From 5526024244554e5eb284afe4319550a94e22c11f Mon Sep 17 00:00:00 2001 From: Nathaniel Landau Date: Thu, 16 Mar 2023 22:44:52 -0400 Subject: [PATCH] fix(nomad): run nomad as root user to enable docker plugin on raspberry pis Nomad is running as root rather than the Nomad user due to the Docker driver not being started when cgroups v2 are enabled. More info: https://github.com/hashicorp/nomad/pull/16063 --- default_variables.yml | 2 +- poetry.lock | 22 +++++++++++----------- templates/nomad.service.j2 | 11 +++++++++-- 3 files changed, 21 insertions(+), 14 deletions(-) diff --git a/default_variables.yml b/default_variables.yml index 09d9afb..1f088b5 100644 --- a/default_variables.yml +++ b/default_variables.yml @@ -3,7 +3,7 @@ authelia_version: 4.37.5 consul_version: 1.15.1 influxdb_version: 1.8.10 -nomad_version: 1.4.6 +nomad_version: 1.5.1 prometheus_verssion: 2.42.0 speedtest_cli_version: 1.2.0 tdarr_installer_version: 2.00.13 diff --git a/poetry.lock b/poetry.lock index 2115b0e..2e0674c 100644 --- a/poetry.lock +++ b/poetry.lock @@ -386,30 +386,30 @@ files = [ [[package]] name = "filelock" -version = "3.9.0" +version = "3.10.0" description = "A platform independent file lock." category = "main" optional = false python-versions = ">=3.7" files = [ - {file = "filelock-3.9.0-py3-none-any.whl", hash = "sha256:f58d535af89bb9ad5cd4df046f741f8553a418c01a7856bf0d173bbc9f6bd16d"}, - {file = "filelock-3.9.0.tar.gz", hash = "sha256:7b319f24340b51f55a2bf7a12ac0755a9b03e718311dac567a0f4f7fabd2f5de"}, + {file = "filelock-3.10.0-py3-none-any.whl", hash = "sha256:e90b34656470756edf8b19656785c5fea73afa1953f3e1b0d645cef11cab3182"}, + {file = "filelock-3.10.0.tar.gz", hash = "sha256:3199fd0d3faea8b911be52b663dfccceb84c95949dd13179aa21436d1a79c4ce"}, ] [package.extras] -docs = ["furo (>=2022.12.7)", "sphinx (>=5.3)", "sphinx-autodoc-typehints (>=1.19.5)"] -testing = ["covdefaults (>=2.2.2)", "coverage (>=7.0.1)", "pytest (>=7.2)", "pytest-cov (>=4)", "pytest-timeout (>=2.1)"] +docs = ["furo (>=2022.12.7)", "sphinx (>=6.1.3)", "sphinx-autodoc-typehints (>=1.22,!=1.23.4)"] +testing = ["covdefaults (>=2.3)", "coverage (>=7.2.1)", "pytest (>=7.2.2)", "pytest-cov (>=4)", "pytest-timeout (>=2.1)"] [[package]] name = "identify" -version = "2.5.20" +version = "2.5.21" description = "File identification library for Python" category = "main" optional = false python-versions = ">=3.7" files = [ - {file = "identify-2.5.20-py2.py3-none-any.whl", hash = "sha256:5dfef8a745ca4f2c95f27e9db74cb4c8b6d9916383988e8791f3595868f78a33"}, - {file = "identify-2.5.20.tar.gz", hash = "sha256:c8b288552bc5f05a08aff09af2f58e6976bf8ac87beb38498a0e3d98ba64eb18"}, + {file = "identify-2.5.21-py2.py3-none-any.whl", hash = "sha256:69edcaffa8e91ae0f77d397af60f148b6b45a8044b2cc6d99cafa5b04793ff00"}, + {file = "identify-2.5.21.tar.gz", hash = "sha256:7671a05ef9cfaf8ff63b15d45a91a1147a03aaccb2976d4e9bd047cbbc508471"}, ] [package.extras] @@ -603,14 +603,14 @@ files = [ [[package]] name = "pathspec" -version = "0.11.0" +version = "0.11.1" description = "Utility library for gitignore style pattern matching of file paths." category = "main" optional = false python-versions = ">=3.7" files = [ - {file = "pathspec-0.11.0-py3-none-any.whl", hash = "sha256:3a66eb970cbac598f9e5ccb5b2cf58930cd8e3ed86d393d541eaf2d8b1705229"}, - {file = "pathspec-0.11.0.tar.gz", hash = "sha256:64d338d4e0914e91c1792321e6907b5a593f1ab1851de7fc269557a21b30ebbc"}, + {file = "pathspec-0.11.1-py3-none-any.whl", hash = "sha256:d8af70af76652554bd134c22b3e8a1cc46ed7d91edcdd721ef1a0c51a84a5293"}, + {file = "pathspec-0.11.1.tar.gz", hash = "sha256:2798de800fa92780e33acca925945e9a19a133b715067cf165b8866c15a31687"}, ] [[package]] diff --git a/templates/nomad.service.j2 b/templates/nomad.service.j2 index 30cdc08..199dd3e 100644 --- a/templates/nomad.service.j2 +++ b/templates/nomad.service.j2 @@ -7,9 +7,16 @@ ConditionFileNotEmpty={{ nomad_configuration_dir }}/nomad.hcl [Service] {# {% if 'linode' in group_names %} #} -User=nomad -Group=nomad +{# User=nomad #} +{# Group=nomad #} {# {% endif %} #} + +{# NOTE: Nomad is running as root rather than the Nomad user due to the Docker driver not being started when cgroups v2 are enabled. + +https://github.com/hashicorp/nomad/pull/16063 + #} +User=root +Group=root ExecReload=/bin/kill -HUP $MAINPID ExecStart=/usr/local/bin/nomad agent -config {{ nomad_configuration_dir }} KillMode=process