My changes to the plugin allow for the use of Nomad's raw_exec driver, as well as the ability to switch the user with both the Java and raw_exec drivers (whereas this is currently only possible with the Docker driver). Combined, these changes satisfy a use case that I believe is reasonable and important.
I would like to use Hashicorp Packer to build Docker images, and Hashicorp Nomad to allocate these Packer builds - with Jenkins orchestrating all of this via the Nomad plugin.
But the plugin makes this difficult, for two main reasons: users and chroot jails.
Firstly, whatever user the Nomad agent runs as needs to be in the Docker group. But the default Java driver user is nobody, and adding the nobody user to the Docker group is undesirable. Further, the plugin doesn't currently let me switch to, say, the jenkins user when using the Java driver.
Secondly, the Java driver places the agent in a chroot jail. But I want to use the system /var/run/docker.sock, not a copied or hardlinked one - and even if the latter sufficed, the socket doesn't get copied into the chroot jail even when I add its path to the chroot_env section in the Nomad config file (which is a known issue). So the Nomad agent using the Java driver fails to run Docker via Packer:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
NOTE: I have set it up such that if you select both the Docker and raw_exec drivers, the raw_exec driver is used (but the logic can easily be reversed here). Really, though, such configuration is asking for undefined behaviour.
My changes to the plugin allow for the use of Nomad's raw_exec driver, as well as the ability to switch the user with both the Java and raw_exec drivers (whereas this is currently only possible with the Docker driver). Combined, these changes satisfy a use case that I believe is reasonable and important.
I would like to use Hashicorp Packer to build Docker images, and Hashicorp Nomad to allocate these Packer builds - with Jenkins orchestrating all of this via the Nomad plugin.
But the plugin makes this difficult, for two main reasons: users and chroot jails.
Firstly, whatever user the Nomad agent runs as needs to be in the Docker group. But the default Java driver user is
nobody, and adding thenobodyuser to the Docker group is undesirable. Further, the plugin doesn't currently let me switch to, say, thejenkinsuser when using the Java driver.Secondly, the Java driver places the agent in a chroot jail. But I want to use the system
/var/run/docker.sock, not a copied or hardlinked one - and even if the latter sufficed, the socket doesn't get copied into the chroot jail even when I add its path to thechroot_envsection in the Nomad config file (which is a known issue). So the Nomad agent using the Java driver fails to run Docker via Packer:NOTE: I have set it up such that if you select both the Docker and raw_exec drivers, the raw_exec driver is used (but the logic can easily be reversed
here). Really, though, such configuration is asking for undefined behaviour.