├── .github ├── renovate.json5 └── workflows │ ├── template-build.yml │ ├── template-create-tag.yml │ ├── template-push.yml │ ├── template-release.yml │ ├── v1.10.x-build.yml │ ├── v1.10.x-create-tag.yml │ ├── v1.10.x-release.yml │ ├── v1.2.x-build.yml │ ├── v1.2.x-create-tag.yml │ ├── v1.2.x-release.yml │ ├── v1.3.x-build.yml │ ├── v1.3.x-create-tag.yml │ ├── v1.3.x-release.yml │ ├── v1.4.x-build.yml │ ├── v1.4.x-create-tag.yml │ ├── v1.4.x-release.yml │ ├── v1.5.x-build.yml │ ├── v1.5.x-create-tag.yml │ ├── v1.5.x-release.yml │ ├── v1.6.x-build.yml │ ├── v1.6.x-create-tag.yml │ ├── v1.6.x-release.yml │ ├── v1.7.x-build.yml │ ├── v1.7.x-create-tag.yml │ ├── v1.7.x-release.yml │ ├── v1.8.x-build.yml │ ├── v1.8.x-create-tag.yml │ ├── v1.8.x-release.yml │ ├── v1.9.x-build.yml │ ├── v1.9.x-create-tag.yml │ └── v1.9.x-release.yml ├── .hadolint.yaml ├── LICENSE ├── Makefile ├── README.md ├── docker-compose.yml ├── v0.10.x ├── Dockerfile └── start.sh ├── v0.11.x ├── Dockerfile └── start.sh ├── v0.12.x ├── Dockerfile └── start.sh ├── v0.9.x ├── Dockerfile └── start.sh ├── v1.0.x ├── Dockerfile ├── nomad-version └── start.sh ├── v1.1.x ├── Dockerfile ├── nomad-version └── start.sh ├── v1.10.x ├── Dockerfile ├── nomad-version └── start.sh ├── v1.2.x ├── Dockerfile ├── LICENSE ├── README.md ├── nomad-version └── start.sh ├── v1.3.x ├── Dockerfile ├── nomad-version └── start.sh ├── v1.4.x ├── Dockerfile ├── nomad-version └── start.sh ├── v1.5.x ├── Dockerfile ├── nomad-version └── start.sh ├── v1.6.x ├── Dockerfile ├── nomad-version └── start.sh ├── v1.7.x ├── Dockerfile ├── nomad-version └── start.sh ├── v1.8.x ├── Dockerfile ├── nomad-version └── start.sh └── v1.9.x ├── Dockerfile ├── nomad-version └── start.sh /.github/renovate.json5: -------------------------------------------------------------------------------- 1 | { 2 | "extends": ["config:recommended"], 3 | 4 | "customManagers": [ 5 | { 6 | "customType": "regex", 7 | "fileMatch": ["nomad-version"], 8 | "matchStrings": ["(?\\S+)\\n"], 9 | "depNameTemplate": "hashicorp/nomad", 10 | "datasourceTemplate": "github-releases", 11 | "extractVersionTemplate": "^v(?\\S+)", 12 | "versioningTemplate": "semver", 13 | }, 14 | ], 15 | 16 | // These versions are not updated anymore. 17 | "ignorePaths": [ 18 | "v0.9.x/**", 19 | "v0.10.x/**", 20 | "v0.11.x/**", 21 | "v0.12.x/**", 22 | "v1.0.x/**", 23 | "v1.1.x/**", 24 | ], 25 | 26 | 27 | "packageRules": [ 28 | { 29 | "matchUpdateTypes": ["patch"], 30 | "automerge": true 31 | }, 32 | { 33 | "matchFileNames": ["v1.2.x/**"], 34 | "matchPackageNames": ["hashicorp/nomad"], 35 | "allowedVersions": "<=1.2", 36 | "groupName": "nomad-1.2.x", 37 | }, 38 | { 39 | "matchFileNames": ["v1.3.x/**"], 40 | "matchPackageNames": ["hashicorp/nomad"], 41 | "allowedVersions": "<=1.3", 42 | "groupName": "nomad-1.3.x", 43 | }, 44 | { 45 | "matchFileNames": ["v1.4.x/**"], 46 | "matchPackageNames": ["hashicorp/nomad"], 47 | "allowedVersions": "<=1.4", 48 | "groupName": "nomad-1.4.x", 49 | }, 50 | { 51 | "matchFileNames": ["v1.5.x/**"], 52 | "matchPackageNames": ["hashicorp/nomad"], 53 | "allowedVersions": "<=1.5", 54 | "groupName": "nomad-1.5.x", 55 | }, 56 | { 57 | "matchFileNames": ["v1.6.x/**"], 58 | "matchPackageNames": ["hashicorp/nomad"], 59 | "allowedVersions": "<=1.6", 60 | "groupName": "nomad-1.6.x", 61 | }, 62 | { 63 | "matchFileNames": ["v1.7.x/**"], 64 | "matchPackageNames": ["hashicorp/nomad"], 65 | "allowedVersions": "<=1.7", 66 | "groupName": "nomad-1.7.x", 67 | }, 68 | { 69 | "matchFileNames": ["v1.8.x/**"], 70 | "matchPackageNames": ["hashicorp/nomad"], 71 | "allowedVersions": "<=1.8", 72 | "groupName": "nomad-1.8.x", 73 | }, 74 | { 75 | "matchFileNames": ["v1.9.x/**"], 76 | "matchPackageNames": ["hashicorp/nomad"], 77 | "allowedVersions": "<=1.9", 78 | "groupName": "nomad-1.9.x", 79 | }, 80 | { 81 | "matchFileNames": ["v1.10.x/**"], 82 | "matchPackageNames": ["hashicorp/nomad"], 83 | "ignoreUnstable": false, 84 | "groupName": "nomad-latest", 85 | }, 86 | ], 87 | } 88 | -------------------------------------------------------------------------------- /.github/workflows/template-build.yml: -------------------------------------------------------------------------------- 1 | # This builds the Docker image from the specified directory on all the 2 | # platforms and do a basic sanity check to verify that Nomad runs. 3 | name: Build 4 | 5 | on: 6 | workflow_call: 7 | inputs: 8 | directory: 9 | description: Directory where the Dockerfile is 10 | required: true 11 | type: string 12 | 13 | platforms: 14 | description: The platforms to build on 15 | required: true 16 | type: string 17 | 18 | jobs: 19 | prepare: 20 | name: Prepare Build Matrix 21 | runs-on: ubuntu-latest 22 | outputs: 23 | matrix: ${{ steps.platforms.outputs.matrix }} 24 | steps: 25 | - name: Checkout 26 | uses: actions/checkout@v4 27 | 28 | - name: Create matrix 29 | id: platforms 30 | run: | 31 | echo "matrix=$(echo '"${{ inputs.platforms }}"' | jq -cr '. / ","')" >> "$GITHUB_OUTPUT" 32 | 33 | - name: Show matrix 34 | run: | 35 | echo ${{ steps.platforms.outputs.matrix }} 36 | 37 | build: 38 | name: Build 39 | runs-on: ubuntu-latest 40 | needs: 41 | - prepare 42 | 43 | strategy: 44 | fail-fast: false 45 | 46 | matrix: 47 | platforms: ${{ fromJson(needs.prepare.outputs.matrix) }} 48 | 49 | steps: 50 | - uses: actions/checkout@v4 51 | 52 | - name: Metadata 53 | id: meta 54 | working-directory: ${{ inputs.directory }} 55 | run: | 56 | echo "nomad=$(cat nomad-version)" >> "$GITHUB_OUTPUT" 57 | echo "dockerfile=${{ inputs.directory }}/Dockerfile" >> "$GITHUB_OUTPUT" 58 | 59 | - name: Lint the Dockerfile 60 | uses: hadolint/hadolint-action@v3.1.0 61 | with: 62 | dockerfile: ${{ steps.meta.outputs.dockerfile }} 63 | 64 | - name: Set up QEMU 65 | id: docker-setup 66 | uses: docker/setup-qemu-action@v3 67 | with: 68 | platforms: ${{ matrix.platforms }} 69 | 70 | - name: Set up Docker Buildx 71 | uses: docker/setup-buildx-action@v3 72 | 73 | - name: Build 74 | uses: docker/build-push-action@v6 75 | with: 76 | context: ${{ inputs.directory }} 77 | file: ${{ steps.meta.outputs.dockerfile }} 78 | load: true # load the image built locally for later use 79 | build-args: |- 80 | NOMAD_VERSION=${{ steps.meta.outputs.nomad }} 81 | platforms: ${{ matrix.platforms }} 82 | push: false 83 | tags: local/nomad:test 84 | 85 | - name: Test 86 | run: make test DOCKER_TAG=local/nomad:test 87 | -------------------------------------------------------------------------------- /.github/workflows/template-create-tag.yml: -------------------------------------------------------------------------------- 1 | # This creates a new Git tag when the Nomad version changed. 2 | name: Create tag 3 | 4 | on: 5 | workflow_call: 6 | inputs: 7 | directory: 8 | description: Directory where the Dockerfile is 9 | required: true 10 | type: string 11 | 12 | secrets: 13 | PAT_GITHUB: 14 | description: The authentication token for GitHub 15 | required: true 16 | 17 | 18 | jobs: 19 | create-tag: 20 | name: Tag 21 | runs-on: ubuntu-latest 22 | 23 | permissions: 24 | contents: write # create new tags 25 | 26 | steps: 27 | - name: Checkout 28 | uses: actions/checkout@v4 29 | with: 30 | token: ${{ secrets.PAT_GITHUB }} 31 | 32 | - name: Create tag 33 | working-directory: ${{ inputs.directory }} 34 | run: | 35 | TAG="$(cat nomad-version)" 36 | git config --global user.email ${{ github.actor }} 37 | git config --global user.name "GitHub Actions" 38 | git tag --annotate --message "Nomad $TAG" "$TAG" 39 | git push --force origin "$TAG" 40 | -------------------------------------------------------------------------------- /.github/workflows/template-push.yml: -------------------------------------------------------------------------------- 1 | # This runs the sanity checks on all the platforms, then build and push the 2 | # images to the Docker registries. 3 | name: Push 4 | 5 | on: 6 | workflow_call: 7 | inputs: 8 | directory: 9 | description: Directory where the Dockerfile is 10 | required: true 11 | type: string 12 | 13 | platforms: 14 | description: The platforms to build on 15 | required: true 16 | type: string 17 | 18 | secrets: 19 | DOCKERHUB_USERNAME: 20 | description: Docker Hub username 21 | required: true 22 | 23 | DOCKERHUB_TOKEN: 24 | description: Docker Hub token 25 | required: true 26 | 27 | env: 28 | images: | 29 | index.docker.io/multani/nomad 30 | ghcr.io/multani/nomad 31 | 32 | jobs: 33 | test: 34 | uses: ./.github/workflows/template-build.yml 35 | secrets: inherit 36 | with: 37 | directory: ${{ inputs.directory }} 38 | platforms: ${{ inputs.platforms }} 39 | 40 | push: 41 | runs-on: ubuntu-latest 42 | needs: 43 | - test 44 | 45 | permissions: 46 | packages: write # create new package versions 47 | 48 | steps: 49 | - uses: actions/checkout@v4 50 | 51 | - name: Metadata 52 | id: meta 53 | working-directory: ${{ inputs.directory }} 54 | env: 55 | DIRECTORY: ${{ inputs.directory }} 56 | run: | 57 | echo "nomad=$(cat nomad-version)" >> "$GITHUB_OUTPUT" 58 | echo "dockerfile=${DIRECTORY}/Dockerfile" >> "$GITHUB_OUTPUT" 59 | 60 | - name: Login to Docker Hub 61 | uses: docker/login-action@v3 62 | with: 63 | username: ${{ secrets.DOCKERHUB_USERNAME }} 64 | password: ${{ secrets.DOCKERHUB_TOKEN }} 65 | 66 | - name: Login to GitHub Container Registry 67 | uses: docker/login-action@v3 68 | with: 69 | registry: ghcr.io 70 | username: ${{ github.actor }} 71 | password: ${{ secrets.GITHUB_TOKEN }} 72 | 73 | - name: Set up QEMU 74 | id: docker-setup 75 | uses: docker/setup-qemu-action@v3 76 | with: 77 | platforms: ${{ inputs.platforms }} 78 | 79 | - name: Set up Docker Buildx 80 | uses: docker/setup-buildx-action@v3 81 | 82 | - name: Docker metadata 83 | id: docker-release 84 | uses: docker/metadata-action@v5 85 | with: 86 | images: ${{ env.images }} 87 | labels: | 88 | org.opencontainers.image.authors=Jonathan Ballet 89 | org.opencontainers.image.url=https://www.nomadproject.io/ 90 | org.opencontainers.image.documentation=https://www.nomadproject.io/docs 91 | org.opencontainers.image.source=https://github.com/hashicorp/nomad 92 | org.opencontainers.image.version=${{ steps.meta.outputs.nomad }} 93 | org.opencontainers.image.vendor=HashiCorp 94 | org.opencontainers.image.title=nomad 95 | org.opencontainers.image.description=Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. 96 | tags: | 97 | type=ref,event=tag 98 | 99 | - name: Build and push 100 | uses: docker/build-push-action@v6 101 | with: 102 | context: ${{ inputs.directory }} 103 | file: ${{ steps.meta.outputs.dockerfile }} 104 | build-args: |- 105 | NOMAD_VERSION=${{ steps.meta.outputs.nomad }} 106 | platforms: ${{ inputs.platforms }} 107 | provenance: false 108 | push: true 109 | tags: ${{ steps.docker-release.outputs.tags }} 110 | labels: ${{ steps.docker-release.outputs.labels }} 111 | -------------------------------------------------------------------------------- /.github/workflows/template-release.yml: -------------------------------------------------------------------------------- 1 | # This runs the whole release workflow: 2 | # * test the images 3 | # * build and push them to the registries 4 | # * create the GitHub release / discussion 5 | name: Release 6 | 7 | on: 8 | workflow_call: 9 | inputs: 10 | directory: 11 | description: Directory where the Dockerfile is 12 | required: true 13 | type: string 14 | 15 | platforms: 16 | description: The platforms to build on 17 | required: true 18 | type: string 19 | 20 | secrets: 21 | DOCKERHUB_USERNAME: 22 | description: Docker Hub username 23 | required: true 24 | 25 | DOCKERHUB_TOKEN: 26 | description: Docker Hub token 27 | required: true 28 | 29 | 30 | jobs: 31 | push: 32 | permissions: 33 | packages: write 34 | 35 | uses: ./.github/workflows/template-push.yml 36 | secrets: inherit 37 | with: 38 | directory: ${{ inputs.directory }} 39 | platforms: ${{ inputs.platforms }} 40 | 41 | release: 42 | runs-on: ubuntu-latest 43 | needs: 44 | - push 45 | 46 | permissions: 47 | contents: write 48 | discussions: write 49 | 50 | steps: 51 | - uses: actions/checkout@v4 52 | 53 | - name: Metadata 54 | id: meta 55 | working-directory: ${{ inputs.directory }} 56 | run: | 57 | echo "nomad=$(cat nomad-version)" >> "$GITHUB_OUTPUT" 58 | echo "git=${{ github.ref_name }}" >> "$GITHUB_OUTPUT" 59 | echo "pretty-platforms=$(echo ${{ inputs.platforms }} | sed 's/,/`, `/g')" >> "$GITHUB_OUTPUT" 60 | 61 | - name: Release 62 | uses: softprops/action-gh-release@v2 63 | with: 64 | generate_release_notes: true 65 | discussion_category_name: announcements 66 | name: Nomad ${{ steps.meta.outputs.nomad }} 67 | body: | 68 | [Nomad ${{ steps.meta.outputs.nomad }}](https://github.com/hashicorp/nomad/releases/tag/v${{ steps.meta.outputs.nomad }}) 69 | 70 | Pull the image from: 71 | 72 | * [GitHub Packages](https://github.com/multani/docker-nomad/pkgs/container/nomad): 73 | ```shell 74 | docker pull ghcr.io/multani/nomad:${{ steps.meta.outputs.git }} 75 | ``` 76 | * [Docker Hub](https://hub.docker.com/r/multani/nomad/): 77 | ```shell 78 | docker pull multani/nomad:${{ steps.meta.outputs.git }} 79 | ``` 80 | 81 | The image is available on the following platforms: `${{ steps.meta.outputs.pretty-platforms }}`. 82 | -------------------------------------------------------------------------------- /.github/workflows/v1.10.x-build.yml: -------------------------------------------------------------------------------- 1 | name: "v1.10.x: build" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | paths: 8 | - v1.10.x/** 9 | 10 | pull_request: 11 | branches: 12 | - master 13 | paths: 14 | - v1.10.x/** 15 | 16 | jobs: 17 | test: 18 | name: Test 19 | uses: ./.github/workflows/template-build.yml 20 | with: 21 | platforms: linux/amd64,linux/arm64 22 | directory: v1.10.x 23 | -------------------------------------------------------------------------------- /.github/workflows/v1.10.x-create-tag.yml: -------------------------------------------------------------------------------- 1 | name: "v1.10.x: create tag" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | paths: 9 | - v1.10.x/nomad-version 10 | 11 | jobs: 12 | tag: 13 | name: Tag 14 | permissions: 15 | contents: write 16 | uses: ./.github/workflows/template-create-tag.yml 17 | secrets: inherit 18 | with: 19 | directory: v1.10.x 20 | -------------------------------------------------------------------------------- /.github/workflows/v1.10.x-release.yml: -------------------------------------------------------------------------------- 1 | name: "v1.10.x: release" 2 | 3 | on: 4 | push: 5 | tags: 6 | - 1.10.