cd7226d398
While Nomad v0.12.8 fixed `NOMAD_{ALLOC,TASK,SECRETS}_DIR` use in
`template.destination`, interpolating these variables in
`template.source` caused a path escape error.
**Why not apply the destination fix to source?**
The destination fix forces destination to always be relative to the task
directory. This makes sense for the destination as a destination outside
the task directory would be unreachable by the task. There's no reason
to ever render a template outside the task directory. (Using `..` does
allow destinations to escape the task directory if
`template.disable_file_sandbox = true`. That's just awkward and unsafe
enough I hope no one uses it.)
There is a reason to source a template outside a task
directory. At least if there weren't then I can't think of why we
implemented `template.disable_file_sandbox`. So v0.12.8 left the
behavior of `template.source` the more straightforward "Interpolate and
validate."
However, since outside of `raw_exec` every other driver uses absolute
paths for `NOMAD_*_DIR` interpolation, this means those variables are
unusable unless `disable_file_sandbox` is set.
**The Fix**
The variables are now interpolated as relative paths *only for the
purpose of rendering templates.* This is an unfortunate special case,
but reflects the fact that the templates view of the filesystem is
completely different (unconstrainted) vs the task's view (chrooted).
Arguably the values of these variables *should be context-specific.*
I think it's more reasonable to think of the "hack" as templating
running uncontainerized than that giving templates different paths is a
hack.
**TODO**
- [ ] E2E tests
- [ ] Job validation may still be broken and prevent my fix from
working?
**raw_exec**
`raw_exec` is actually broken _a different way_ as exercised by tests in
this commit. I think we should probably remove these tests and fix that
in a followup PR/release, but I wanted to leave them in for the initial
review and discussion. Since non-containerized source paths are broken
anyway, perhaps there's another solution to this entire problem I'm
overlooking?
Nomad 
Overview
Nomad is an easy-to-use, flexible, and performant workload orchestrator that deploys:
Nomad enables developers to use declarative infrastructure-as-code for deploying their applications (jobs). Nomad uses bin packing to efficiently schedule jobs and optimize for resource utilization. Nomad is supported on macOS, Windows, and Linux.
Nomad is widely adopted and used in production by PagerDuty, CloudFlare, Roblox, Pandora, and more.
-
Deploy Containers and Legacy Applications: Nomad’s flexibility as an orchestrator enables an organization to run containers, legacy, and batch applications together on the same infrastructure. Nomad brings core orchestration benefits to legacy applications without needing to containerize via pluggable task drivers.
-
Simple & Reliable: Nomad runs as a single binary and is entirely self contained - combining resource management and scheduling into a single system. Nomad does not require any external services for storage or coordination. Nomad automatically handles application, node, and driver failures. Nomad is distributed and resilient, using leader election and state replication to provide high availability in the event of failures.
-
Device Plugins & GPU Support: Nomad offers built-in support for GPU workloads such as machine learning (ML) and artificial intelligence (AI). Nomad uses device plugins to automatically detect and utilize resources from hardware devices such as GPU, FPGAs, and TPUs.
-
Federation for Multi-Region, Multi-Cloud: Nomad was designed to support infrastructure at a global scale. Nomad supports federation out-of-the-box and can deploy applications across multiple regions and clouds.
-
Proven Scalability: Nomad is optimistically concurrent, which increases throughput and reduces latency for workloads. Nomad has been proven to scale to clusters of 10K+ nodes in real-world production environments.
-
HashiCorp Ecosystem: Nomad integrates seamlessly with Terraform, Consul, Vault for provisioning, service discovery, and secrets management.
Getting Started
Get started with Nomad quickly in a sandbox environment on the public cloud or on your computer.
- Local
- AWS
- Azure
- GCP
These methods are not meant for production.
Documentation & Guides
Documentation is available on the Nomad website here. Guides are available on HashiCorp Learn website here.
Resources
- Website
- Mailing List
- Gitter
Who Uses Nomad
- Roblox
- Cloudflare
- BetterHelp
- Navi Capital
- Trivago
- Reaktor
- Pandora
- CircleCI
- Q2
- Citadel
- Deluxe Entertainment
- Jet.com (Walmart)
- PagerDuty
- SAP Ariba
- Target
- Oscar Health
- eBay
- Dutch National Police
- N26
- Elsevier
- Graymeta
- NIH NCBI
- imgix
...and more!
Contributing
See the contributing directory for more developer documentation.
Developing with Vagrant
A development environment is supplied via Vagrant to make getting started easier.
- Install Vagrant
- Install Virtualbox
- Bring up the Vagrant project
$ git clone https://github.com/hashicorp/nomad.git $ cd nomad $ vagrant up
The virtual machine will launch, and a provisioning script will install the needed dependencies within the VM.
Developing without Vagrant
- Install Go 1.15.5+ (Note:
gcc-gois not supported) - Clone this repo
$ git clone https://github.com/hashicorp/nomad.git $ cd nomad - Bootstrap your environment
$ make bootstrap - (Optionally) Set a higher ulimit, as Nomad creates many file handles during normal operations
$ [ "$(ulimit -n)" -lt 1024 ] && ulimit -n 1024 - Verify you can run tests
$ make test
Running a development build
- Compile a development binary (see the UI README to include the web UI in the binary)
$ make dev # find the built binary at ./bin/nomad - Start the agent in dev mode
$ sudo bin/nomad agent -dev - (Optionally) Run Consul to enable service discovery and health checks
- Download Consul
- Start Consul in dev mode
$ consul agent -dev
Compiling Protobufs
If in the course of your development you change a Protobuf file (those ending in .proto), you'll need to recompile the protos.
- Install Buf
- Compile Protobufs
$ make proto
Building the Web UI
See the UI README for instructions.
Create a release binary
To create a release binary:
$ make prerelease
$ make release
$ ls ./pkg
This will generate all the static assets, compile Nomad for multiple
platforms and place the resulting binaries into the ./pkg directory.
API Compatibility
Only the api/ and plugins/ packages are intended to be imported by other projects. The root Nomad module does not follow semver and is not intended to be imported directly by other projects.