如何以非 root 用户身份 运行 nomad raw_exec 任务
How to run nomad raw_exec task as non-root user
可以在 任务 中为 Nomad raw_exec 驱动程序 运行 处理非-根用户?理想情况下想要 运行 以 root 身份游牧,然后以目标用户身份删除对 运行 命令的特权:
job "show_id_job" {
datacenters = ["dc1"]
priority = 100
type = "batch"
constraint {
attribute = "${attr.unique.hostname}"
value = "myhost.company.com"
}
group "show_id_group" {
network {
mode = "host"
}
task "show_id" {
driver = "raw_exec"
config {
command = "/usr/bin/su"
args = ["--login", "regularuser", "/usr/bin/id"]
}
}
}
}
但是当我 运行 这个作业失败时:
Oct 23 19:51:03 myhost.company.com nomad[300160]: client: allocation updates applied: added=0 removed=0 updated=4 ignored=4 errors=0
Oct 23 19:51:03 myhost.company.com su[385531]: pam_unix(su-l:session): session closed for user regularuser
Oct 23 19:51:03 myhost.company.com nomad[300160]: 2020-10-23T19:51:03.822-0400 [ERROR] client.driver_mgr.raw_exec: error receiving stream from Stats executor RPC, closing stream: alloc_id=fbe2e6d9-930e-acff-83c7-9d0f83b2e085 driver=raw_exec task_name=show_id error="rpc error: code = Unavailable desc = transport is closing"
Oct 23 19:51:03 myhost.company.com nomad[300160]: 2020-10-23T19:51:03.822-0400 [ERROR] client.alloc_runner.task_runner.task_hook.stats_hook: failed to start stats collection for task: alloc_id=fbe2e6d9-930e-acff-83c7-9d0f83b2e085 task=show_id error="rpc error: code = Canceled desc = grpc: the client connection is closing"
我在 documentation 中找不到任何允许我执行相同操作的参数
有人 运行 关注这个问题吗?
谢谢!
raw_exec 不可能(文档说驱动程序=docker 或驱动程序=exec 支持)。您还可以 运行 作为 non-privileged 用户游牧。
可以在 任务 中为 Nomad raw_exec 驱动程序 运行 处理非-根用户?理想情况下想要 运行 以 root 身份游牧,然后以目标用户身份删除对 运行 命令的特权:
job "show_id_job" {
datacenters = ["dc1"]
priority = 100
type = "batch"
constraint {
attribute = "${attr.unique.hostname}"
value = "myhost.company.com"
}
group "show_id_group" {
network {
mode = "host"
}
task "show_id" {
driver = "raw_exec"
config {
command = "/usr/bin/su"
args = ["--login", "regularuser", "/usr/bin/id"]
}
}
}
}
但是当我 运行 这个作业失败时:
Oct 23 19:51:03 myhost.company.com nomad[300160]: client: allocation updates applied: added=0 removed=0 updated=4 ignored=4 errors=0
Oct 23 19:51:03 myhost.company.com su[385531]: pam_unix(su-l:session): session closed for user regularuser
Oct 23 19:51:03 myhost.company.com nomad[300160]: 2020-10-23T19:51:03.822-0400 [ERROR] client.driver_mgr.raw_exec: error receiving stream from Stats executor RPC, closing stream: alloc_id=fbe2e6d9-930e-acff-83c7-9d0f83b2e085 driver=raw_exec task_name=show_id error="rpc error: code = Unavailable desc = transport is closing"
Oct 23 19:51:03 myhost.company.com nomad[300160]: 2020-10-23T19:51:03.822-0400 [ERROR] client.alloc_runner.task_runner.task_hook.stats_hook: failed to start stats collection for task: alloc_id=fbe2e6d9-930e-acff-83c7-9d0f83b2e085 task=show_id error="rpc error: code = Canceled desc = grpc: the client connection is closing"
我在 documentation 中找不到任何允许我执行相同操作的参数
有人 运行 关注这个问题吗?
谢谢!
raw_exec 不可能(文档说驱动程序=docker 或驱动程序=exec 支持)。您还可以 运行 作为 non-privileged 用户游牧。