** 7 | 8 | jobs: 9 | release: 10 | name: Release 11 | permissions: 12 | contents: write 13 | packages: write 14 | discussions: write 15 | uses: ./.github/workflows/template-release.yml 16 | secrets: inherit 17 | with: 18 | platforms: linux/amd64,linux/arm64 19 | directory: v1.10.x 20 | -------------------------------------------------------------------------------- /.github/workflows/v1.2.x-build.yml: -------------------------------------------------------------------------------- 1 | name: "v1.3.x: build" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | paths: 8 | - v1.2.x/** 9 | 10 | pull_request: 11 | branches: 12 | - master 13 | paths: 14 | - v1.2.x/** 15 | 16 | jobs: 17 | test: 18 | name: Test 19 | uses: ./.github/workflows/template-build.yml 20 | with: 21 | platforms: linux/amd64,linux/arm/v7,linux/arm64 22 | directory: v1.2.x 23 | -------------------------------------------------------------------------------- /.github/workflows/v1.2.x-create-tag.yml: -------------------------------------------------------------------------------- 1 | name: "v1.3.x: create tag" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | paths: 9 | - v1.2.x/nomad-version 10 | 11 | jobs: 12 | tag: 13 | name: Tag 14 | permissions: 15 | contents: write 16 | uses: ./.github/workflows/template-create-tag.yml 17 | secrets: inherit 18 | with: 19 | directory: v1.2.x 20 | -------------------------------------------------------------------------------- /.github/workflows/v1.2.x-release.yml: -------------------------------------------------------------------------------- 1 | name: "v1.3.x: release" 2 | 3 | on: 4 | push: 5 | tags: 6 | - 1.2.** 7 | 8 | jobs: 9 | release: 10 | name: Release 11 | permissions: 12 | contents: write 13 | packages: write 14 | discussions: write 15 | uses: ./.github/workflows/template-release.yml 16 | secrets: inherit 17 | with: 18 | platforms: linux/amd64,linux/arm/v7,linux/arm64 19 | directory: v1.2.x 20 | -------------------------------------------------------------------------------- /.github/workflows/v1.3.x-build.yml: -------------------------------------------------------------------------------- 1 | name: "v1.3.x: build" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | paths: 8 | - v1.3.x/** 9 | 10 | pull_request: 11 | branches: 12 | - master 13 | paths: 14 | - v1.3.x/** 15 | 16 | jobs: 17 | test: 18 | name: Test 19 | uses: ./.github/workflows/template-build.yml 20 | with: 21 | platforms: linux/amd64,linux/arm/v7,linux/arm64 22 | directory: v1.3.x 23 | -------------------------------------------------------------------------------- /.github/workflows/v1.3.x-create-tag.yml: -------------------------------------------------------------------------------- 1 | name: "v1.3.x: create tag" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | paths: 9 | - v1.3.x/nomad-version 10 | 11 | jobs: 12 | tag: 13 | name: Tag 14 | permissions: 15 | contents: write 16 | uses: ./.github/workflows/template-create-tag.yml 17 | secrets: inherit 18 | with: 19 | directory: v1.3.x 20 | -------------------------------------------------------------------------------- /.github/workflows/v1.3.x-release.yml: -------------------------------------------------------------------------------- 1 | name: "v1.3.x: release" 2 | 3 | on: 4 | push: 5 | tags: 6 | - 1.3.** 7 | 8 | jobs: 9 | release: 10 | name: Release 11 | permissions: 12 | contents: write 13 | packages: write 14 | discussions: write 15 | uses: ./.github/workflows/template-release.yml 16 | secrets: inherit 17 | with: 18 | platforms: linux/amd64,linux/arm/v7,linux/arm64 19 | directory: v1.3.x 20 | -------------------------------------------------------------------------------- /.github/workflows/v1.4.x-build.yml: -------------------------------------------------------------------------------- 1 | name: "v1.4.x: build" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | paths: 8 | - v1.4.x/** 9 | 10 | pull_request: 11 | branches: 12 | - master 13 | paths: 14 | - v1.4.x/** 15 | 16 | jobs: 17 | test: 18 | name: Test 19 | uses: ./.github/workflows/template-build.yml 20 | with: 21 | platforms: linux/amd64,linux/arm/v7,linux/arm64 22 | directory: v1.4.x 23 | -------------------------------------------------------------------------------- /.github/workflows/v1.4.x-create-tag.yml: -------------------------------------------------------------------------------- 1 | name: "v1.4.x: create tag" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | paths: 9 | - v1.4.x/nomad-version 10 | 11 | jobs: 12 | tag: 13 | name: Tag 14 | permissions: 15 | contents: write 16 | uses: ./.github/workflows/template-create-tag.yml 17 | secrets: inherit 18 | with: 19 | directory: v1.4.x 20 | -------------------------------------------------------------------------------- /.github/workflows/v1.4.x-release.yml: -------------------------------------------------------------------------------- 1 | name: "v1.4.x: release" 2 | 3 | on: 4 | push: 5 | tags: 6 | - 1.4.** 7 | 8 | jobs: 9 | release: 10 | name: Release 11 | permissions: 12 | contents: write 13 | packages: write 14 | discussions: write 15 | uses: ./.github/workflows/template-release.yml 16 | secrets: inherit 17 | with: 18 | platforms: linux/amd64,linux/arm/v7,linux/arm64 19 | directory: v1.4.x 20 | -------------------------------------------------------------------------------- /.github/workflows/v1.5.x-build.yml: -------------------------------------------------------------------------------- 1 | name: "v1.5.x: build" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | paths: 8 | - v1.5.x/** 9 | 10 | pull_request: 11 | branches: 12 | - master 13 | paths: 14 | - v1.5.x/** 15 | 16 | jobs: 17 | test: 18 | name: Test 19 | uses: ./.github/workflows/template-build.yml 20 | with: 21 | platforms: linux/amd64,linux/arm/v7,linux/arm64 22 | directory: v1.5.x 23 | -------------------------------------------------------------------------------- /.github/workflows/v1.5.x-create-tag.yml: -------------------------------------------------------------------------------- 1 | name: "v1.5.x: create tag" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | paths: 9 | - v1.5.x/nomad-version 10 | 11 | jobs: 12 | tag: 13 | name: Tag 14 | permissions: 15 | contents: write 16 | uses: ./.github/workflows/template-create-tag.yml 17 | secrets: inherit 18 | with: 19 | directory: v1.5.x 20 | -------------------------------------------------------------------------------- /.github/workflows/v1.5.x-release.yml: -------------------------------------------------------------------------------- 1 | name: "v1.5.x: release" 2 | 3 | on: 4 | push: 5 | tags: 6 | - 1.5.** 7 | 8 | jobs: 9 | release: 10 | name: Release 11 | permissions: 12 | contents: write 13 | packages: write 14 | discussions: write 15 | uses: ./.github/workflows/template-release.yml 16 | secrets: inherit 17 | with: 18 | platforms: linux/amd64,linux/arm/v7,linux/arm64 19 | directory: v1.5.x 20 | -------------------------------------------------------------------------------- /.github/workflows/v1.6.x-build.yml: -------------------------------------------------------------------------------- 1 | name: "v1.6.x: build" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | paths: 8 | - v1.6.x/** 9 | 10 | pull_request: 11 | branches: 12 | - master 13 | paths: 14 | - v1.6.x/** 15 | 16 | jobs: 17 | test: 18 | name: Test 19 | uses: ./.github/workflows/template-build.yml 20 | with: 21 | platforms: linux/amd64,linux/arm/v7,linux/arm64 22 | directory: v1.6.x 23 | -------------------------------------------------------------------------------- /.github/workflows/v1.6.x-create-tag.yml: -------------------------------------------------------------------------------- 1 | name: "v1.6.x: create tag" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | paths: 9 | - v1.6.x/nomad-version 10 | 11 | jobs: 12 | tag: 13 | name: Tag 14 | permissions: 15 | contents: write 16 | uses: ./.github/workflows/template-create-tag.yml 17 | secrets: inherit 18 | with: 19 | directory: v1.6.x 20 | -------------------------------------------------------------------------------- /.github/workflows/v1.6.x-release.yml: -------------------------------------------------------------------------------- 1 | name: "v1.6.x: release" 2 | 3 | on: 4 | push: 5 | tags: 6 | - 1.6.** 7 | 8 | jobs: 9 | release: 10 | name: Release 11 | permissions: 12 | contents: write 13 | packages: write 14 | discussions: write 15 | uses: ./.github/workflows/template-release.yml 16 | secrets: inherit 17 | with: 18 | platforms: linux/amd64,linux/arm/v7,linux/arm64 19 | directory: v1.6.x 20 | -------------------------------------------------------------------------------- /.github/workflows/v1.7.x-build.yml: -------------------------------------------------------------------------------- 1 | name: "v1.7.x: build" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | paths: 8 | - v1.7.x/** 9 | 10 | pull_request: 11 | branches: 12 | - master 13 | paths: 14 | - v1.7.x/** 15 | 16 | jobs: 17 | test: 18 | name: Test 19 | uses: ./.github/workflows/template-build.yml 20 | with: 21 | platforms: linux/amd64,linux/arm/v7,linux/arm64 22 | directory: v1.7.x 23 | -------------------------------------------------------------------------------- /.github/workflows/v1.7.x-create-tag.yml: -------------------------------------------------------------------------------- 1 | name: "v1.7.x: create tag" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | paths: 9 | - v1.7.x/nomad-version 10 | 11 | jobs: 12 | tag: 13 | name: Tag 14 | permissions: 15 | contents: write 16 | uses: ./.github/workflows/template-create-tag.yml 17 | secrets: inherit 18 | with: 19 | directory: v1.7.x 20 | -------------------------------------------------------------------------------- /.github/workflows/v1.7.x-release.yml: -------------------------------------------------------------------------------- 1 | name: "v1.7.x: release" 2 | 3 | on: 4 | push: 5 | tags: 6 | - 1.7.** 7 | 8 | jobs: 9 | release: 10 | name: Release 11 | permissions: 12 | contents: write 13 | packages: write 14 | discussions: write 15 | uses: ./.github/workflows/template-release.yml 16 | secrets: inherit 17 | with: 18 | platforms: linux/amd64,linux/arm/v7,linux/arm64 19 | directory: v1.7.x 20 | -------------------------------------------------------------------------------- /.github/workflows/v1.8.x-build.yml: -------------------------------------------------------------------------------- 1 | name: "v1.8.x: build" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | paths: 8 | - v1.8.x/** 9 | 10 | pull_request: 11 | branches: 12 | - master 13 | paths: 14 | - v1.8.x/** 15 | 16 | jobs: 17 | test: 18 | name: Test 19 | uses: ./.github/workflows/template-build.yml 20 | with: 21 | platforms: linux/amd64,linux/arm64 22 | directory: v1.8.x 23 | -------------------------------------------------------------------------------- /.github/workflows/v1.8.x-create-tag.yml: -------------------------------------------------------------------------------- 1 | name: "v1.8.x: create tag" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | paths: 9 | - v1.8.x/nomad-version 10 | 11 | jobs: 12 | tag: 13 | name: Tag 14 | permissions: 15 | contents: write 16 | uses: ./.github/workflows/template-create-tag.yml 17 | secrets: inherit 18 | with: 19 | directory: v1.8.x 20 | -------------------------------------------------------------------------------- /.github/workflows/v1.8.x-release.yml: -------------------------------------------------------------------------------- 1 | name: "v1.8.x: release" 2 | 3 | on: 4 | push: 5 | tags: 6 | - 1.8.** 7 | 8 | jobs: 9 | release: 10 | name: Release 11 | permissions: 12 | contents: write 13 | packages: write 14 | discussions: write 15 | uses: ./.github/workflows/template-release.yml 16 | secrets: inherit 17 | with: 18 | platforms: linux/amd64,linux/arm64 19 | directory: v1.8.x 20 | -------------------------------------------------------------------------------- /.github/workflows/v1.9.x-build.yml: -------------------------------------------------------------------------------- 1 | name: "v1.9.x: build" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | paths: 8 | - v1.9.x/** 9 | 10 | pull_request: 11 | branches: 12 | - master 13 | paths: 14 | - v1.9.x/** 15 | 16 | jobs: 17 | test: 18 | name: Test 19 | uses: ./.github/workflows/template-build.yml 20 | with: 21 | platforms: linux/amd64,linux/arm64 22 | directory: v1.9.x 23 | -------------------------------------------------------------------------------- /.github/workflows/v1.9.x-create-tag.yml: -------------------------------------------------------------------------------- 1 | name: "v1.9.x: create tag" 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | paths: 9 | - v1.9.x/nomad-version 10 | 11 | jobs: 12 | tag: 13 | name: Tag 14 | permissions: 15 | contents: write 16 | uses: ./.github/workflows/template-create-tag.yml 17 | secrets: inherit 18 | with: 19 | directory: v1.9.x 20 | -------------------------------------------------------------------------------- /.github/workflows/v1.9.x-release.yml: -------------------------------------------------------------------------------- 1 | name: "v1.9.x: release" 2 | 3 | on: 4 | push: 5 | tags: 6 | - 1.9.** 7 | 8 | jobs: 9 | release: 10 | name: Release 11 | permissions: 12 | contents: write 13 | packages: write 14 | discussions: write 15 | uses: ./.github/workflows/template-release.yml 16 | secrets: inherit 17 | with: 18 | platforms: linux/amd64,linux/arm64 19 | directory: v1.9.x 20 | -------------------------------------------------------------------------------- /.hadolint.yaml: -------------------------------------------------------------------------------- 1 | ignored: 2 | - DL3008 # ignore unpinned Debian packages 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016 DJ Enriquez 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | DOCKER_TAG = local/nomad 2 | DIR = latest 3 | DOCKERFILE = $(DIR)/Dockerfile 4 | 5 | .PHONY: all 6 | all: build 7 | 8 | .PHONY: build 9 | build: 10 | docker buildx build --file $(DOCKERFILE) --tag "$(DOCKER_TAG)" $(DIR) 11 | 12 | test: 13 | docker run --rm "$(DOCKER_TAG)" version 14 | docker run --rm "$(DOCKER_TAG)" agent -help 15 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Run [Nomad](https://www.nomadproject.io) from a Docker container 2 | 3 | [![Docker Pulls](https://img.shields.io/docker/pulls/multani/nomad.svg)](https://hub.docker.com/r/multani/nomad/) 4 | 5 | This repository builds a Docker image to run the [Nomad](https://www.nomadproject.io) scheduler. 