple platforms and place the resulting binaries into the ./pkg directory:

$ make prerelease
$ make release
...
$ ls ./pkg
...