Deuxfleurs/nomad-driver-nix2
17
2
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Add support for bind mount declared for all jobs

Browse source
This commit is contained in:
Alex 2022-11-28 18:30:33 +01:00
parent cbde799457
commit 14bd8f2010
Signed by: lx
GPG key ID: 0E496D15096376BE
3 changed files with 70 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
example/agent.hcl
View file

@ -3,5 +3,10 @@
client { client {
} }
plugin "exec2" { plugin "exec2-driver" {
config {
bind_read_only = {
"/etc" = "/etc",
}
}
} }

23
example/example.hcl
View file

@ -3,7 +3,24 @@ job "example" {
type = "batch" type = "batch"
group "example" { group "example" {
task "hello-world" { task "test-host-bin" {
driver = "exec2"
config {
command = "/bin/sh"
args = ["-c", "echo hello world"]
bind_read_only = {
"/bin" = "/bin",
"/lib" = "/lib",
"/lib64" = "/lib64",
"/usr" = "/usr",
"/nix" = "/nix",
}
}
user = "lx"
}
task "test-nix-hello" {
driver = "exec2" driver = "exec2"
config { config {
@ -18,21 +35,19 @@ job "example" {
"/nix" = "/nix", "/nix" = "/nix",
} }
bind_read_only = { bind_read_only = {
"/etc" = "/etc",
"/home/lx/.nix-profile" = "/sw", "/home/lx/.nix-profile" = "/sw",
} }
} }
user = "lx" user = "lx"
} }
task "test" { task "test-nix-store" {
driver = "exec2" driver = "exec2"
config { config {
command = "/nix/store/30j23057fqnnc1p4jqmq73p0gxgn0frq-bash-5.1-p16/bin/sh" command = "/nix/store/30j23057fqnnc1p4jqmq73p0gxgn0frq-bash-5.1-p16/bin/sh"
args = ["-c", "/nix/store/y41s1vcn0irn9ahn9wh62yx2cygs7qjj-coreutils-8.32/bin/ls /*; /nix/store/y41s1vcn0irn9ahn9wh62yx2cygs7qjj-coreutils-8.32/bin/id"] args = ["-c", "/nix/store/y41s1vcn0irn9ahn9wh62yx2cygs7qjj-coreutils-8.32/bin/ls /*; /nix/store/y41s1vcn0irn9ahn9wh62yx2cygs7qjj-coreutils-8.32/bin/id"]
bind_read_only = { bind_read_only = {
"/etc" = "/etc",
"/nix" = "/nix", "/nix" = "/nix",
} }
} }

47
exec2/driver.go
View file

@ -71,6 +71,15 @@ var (
hclspec.NewAttr("allow_caps", "list(string)", false), hclspec.NewAttr("allow_caps", "list(string)", false),
hclspec.NewLiteral(capabilities.HCLSpecLiteral), hclspec.NewLiteral(capabilities.HCLSpecLiteral),
), ),
// Default host directories to bind in tasks
"bind": hclspec.NewDefault(
hclspec.NewAttr("bind", "list(map(string))", false),
hclspec.NewLiteral("{}"),
),
"bind_read_only": hclspec.NewDefault(
hclspec.NewAttr("bind_read_only", "list(map(string))", false),
hclspec.NewLiteral("{}"),
),
}) })
// taskConfigSpec is the hcl specification for the driver config section of // taskConfigSpec is the hcl specification for the driver config section of
@ -147,6 +156,12 @@ type Config struct {
// AllowCaps configures which Linux Capabilities are enabled for tasks // AllowCaps configures which Linux Capabilities are enabled for tasks
// running on this node. // running on this node.
AllowCaps []string `codec:"allow_caps"` AllowCaps []string `codec:"allow_caps"`
// Paths to bind for read-write acess in all jobs
Bind hclutils.MapStrStr `codec:"bind"`
// Paths to bind for read-only acess in all jobs
BindReadOnly hclutils.MapStrStr `codec:"bind_read_only"`
} }
func (c *Config) validate() error { func (c *Config) validate() error {
@ -288,6 +303,7 @@ func (d *Driver) SetConfig(cfg *base.Config) error {
if err := config.validate(); err != nil { if err := config.validate(); err != nil {
return err return err
} }
d.logger.Info("Got config", "driver_config", hclog.Fmt("%+v", config))
d.config = config d.config = config
return nil return nil
@ -445,6 +461,33 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive
cfg.Mounts = append(cfg.Mounts, dnsMount) cfg.Mounts = append(cfg.Mounts, dnsMount)
} }
// Bind mounts specified in driver config
if d.config.Bind != nil {
for host, task := range d.config.Bind {
mount_config := drivers.MountConfig{
TaskPath: task,
HostPath: host,
Readonly: false,
PropagationMode: "private",
}
d.logger.Info("adding RW mount from driver config", "mount_config", hclog.Fmt("%+v", mount_config))
cfg.Mounts = append(cfg.Mounts, &mount_config)
}
}
if d.config.BindReadOnly != nil {
for host, task := range d.config.BindReadOnly {
mount_config := drivers.MountConfig{
TaskPath: task,
HostPath: host,
Readonly: true,
PropagationMode: "private",
}
d.logger.Info("adding RO mount from driver config", "mount_config", hclog.Fmt("%+v", mount_config))
cfg.Mounts = append(cfg.Mounts, &mount_config)
}
}
// Bind mounts specified in task config
if driverConfig.Bind != nil { if driverConfig.Bind != nil {
for host, task := range driverConfig.Bind { for host, task := range driverConfig.Bind {
mount_config := drivers.MountConfig{ mount_config := drivers.MountConfig{
@ -453,7 +496,7 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive
Readonly: false, Readonly: false,
PropagationMode: "private", PropagationMode: "private",
} }
d.logger.Info("got mount (RW)", "mount_config", hclog.Fmt("%+v", mount_config)) d.logger.Info("adding RW mount from task spec", "mount_config", hclog.Fmt("%+v", mount_config))
cfg.Mounts = append(cfg.Mounts, &mount_config) cfg.Mounts = append(cfg.Mounts, &mount_config)
} }
} }
@ -465,7 +508,7 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive
Readonly: true, Readonly: true,
PropagationMode: "private", PropagationMode: "private",
} }
d.logger.Info("got mount (RO)", "mount_config", hclog.Fmt("%+v", mount_config)) d.logger.Info("adding RO mount from task spec", "mount_config", hclog.Fmt("%+v", mount_config))
cfg.Mounts = append(cfg.Mounts, &mount_config) cfg.Mounts = append(cfg.Mounts, &mount_config)
} }
} }