6 | 7 | The image is mostly useful for testing purpose, when you want to ship a small 8 | stack running Nomad along other containers. 9 | 10 | Get the image using: 11 | 12 | ```sh 13 | docker pull ghcr.io/multani/nomad 14 | ``` 15 | or: 16 | 17 | ```sh 18 | docker pull multani/nomad 19 | ``` 20 | 21 | See below for examples on how to start a Nomad client or server. 22 | 23 | This image is meant to be run with host network privileges. 24 | Nomad itself can be configured: 25 | 26 | * either by bind-mounting [HCL/JSON configuration 27 | files](https://www.nomadproject.io/docs/configuration/) into `/etc/nomad` 28 | 29 | * and/or by setting the configuration content directly into the 30 | `NOMAD_LOCAL_CONFIG` environment variable (see examples below). 31 | 32 | You also need to bind-mount the following directories (unless you really now 33 | what you are doing): 34 | 35 | * `/var/run/docker.sock`: to access the Docker socket, used by Nomad Docker's 36 | driver 37 | * `/tmp`: default temporary directory used by Nomad's `-dev` mode 38 | 39 | You can run the container as a non-root user, in which case you should set the 40 | `NOMAD_DISABLE_PERM_MGMT` environment variable to any value. This is especially 41 | useful when running standalone Nomad servers. 42 | 43 | The repository produces a dockerized version of Nomad following Hashicorp's 44 | model for their [Dockerized Consul 45 | image](https://github.com/hashicorp/docker-consul). It is based on the work from 46 | [djenriquez/nomad](https://github.com/djenriquez/nomad). 47 | 48 | 49 | ## To run: 50 | 51 | You can use the Docker Compose file to get started: 52 | 53 | ```bash 54 | docker compose up 55 | ``` 56 | 57 | The relevant Docker Compose bits are: 58 | 59 | ```yaml 60 | version: '2.1' 61 | 62 | services: 63 | nomad: 64 | image: multani/nomad 65 | build: . 66 | command: agent -dev 67 | privileged: true 68 | network_mode: host 69 | environment: 70 | NOMAD_LOCAL_CONFIG: | 71 | data_dir = "/nomad/data/" 72 | 73 | volumes: 74 | - /var/run/docker.sock:/var/run/docker.sock:rw 75 | - /tmp:/tmp 76 | ``` 77 | 78 | Or you can configured Nomad on dedicated host with the following command lines. 79 | 80 | ### Server 81 | 82 | Notes for the server: 83 | 84 | * It doesn't need to run as root. 85 | * If you decide to run it as non-root, the Nomad data directory must have the 86 | proper permissions. 87 | 88 | ```bash 89 | docker run -d \ 90 | --name nomad \ 91 | --net host \ 92 | --user nomad \ 93 | -e NOMAD_DISABLE_PERM_MGMT=true \ 94 | -e NOMAD_LOCAL_CONFIG=' 95 | server { 96 | enabled = true 97 | bootstrap_expect = 3 98 | } 99 | 100 | datacenter = "${REGION}" 101 | region = "${DATACENTER}" 102 | 103 | data_dir = "/nomad/data/" 104 | 105 | bind_addr = "0.0.0.0" 106 | 107 | advertise { 108 | http = "{{ GetPrivateIP }}:4646" 109 | rpc = "{{ GetPrivateIP }}:4647" 110 | serf = "{{ GetPrivateIP }}:4648" 111 | } 112 | ' \ 113 | -v "nomad:/nomad/data:rw" \ 114 | multani/nomad agent 115 | ``` 116 | 117 | ### Client 118 | 119 | Notes for the client: 120 | 121 | * Most of the task drivers require quite high privileges, you should most 122 | probably run the container as root with the [`privileged` Docker 123 | flag](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities). 124 | 125 | ```bash 126 | docker run -d \ 127 | --name nomad \ 128 | --net host \ 129 | --privileged \ 130 | -e NOMAD_LOCAL_CONFIG=' 131 | client { 132 | enabled = true 133 | } 134 | 135 | datacenter = "${REGION}" 136 | region = "${DATACENTER}" 137 | 138 | data_dir = "/nomad/data/" 139 | 140 | bind_addr = "0.0.0.0" 141 | 142 | advertise { 143 | http = "{{ GetPrivateIP }}:4646" 144 | rpc = "{{ GetPrivateIP }}:4647" 145 | serf = "{{ GetPrivateIP }}:4648" 146 | } 147 | ' \ 148 | -v "/srv/nomad/data:/nomad/data:rw" \ 149 | -v "/var/run/docker.sock:/var/run/docker.sock" \ 150 | -v "/tmp:/tmp" \ 151 | multani/nomad agent 152 | ``` 153 | 154 | The above command is identical to running this example in Nomad's documentation 155 | for [bootstrapping with 156 | Consul](https://www.nomadproject.io/docs/cluster/bootstrapping.html). 157 | 158 | ## Correctly configuring Nomad data directory 159 | 160 | Due to the way Nomad exposed template files it generates, you need to take 161 | special precautions when configuring its data directory. 162 | 163 | In case you are running Docker containers and using the `template` stanza, 164 | the Nomad `data_dir` has to be configured with the **exact same path as the 165 | host path**, so the host Docker daemon mounts the correct paths, as exported by 166 | the Nomad client, into the scheduled Docker containers. 167 | 168 | You can run the Nomad container with the following options in this case: 169 | 170 | ```bash 171 | export NOMAD_DATA_DIR=/host/path/to/nomad/data 172 | 173 | docker run \ 174 | ...\ 175 | -v "$NOMAD_DATA_DIR:$NOMAD_DATA_DIR:rw" \ 176 | -e "NOMAD_DATA_DIR=$NOMAD_DATA_DIR" \ 177 | multani/nomad agent 178 | ``` 179 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2.1' 2 | 3 | services: 4 | nomad: 5 | image: multani/nomad 6 | build: latest 7 | command: agent -dev 8 | privileged: true 9 | network_mode: host 10 | environment: 11 | NOMAD_LOCAL_CONFIG: | 12 | datacenter = "${REGION:-test}" 13 | region = "${DATACENTER:-test-dc1}" 14 | 15 | data_dir = "/nomad/data/" 16 | 17 | bind_addr = "0.0.0.0" 18 | advertise { 19 | http = "{{ GetPrivateIP }}:4646" 20 | rpc = "{{ GetPrivateIP }}:4647" 21 | serf = "{{ GetPrivateIP }}:4648" 22 | } 23 | 24 | volumes: 25 | - /var/run/docker.sock:/var/run/docker.sock:rw 26 | - /tmp:/tmp 27 | -------------------------------------------------------------------------------- /v0.10.x/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.11 2 | 3 | # Based on https://github.com/djenriquez/nomad 4 | LABEL maintainer="Jonathan Ballet " 5 | 6 | RUN addgroup nomad && \ 7 | adduser -S -G nomad nomad 8 | 9 | # https://github.com/andyshinn/alpine-pkg-glibc/releases 10 | ENV GLIBC_VERSION "2.30-r0" 11 | 12 | # https://github.com/tianon/gosu/releases 13 | ENV GOSU_VERSION 1.11 14 | 15 | # https://github.com/Yelp/dumb-init/releases 16 | ENV DUMB_INIT_VERSION 1.2.2 17 | 18 | # Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after. 19 | RUN set -x \ 20 | && apk --update add --no-cache ca-certificates openssl \ 21 | && update-ca-certificates 22 | 23 | RUN set -x && \ 24 | apk --update add --no-cache --virtual .gosu-deps curl dpkg gnupg && \ 25 | curl -L -o /tmp/glibc-${GLIBC_VERSION}.apk https://github.com/andyshinn/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk && \ 26 | apk add --allow-untrusted /tmp/glibc-${GLIBC_VERSION}.apk && \ 27 | rm -rf /tmp/glibc-${GLIBC_VERSION}.apk /var/cache/apk/* && \ 28 | curl -L -o /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_amd64 && \ 29 | chmod +x /usr/local/bin/dumb-init && \ 30 | dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" && \ 31 | curl -L -o /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" && \ 32 | curl -L -o /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" && \ 33 | export GNUPGHOME="$(mktemp -d)" && \ 34 | gpg --keyserver pgp.mit.edu --keyserver keyserver.pgp.com --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && \ 35 | gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \ 36 | rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc && \ 37 | chmod +x /usr/local/bin/gosu && \ 38 | gosu nobody true && \ 39 | apk del .gosu-deps 40 | 41 | # https://releases.hashicorp.com/nomad/ 42 | ENV NOMAD_VERSION 0.10.9 43 | 44 | RUN set -x \ 45 | && apk --update add --no-cache --virtual .nomad-deps curl dpkg gnupg \ 46 | && cd /tmp \ 47 | && curl -L -o nomad_${NOMAD_VERSION}_linux_amd64.zip https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip \ 48 | && curl -L -o nomad_${NOMAD_VERSION}_SHA256SUMS https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \ 49 | && curl -L -o nomad_${NOMAD_VERSION}_SHA256SUMS.sig https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 50 | && export GNUPGHOME="$(mktemp -d)" \ 51 | && gpg --keyserver pgp.mit.edu --keyserver keyserver.pgp.com --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 91A6E7F85D05C65630BEF18951852D87348FFC4C \ 52 | && gpg --batch --verify nomad_${NOMAD_VERSION}_SHA256SUMS.sig nomad_${NOMAD_VERSION}_SHA256SUMS \ 53 | && grep nomad_${NOMAD_VERSION}_linux_amd64.zip nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c \ 54 | && unzip -d /bin nomad_${NOMAD_VERSION}_linux_amd64.zip \ 55 | && chmod +x /bin/nomad \ 56 | && rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_linux_amd64.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 57 | && apk del .nomad-deps 58 | 59 | RUN mkdir -p /nomad/data && \ 60 | mkdir -p /etc/nomad && \ 61 | chown -R nomad:nomad /nomad 62 | 63 | EXPOSE 4646 4647 4648 4648/udp 64 | 65 | ADD start.sh /usr/local/bin/start.sh 66 | 67 | ENTRYPOINT ["/usr/local/bin/start.sh"] 68 | -------------------------------------------------------------------------------- /v0.10.x/start.sh: -------------------------------------------------------------------------------- 1 | #!/usr/local/bin/dumb-init /bin/sh 2 | # Script created following Hashicorp's model for Consul: 3 | # https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh 4 | # Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'. 5 | set -e 6 | 7 | # Note above that we run dumb-init as PID 1 in order to reap zombie processes 8 | # as well as forward signals to all processes in its session. Normally, sh 9 | # wouldn't do either of these functions so we'd leak zombies as well as do 10 | # unclean termination of all our sub-processes. 11 | 12 | # NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The 13 | # NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional 14 | # config files in there if you use this image as a base, or use NOMAD_LOCAL_CONFIG 15 | # below. 16 | NOMAD_DATA_DIR=${NOMAD_DATA_DIR:-"/nomad/data"} 17 | NOMAD_CONFIG_DIR=${NOMAD_CONFIG_DIR:-"/etc/nomad"} 18 | 19 | # You can also set the NOMAD_LOCAL_CONFIG environemnt variable to pass some 20 | # Nomad configuration JSON without having to bind any volumes. 21 | if [ -n "$NOMAD_LOCAL_CONFIG" ]; then 22 | echo "$NOMAD_LOCAL_CONFIG" > "$NOMAD_CONFIG_DIR/local.json" 23 | fi 24 | 25 | # If the user is trying to run Nomad directly with some arguments, then 26 | # pass them to Nomad. 27 | if [ "${1:0:1}" = '-' ]; then 28 | set -- nomad "$@" 29 | fi 30 | 31 | # Look for Nomad subcommands. 32 | if [ "$1" = 'agent' ]; then 33 | shift 34 | set -- nomad agent \ 35 | -data-dir="$NOMAD_DATA_DIR" \ 36 | -config="$NOMAD_CONFIG_DIR" \ 37 | "$@" 38 | elif [ "$1" = 'version' ]; then 39 | # This needs a special case because there's no help output. 40 | set -- nomad "$@" 41 | elif nomad --help "$1" 2>&1 | grep -q "nomad $1"; then 42 | # We can't use the return code to check for the existence of a subcommand, so 43 | # we have to use grep to look for a pattern in the help output. 44 | set -- nomad "$@" 45 | fi 46 | 47 | # If we are running Nomad, make sure it executes as the proper user. 48 | if [ "$1" = 'nomad' ]; then 49 | # If the data or config dirs are bind mounted then chown them. 50 | # Note: This checks for root ownership as that's the most common case. 51 | if [ "$(stat -c %u /nomad/data)" != "$(id -u root)" ]; then 52 | chown root:root /etc/nomad 53 | fi 54 | 55 | # If requested, set the capability to bind to privileged ports before 56 | # we drop to the non-root user. Note that this doesn't work with all 57 | # storage drivers (it won't work with AUFS). 58 | if [ ! -z ${NOMAD+x} ]; then 59 | setcap "cap_net_bind_service=+ep" /bin/nomad 60 | fi 61 | 62 | set -- gosu root "$@" 63 | fi 64 | 65 | exec "$@" 66 | -------------------------------------------------------------------------------- /v0.11.x/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.11 2 | 3 | # Based on https://github.com/djenriquez/nomad 4 | LABEL maintainer="Jonathan Ballet " 5 | 6 | RUN addgroup nomad && \ 7 | adduser -S -G nomad nomad 8 | 9 | # https://github.com/andyshinn/alpine-pkg-glibc/releases 10 | ENV GLIBC_VERSION "2.30-r0" 11 | 12 | # https://github.com/tianon/gosu/releases 13 | ENV GOSU_VERSION 1.11 14 | 15 | # https://github.com/Yelp/dumb-init/releases 16 | ENV DUMB_INIT_VERSION 1.2.2 17 | 18 | # Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after. 19 | RUN set -x \ 20 | && apk --update add --no-cache ca-certificates openssl \ 21 | && update-ca-certificates 22 | 23 | RUN set -x && \ 24 | apk --update add --no-cache --virtual .gosu-deps curl dpkg gnupg && \ 25 | curl -L -o /tmp/glibc-${GLIBC_VERSION}.apk https://github.com/andyshinn/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk && \ 26 | apk add --allow-untrusted /tmp/glibc-${GLIBC_VERSION}.apk && \ 27 | rm -rf /tmp/glibc-${GLIBC_VERSION}.apk /var/cache/apk/* && \ 28 | curl -L -o /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_amd64 && \ 29 | chmod +x /usr/local/bin/dumb-init && \ 30 | dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" && \ 31 | curl -L -o /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" && \ 32 | curl -L -o /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" && \ 33 | export GNUPGHOME="$(mktemp -d)" && \ 34 | gpg --keyserver pgp.mit.edu --keyserver keyserver.pgp.com --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && \ 35 | gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \ 36 | rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc && \ 37 | chmod +x /usr/local/bin/gosu && \ 38 | gosu nobody true && \ 39 | apk del .gosu-deps 40 | 41 | # https://releases.hashicorp.com/nomad/ 42 | ENV NOMAD_VERSION 0.11.8 43 | 44 | RUN set -x \ 45 | && apk --update add --no-cache --virtual .nomad-deps curl dpkg gnupg \ 46 | && cd /tmp \ 47 | && curl -L -o nomad_${NOMAD_VERSION}_linux_amd64.zip https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip \ 48 | && curl -L -o nomad_${NOMAD_VERSION}_SHA256SUMS https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \ 49 | && curl -L -o nomad_${NOMAD_VERSION}_SHA256SUMS.sig https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 50 | && export GNUPGHOME="$(mktemp -d)" \ 51 | && gpg --keyserver pgp.mit.edu --keyserver keyserver.pgp.com --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 91A6E7F85D05C65630BEF18951852D87348FFC4C \ 52 | && gpg --batch --verify nomad_${NOMAD_VERSION}_SHA256SUMS.sig nomad_${NOMAD_VERSION}_SHA256SUMS \ 53 | && grep nomad_${NOMAD_VERSION}_linux_amd64.zip nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c \ 54 | && unzip -d /bin nomad_${NOMAD_VERSION}_linux_amd64.zip \ 55 | && chmod +x /bin/nomad \ 56 | && rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_linux_amd64.