Running nomad as non-root user with rootless containerd

Question

Running nomad as non-root user with rootless containerd

uhef opened this issue 2 years ago · comments

Hi!

I would like to run nomad locally on my developer machine and connect to locally running containerd that I have started in rootless mode.

Basically I would not want to involve root user when possible in either running containerd or nomad.

However, when I run nomad with:

nomad agent -dev -plugin-dir="/usr/lib/nomad/plugins" -config="./local-nomad.hcl"

where /usr/lib/nomad/plugins contains the containerd-driver
and ./local-nomad.hcl looks like:

plugin "containerd-driver" {
	config {
		enabled = true
		containerd_runtime = "io.containerd.runc.v2"
		stats_interval = "5s"
		allow_privileged = false
	}
}

I get following error:

2022-08-09T17:38:00.462+0300 [ERROR] agent.plugin_loader.containerd-driver: Error in creating containerd client: plugin_dir=/usr/lib/nomad/plugins @module=containerd-driver err="failed to dial \"/run/containerd/containerd.sock\": context deadline exceeded" timestamp="2022-08-09T17:38:00.462+0300"

and nomad dies.

I suppose the containerd-driver is trying to look for the sock file in wrong place. Is there a way to configure the containerd address?

Tuomas Järvensivu · Answer 1 · Wed Aug 10 2022 03:15:07 GMT+0800 (China Standard Time)

Looking at the code, it seems that the containerd address is hard-coded and cannot be altered currently.

Tuomas Järvensivu · Answer 2 · Tue Aug 16 2022 15:52:48 GMT+0800 (China Standard Time)

After investigating this a bit more, I learned that its not possible to run nomad in rootless mode currently.

So what I'm asking here doesn't make any sense.

There's an open issue against nomad currently that discusses the ability to run nomad in rootless mode. One can follow discussion there to learn when this becomes possible (if ever).