erocha-gxg
commented
4 years ago In our case, we would like to have multiple applications/services scheduled on a nomad cluster. These applications/services deal with sensitive information in the form of files, MQ messages, object stores, etc. Since we have to be HIPAA compliant and other certifications compliant, we have implemented some security via Unix IDs/Users to allow "RW/RO/Deny" access to files (in shared file systems) and other data processes.
Note that our jobs are python microservices. They do not run on a docker container, they run are as a daemon on a set of Unix VM hosts, which makes nomad perfect for our job/task management of these applications/services across a cluster of Unix VM hosts.
We are currently working on a pilot to migrate these apps from an in-house process management tool to Nomad. One of our big challenges is to keep security as it has been set up, especially on shared filesystems, which means we need the ability to run tasks under a defined user.
Please let me know if you have any questions or suggestions.
Efrain
shantanugadgil
Nomad version
Output from
nomad versionNomad v0.9.0-beta3 (2f55f78b21a5e55ab122f2c1e1ed1ec21fde9566)Operating system and Environment details
CentOS 7.6 + updates
Issue
Based on https://www.nomadproject.io/docs/job-specification/task.html I see that only the "user" (
setuid/seteuid) can be specified.For the sake of completeness (and a need of many apps) I would like to request the "group" to be configurable as well (
setgid/setegid)Reproduction steps
N/A: this is a feature request