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 57 | && apk del .nomad-deps 58 | 59 | RUN mkdir -p /nomad/data && \ 60 | mkdir -p /etc/nomad && \ 61 | chown -R nomad:nomad /nomad /etc/nomad 62 | 63 | EXPOSE 4646 4647 4648 4648/udp 64 | 65 | ADD start.sh /usr/local/bin/start.sh 66 | 67 | ENTRYPOINT ["/usr/local/bin/start.sh"] 68 | -------------------------------------------------------------------------------- /v0.11.x/start.sh: -------------------------------------------------------------------------------- 1 | #!/usr/local/bin/dumb-init /bin/sh 2 | # Script created following Hashicorp's model for Consul: 3 | # https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh 4 | # Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'. 5 | set -e 6 | 7 | # Note above that we run dumb-init as PID 1 in order to reap zombie processes 8 | # as well as forward signals to all processes in its session. Normally, sh 9 | # wouldn't do either of these functions so we'd leak zombies as well as do 10 | # unclean termination of all our sub-processes. 11 | 12 | # NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The 13 | # NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional 14 | # config files in there if you use this image as a base, or use NOMAD_LOCAL_CONFIG 15 | # below. 16 | NOMAD_DATA_DIR=${NOMAD_DATA_DIR:-"/nomad/data"} 17 | NOMAD_CONFIG_DIR=${NOMAD_CONFIG_DIR:-"/etc/nomad"} 18 | 19 | # You can also set the NOMAD_LOCAL_CONFIG environemnt variable to pass some 20 | # Nomad configuration JSON without having to bind any volumes. 21 | if [ -n "$NOMAD_LOCAL_CONFIG" ]; then 22 | echo "$NOMAD_LOCAL_CONFIG" > "$NOMAD_CONFIG_DIR/local.json" 23 | fi 24 | 25 | # If the user is trying to run Nomad directly with some arguments, then 26 | # pass them to Nomad. 27 | if [ "${1:0:1}" = '-' ]; then 28 | set -- nomad "$@" 29 | fi 30 | 31 | # Look for Nomad subcommands. 32 | if [ "$1" = 'agent' ]; then 33 | shift 34 | set -- nomad agent \ 35 | -data-dir="$NOMAD_DATA_DIR" \ 36 | -config="$NOMAD_CONFIG_DIR" \ 37 | "$@" 38 | elif [ "$1" = 'version' ]; then 39 | # This needs a special case because there's no help output. 40 | set -- nomad "$@" 41 | elif nomad --help "$1" 2>&1 | grep -q "nomad $1"; then 42 | # We can't use the return code to check for the existence of a subcommand, so 43 | # we have to use grep to look for a pattern in the help output. 44 | set -- nomad "$@" 45 | fi 46 | 47 | # If we are running Nomad, make sure it executes as the proper user. 48 | if [ "$1" = 'nomad' -a -z "${NOMAD_DISABLE_PERM_MGMT+x}" ]; then 49 | # If the data or config dirs are bind mounted then chown them. 50 | # Note: This checks for root ownership as that's the most common case. 51 | if [ "$(stat -c %u $NOMAD_DATA_DIR)" != "$(id -u root)" ]; then 52 | chown root:root $NOMAD_DATA_DIR 53 | fi 54 | 55 | # If requested, set the capability to bind to privileged ports before 56 | # we drop to the non-root user. Note that this doesn't work with all 57 | # storage drivers (it won't work with AUFS). 58 | if [ ! -z ${NOMAD+x} ]; then 59 | setcap "cap_net_bind_service=+ep" /bin/nomad 60 | fi 61 | 62 | set -- gosu root "$@" 63 | fi 64 | 65 | exec "$@" 66 | -------------------------------------------------------------------------------- /v0.12.x/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.12 2 | 3 | SHELL ["/bin/ash", "-x", "-c", "-o", "pipefail"] 4 | 5 | # Based on https://github.com/djenriquez/nomad 6 | LABEL maintainer="Jonathan Ballet " 7 | 8 | RUN addgroup nomad && \ 9 | adduser -S -G nomad nomad 10 | 11 | # Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after. 12 | RUN apk --update --no-cache add \ 13 | ca-certificates \ 14 | && update-ca-certificates 15 | 16 | 17 | # https://github.com/sgerrand/alpine-pkg-glibc/releases 18 | ENV GLIBC_VERSION "2.32-r0" 19 | 20 | RUN wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub && \ 21 | wget -q -O glibc.apk https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk && \ 22 | apk add --no-cache \ 23 | glibc.apk && \ 24 | rm glibc.apk 25 | 26 | RUN apk add --no-cache \ 27 | dumb-init 28 | 29 | # Install timezone data so we can run Nomad periodic jobs containing timezone information 30 | RUN apk add --no-cache \ 31 | tzdata 32 | 33 | # https://github.com/tianon/gosu/releases 34 | ENV GOSU_VERSION "1.12" 35 | 36 | RUN apk --update add --no-cache --virtual .gosu-deps dpkg gnupg && \ 37 | dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" && \ 38 | wget -q -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" && \ 39 | wget -q -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" && \ 40 | GNUPGHOME="$(mktemp -d)" && \ 41 | export GNUPGHOME && \ 42 | gpg --keyserver pgp.mit.edu --keyserver keyserver.pgp.com --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && \ 43 | gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \ 44 | rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc && \ 45 | chmod +x /usr/local/bin/gosu && \ 46 | gosu nobody true && \ 47 | apk del .gosu-deps 48 | 49 | # https://releases.hashicorp.com/nomad/ 50 | ENV NOMAD_VERSION 0.12.10 51 | 52 | RUN apk --update add --no-cache --virtual .nomad-deps dpkg gnupg \ 53 | && wget -q -O nomad_${NOMAD_VERSION}_linux_amd64.zip https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip \ 54 | && wget -q -O nomad_${NOMAD_VERSION}_SHA256SUMS https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \ 55 | && wget -q -O nomad_${NOMAD_VERSION}_SHA256SUMS.sig https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 56 | && GNUPGHOME="$(mktemp -d)" \ 57 | && export GNUPGHOME \ 58 | && gpg --keyserver pgp.mit.edu --keyserver keyserver.pgp.com --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 91A6E7F85D05C65630BEF18951852D87348FFC4C \ 59 | && gpg --batch --verify nomad_${NOMAD_VERSION}_SHA256SUMS.sig nomad_${NOMAD_VERSION}_SHA256SUMS \ 60 | && grep nomad_${NOMAD_VERSION}_linux_amd64.zip nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c \ 61 | && unzip -d /bin nomad_${NOMAD_VERSION}_linux_amd64.zip \ 62 | && chmod +x /bin/nomad \ 63 | && rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_linux_amd64.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 64 | && apk del .nomad-deps 65 | 66 | RUN mkdir -p /nomad/data && \ 67 | mkdir -p /etc/nomad && \ 68 | chown -R nomad:nomad /nomad /etc/nomad 69 | 70 | EXPOSE 4646 4647 4648 4648/udp 71 | 72 | COPY start.sh /usr/local/bin/ 73 | 74 | ENTRYPOINT ["/usr/local/bin/start.sh"] 75 | -------------------------------------------------------------------------------- /v0.12.x/start.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/dumb-init /bin/sh 2 | # Script created following Hashicorp's model for Consul: 3 | # https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh 4 | # Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'. 5 | set -e 6 | 7 | # Note above that we run dumb-init as PID 1 in order to reap zombie processes 8 | # as well as forward signals to all processes in its session. Normally, sh 9 | # wouldn't do either of these functions so we'd leak zombies as well as do 10 | # unclean termination of all our sub-processes. 11 | 12 | # NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The 13 | # NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional 14 | # config files in there if you use this image as a base, or use NOMAD_LOCAL_CONFIG 15 | # below. 16 | NOMAD_DATA_DIR=${NOMAD_DATA_DIR:-"/nomad/data"} 17 | NOMAD_CONFIG_DIR=${NOMAD_CONFIG_DIR:-"/etc/nomad"} 18 | 19 | # You can also set the NOMAD_LOCAL_CONFIG environemnt variable to pass some 20 | # Nomad configuration JSON without having to bind any volumes. 21 | if [ -n "$NOMAD_LOCAL_CONFIG" ]; then 22 | echo "$NOMAD_LOCAL_CONFIG" > "$NOMAD_CONFIG_DIR/local.json" 23 | fi 24 | 25 | # If the user is trying to run Nomad directly with some arguments, then 26 | # pass them to Nomad. 27 | if [ "${1:0:1}" = '-' ]; then 28 | set -- nomad "$@" 29 | fi 30 | 31 | # Look for Nomad subcommands. 32 | if [ "$1" = 'agent' ]; then 33 | shift 34 | set -- nomad agent \ 35 | -data-dir="$NOMAD_DATA_DIR" \ 36 | -config="$NOMAD_CONFIG_DIR" \ 37 | "$@" 38 | elif [ "$1" = 'version' ]; then 39 | # This needs a special case because there's no help output. 40 | set -- nomad "$@" 41 | elif nomad --help "$1" 2>&1 | grep -q "nomad $1"; then 42 | # We can't use the return code to check for the existence of a subcommand, so 43 | # we have to use grep to look for a pattern in the help output. 44 | set -- nomad "$@" 45 | fi 46 | 47 | # If we are running Nomad, make sure it executes as the proper user. 48 | if [ "$1" = 'nomad' -a -z "${NOMAD_DISABLE_PERM_MGMT+x}" ]; then 49 | # If the data or config dirs are bind mounted then chown them. 50 | # Note: This checks for root ownership as that's the most common case. 51 | if [ "$(stat -c %u $NOMAD_DATA_DIR)" != "$(id -u root)" ]; then 52 | chown root:root $NOMAD_DATA_DIR 53 | fi 54 | 55 | # If requested, set the capability to bind to privileged ports before 56 | # we drop to the non-root user. Note that this doesn't work with all 57 | # storage drivers (it won't work with AUFS). 58 | if [ ! -z ${NOMAD+x} ]; then 59 | setcap "cap_net_bind_service=+ep" /bin/nomad 60 | fi 61 | 62 | set -- gosu root "$@" 63 | fi 64 | 65 | exec "$@" 66 | -------------------------------------------------------------------------------- /v0.9.x/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.9 2 | 3 | # Based on https://github.com/djenriquez/nomad 4 | LABEL maintainer="Jonathan Ballet " 5 | 6 | RUN addgroup nomad && \ 7 | adduser -S -G nomad nomad 8 | 9 | # https://github.com/andyshinn/alpine-pkg-glibc/releases 10 | ENV GLIBC_VERSION "2.29-r0" 11 | 12 | # https://github.com/tianon/gosu/releases 13 | ENV GOSU_VERSION 1.11 14 | 15 | # https://github.com/Yelp/dumb-init/releases 16 | ENV DUMB_INIT_VERSION 1.2.2 17 | 18 | # Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after. 19 | RUN set -x \ 20 | && apk --update add --no-cache ca-certificates openssl \ 21 | && update-ca-certificates 22 | 23 | RUN set -x && \ 24 | apk --update add --no-cache --virtual .gosu-deps curl dpkg gnupg && \ 25 | curl -L -o /tmp/glibc-${GLIBC_VERSION}.apk https://github.com/andyshinn/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk && \ 26 | apk add --allow-untrusted /tmp/glibc-${GLIBC_VERSION}.apk && \ 27 | rm -rf /tmp/glibc-${GLIBC_VERSION}.apk /var/cache/apk/* && \ 28 | curl -L -o /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_amd64 && \ 29 | chmod +x /usr/local/bin/dumb-init && \ 30 | dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" && \ 31 | curl -L -o /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" && \ 32 | curl -L -o /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" && \ 33 | export GNUPGHOME="$(mktemp -d)" && \ 34 | gpg --keyserver pgp.mit.edu --keyserver keyserver.pgp.com --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && \ 35 | gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \ 36 | rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc && \ 37 | chmod +x /usr/local/bin/gosu && \ 38 | gosu nobody true && \ 39 | apk del .gosu-deps 40 | 41 | # https://releases.hashicorp.com/nomad/ 42 | ENV NOMAD_VERSION 0.9.7 43 | 44 | RUN set -x \ 45 | && apk --update add --no-cache --virtual .nomad-deps curl dpkg gnupg \ 46 | && cd /tmp \ 47 | && curl -L -o nomad_${NOMAD_VERSION}_linux_amd64.zip https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip \ 48 | && curl -L -o nomad_${NOMAD_VERSION}_SHA256SUMS https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \ 49 | && curl -L -o nomad_${NOMAD_VERSION}_SHA256SUMS.sig https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 50 | && export GNUPGHOME="$(mktemp -d)" \ 51 | && gpg --keyserver pgp.mit.edu --keyserver keyserver.pgp.com --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 91A6E7F85D05C65630BEF18951852D87348FFC4C \ 52 | && gpg --batch --verify nomad_${NOMAD_VERSION}_SHA256SUMS.sig nomad_${NOMAD_VERSION}_SHA256SUMS \ 53 | && grep nomad_${NOMAD_VERSION}_linux_amd64.zip nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c \ 54 | && unzip -d /bin nomad_${NOMAD_VERSION}_linux_amd64.zip \ 55 | && chmod +x /bin/nomad \ 56 | && rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_linux_amd64.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 57 | && apk del .nomad-deps 58 | 59 | RUN mkdir -p /nomad/data && \ 60 | mkdir -p /etc/nomad && \ 61 | chown -R nomad:nomad /nomad 62 | 63 | EXPOSE 4646 4647 4648 4648/udp 64 | 65 | ADD start.sh /usr/local/bin/start.sh 66 | 67 | ENTRYPOINT ["/usr/local/bin/start.sh"] 68 | -------------------------------------------------------------------------------- /v0.9.x/start.sh: -------------------------------------------------------------------------------- 1 | #!/usr/local/bin/dumb-init /bin/sh 2 | # Script created following Hashicorp's model for Consul: 3 | # https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh 4 | # Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'. 5 | set -e 6 | 7 | # Note above that we run dumb-init as PID 1 in order to reap zombie processes 8 | # as well as forward signals to all processes in its session. Normally, sh 9 | # wouldn't do either of these functions so we'd leak zombies as well as do 10 | # unclean termination of all our sub-processes. 11 | 12 | # NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The 13 | # NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional 14 | # config files in there if you use this image as a base, or use NOMAD_LOCAL_CONFIG 15 | # below. 16 | NOMAD_DATA_DIR=${NOMAD_DATA_DIR:-"/nomad/data"} 17 | NOMAD_CONFIG_DIR=${NOMAD_CONFIG_DIR:-"/etc/nomad"} 18 | 19 | # You can also set the NOMAD_LOCAL_CONFIG environemnt variable to pass some 20 | # Nomad configuration JSON without having to bind any volumes. 