/jail-task-driver

nomad task driver that uses FreeBSD jails

Primary LanguageGoBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

FreeBSD Jail Task Driver

Task driver for FreeBSD jails.

Requirements

Installation

Install(and compile) the jail-task-driver binary and put it in plugin_dir and then add a plugin "jail-task-driver" {} line in your nomad config file.

go get github.com/cneira/jail-task-driver
cp $GOPATH/bin/jail-task-driver YOURPLUGINDIR

Then in your nomad config file, set

plugin "jail-task-driver" {}

In developer/test mode(nomad agent -dev) , plugin_dir is unset it seems, so you will need to mkdir plugins and then copy the jail-task-driver binary to plugins and add a plugins_dir = "path/to/plugins" to the above config file. then you can run it like:

nomad agent -dev -config nomad.config

For more details see the nomad docs.

Parameters

Parameters used by the driver support most of JAIL(8) functionality, parameter names closely match the ones in JAIL(8).

Parameters documentation

Examples

Basic jail

job "test" {
  datacenters = ["dc1"]
  type        = "service"

  group "test" {
    restart {
      attempts = 0
      mode     = "fail"
    }

    task "test01" {
      driver = "jail-task-driver"

      config {
        Path    = "/zroot/iocage/jails/myjail/root"
	Persist  = true
      }
    }
  }
}

Non vnet jail

job "non-vnet" {
  datacenters = ["dc1"]
  type        = "service"

  group "test" {
    restart {
      attempts = 0
      mode     = "fail"
    }

    task "test01" {
      driver = "jail-task-driver"

      config {
        Path              = "/zroot/iocage/jails/myjail/root"
        Ip4               = "new"
        Allow_raw_sockets = true
        Allow_chflags     = true
        Ip4_addr          = "em1|192.168.1.102"
        Exec_start        = "/usr/local/bin/http-echo -listen :9999 -text hello"
      }
    }
  }
}

Vnet jail example

job "vnet-example" {
  datacenters = ["dc1"]
  type        = "service"

  group "test" {
    restart {
      attempts = 0
      mode     = "fail"
    }

    task "test01" {
      driver = "jail-task-driver"

      config {
        Path    = "/zroot/iocage/jails/myjail/root"
	Persist  = true
 	Host_hostname = "mwl.io"
	Exec_clean = true	
	Exec_start = "sh /etc/rc"
	Exec_stop = "sh /etc/rc.shutdown"
	Mount_devfs = true
	Exec_prestart = "logger trying to start "	
	Exec_poststart = "logger jail has started"	
	Exec_prestop = "logger shutting down jail "	
	Exec_poststop = "logger has shut down jail "	
	Exec_consolelog ="/var/tmp/vnet-example"
	Vnet = true
	Vnet_nic = "e0b_loghost"
	Exec_prestart = "/usr/share/examples/jails/jib addm loghost em1"
	Exec_poststop = "/usr/share/examples/jails/jib destroy loghost "
      }
    }
  }
}

Setting resource limits

job "vnet-example2" {
  datacenters = ["dc1"]
  type        = "service"

  group "test" {
    restart {
      attempts = 0
      mode     = "fail"
    }

    task "test01" {
      driver = "jail-task-driver"

      config {
        Path            = "/zroot/iocage/jails/myjail/root"
        Host_hostname   = "mwl.io"
        Exec_clean      = true
        Exec_start      = "sh /etc/rc"
        Exec_stop       = "sh /etc/rc.shutdown"
        Mount_devfs     = true
        Exec_prestart   = "logger trying to start "
        Exec_poststart  = "logger jail has started"
        Exec_prestop    = "logger shutting down jail "
        Exec_poststop   = "logger has shut down jail "
        Exec_consolelog = "/var/tmp/vnet-example"
        Vnet            = true
        Vnet_nic        = "e0b_loghost"
        Exec_prestart   = "/usr/share/examples/jails/jib addm loghost em1"
        Exec_poststop   = "/usr/share/examples/jails/jib destroy loghost "

        Rctl = {
          Vmemoryuse = {
            Action = "deny"
            Amount = "1G"
            Per    = "process"
          }
          Openfiles = {
            Action = "deny"
            Amount = "500"
          }
        }
      }
    }
  }
}

Demo

asciicast

Support

ko-fi

It's also possible to support the project on Patreon

References

TODO:

  • Implement exec interface
  • Implement RecoverTask interface
  • Test All jail options
  • Refactor to match parameters as closely as JAIL(8)
  • Create jails using docker images