$ nomad job run redis.nomad
will start a redis server using nomad-driver-containerd
Exec into redis container
$ nomad job status redis
Copy the allocation ID from the output of nomad job status command.
$ nomad alloc exec -i -t <allocation_id> /bin/sh
$ nomad job run hello.nomad
will start a container using nomad-driver-containerd which runs an infinite loop printing
hello world and sleeps for 3 seconds between each iteration. This is a basic hello world
program which can be used to test launching containers using nomad-driver-containerd.
Check allocation logs
$ nomad alloc logs -f -job hello
Hello world: sleeping for 3 seconds.
Hello world: sleeping for 3 seconds.
Hello world: sleeping for 3 seconds.
...
$ nomad job run signal.nomad
will start the signal handler container.
You can send any signal (from a list of supported signals) to this container and it will print the signal on stdout for you.
$ nomad job status signal
Copy the allocation ID from the output of nomad job status command.
$ nomad alloc signal -s <signal> <allocation_id>
$ nomad job run stress.nomad
will start a stress test container.
This container is based on linux stress-ng tool which is used for generating
heavy load on CPU and memory to do stress testing.
This container executes the following command as an entrypoint to the container:
stress-ng --cpu 4 --io 4 --vm 4 --vm-bytes 256M --fork 4 --timeout 180s
The above command will run stress tests for 3 minutes (180 secs).
$ nomad job status stress
Copy the allocation ID from the output of nomad job status command.
While the container is running, you can check the stats using:
$ nomad alloc status -stats <allocation_id>
$ nomad job run capabilities.nomad
will start an ubuntu:16.04 container using nomad-driver-containerd.
This container sleeps for 10 mins (600 seconds), runs in readonly mode and
add (and drop) the following capabilities.
New capabilities added:
CAP_SYS_ADMIN
CAP_IPC_OWNER
CAP_IPC_LOCK
Existing capabilities dropped:
CAP_CHOWN
CAP_SYS_CHROOT
CAP_DAC_OVERRIDE
Exec into capabilities container to check capabilities
$ nomad job status capabilities
Copy the allocation ID from the output of nomad job status command.
$ nomad alloc exec -i -t <allocation_id> /bin/bash
Print capabilities (Inside the container)
$ capsh --print
Check readonly mode (Inside the container)
$ touch /tmp/file.txt
touch should throw the following error message:
touch: cannot touch '/tmp/file.txt': Read-only file system
$ nomad job run privileged.nomad
will start an ubuntu:16.04 container using nomad-driver-containerd.
This container does the following:
- Sleeps for 10 mins (600 seconds).
- Runs in privileged mode i.e the bounding set contains all linux capabilities.
- Add /dev/loop0 and /dev/loop1 loopback devices into the container.
- Bind mounts /tmp/s1 (host) to /tmp/t1 (container).
NOTE: /tmp/s1 should exist on the host, before you run Privileged job.
Exec into privileged container to check capabilities, devices and mounts.
$ nomad job status privileged
Copy the allocation ID from the output of nomad job status command.
$ nomad alloc exec -i -t <allocation_id> /bin/bash
Print capabilities (Inside the container)
$ capsh --print
This should print all 37 capabilities as part of the bounding set.
Check for devices (Inside the container)
ls /dev -lt
This should list both /dev/loop0 and /dev/loop1 under devices.
Check bind mount (Inside the container)
mountpoint /tmp/t1