21 | if [ -n "$NOMAD_LOCAL_CONFIG" ]; then 22 | echo "$NOMAD_LOCAL_CONFIG" > "$NOMAD_CONFIG_DIR/local.json" 23 | fi 24 | 25 | # If the user is trying to run Nomad directly with some arguments, then 26 | # pass them to Nomad. 27 | if [ "${1:0:1}" = '-' ]; then 28 | set -- nomad "$@" 29 | fi 30 | 31 | # Look for Nomad subcommands. 32 | if [ "$1" = 'agent' ]; then 33 | shift 34 | set -- nomad agent \ 35 | -data-dir="$NOMAD_DATA_DIR" \ 36 | -config="$NOMAD_CONFIG_DIR" \ 37 | "$@" 38 | elif [ "$1" = 'version' ]; then 39 | # This needs a special case because there's no help output. 40 | set -- nomad "$@" 41 | elif nomad --help "$1" 2>&1 | grep -q "nomad $1"; then 42 | # We can't use the return code to check for the existence of a subcommand, so 43 | # we have to use grep to look for a pattern in the help output. 44 | set -- nomad "$@" 45 | fi 46 | 47 | # If we are running Nomad, make sure it executes as the proper user. 48 | if [ "$1" = 'nomad' ]; then 49 | # If the data or config dirs are bind mounted then chown them. 50 | # Note: This checks for root ownership as that's the most common case. 51 | if [ "$(stat -c %u /nomad/data)" != "$(id -u root)" ]; then 52 | chown root:root /etc/nomad 53 | fi 54 | 55 | # If requested, set the capability to bind to privileged ports before 56 | # we drop to the non-root user. Note that this doesn't work with all 57 | # storage drivers (it won't work with AUFS). 58 | if [ ! -z ${NOMAD+x} ]; then 59 | setcap "cap_net_bind_service=+ep" /bin/nomad 60 | fi 61 | 62 | set -- gosu root "$@" 63 | fi 64 | 65 | exec "$@" 66 | -------------------------------------------------------------------------------- /v1.0.x/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.13 2 | 3 | SHELL ["/bin/ash", "-x", "-c", "-o", "pipefail"] 4 | 5 | # https://releases.hashicorp.com/nomad/ 6 | ARG NOMAD_VERSION 7 | RUN test -n "$NOMAD_VERSION" || (echo "NOMAD_VERSION argument must be set" && false) 8 | 9 | # Based on https://github.com/djenriquez/nomad 10 | LABEL maintainer="Jonathan Ballet " 11 | 12 | RUN addgroup nomad \ 13 | && adduser -S -G nomad nomad \ 14 | && mkdir -p /nomad/data \ 15 | && mkdir -p /etc/nomad \ 16 | && chown -R nomad:nomad /nomad /etc/nomad 17 | 18 | # Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after. 19 | # Install timezone data so we can run Nomad periodic jobs containing timezone information 20 | RUN apk --update --no-cache add \ 21 | ca-certificates \ 22 | dumb-init \ 23 | libcap \ 24 | tzdata \ 25 | su-exec \ 26 | && update-ca-certificates 27 | 28 | # https://github.com/sgerrand/alpine-pkg-glibc/releases 29 | ARG GLIBC_VERSION=2.33-r0 30 | 31 | ADD https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub 32 | ADD https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \ 33 | glibc.apk 34 | RUN apk add --no-cache \ 35 | glibc.apk \ 36 | && rm glibc.apk 37 | 38 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip \ 39 | nomad_${NOMAD_VERSION}_linux_amd64.zip 40 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \ 41 | nomad_${NOMAD_VERSION}_SHA256SUMS 42 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 43 | nomad_${NOMAD_VERSION}_SHA256SUMS.sig 44 | RUN apk add --no-cache --virtual .nomad-deps gnupg \ 45 | && GNUPGHOME="$(mktemp -d)" \ 46 | && export GNUPGHOME \ 47 | && gpg --keyserver pgp.mit.edu --keyserver keys.openpgp.org --keyserver keyserver.ubuntu.com --recv-keys "C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F" \ 48 | && gpg --batch --verify nomad_${NOMAD_VERSION}_SHA256SUMS.sig nomad_${NOMAD_VERSION}_SHA256SUMS \ 49 | && grep nomad_${NOMAD_VERSION}_linux_amd64.zip nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c \ 50 | && unzip -d /bin nomad_${NOMAD_VERSION}_linux_amd64.zip \ 51 | && chmod +x /bin/nomad \ 52 | && rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_linux_amd64.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 53 | && apk del .nomad-deps 54 | 55 | EXPOSE 4646 4647 4648 4648/udp 56 | 57 | COPY start.sh /usr/local/bin/ 58 | 59 | ENTRYPOINT ["/usr/local/bin/start.sh"] 60 | -------------------------------------------------------------------------------- /v1.0.x/nomad-version: -------------------------------------------------------------------------------- 1 | 1.0.15 2 | -------------------------------------------------------------------------------- /v1.0.x/start.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/dumb-init /bin/sh 2 | # Script created following Hashicorp's model for Consul: 3 | # https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh 4 | # Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'. 5 | set -e 6 | 7 | # Note above that we run dumb-init as PID 1 in order to reap zombie processes 8 | # as well as forward signals to all processes in its session. Normally, sh 9 | # wouldn't do either of these functions so we'd leak zombies as well as do 10 | # unclean termination of all our sub-processes. 11 | 12 | # NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The 13 | # NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional 14 | # config files in there if you use this image as a base, or use NOMAD_LOCAL_CONFIG 15 | # below. 16 | NOMAD_DATA_DIR=${NOMAD_DATA_DIR:-"/nomad/data"} 17 | NOMAD_CONFIG_DIR=${NOMAD_CONFIG_DIR:-"/etc/nomad"} 18 | 19 | # You can also set the NOMAD_LOCAL_CONFIG environemnt variable to pass some 20 | # Nomad configuration JSON without having to bind any volumes. 21 | if [ -n "$NOMAD_LOCAL_CONFIG" ]; then 22 | echo "$NOMAD_LOCAL_CONFIG" > "$NOMAD_CONFIG_DIR/local.json" 23 | fi 24 | 25 | # If the user is trying to run Nomad directly with some arguments, then 26 | # pass them to Nomad. 27 | if [ "${1:0:1}" = '-' ]; then 28 | set -- nomad "$@" 29 | fi 30 | 31 | # Look for Nomad subcommands. 32 | if [ "$1" = 'agent' ]; then 33 | shift 34 | set -- nomad agent \ 35 | -data-dir="$NOMAD_DATA_DIR" \ 36 | -config="$NOMAD_CONFIG_DIR" \ 37 | "$@" 38 | elif [ "$1" = 'version' ]; then 39 | # This needs a special case because there's no help output. 40 | set -- nomad "$@" 41 | elif nomad --help "$1" 2>&1 | grep -q "nomad $1"; then 42 | # We can't use the return code to check for the existence of a subcommand, so 43 | # we have to use grep to look for a pattern in the help output. 44 | set -- nomad "$@" 45 | fi 46 | 47 | # If we are running Nomad, make sure it executes as the proper user. 48 | if [ "$1" = 'nomad' ] && [ -z "${NOMAD_DISABLE_PERM_MGMT+x}" ]; then 49 | # If the data or config dirs are bind mounted then chown them. 50 | # Note: This checks for root ownership as that's the most common case. 51 | if [ "$(stat -c %u $NOMAD_DATA_DIR)" != "$(id -u root)" ]; then 52 | chown root:root $NOMAD_DATA_DIR 53 | fi 54 | 55 | # If requested, set the capability to bind to privileged ports before 56 | # we drop to the non-root user. Note that this doesn't work with all 57 | # storage drivers (it won't work with AUFS). 58 | if [ -n ${NOMAD+x} ]; then 59 | setcap "cap_net_bind_service=+ep" /bin/nomad 60 | fi 61 | 62 | set -- su-exec root "$@" 63 | fi 64 | 65 | exec "$@" 66 | -------------------------------------------------------------------------------- /v1.1.x/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.14 2 | 3 | SHELL ["/bin/ash", "-x", "-c", "-o", "pipefail"] 4 | 5 | # https://releases.hashicorp.com/nomad/ 6 | ARG NOMAD_VERSION 7 | RUN test -n "$NOMAD_VERSION" || (echo "NOMAD_VERSION argument must be set" && false) 8 | 9 | # Based on https://github.com/djenriquez/nomad 10 | LABEL maintainer="Jonathan Ballet " 11 | 12 | RUN addgroup nomad \ 13 | && adduser -S -G nomad nomad \ 14 | && mkdir -p /nomad/data \ 15 | && mkdir -p /etc/nomad \ 16 | && chown -R nomad:nomad /nomad /etc/nomad 17 | 18 | # Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after. 19 | # Install timezone data so we can run Nomad periodic jobs containing timezone information 20 | RUN apk --update --no-cache add \ 21 | ca-certificates \ 22 | dumb-init \ 23 | libcap \ 24 | tzdata \ 25 | su-exec \ 26 | && update-ca-certificates 27 | 28 | # https://github.com/sgerrand/alpine-pkg-glibc/releases 29 | ARG GLIBC_VERSION=2.33-r0 30 | 31 | ADD https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub 32 | ADD https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \ 33 | glibc.apk 34 | RUN apk add --no-cache \ 35 | glibc.apk \ 36 | && rm glibc.apk 37 | 38 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip \ 39 | nomad_${NOMAD_VERSION}_linux_amd64.zip 40 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \ 41 | nomad_${NOMAD_VERSION}_SHA256SUMS 42 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 43 | nomad_${NOMAD_VERSION}_SHA256SUMS.sig 44 | RUN apk add --no-cache --virtual .nomad-deps gnupg \ 45 | && GNUPGHOME="$(mktemp -d)" \ 46 | && export GNUPGHOME \ 47 | && gpg --keyserver pgp.mit.edu --keyserver keys.openpgp.org --keyserver keyserver.ubuntu.com --recv-keys "C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F" \ 48 | && gpg --batch --verify nomad_${NOMAD_VERSION}_SHA256SUMS.sig nomad_${NOMAD_VERSION}_SHA256SUMS \ 49 | && grep nomad_${NOMAD_VERSION}_linux_amd64.zip nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c \ 50 | && unzip -d /bin nomad_${NOMAD_VERSION}_linux_amd64.zip \ 51 | && chmod +x /bin/nomad \ 52 | && rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_linux_amd64.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 53 | && apk del .nomad-deps 54 | 55 | EXPOSE 4646 4647 4648 4648/udp 56 | 57 | COPY start.sh /usr/local/bin/ 58 | 59 | ENTRYPOINT ["/usr/local/bin/start.sh"] 60 | -------------------------------------------------------------------------------- /v1.1.x/nomad-version: -------------------------------------------------------------------------------- 1 | 1.1.18 2 | -------------------------------------------------------------------------------- /v1.1.x/start.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/dumb-init /bin/sh 2 | # Script created following Hashicorp's model for Consul: 3 | # https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh 4 | # Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'. 5 | set -e 6 | 7 | # Note above that we run dumb-init as PID 1 in order to reap zombie processes 8 | # as well as forward signals to all processes in its session. Normally, sh 9 | # wouldn't do either of these functions so we'd leak zombies as well as do 10 | # unclean termination of all our sub-processes. 11 | 12 | # NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The 13 | # NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional 14 | # config files in there if you use this image as a base, or use NOMAD_LOCAL_CONFIG 15 | # below. 16 | NOMAD_DATA_DIR=${NOMAD_DATA_DIR:-"/nomad/data"} 17 | NOMAD_CONFIG_DIR=${NOMAD_CONFIG_DIR:-"/etc/nomad"} 18 | 19 | # You can also set the NOMAD_LOCAL_CONFIG environemnt variable to pass some 20 | # Nomad configuration JSON without having to bind any volumes. 21 | if [ -n "$NOMAD_LOCAL_CONFIG" ]; then 22 | echo "$NOMAD_LOCAL_CONFIG" > "$NOMAD_CONFIG_DIR/local.json" 23 | fi 24 | 25 | # If the user is trying to run Nomad directly with some arguments, then 26 | # pass them to Nomad. 27 | if [ "${1:0:1}" = '-' ]; then 28 | set -- nomad "$@" 29 | fi 30 | 31 | # Look for Nomad subcommands. 32 | if [ "$1" = 'agent' ]; then 33 | shift 34 | set -- nomad agent \ 35 | -data-dir="$NOMAD_DATA_DIR" \ 36 | -config="$NOMAD_CONFIG_DIR" \ 37 | "$@" 38 | elif [ "$1" = 'version' ]; then 39 | # This needs a special case because there's no help output. 40 | set -- nomad "$@" 41 | elif nomad --help "$1" 2>&1 | grep -q "nomad $1"; then 42 | # We can't use the return code to check for the existence of a subcommand, so 43 | # we have to use grep to look for a pattern in the help output. 44 | set -- nomad "$@" 45 | fi 46 | 47 | # If we are running Nomad, make sure it executes as the proper user. 48 | if [ "$1" = 'nomad' ] && [ -z "${NOMAD_DISABLE_PERM_MGMT+x}" ]; then 49 | # If the data or config dirs are bind mounted then chown them. 50 | # Note: This checks for root ownership as that's the most common case. 51 | if [ "$(stat -c %u $NOMAD_DATA_DIR)" != "$(id -u root)" ]; then 52 | chown root:root $NOMAD_DATA_DIR 53 | fi 54 | 55 | # If requested, set the capability to bind to privileged ports before 56 | # we drop to the non-root user. Note that this doesn't work with all 57 | # storage drivers (it won't work with AUFS). 58 | if [ -n ${NOMAD+x} ]; then 59 | setcap "cap_net_bind_service=+ep" /bin/nomad 60 | fi 61 | 62 | set -- su-exec root "$@" 63 | fi 64 | 65 | exec "$@" 66 | -------------------------------------------------------------------------------- /v1.10.x/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:12.10-slim 2 | 3 | # Fetch the target information injected by Docker build 4 | ARG TARGETOS 5 | ARG TARGETARCH 6 | 7 | SHELL ["/bin/bash", "-x", "-c", "-o", "pipefail"] 8 | 9 | # https://releases.hashicorp.com/nomad/ 10 | ARG NOMAD_VERSION 11 | RUN test -n "$NOMAD_VERSION" || (echo "NOMAD_VERSION argument must be set" && false) 12 | 13 | RUN groupadd nomad \ 14 | && useradd --system --gid nomad nomad \ 15 | && mkdir --parents /nomad/data \ 16 | && mkdir --parents /etc/nomad \ 17 | && chown --recursive nomad:nomad /nomad /etc/nomad 18 | 19 | # Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after. 20 | # Install timezone data so we can run Nomad periodic jobs containing timezone information 21 | RUN apt-get update \ 22 | && apt-get install --yes --no-install-recommends \ 23 | ca-certificates \ 24 | dumb-init \ 25 | libcap2 \ 26 | tzdata \ 27 | && update-ca-certificates \ 28 | && rm -rf /var/lib/apt/lists/* 29 | 30 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 31 | nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip 32 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \ 33 | nomad_${NOMAD_VERSION}_SHA256SUMS 34 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 35 | nomad_${NOMAD_VERSION}_SHA256SUMS.sig 36 | 37 | RUN apt-get update \ 38 | && apt-get install --yes --no-install-recommends \ 39 | gnupg \ 40 | unzip \ 41 | && GNUPGHOME="$(mktemp -d)" \ 42 | && export GNUPGHOME \ 43 | && gpg --keyserver pgp.mit.edu --keyserver keys.openpgp.org --keyserver keyserver.ubuntu.com --recv-keys "C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F" \ 44 | && gpg --batch --verify nomad_${NOMAD_VERSION}_SHA256SUMS.sig nomad_${NOMAD_VERSION}_SHA256SUMS \ 45 | && grep nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c \ 46 | && unzip -d /bin nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 47 | && chmod +x /bin/nomad \ 48 | && rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 49 | && apt-get autoremove --purge --yes \ 50 | gnupg \ 51 | unzip \ 52 | && rm -rf /var/lib/apt/lists/* 53 | 54 | RUN nomad version 55 | 56 | EXPOSE 4646 4647 4648 4648/udp 57 | 58 | COPY start.sh /usr/local/bin/ 59 | 60 | ENTRYPOINT ["/usr/local/bin/start.sh"] 61 | -------------------------------------------------------------------------------- /v1.10.x/nomad-version: -------------------------------------------------------------------------------- 1 | 1.10.1 2 | -------------------------------------------------------------------------------- /v1.10.x/start.