Deuxfleurs/nomad-driver-nix2
17
2
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Add bind and bind_read_only parameters, not tested yet

Browse source
This commit is contained in:
Alex 2022-11-28 12:45:27 +01:00
parent 77a2fb9190
commit cf4285e812
Signed by: lx
GPG key ID: 0E496D15096376BE
1 changed files with 40 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
exec2/driver.go
View file

@ -16,6 +16,7 @@ import (
"github.com/hashicorp/nomad/drivers/shared/eventer"
"github.com/hashicorp/nomad/drivers/shared/executor"
"github.com/hashicorp/nomad/drivers/shared/resolvconf"
"github.com/hashicorp/nomad/helper/pluginutils/hclutils"
"github.com/hashicorp/nomad/helper/pluginutils/loader"
"github.com/hashicorp/nomad/helper/pointer"
"github.com/hashicorp/nomad/plugins/base"
@ -76,12 +77,14 @@ var (
// taskConfigSpec is the hcl specification for the driver config section of
// a task within a job. It is returned in the TaskConfigSchema RPC
taskConfigSpec = hclspec.NewObject(map[string]*hclspec.Spec{
"command": hclspec.NewAttr("command", "string", true),
"args": hclspec.NewAttr("args", "list(string)", false),
"pid_mode": hclspec.NewAttr("pid_mode", "string", false),
"ipc_mode": hclspec.NewAttr("ipc_mode", "string", false),
"cap_add": hclspec.NewAttr("cap_add", "list(string)", false),
"cap_drop": hclspec.NewAttr("cap_drop", "list(string)", false),
"command": hclspec.NewAttr("command", "string", true),
"args": hclspec.NewAttr("args", "list(string)", false),
"bind": hclspec.NewAttr("bind", "list(map(string))", false),
"bind_read_only": hclspec.NewAttr("bind_read_only", "list(map(string))", false),
"pid_mode": hclspec.NewAttr("pid_mode", "string", false),
"ipc_mode": hclspec.NewAttr("ipc_mode", "string", false),
"cap_add": hclspec.NewAttr("cap_add", "list(string)", false),
"cap_drop": hclspec.NewAttr("cap_drop", "list(string)", false),
})
// driverCapabilities represents the RPC response for what features are
@ -179,6 +182,12 @@ type TaskConfig struct {
// Args are passed along to Command.
Args []string `codec:"args"`
// Paths to bind for read-write acess
Bind hclutils.MapStrStr `codec:"bind"`
// Paths to bind for read-only acess
BindReadOnly hclutils.MapStrStr `codec:"bind_read_only"`
// ModePID indicates whether PID namespace isolation is enabled for the task.
// Must be "private" or "host" if set.
ModePID string `codec:"pid_mode"`
@ -235,11 +244,11 @@ func NewPlugin(logger hclog.Logger) drivers.DriverPlugin {
ctx, cancel := context.WithCancel(context.Background())
logger = logger.Named(pluginName)
return &Driver{
eventer: eventer.NewEventer(ctx, logger),
tasks: newTaskStore(),
ctx: ctx,
eventer: eventer.NewEventer(ctx, logger),
tasks: newTaskStore(),
ctx: ctx,
signalShutdown: cancel,
logger: logger,
logger: logger,
}
}
@ -466,6 +475,27 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive
cfg.Mounts = append(cfg.Mounts, dnsMount)
}
if driverConfig.Bind != nil {
for k, v := range driverConfig.Bind {
cfg.Mounts = append(cfg.Mounts, &drivers.MountConfig{
TaskPath: v,
HostPath: k,
Readonly: false,
PropagationMode: "private",
})
}
}
if driverConfig.BindReadOnly != nil {
for k, v := range driverConfig.Bind {
cfg.Mounts = append(cfg.Mounts, &drivers.MountConfig{
TaskPath: v,
HostPath: k,
Readonly: true,
PropagationMode: "private",
})
}
}
caps, err := capabilities.Calculate(
capabilities.NomadDefaults(), d.config.AllowCaps, driverConfig.CapAdd, driverConfig.CapDrop,
)