HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
Nomad
Nomad Home

You are viewing documentation for version v0.11.x. View latest version.

Nspawn Driver

Name: nspawn

The nspawn driver provides an interface for using Systemd-Nspawn for running application containers. You can download the external Systemd-Nspawn driver here. For more detailed instructions on how to set up and use this driver, please refer to the guide.

Task Configuration

task "debian" {
  driver = "nspawn"
  config {
    image = "/var/lib/machines/Debian"
    resolv_conf = "copy-host"
  }
}

The nspawn driver supports the following configuration in the job spec:

  • boot - (Optional) true (default) or false. Search for an init program and invoke it as PID 1. Arguments specified in command will be used as arguments for the init program.

  • ephemeral - (Optional) true or false (default). Make an ephemeral copy of the image before staring the container.

  • process_two - (Optional) true or false (default). Start the command specified with command as PID 2, using a minimal stub init as PID 1.

  • read_only - (Optional) true or false (default). Mount the used image as read only.

  • user_namespacing - (Optional) true (default) or false. Enable user namespacing features inside the container.

  • command - (Optional) A list of strings to pass as the used command to the container.

    config {
  command = [ "/bin/bash", "-c", "dhclient && nginx && tail -f /var/log/nginx/access.log" ]
}

  • console - (Optional) Configures how to set up standard input, output and error output for the container.

  • image - Path to the image to be used in the container. This can either be a directory or the path to a file system image or block device. Can be specified as a relative path from the configured Nomad plugin directory. This option is mandatory.

  • pivot_root - (Optional) Pivot the specified directory to the be containers root directory.

  • resolv_conf - (Optional) Configure how /etc/resolv.conf is handled inside the container.

  • user - (Optional) Change to the specified user in the containers user database.

  • volatile - (Optional) Boot the container in volatile mode.

  • working_directory - (Optional) Set the working directory inside the container.

  • bind - (Optional) Files or directories to bind mount inside the container.

    config {
  bind {
    "/var/lib/postgresql" = "/postgres"
  }
}

  • bind_read_only - (Optional) Files or directories to bind mount read only inside the container.

    config {
  bind_read_only {
    "/etc/passwd" = "/etc/passwd"
  }
}

  • environment - (Optional) Environment variables to pass to the init process in the container.

    config {
  environment = {
    FOO = "bar"
  }
}

  • port_map - (Optional) A key-value map of port labels. Works the same way as in the docker driver. Note: systemd-nspawn will not expose ports to the loopback interface of your host.

    config {
  port_map {
    http = 80
  }
}

Networking

Currently the nspawn driver only supports host networking.

Client Requirements

The nspawn driver requires the following:

  • 64-bit Linux host
  • The linux_amd64 Nomad binary
  • The Nspawn driver binary placed in the plugin_dir directory.
  • systemd-nspawn to be installed
  • Nomad running with root privileges

Plugin Options

  • enabled - The nspawn driver may be disabled on hosts by setting this option to false (defaults to true).

An example of using these plugin options with the new plugin syntax is shown below:

plugin "nspawn" {
  config {
    enabled = true
  }
}

Client Attributes

The nspawn driver will set the following client attributes:

  • driver.nspawn - Set to true if Systemd-Nspawn is found and enabled on the host node and Nomad is running with root privileges.
  • driver.nspawn.version - Version of systemd-nspawn e.g.: 244.