Closed jonasdemoor closed 1 year ago
I amended my commit and added some tests
can you explain what kind of jobs you run with nomad? I am wondering if it makes sense for the next major release to switch to a nonroot default user.
can you explain what kind of jobs you run with nomad? I am wondering if it makes sense for the next major release to switch to a nonroot default user.
At this moment nothing yet, we're still in the experimental/setup phase :) When reading Nomad's documentation [1], I think client/worker nodes need to be run as root, while the server/scheduler nodes can be run as another user.
[1] https://developer.hashicorp.com/nomad/docs/install/production/requirements#user-permissions
It works quite well , if using for example Docker and adding the nomad user to the docker group. It fails for sure, if you use things like Consul "connect", as it requies iptables etc. pp.
Pull Request (PR) description
This PR adds two parameters to the base class,
$user
and$group
, so one can specify which user and group should be used to run Nomad. This would allow one to run the Nomad server with a seperate user, as per upstream's recommendation: https://developer.hashicorp.com/nomad/docs/install/production/requirements#user-permissionsI used
root
as default for both parameters to not break people's existing workflows.This Pull Request (PR) fixes the following issues
Fixes #66