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/dumb-init /bin/sh 2 | # shellcheck shell=dash 3 | # Script created following Hashicorp's model for Consul: 4 | # https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh 5 | # Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'. 6 | set -e 7 | 8 | # Note above that we run dumb-init as PID 1 in order to reap zombie processes 9 | # as well as forward signals to all processes in its session. Normally, sh 10 | # wouldn't do either of these functions so we'd leak zombies as well as do 11 | # unclean termination of all our sub-processes. 12 | # As of docker 1.13, using docker run --init achieves the same outcome. 13 | 14 | # NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The 15 | # NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional 16 | # config files in there if you use this image as a base, or use NOMAD_LOCAL_CONFIG 17 | # below. 18 | NOMAD_DATA_DIR=${NOMAD_DATA_DIR:-"/nomad/data"} 19 | NOMAD_CONFIG_DIR=${NOMAD_CONFIG_DIR:-"/etc/nomad"} 20 | 21 | # You can also set the NOMAD_LOCAL_CONFIG environemnt variable to pass some 22 | # Nomad configuration JSON without having to bind any volumes. 23 | if [ -n "$NOMAD_LOCAL_CONFIG" ]; then 24 | echo "$NOMAD_LOCAL_CONFIG" > "$NOMAD_CONFIG_DIR/local.json" 25 | fi 26 | 27 | # If the user is trying to run Nomad directly with some arguments, then 28 | # pass them to Nomad. 29 | if [ "$(printf "%s" "$1" | cut -c 1)" = '-' ]; then 30 | set -- nomad "$@" 31 | fi 32 | 33 | # Look for Nomad subcommands. 34 | if [ "$1" = 'agent' ]; then 35 | shift 36 | set -- nomad agent \ 37 | -data-dir="$NOMAD_DATA_DIR" \ 38 | -config="$NOMAD_CONFIG_DIR" \ 39 | "$@" 40 | elif [ "$1" = 'version' ]; then 41 | # This needs a special case because there's no help output. 42 | set -- nomad "$@" 43 | elif nomad --help "$1" 2>&1 | grep -q "nomad $1"; then 44 | # We can't use the return code to check for the existence of a subcommand, so 45 | # we have to use grep to look for a pattern in the help output. 46 | set -- nomad "$@" 47 | fi 48 | 49 | # If we are running Nomad, make sure it executes as the proper user. 50 | if [ "$1" = 'nomad' ] && [ -z "${NOMAD_DISABLE_PERM_MGMT+x}" ]; then 51 | # If the data or config dirs are bind mounted then chown them. 52 | # Note: This checks for root ownership as that's the most common case. 53 | if [ "$(stat -c %u "$NOMAD_DATA_DIR")" != "$(id -u root)" ]; then 54 | chown root:root "$NOMAD_DATA_DIR" 55 | fi 56 | 57 | # If requested, set the capability to bind to privileged ports before 58 | # we drop to the non-root user. Note that this doesn't work with all 59 | # storage drivers (it won't work with AUFS). 60 | if [ -n "${NOMAD+x}" ]; then 61 | setcap "cap_net_bind_service=+ep" /bin/nomad 62 | fi 63 | 64 | exec runuser -u root -- "$@" 65 | fi 66 | 67 | exec "$@" 68 | -------------------------------------------------------------------------------- /v1.2.x/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:12.10-slim 2 | 3 | # Fetch the target information injected by Docker build 4 | ARG TARGETOS 5 | ARG TARGETARCH 6 | 7 | SHELL ["/bin/bash", "-x", "-c", "-o", "pipefail"] 8 | 9 | # https://releases.hashicorp.com/nomad/ 10 | ARG NOMAD_VERSION 11 | RUN test -n "$NOMAD_VERSION" || (echo "NOMAD_VERSION argument must be set" && false) 12 | 13 | RUN groupadd nomad \ 14 | && useradd --system --gid nomad nomad \ 15 | && mkdir --parents /nomad/data \ 16 | && mkdir --parents /etc/nomad \ 17 | && chown --recursive nomad:nomad /nomad /etc/nomad 18 | 19 | # Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after. 20 | # Install timezone data so we can run Nomad periodic jobs containing timezone information 21 | RUN apt-get update \ 22 | && apt-get install --yes --no-install-recommends \ 23 | ca-certificates \ 24 | dumb-init \ 25 | libcap2 \ 26 | tzdata \ 27 | && update-ca-certificates \ 28 | && rm -rf /var/lib/apt/lists/* 29 | 30 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 31 | nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip 32 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \ 33 | nomad_${NOMAD_VERSION}_SHA256SUMS 34 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 35 | nomad_${NOMAD_VERSION}_SHA256SUMS.sig 36 | 37 | RUN apt-get update \ 38 | && apt-get install --yes --no-install-recommends \ 39 | gnupg \ 40 | unzip \ 41 | && GNUPGHOME="$(mktemp -d)" \ 42 | && export GNUPGHOME \ 43 | && gpg --keyserver pgp.mit.edu --keyserver keys.openpgp.org --keyserver keyserver.ubuntu.com --recv-keys "C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F" \ 44 | && gpg --batch --verify nomad_${NOMAD_VERSION}_SHA256SUMS.sig nomad_${NOMAD_VERSION}_SHA256SUMS \ 45 | && grep nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c \ 46 | && unzip -d /bin nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 47 | && chmod +x /bin/nomad \ 48 | && rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 49 | && apt-get autoremove --purge --yes \ 50 | gnupg \ 51 | unzip \ 52 | && rm -rf /var/lib/apt/lists/* 53 | 54 | RUN nomad version 55 | 56 | EXPOSE 4646 4647 4648 4648/udp 57 | 58 | COPY start.sh /usr/local/bin/ 59 | 60 | ENTRYPOINT ["/usr/local/bin/start.sh"] 61 | -------------------------------------------------------------------------------- /v1.2.x/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016 DJ Enriquez 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /v1.2.x/README.md: -------------------------------------------------------------------------------- 1 | # Run [Nomad](https://www.nomadproject.io) from a Docker container 2 | 3 | [![Docker Pulls](https://img.shields.io/docker/pulls/multani/nomad.svg)](https://hub.docker.com/r/multani/nomad/) 4 | 5 | This repository builds a Docker image to run the 6 | [Nomad](https://www.nomadproject.io) scheduler. 7 | 8 | The image is mostly useful for testing purpose, when you want to ship a small 9 | stack running Nomad along other containers. It is meant to be run with host 10 | network privileges. Nomad itself can be configured: 11 | 12 | * either by bind-mounting [HCL/JSON configuration 13 | files](https://www.nomadproject.io/docs/configuration/) into `/etc/nomad` 14 | 15 | * and/or by setting the configuration content directly into the 16 | `NOMAD_LOCAL_CONFIG` environment variable (see examples below). 17 | 18 | You also need to bind-mount the following directories (unless you really now 19 | what you are doing): 20 | 21 | * `/var/run/docker.sock`: to access the Docker socket, used by Nomad Docker's 22 | driver 23 | * `/tmp`: default temporary directory used by Nomad's `-dev` mode 24 | 25 | You can run the container as a non-root user, in which case you should set the 26 | `NOMAD_DISABLE_PERM_MGMT` environment variable to any value. This is especially 27 | useful when running standalone Nomad servers. 28 | 29 | The repository produces a dockerized version of Nomad following Hashicorp's 30 | model for their [Dockerized Consul 31 | image](https://github.com/hashicorp/docker-consul). It is based on the work from 32 | [djenriquez/nomad](https://github.com/djenriquez/nomad). 33 | 34 | 35 | ## To run: 36 | 37 | You can use the Docker Compose file to get started: 38 | 39 | ```bash 40 | docker-compose up 41 | ``` 42 | 43 | The relevant Docker Compose bits are: 44 | 45 | ```yaml 46 | version: '2.1' 47 | 48 | services: 49 | nomad: 50 | image: multani/nomad 51 | build: . 52 | command: agent -dev 53 | privileged: true 54 | network_mode: host 55 | environment: 56 | NOMAD_LOCAL_CONFIG: | 57 | data_dir = "/nomad/data/" 58 | 59 | volumes: 60 | - /var/run/docker.sock:/var/run/docker.sock:rw 61 | - /tmp:/tmp 62 | ``` 63 | 64 | Or you can configured Nomad on dedicated host with the following command lines. 65 | 66 | ### Server 67 | 68 | Notes for the server: 69 | 70 | * It doesn't need to run as root. 71 | * If you decide to run it as non-root, the Nomad data directory must have the 72 | proper permissions. 73 | 74 | ```bash 75 | docker run -d \ 76 | --name nomad \ 77 | --net host \ 78 | --user nomad \ 79 | -e NOMAD_DISABLE_PERM_MGMT=true \ 80 | -e NOMAD_LOCAL_CONFIG=' 81 | server { 82 | enabled = true 83 | bootstrap_expect = 3 84 | } 85 | 86 | datacenter = "${REGION}" 87 | region = "${DATACENTER}" 88 | 89 | data_dir = "/nomad/data/" 90 | 91 | bind_addr = "0.0.0.0" 92 | 93 | advertise { 94 | http = "{{ GetPrivateIP }}:4646" 95 | rpc = "{{ GetPrivateIP }}:4647" 96 | serf = "{{ GetPrivateIP }}:4648" 97 | } 98 | ' \ 99 | -v "nomad:/nomad/data:rw" \ 100 | multani/nomad agent 101 | ``` 102 | 103 | ### Client 104 | 105 | Notes for the client: 106 | 107 | * Most of the task drivers require quite high privileges, you should most 108 | probably run the container as root with the [`privileged` Docker 109 | flag](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities). 110 | 111 | ```bash 112 | docker run -d \ 113 | --name nomad \ 114 | --net host \ 115 | --privileged \ 116 | -e NOMAD_LOCAL_CONFIG=' 117 | client { 118 | enabled = true 119 | } 120 | 121 | datacenter = "${REGION}" 122 | region = "${DATACENTER}" 123 | 124 | data_dir = "/nomad/data/" 125 | 126 | bind_addr = "0.0.0.0" 127 | 128 | advertise { 129 | http = "{{ GetPrivateIP }}:4646" 130 | rpc = "{{ GetPrivateIP }}:4647" 131 | serf = "{{ GetPrivateIP }}:4648" 132 | } 133 | ' \ 134 | -v "/srv/nomad/data:/nomad/data:rw" \ 135 | -v "/var/run/docker.sock:/var/run/docker.sock" \ 136 | -v "/tmp:/tmp" \ 137 | multani/nomad agent 138 | ``` 139 | 140 | The above command is identical to running this example in Nomad's documentation 141 | for [bootstrapping with 142 | Consul](https://www.nomadproject.io/docs/cluster/bootstrapping.html). 143 | 144 | ## Correctly configuring Nomad data directory 145 | 146 | Due to the way Nomad exposed template files it generates, you need to take 147 | special precautions when configuring its data directory. 148 | 149 | In case you are running Docker containers and using the `template` stanza, 150 | the Nomad `data_dir` has to be configured with the **exact same path as the 151 | host path**, so the host Docker daemon mounts the correct paths, as exported by 152 | the Nomad client, into the scheduled Docker containers. 153 | 154 | You can run the Nomad container with the following options in this case: 155 | 156 | ```bash 157 | export NOMAD_DATA_DIR=/host/path/to/nomad/data 158 | 159 | docker run \ 160 | ...\ 161 | -v "$NOMAD_DATA_DIR:$NOMAD_DATA_DIR:rw" \ 162 | -e "NOMAD_DATA_DIR=$NOMAD_DATA_DIR" \ 163 | multani/nomad agent 164 | ``` 165 | -------------------------------------------------------------------------------- /v1.2.x/nomad-version: -------------------------------------------------------------------------------- 1 | 1.2.16 2 | -------------------------------------------------------------------------------- /v1.2.x/start.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/dumb-init /bin/sh 2 | # shellcheck shell=dash 3 | # Script created following Hashicorp's model for Consul: 4 | # https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh 5 | # Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'. 6 | set -e 7 | 8 | # Note above that we run dumb-init as PID 1 in order to reap zombie processes 9 | # as well as forward signals to all processes in its session. Normally, sh 10 | # wouldn't do either of these functions so we'd leak zombies as well as do 11 | # unclean termination of all our sub-processes. 12 | # As of docker 1.13, using docker run --init achieves the same outcome. 13 | 14 | # NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The 15 | # NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional 16 | # config files in there if you use this image as a base, or use NOMAD_LOCAL_CONFIG 17 | # below. 18 | NOMAD_DATA_DIR=${NOMAD_DATA_DIR:-"/nomad/data"} 19 | NOMAD_CONFIG_DIR=${NOMAD_CONFIG_DIR:-"/etc/nomad"} 20 | 21 | # You can also set the NOMAD_LOCAL_CONFIG environemnt variable to pass some 22 | # Nomad configuration JSON without having to bind any volumes. 23 | if [ -n "$NOMAD_LOCAL_CONFIG" ]; then 24 | echo "$NOMAD_LOCAL_CONFIG" > "$NOMAD_CONFIG_DIR/local.json" 25 | fi 26 | 27 | # If the user is trying to run Nomad directly with some arguments, then 28 | # pass them to Nomad. 29 | if [ "$(printf "%s" "$1" | cut -c 1)" = '-' ]; then 30 | set -- nomad "$@" 31 | fi 32 | 33 | # Look for Nomad subcommands. 34 | if [ "$1" = 'agent' ]; then 35 | shift 36 | set -- nomad agent \ 37 | -data-dir="$NOMAD_DATA_DIR" \ 38 | -config="$NOMAD_CONFIG_DIR" \ 39 | "$@" 40 | elif [ "$1" = 'version' ]; then 41 | # This needs a special case because there's no help output. 42 | set -- nomad "$@" 43 | elif nomad --help "$1" 2>&1 | grep -q "nomad $1"; then 44 | # We can't use the return code to check for the existence of a subcommand, so 45 | # we have to use grep to look for a pattern in the help output. 46 | set -- nomad "$@" 47 | fi 48 | 49 | # If we are running Nomad, make sure it executes as the proper user. 50 | if [ "$1" = 'nomad' ] && [ -z "${NOMAD_DISABLE_PERM_MGMT+x}" ]; then 51 | # If the data or config dirs are bind mounted then chown them. 52 | # Note: This checks for root ownership as that's the most common case. 53 | if [ "$(stat -c %u "$NOMAD_DATA_DIR")" != "$(id -u root)" ]; then 54 | chown root:root "$NOMAD_DATA_DIR" 55 | fi 56 | 57 | # If requested, set the capability to bind to privileged ports before 58 | # we drop to the non-root user. Note that this doesn't work with all 59 | # storage drivers (it won't work with AUFS). 