0.9.3 upstream (#12)

* add parameter to allow the setting of running user for container (Roblox#120) * add parameter to allow the setting of running user for container * use task level user param as source param * Security fixes: upgrade containerd + nomad. (Roblox#122) Signed-off-by: Shishir Mahajan <[email protected]> * Fix issue Roblox#116 - allow relative paths in mounts. (Roblox#123) * Fix issue Roblox#116 - allow relative paths in mounts. * Add test. Signed-off-by: Shishir Mahajan <[email protected]> * fix entrypoint override (Roblox#124) In case of entrypoint override, image config needs to be passed. * rename test file numbers Co-authored-by: n-marton <[email protected]> Co-authored-by: Shishir <[email protected]> Co-authored-by: Jonathan Cross <>
AtomicConductor · Jan 25, 2022 · 89aed07 · 89aed07
1 parent 87c11c0
commit 89aed07
Show file tree

Hide file tree

Showing 6 changed files with 96 additions and 0 deletions.
diff --git a/containerd/containerd.go b/containerd/containerd.go
@@ -271,6 +271,7 @@ func (d *Driver) createContainer(containerConfig *ContainerConfig, config *TaskC
 	var opts []oci.SpecOpts
 
 	if config.Entrypoint != nil {
+		opts = append(opts, oci.WithImageConfig(containerConfig.Image))
 		// WithProcessArgs replaces the args on the generated spec.
 		opts = append(opts, oci.WithProcessArgs(args...))
 	} else {
@@ -403,6 +404,12 @@ func (d *Driver) createContainer(containerConfig *ContainerConfig, config *TaskC
 			return nil, fmt.Errorf("Options cannot be empty for mount type: %s. You need to atleast pass rbind and ro.", mount.Type)
 		}
 
+		// Allow paths relative to $NOMAD_TASK_DIR.
+		// More details: https://github.com/Roblox/nomad-driver-containerd/issues/116#issuecomment-983171458
+		if mount.Type == "bind" && strings.HasPrefix(mount.Source, "local") {
+			mount.Source = containerConfig.TaskDirSrc + mount.Source[5:]
+		}
+
 		m := buildMountpoint(mount.Type, mount.Target, mount.Source, mount.Options)
 		mounts = append(mounts, m)
 	}

diff --git a/example/mosquitto.nomad b/example/mosquitto.nomad
@@ -0,0 +1,39 @@
+job "mosquitto" {
+  datacenters = ["dc1"]
+
+  group "msq-group" {
+    task "msq-task" {
+      driver = "containerd-driver"
+
+      config {
+        image           = "ubuntu:16.04"
+        command         = "sleep"
+        args            = ["600s"]
+        mounts = [
+           {
+                type    = "bind"
+                target  = "/mosquitto/config/mosquitto.conf"
+                source  = "local/mosquitto.conf"
+                options = ["rbind", "rw"]
+           }
+        ]
+      }
+
+      template {
+        destination = "local/mosquitto.conf"
+        data = <<EOF
+bind_address 0.0.0.0
+allow_anonymous true
+persistence true
+persistence_location /mosquitto/data/
+log_dest stdout
+EOF
+      }
+
+      resources {
+        cpu    = 500
+        memory = 256
+      }
+    }
+  }
+}
diff --git a/tests/010-test-template-stanza.sh b/tests/010-test-template-stanza.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+source $SRCDIR/utils.sh
+
+job_name=mosquitto
+filename="/mosquitto/config/mosquitto.conf"
+
+# test template stanza
+test_template_stanza_nomad_job() {
+    pushd ~/go/src/github.com/Roblox/nomad-driver-containerd/example
+
+    echo "INFO: Starting nomad $job_name job using nomad-driver-containerd."
+    nomad job run -detach $job_name.nomad
+
+    # Even though $(nomad job status) reports job status as "running"
+    # The actual container process might not be running yet.
+    # We need to wait for actual container to start running before trying exec.
+    echo "INFO: Wait for ${job_name} container to get into RUNNING state, before trying exec."
+    is_container_active ${job_name} true
+
+    echo "INFO: Checking status of $job_name job."
+    job_status=$(nomad job status -short $job_name|grep Status|awk '{split($0,a,"="); print a[2]}'|tr -d ' ')
+    if [ "$job_status" != "running" ];then
+        echo "ERROR: Error in getting ${job_name} job status."
+        exit 1
+    fi
+
+    # Check if bind mount exists.
+    echo "INFO: Checking if bind mount was successful and $filename exists."
+    nomad alloc exec -job $job_name cat $filename >/dev/null 2>&1
+    rc=$?
+    if [ $rc -ne 0 ]; then
+       echo "ERROR: bind mount was unsuccessful. $filename does not exist."
+       exit 1
+    fi
+
+    echo "INFO: Stopping nomad ${job_name} job."
+    nomad job stop -detach ${job_name}
+    job_status=$(nomad job status -short ${job_name}|grep Status|awk '{split($0,a,"="); print a[2]}'|tr -d ' ')
+    if [ $job_status != "dead(stopped)" ];then
+        echo "ERROR: Error in stopping ${job_name} job."
+        exit 1
+    fi
+
+    echo "INFO: purge nomad ${job_name} job."
+    nomad job stop -detach -purge ${job_name}
+    popd
+}
+
+test_template_stanza_nomad_job
diff --git a/tests/010-test-allow-privileged.sh → tests/011-test-allow-privileged.sh b/tests/010-test-allow-privileged.sh → tests/011-test-allow-privileged.sh
diff --git a/tests/011-test-annotations.sh → tests/012-test-annotations.sh b/tests/011-test-annotations.sh → tests/012-test-annotations.sh
diff --git a/tests/012-test-runtime-gvisor.sh → tests/014-test-runtime-gvisor.sh b/tests/012-test-runtime-gvisor.sh → tests/014-test-runtime-gvisor.sh