kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-04 17:35:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

clarify raw_exec doesn't have filesystem isolation

Browse Source
This commit is contained in:
Tim Gross
2020-10-16 11:38:23 -04:00
parent 25818cefbf
commit daaf9ca558
1 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
website/pages/docs/job-specification/template.mdx
View File

@@ -60,9 +60,10 @@ README][ct]. Since Nomad v0.6.0, templates can be read as environment variables.
- `destination` `(string: <required>)` - Specifies the location where the
resulting template should be rendered, relative to the [task working
directory]. Only drivers that build a chroot into the task working directory
(such as `exec` or `raw_exec`) can render templates outside of the
`NOMAD_ALLOC_DIR`, `NOMAD_TASK_DIR`, or `NOMAD_SECRETS_DIR`.
directory]. Only drivers without filesystem isolation (ex. `raw_exec`) or
that buiold a chroot in the task working directory (ex. `exec`) can render
templates outside of the `NOMAD_ALLOC_DIR`, `NOMAD_TASK_DIR`, or
`NOMAD_SECRETS_DIR`.
- `env` `(bool: false)` - Specifies the template should be read back in as
environment variables for the task. ([See below](#environment-variables))
@@ -225,13 +226,13 @@ For more details see [go-envparser's README][go-envparse].
### Template Destinations
Templates are rendered into the task working directory. Some drivers such as
`exec` or `raw_exec` build a chroot in the task working directory, so
templates can be rendered to arbitrary paths in the task. But task drivers
such as `docker` can only access templates rendered into the
`NOMAD_ALLOC_DIR`, `NOMAD_TASK_DIR`, or `NOMAD_SECRETS_DIR`. To workaround
this restriction, you can create a mount from the template `destination` to
another location in the task.
Templates are rendered into the task working directory. Drivers without
filesystem isolation (such as `raw_exec`) or drivers that build a chroot in
the task working directory (such as `exec`) can have templates rendered to
arbitrary paths in the task. But task drivers such as `docker` can only access
templates rendered into the `NOMAD_ALLOC_DIR`, `NOMAD_TASK_DIR`, or
`NOMAD_SECRETS_DIR`. To workaround this restriction, you can create a mount
from the template `destination` to another location in the task.
```hcl
task "task" {