60 | if [ -n "${NOMAD+x}" ]; then 61 | setcap "cap_net_bind_service=+ep" /bin/nomad 62 | fi 63 | 64 | exec runuser -u root -- "$@" 65 | fi 66 | 67 | exec "$@" 68 | -------------------------------------------------------------------------------- /v1.3.x/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:12.10-slim 2 | 3 | # Fetch the target information injected by Docker build 4 | ARG TARGETOS 5 | ARG TARGETARCH 6 | 7 | SHELL ["/bin/bash", "-x", "-c", "-o", "pipefail"] 8 | 9 | # https://releases.hashicorp.com/nomad/ 10 | ARG NOMAD_VERSION 11 | RUN test -n "$NOMAD_VERSION" || (echo "NOMAD_VERSION argument must be set" && false) 12 | 13 | RUN groupadd nomad \ 14 | && useradd --system --gid nomad nomad \ 15 | && mkdir --parents /nomad/data \ 16 | && mkdir --parents /etc/nomad \ 17 | && chown --recursive nomad:nomad /nomad /etc/nomad 18 | 19 | # Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after. 20 | # Install timezone data so we can run Nomad periodic jobs containing timezone information 21 | RUN apt-get update \ 22 | && apt-get install --yes --no-install-recommends \ 23 | ca-certificates \ 24 | dumb-init \ 25 | libcap2 \ 26 | tzdata \ 27 | && update-ca-certificates \ 28 | && rm -rf /var/lib/apt/lists/* 29 | 30 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 31 | nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip 32 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \ 33 | nomad_${NOMAD_VERSION}_SHA256SUMS 34 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 35 | nomad_${NOMAD_VERSION}_SHA256SUMS.sig 36 | 37 | RUN apt-get update \ 38 | && apt-get install --yes --no-install-recommends \ 39 | gnupg \ 40 | unzip \ 41 | && GNUPGHOME="$(mktemp -d)" \ 42 | && export GNUPGHOME \ 43 | && gpg --keyserver pgp.mit.edu --keyserver keys.openpgp.org --keyserver keyserver.ubuntu.com --recv-keys "C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F" \ 44 | && gpg --batch --verify nomad_${NOMAD_VERSION}_SHA256SUMS.sig nomad_${NOMAD_VERSION}_SHA256SUMS \ 45 | && grep nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c \ 46 | && unzip -d /bin nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 47 | && chmod +x /bin/nomad \ 48 | && rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 49 | && apt-get autoremove --purge --yes \ 50 | gnupg \ 51 | unzip \ 52 | && rm -rf /var/lib/apt/lists/* 53 | 54 | RUN nomad version 55 | 56 | EXPOSE 4646 4647 4648 4648/udp 57 | 58 | COPY start.sh /usr/local/bin/ 59 | 60 | ENTRYPOINT ["/usr/local/bin/start.sh"] 61 | -------------------------------------------------------------------------------- /v1.3.x/nomad-version: -------------------------------------------------------------------------------- 1 | 1.3.16 2 | -------------------------------------------------------------------------------- /v1.3.x/start.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/dumb-init /bin/sh 2 | # shellcheck shell=dash 3 | # Script created following Hashicorp's model for Consul: 4 | # https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh 5 | # Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'. 6 | set -e 7 | 8 | # Note above that we run dumb-init as PID 1 in order to reap zombie processes 9 | # as well as forward signals to all processes in its session. Normally, sh 10 | # wouldn't do either of these functions so we'd leak zombies as well as do 11 | # unclean termination of all our sub-processes. 12 | # As of docker 1.13, using docker run --init achieves the same outcome. 13 | 14 | # NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The 15 | # NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional 16 | # config files in there if you use this image as a base, or use NOMAD_LOCAL_CONFIG 17 | # below. 18 | NOMAD_DATA_DIR=${NOMAD_DATA_DIR:-"/nomad/data"} 19 | NOMAD_CONFIG_DIR=${NOMAD_CONFIG_DIR:-"/etc/nomad"} 20 | 21 | # You can also set the NOMAD_LOCAL_CONFIG environemnt variable to pass some 22 | # Nomad configuration JSON without having to bind any volumes. 23 | if [ -n "$NOMAD_LOCAL_CONFIG" ]; then 24 | echo "$NOMAD_LOCAL_CONFIG" > "$NOMAD_CONFIG_DIR/local.json" 25 | fi 26 | 27 | # If the user is trying to run Nomad directly with some arguments, then 28 | # pass them to Nomad. 29 | if [ "$(printf "%s" "$1" | cut -c 1)" = '-' ]; then 30 | set -- nomad "$@" 31 | fi 32 | 33 | # Look for Nomad subcommands. 34 | if [ "$1" = 'agent' ]; then 35 | shift 36 | set -- nomad agent \ 37 | -data-dir="$NOMAD_DATA_DIR" \ 38 | -config="$NOMAD_CONFIG_DIR" \ 39 | "$@" 40 | elif [ "$1" = 'version' ]; then 41 | # This needs a special case because there's no help output. 42 | set -- nomad "$@" 43 | elif nomad --help "$1" 2>&1 | grep -q "nomad $1"; then 44 | # We can't use the return code to check for the existence of a subcommand, so 45 | # we have to use grep to look for a pattern in the help output. 46 | set -- nomad "$@" 47 | fi 48 | 49 | # If we are running Nomad, make sure it executes as the proper user. 50 | if [ "$1" = 'nomad' ] && [ -z "${NOMAD_DISABLE_PERM_MGMT+x}" ]; then 51 | # If the data or config dirs are bind mounted then chown them. 52 | # Note: This checks for root ownership as that's the most common case. 53 | if [ "$(stat -c %u "$NOMAD_DATA_DIR")" != "$(id -u root)" ]; then 54 | chown root:root "$NOMAD_DATA_DIR" 55 | fi 56 | 57 | # If requested, set the capability to bind to privileged ports before 58 | # we drop to the non-root user. Note that this doesn't work with all 59 | # storage drivers (it won't work with AUFS). 60 | if [ -n "${NOMAD+x}" ]; then 61 | setcap "cap_net_bind_service=+ep" /bin/nomad 62 | fi 63 | 64 | exec runuser -u root -- "$@" 65 | fi 66 | 67 | exec "$@" 68 | -------------------------------------------------------------------------------- /v1.4.x/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:12.10-slim 2 | 3 | # Fetch the target information injected by Docker build 4 | ARG TARGETOS 5 | ARG TARGETARCH 6 | 7 | SHELL ["/bin/bash", "-x", "-c", "-o", "pipefail"] 8 | 9 | # https://releases.hashicorp.com/nomad/ 10 | ARG NOMAD_VERSION 11 | RUN test -n "$NOMAD_VERSION" || (echo "NOMAD_VERSION argument must be set" && false) 12 | 13 | RUN groupadd nomad \ 14 | && useradd --system --gid nomad nomad \ 15 | && mkdir --parents /nomad/data \ 16 | && mkdir --parents /etc/nomad \ 17 | && chown --recursive nomad:nomad /nomad /etc/nomad 18 | 19 | # Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after. 20 | # Install timezone data so we can run Nomad periodic jobs containing timezone information 21 | RUN apt-get update \ 22 | && apt-get install --yes --no-install-recommends \ 23 | ca-certificates \ 24 | dumb-init \ 25 | libcap2 \ 26 | tzdata \ 27 | && update-ca-certificates \ 28 | && rm -rf /var/lib/apt/lists/* 29 | 30 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 31 | nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip 32 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \ 33 | nomad_${NOMAD_VERSION}_SHA256SUMS 34 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 35 | nomad_${NOMAD_VERSION}_SHA256SUMS.sig 36 | 37 | RUN apt-get update \ 38 | && apt-get install --yes --no-install-recommends \ 39 | gnupg \ 40 | unzip \ 41 | && GNUPGHOME="$(mktemp -d)" \ 42 | && export GNUPGHOME \ 43 | && gpg --keyserver pgp.mit.edu --keyserver keys.openpgp.org --keyserver keyserver.ubuntu.com --recv-keys "C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F" \ 44 | && gpg --batch --verify nomad_${NOMAD_VERSION}_SHA256SUMS.sig nomad_${NOMAD_VERSION}_SHA256SUMS \ 45 | && grep nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c \ 46 | && unzip -d /bin nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 47 | && chmod +x /bin/nomad \ 48 | && rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 49 | && apt-get autoremove --purge --yes \ 50 | gnupg \ 51 | unzip \ 52 | && rm -rf /var/lib/apt/lists/* 53 | 54 | RUN nomad version 55 | 56 | EXPOSE 4646 4647 4648 4648/udp 57 | 58 | COPY start.sh /usr/local/bin/ 59 | 60 | ENTRYPOINT ["/usr/local/bin/start.sh"] 61 | -------------------------------------------------------------------------------- /v1.4.x/nomad-version: -------------------------------------------------------------------------------- 1 | 1.4.14 2 | -------------------------------------------------------------------------------- /v1.4.x/start.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/dumb-init /bin/sh 2 | # shellcheck shell=dash 3 | # Script created following Hashicorp's model for Consul: 4 | # https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh 5 | # Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'. 6 | set -e 7 | 8 | # Note above that we run dumb-init as PID 1 in order to reap zombie processes 9 | # as well as forward signals to all processes in its session. Normally, sh 10 | # wouldn't do either of these functions so we'd leak zombies as well as do 11 | # unclean termination of all our sub-processes. 12 | # As of docker 1.13, using docker run --init achieves the same outcome. 13 | 14 | # NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The 15 | # NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional 16 | # config files in there if you use this image as a base, or use NOMAD_LOCAL_CONFIG 17 | # below. 18 | NOMAD_DATA_DIR=${NOMAD_DATA_DIR:-"/nomad/data"} 19 | NOMAD_CONFIG_DIR=${NOMAD_CONFIG_DIR:-"/etc/nomad"} 20 | 21 | # You can also set the NOMAD_LOCAL_CONFIG environemnt variable to pass some 22 | # Nomad configuration JSON without having to bind any volumes. 23 | if [ -n "$NOMAD_LOCAL_CONFIG" ]; then 24 | echo "$NOMAD_LOCAL_CONFIG" > "$NOMAD_CONFIG_DIR/local.json" 25 | fi 26 | 27 | # If the user is trying to run Nomad directly with some arguments, then 28 | # pass them to Nomad. 29 | if [ "$(printf "%s" "$1" | cut -c 1)" = '-' ]; then 30 | set -- nomad "$@" 31 | fi 32 | 33 | # Look for Nomad subcommands. 34 | if [ "$1" = 'agent' ]; then 35 | shift 36 | set -- nomad agent \ 37 | -data-dir="$NOMAD_DATA_DIR" \ 38 | -config="$NOMAD_CONFIG_DIR" \ 39 | "$@" 40 | elif [ "$1" = 'version' ]; then 41 | # This needs a special case because there's no help output. 42 | set -- nomad "$@" 43 | elif nomad --help "$1" 2>&1 | grep -q "nomad $1"; then 44 | # We can't use the return code to check for the existence of a subcommand, so 45 | # we have to use grep to look for a pattern in the help output. 46 | set -- nomad "$@" 47 | fi 48 | 49 | # If we are running Nomad, make sure it executes as the proper user. 50 | if [ "$1" = 'nomad' ] && [ -z "${NOMAD_DISABLE_PERM_MGMT+x}" ]; then 51 | # If the data or config dirs are bind mounted then chown them. 52 | # Note: This checks for root ownership as that's the most common case. 53 | if [ "$(stat -c %u "$NOMAD_DATA_DIR")" != "$(id -u root)" ]; then 54 | chown root:root "$NOMAD_DATA_DIR" 55 | fi 56 | 57 | # If requested, set the capability to bind to privileged ports before 58 | # we drop to the non-root user. Note that this doesn't work with all 59 | # storage drivers (it won't work with AUFS). 60 | if [ -n "${NOMAD+x}" ]; then 61 | setcap "cap_net_bind_service=+ep" /bin/nomad 62 | fi 63 | 64 | exec runuser -u root -- "$@" 65 | fi 66 | 67 | exec "$@" 68 | -------------------------------------------------------------------------------- /v1.5.x/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:12.10-slim 2 | 3 | # Fetch the target information injected by Docker build 4 | ARG TARGETOS 5 | ARG TARGETARCH 6 | 7 | SHELL ["/bin/bash", "-x", "-c", "-o", "pipefail"] 8 | 9 | # https://releases.hashicorp.com/nomad/ 10 | ARG NOMAD_VERSION 11 | RUN test -n "$NOMAD_VERSION" || (echo "NOMAD_VERSION argument must be set" && false) 12 | 13 | RUN groupadd nomad \ 14 | && useradd --system --gid nomad nomad \ 15 | && mkdir --parents /nomad/data \ 16 | && mkdir --parents /etc/nomad \ 17 | && chown --recursive nomad:nomad /nomad /etc/nomad 18 | 19 | # Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after. 20 | # Install timezone data so we can run Nomad periodic jobs containing timezone information 21 | RUN apt-get update \ 22 | && apt-get install --yes --no-install-recommends \ 23 | ca-certificates \ 24 | dumb-init \ 25 | libcap2 \ 26 | tzdata \ 27 | && update-ca-certificates \ 28 | && rm -rf /var/lib/apt/lists/* 29 | 30 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 31 | nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip 32 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \ 33 | nomad_${NOMAD_VERSION}_SHA256SUMS 34 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 35 | nomad_${NOMAD_VERSION}_SHA256SUMS.sig 36 | 37 | RUN apt-get update \ 38 | && apt-get install --yes --no-install-recommends \ 39 | gnupg \ 40 | unzip \ 41 | && GNUPGHOME="$(mktemp -d)" \ 42 | && export GNUPGHOME \ 43 | && gpg --keyserver pgp.mit.edu --keyserver keys.openpgp.org --keyserver keyserver.ubuntu.com --recv-keys "C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F" \ 44 | && gpg --batch --verify nomad_${NOMAD_VERSION}_SHA256SUMS.sig nomad_${NOMAD_VERSION}_SHA256SUMS \ 45 | && grep nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c \ 46 | && unzip -d /bin nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 47 | && chmod +x /bin/nomad \ 48 | && rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 49 | && apt-get autoremove --purge --yes \ 50 | gnupg \ 51 | unzip \ 52 | && rm -rf /var/lib/apt/lists/* 53 | 54 | RUN nomad version 55 | 56 | EXPOSE 4646 4647 4648 4648/udp 57 | 58 | COPY start.sh /usr/local/bin/ 59 | 60 | ENTRYPOINT ["/usr/local/bin/start.sh"] 61 | -------------------------------------------------------------------------------- /v1.5.x/nomad-version: -------------------------------------------------------------------------------- 1 | 1.5.17 2 | -------------------------------------------------------------------------------- /v1.5.x/start.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/dumb-init /bin/sh 2 | # shellcheck shell=dash 3 | # Script created following Hashicorp's model for Consul: 4 | # https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh 5 | # Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'. 6 | set -e 7 | 8 | # Note above that we run dumb-init as PID 1 in order to reap zombie processes 9 | # as well as forward signals to all processes in its session. Normally, sh 10 | # wouldn't do either of these functions so we'd leak zombies as well as do 11 | # unclean termination of all our sub-processes. 12 | # As of docker 1.13, using docker run --init achieves the same outcome. 13 | 14 | # NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The 15 | # NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional 16 | # config files in there if you use this image as a base, or use NOMAD_LOCAL_CONFIG 17 | # below. 