From c7ff9dc62b27c0427380e21a4d9c894a8a108b8e Mon Sep 17 00:00:00 2001 From: Seth Hoenig Date: Thu, 6 Jul 2023 19:34:32 +0000 Subject: [PATCH] backport of commit 25a062650f38b682733fe51d886188a8d0504844 --- website/content/plugins/drivers/podman.mdx | 62 +++++++++++++--------- 1 file changed, 36 insertions(+), 26 deletions(-) diff --git a/website/content/plugins/drivers/podman.mdx b/website/content/plugins/drivers/podman.mdx index 7f8107cadf0..2b9d4685c7e 100644 --- a/website/content/plugins/drivers/podman.mdx +++ b/website/content/plugins/drivers/podman.mdx @@ -10,21 +10,20 @@ description: >- Name: `podman` -Homepage: https://github.com/hashicorp/nomad-driver-podman - The Podman task driver plugin for Nomad uses the [Pod Manager (podman)][podman] daemonless container runtime for executing Nomad tasks. Podman supports OCI -containers and its command line tool is meant to be [a drop-in replacement for -Docker's][podman-cli]. +containers and its command line tool is meant to be [a drop-in replacement] +[podman-cli] for docker. + +Source is on [GitHub][github] -Due to Podman's similarity to Docker, the example job created by -[`nomad init -short`][nomad-init] is easily adapted to use Podman instead: +Download from HashiCorp [releases][releases] + +The example job created by [`nomad init -short`][nomad-init] is easily adapted +to use Podman instead: ```hcl job "redis" { - datacenters = ["dc1"] - type = "service" - group "cache" { network { port "redis" { to = 6379 } @@ -32,9 +31,8 @@ job "redis" { task "redis" { driver = "podman" - config { - image = "docker://redis" + image = "docker.io/library/redis:7" ports = ["redis"] } } @@ -46,20 +44,17 @@ Refer to the project's [homepage][homepage] for details. ## Client Requirements -The Podman task driver is not builtin to Nomad. It must be +The Podman task driver is not built into Nomad. It must be [downloaded][downloaded] onto the client host in the configured plugin directory. -- [Nomad][nomad_download] 0.12.9+ - Linux host with [`podman`][podman] installed -- For rootless containers you need a system supporting cgroup V2 and a few +- For rootless containers you need a system supporting cgroups v2 and a few other things, follow [this tutorial][rootless_tutorial]. -You need a 3.0.x podman binary and a system socket activation unit, refer to -[https://www.redhat.com/sysadmin/podmans-new-rest-api](https://www.redhat.com/sysadmin/podmans-new-rest-api). - -Nomad agent, `nomad-driver-podman` and `podman` will reside on the same client, -so you do not have to worry about the `ssh` aspects of the Podman api. +You need a v3.x or higher podman binary and a system socket [activation unit] +[rest_api]. It is recommended to install podman via your system's package +manager, which will configure systemd for you. Ensure that Nomad can find the plugin, refer to [`plugin_dir`][plugin_dir]. @@ -70,10 +65,10 @@ The `podman` driver implements the following [capabilities](/nomad/docs/concepts | Feature | Implementation | | -------------------- | ----------------------- | | `nomad alloc signal` | true | -| `nomad alloc exec` | false | +| `nomad alloc exec` | true | | filesystem isolation | image | | network isolation | host, group, task, none | -| volume mounting | none | +| volume mounting | true | ## Task Configuration @@ -90,7 +85,8 @@ The `podman` driver implements the following [capabilities](/nomad/docs/concepts ``` - `auth` - (Optional) Authenticate to the image registry using a static - credential. + credential. By setting tlsVerify to false the driver will allow using self- + signed certificates or plain HTTP connections to the registry. ```hcl config { @@ -98,6 +94,7 @@ The `podman` driver implements the following [capabilities](/nomad/docs/concepts auth { username = "someuser" password = "sup3rs3creT" + tlsVerify = false } } ``` @@ -178,6 +175,14 @@ The `podman` driver implements the following [capabilities](/nomad/docs/concepts } ``` +- `extra_hosts` - (Optional) Set additional hosts in the container + + ```hcl + config { + extra_hosts = ["test4.localhost:127.0.0.2", "test6.localhost:[::1]"] + } + ``` + - `image_pull_timeout` - (Optional) Time duration for your pull timeout (default to `"5m"`). Cannot be longer than the [`client_http_timeout`]. @@ -488,10 +493,13 @@ configuration file. } ``` -- `recover_stopped` - Defaults to `true`. Allows the driver to start and reuse - a previously stopped container after a Nomad client restart. Consider a - simple single node system and a complete reboot. All previously managed - containers will be reused instead of disposed and recreated. +- `recover_stopped` - (Deprecated) Defaults to `false`. Allows the driver to + start and reuse a previously stopped container after a Nomad client restart. + Consider a simple single node system and a complete reboot. All previously + managed containers will be reused instead of disposed and recreated. + + !> This option may cause Nomad client to hang on startup. It now defaults to + being disabled and may be removed in a future release. ```hcl plugin "nomad-driver-podman" { @@ -550,6 +558,7 @@ configuration file. } ``` +[github]: https://github.com/hashicorp/nomad-driver-podman [`count`]: /nomad/docs/job-specification/group#count [`disable_log_collection`]: #disable_log_collection [docker-ports]: /nomad/docs/drivers/docker#forwarding-and-exposing-ports @@ -578,3 +587,4 @@ configuration file. [short-names]: https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md#short-name-aliasing [`command`]: #command [`client_http_timeout`]: #client_http_timeout +[rest_api]: https://www.redhat.com/sysadmin/podmans-new-rest-api \ No newline at end of file