18 | NOMAD_DATA_DIR=${NOMAD_DATA_DIR:-"/nomad/data"} 19 | NOMAD_CONFIG_DIR=${NOMAD_CONFIG_DIR:-"/etc/nomad"} 20 | 21 | # You can also set the NOMAD_LOCAL_CONFIG environemnt variable to pass some 22 | # Nomad configuration JSON without having to bind any volumes. 23 | if [ -n "$NOMAD_LOCAL_CONFIG" ]; then 24 | echo "$NOMAD_LOCAL_CONFIG" > "$NOMAD_CONFIG_DIR/local.json" 25 | fi 26 | 27 | # If the user is trying to run Nomad directly with some arguments, then 28 | # pass them to Nomad. 29 | if [ "$(printf "%s" "$1" | cut -c 1)" = '-' ]; then 30 | set -- nomad "$@" 31 | fi 32 | 33 | # Look for Nomad subcommands. 34 | if [ "$1" = 'agent' ]; then 35 | shift 36 | set -- nomad agent \ 37 | -data-dir="$NOMAD_DATA_DIR" \ 38 | -config="$NOMAD_CONFIG_DIR" \ 39 | "$@" 40 | elif [ "$1" = 'version' ]; then 41 | # This needs a special case because there's no help output. 42 | set -- nomad "$@" 43 | elif nomad --help "$1" 2>&1 | grep -q "nomad $1"; then 44 | # We can't use the return code to check for the existence of a subcommand, so 45 | # we have to use grep to look for a pattern in the help output. 46 | set -- nomad "$@" 47 | fi 48 | 49 | # If we are running Nomad, make sure it executes as the proper user. 50 | if [ "$1" = 'nomad' ] && [ -z "${NOMAD_DISABLE_PERM_MGMT+x}" ]; then 51 | # If the data or config dirs are bind mounted then chown them. 52 | # Note: This checks for root ownership as that's the most common case. 53 | if [ "$(stat -c %u "$NOMAD_DATA_DIR")" != "$(id -u root)" ]; then 54 | chown root:root "$NOMAD_DATA_DIR" 55 | fi 56 | 57 | # If requested, set the capability to bind to privileged ports before 58 | # we drop to the non-root user. Note that this doesn't work with all 59 | # storage drivers (it won't work with AUFS). 60 | if [ -n "${NOMAD+x}" ]; then 61 | setcap "cap_net_bind_service=+ep" /bin/nomad 62 | fi 63 | 64 | exec runuser -u root -- "$@" 65 | fi 66 | 67 | exec "$@" 68 | -------------------------------------------------------------------------------- /v1.6.x/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:12.10-slim 2 | 3 | # Fetch the target information injected by Docker build 4 | ARG TARGETOS 5 | ARG TARGETARCH 6 | 7 | SHELL ["/bin/bash", "-x", "-c", "-o", "pipefail"] 8 | 9 | # https://releases.hashicorp.com/nomad/ 10 | ARG NOMAD_VERSION 11 | RUN test -n "$NOMAD_VERSION" || (echo "NOMAD_VERSION argument must be set" && false) 12 | 13 | RUN groupadd nomad \ 14 | && useradd --system --gid nomad nomad \ 15 | && mkdir --parents /nomad/data \ 16 | && mkdir --parents /etc/nomad \ 17 | && chown --recursive nomad:nomad /nomad /etc/nomad 18 | 19 | # Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after. 20 | # Install timezone data so we can run Nomad periodic jobs containing timezone information 21 | RUN apt-get update \ 22 | && apt-get install --yes --no-install-recommends \ 23 | ca-certificates \ 24 | dumb-init \ 25 | libcap2 \ 26 | tzdata \ 27 | && update-ca-certificates \ 28 | && rm -rf /var/lib/apt/lists/* 29 | 30 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 31 | nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip 32 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \ 33 | nomad_${NOMAD_VERSION}_SHA256SUMS 34 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 35 | nomad_${NOMAD_VERSION}_SHA256SUMS.sig 36 | 37 | RUN apt-get update \ 38 | && apt-get install --yes --no-install-recommends \ 39 | gnupg \ 40 | unzip \ 41 | && GNUPGHOME="$(mktemp -d)" \ 42 | && export GNUPGHOME \ 43 | && gpg --keyserver pgp.mit.edu --keyserver keys.openpgp.org --keyserver keyserver.ubuntu.com --recv-keys "C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F" \ 44 | && gpg --batch --verify nomad_${NOMAD_VERSION}_SHA256SUMS.sig nomad_${NOMAD_VERSION}_SHA256SUMS \ 45 | && grep nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c \ 46 | && unzip -d /bin nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 47 | && chmod +x /bin/nomad \ 48 | && rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 49 | && apt-get autoremove --purge --yes \ 50 | gnupg \ 51 | unzip \ 52 | && rm -rf /var/lib/apt/lists/* 53 | 54 | RUN nomad version 55 | 56 | EXPOSE 4646 4647 4648 4648/udp 57 | 58 | COPY start.sh /usr/local/bin/ 59 | 60 | ENTRYPOINT ["/usr/local/bin/start.sh"] 61 | -------------------------------------------------------------------------------- /v1.6.x/nomad-version: -------------------------------------------------------------------------------- 1 | 1.6.10 2 | -------------------------------------------------------------------------------- /v1.6.x/start.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/dumb-init /bin/sh 2 | # shellcheck shell=dash 3 | # Script created following Hashicorp's model for Consul: 4 | # https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh 5 | # Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'. 6 | set -e 7 | 8 | # Note above that we run dumb-init as PID 1 in order to reap zombie processes 9 | # as well as forward signals to all processes in its session. Normally, sh 10 | # wouldn't do either of these functions so we'd leak zombies as well as do 11 | # unclean termination of all our sub-processes. 12 | # As of docker 1.13, using docker run --init achieves the same outcome. 13 | 14 | # NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The 15 | # NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional 16 | # config files in there if you use this image as a base, or use NOMAD_LOCAL_CONFIG 17 | # below. 18 | NOMAD_DATA_DIR=${NOMAD_DATA_DIR:-"/nomad/data"} 19 | NOMAD_CONFIG_DIR=${NOMAD_CONFIG_DIR:-"/etc/nomad"} 20 | 21 | # You can also set the NOMAD_LOCAL_CONFIG environemnt variable to pass some 22 | # Nomad configuration JSON without having to bind any volumes. 23 | if [ -n "$NOMAD_LOCAL_CONFIG" ]; then 24 | echo "$NOMAD_LOCAL_CONFIG" > "$NOMAD_CONFIG_DIR/local.json" 25 | fi 26 | 27 | # If the user is trying to run Nomad directly with some arguments, then 28 | # pass them to Nomad. 29 | if [ "$(printf "%s" "$1" | cut -c 1)" = '-' ]; then 30 | set -- nomad "$@" 31 | fi 32 | 33 | # Look for Nomad subcommands. 34 | if [ "$1" = 'agent' ]; then 35 | shift 36 | set -- nomad agent \ 37 | -data-dir="$NOMAD_DATA_DIR" \ 38 | -config="$NOMAD_CONFIG_DIR" \ 39 | "$@" 40 | elif [ "$1" = 'version' ]; then 41 | # This needs a special case because there's no help output. 42 | set -- nomad "$@" 43 | elif nomad --help "$1" 2>&1 | grep -q "nomad $1"; then 44 | # We can't use the return code to check for the existence of a subcommand, so 45 | # we have to use grep to look for a pattern in the help output. 46 | set -- nomad "$@" 47 | fi 48 | 49 | # If we are running Nomad, make sure it executes as the proper user. 50 | if [ "$1" = 'nomad' ] && [ -z "${NOMAD_DISABLE_PERM_MGMT+x}" ]; then 51 | # If the data or config dirs are bind mounted then chown them. 52 | # Note: This checks for root ownership as that's the most common case. 53 | if [ "$(stat -c %u "$NOMAD_DATA_DIR")" != "$(id -u root)" ]; then 54 | chown root:root "$NOMAD_DATA_DIR" 55 | fi 56 | 57 | # If requested, set the capability to bind to privileged ports before 58 | # we drop to the non-root user. Note that this doesn't work with all 59 | # storage drivers (it won't work with AUFS). 60 | if [ -n "${NOMAD+x}" ]; then 61 | setcap "cap_net_bind_service=+ep" /bin/nomad 62 | fi 63 | 64 | exec runuser -u root -- "$@" 65 | fi 66 | 67 | exec "$@" 68 | -------------------------------------------------------------------------------- /v1.7.x/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:12.10-slim 2 | 3 | # Fetch the target information injected by Docker build 4 | ARG TARGETOS 5 | ARG TARGETARCH 6 | 7 | SHELL ["/bin/bash", "-x", "-c", "-o", "pipefail"] 8 | 9 | # https://releases.hashicorp.com/nomad/ 10 | ARG NOMAD_VERSION 11 | RUN test -n "$NOMAD_VERSION" || (echo "NOMAD_VERSION argument must be set" && false) 12 | 13 | RUN groupadd nomad \ 14 | && useradd --system --gid nomad nomad \ 15 | && mkdir --parents /nomad/data \ 16 | && mkdir --parents /etc/nomad \ 17 | && chown --recursive nomad:nomad /nomad /etc/nomad 18 | 19 | # Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after. 20 | # Install timezone data so we can run Nomad periodic jobs containing timezone information 21 | RUN apt-get update \ 22 | && apt-get install --yes --no-install-recommends \ 23 | ca-certificates \ 24 | dumb-init \ 25 | libcap2 \ 26 | tzdata \ 27 | && update-ca-certificates \ 28 | && rm -rf /var/lib/apt/lists/* 29 | 30 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 31 | nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip 32 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \ 33 | nomad_${NOMAD_VERSION}_SHA256SUMS 34 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 35 | nomad_${NOMAD_VERSION}_SHA256SUMS.sig 36 | 37 | RUN apt-get update \ 38 | && apt-get install --yes --no-install-recommends \ 39 | gnupg \ 40 | unzip \ 41 | && GNUPGHOME="$(mktemp -d)" \ 42 | && export GNUPGHOME \ 43 | && gpg --keyserver pgp.mit.edu --keyserver keys.openpgp.org --keyserver keyserver.ubuntu.com --recv-keys "C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F" \ 44 | && gpg --batch --verify nomad_${NOMAD_VERSION}_SHA256SUMS.sig nomad_${NOMAD_VERSION}_SHA256SUMS \ 45 | && grep nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c \ 46 | && unzip -d /bin nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 47 | && chmod +x /bin/nomad \ 48 | && rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 49 | && apt-get autoremove --purge --yes \ 50 | gnupg \ 51 | unzip \ 52 | && rm -rf /var/lib/apt/lists/* 53 | 54 | RUN nomad version 55 | 56 | EXPOSE 4646 4647 4648 4648/udp 57 | 58 | COPY start.sh /usr/local/bin/ 59 | 60 | ENTRYPOINT ["/usr/local/bin/start.sh"] 61 | -------------------------------------------------------------------------------- /v1.7.x/nomad-version: -------------------------------------------------------------------------------- 1 | 1.7.7 2 | -------------------------------------------------------------------------------- /v1.7.x/start.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/dumb-init /bin/sh 2 | # shellcheck shell=dash 3 | # Script created following Hashicorp's model for Consul: 4 | # https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh 5 | # Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'. 6 | set -e 7 | 8 | # Note above that we run dumb-init as PID 1 in order to reap zombie processes 9 | # as well as forward signals to all processes in its session. Normally, sh 10 | # wouldn't do either of these functions so we'd leak zombies as well as do 11 | # unclean termination of all our sub-processes. 12 | # As of docker 1.13, using docker run --init achieves the same outcome. 13 | 14 | # NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The 15 | # NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional 16 | # config files in there if you use this image as a base, or use NOMAD_LOCAL_CONFIG 17 | # below. 18 | NOMAD_DATA_DIR=${NOMAD_DATA_DIR:-"/nomad/data"} 19 | NOMAD_CONFIG_DIR=${NOMAD_CONFIG_DIR:-"/etc/nomad"} 20 | 21 | # You can also set the NOMAD_LOCAL_CONFIG environemnt variable to pass some 22 | # Nomad configuration JSON without having to bind any volumes. 23 | if [ -n "$NOMAD_LOCAL_CONFIG" ]; then 24 | echo "$NOMAD_LOCAL_CONFIG" > "$NOMAD_CONFIG_DIR/local.json" 25 | fi 26 | 27 | # If the user is trying to run Nomad directly with some arguments, then 28 | # pass them to Nomad. 29 | if [ "$(printf "%s" "$1" | cut -c 1)" = '-' ]; then 30 | set -- nomad "$@" 31 | fi 32 | 33 | # Look for Nomad subcommands. 34 | if [ "$1" = 'agent' ]; then 35 | shift 36 | set -- nomad agent \ 37 | -data-dir="$NOMAD_DATA_DIR" \ 38 | -config="$NOMAD_CONFIG_DIR" \ 39 | "$@" 40 | elif [ "$1" = 'version' ]; then 41 | # This needs a special case because there's no help output. 42 | set -- nomad "$@" 43 | elif nomad --help "$1" 2>&1 | grep -q "nomad $1"; then 44 | # We can't use the return code to check for the existence of a subcommand, so 45 | # we have to use grep to look for a pattern in the help output. 46 | set -- nomad "$@" 47 | fi 48 | 49 | # If we are running Nomad, make sure it executes as the proper user. 50 | if [ "$1" = 'nomad' ] && [ -z "${NOMAD_DISABLE_PERM_MGMT+x}" ]; then 51 | # If the data or config dirs are bind mounted then chown them. 52 | # Note: This checks for root ownership as that's the most common case. 53 | if [ "$(stat -c %u "$NOMAD_DATA_DIR")" != "$(id -u root)" ]; then 54 | chown root:root "$NOMAD_DATA_DIR" 55 | fi 56 | 57 | # If requested, set the capability to bind to privileged ports before 58 | # we drop to the non-root user. Note that this doesn't work with all 59 | # storage drivers (it won't work with AUFS). 60 | if [ -n "${NOMAD+x}" ]; then 61 | setcap "cap_net_bind_service=+ep" /bin/nomad 62 | fi 63 | 64 | exec runuser -u root -- "$@" 65 | fi 66 | 67 | exec "$@" 68 | -------------------------------------------------------------------------------- /v1.8.x/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:12.10-slim 2 | 3 | # Fetch the target information injected by Docker build 4 | ARG TARGETOS 5 | ARG TARGETARCH 6 | 7 | SHELL ["/bin/bash", "-x", "-c", "-o", "pipefail"] 8 | 9 | # https://releases.hashicorp.com/nomad/ 10 | ARG NOMAD_VERSION 11 | RUN test -n "$NOMAD_VERSION" || (echo "NOMAD_VERSION argument must be set" && false) 12 | 13 | RUN groupadd nomad \ 14 | && useradd --system --gid nomad nomad \ 15 | && mkdir --parents /nomad/data \ 16 | && mkdir --parents /etc/nomad \ 17 | && chown --recursive nomad:nomad /nomad /etc/nomad 18 | 19 | # Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after. 20 | # Install timezone data so we can run Nomad periodic jobs containing timezone information 21 | RUN apt-get update \ 22 | && apt-get install --yes --no-install-recommends \ 23 | ca-certificates \ 24 | dumb-init \ 25 | libcap2 \ 26 | tzdata \ 27 | && update-ca-certificates \ 28 | && rm -rf /var/lib/apt/lists/* 29 | 30 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 31 | nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip 32 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \ 33 | nomad_${NOMAD_VERSION}_SHA256SUMS 34 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 35 | nomad_${NOMAD_VERSION}_SHA256SUMS.sig 36 | 37 | RUN apt-get update \ 38 | && apt-get install --yes --no-install-recommends \ 39 | gnupg \ 40 | unzip \ 41 | && GNUPGHOME="$(mktemp -d)" \ 42 | && export GNUPGHOME \ 43 | && gpg --keyserver pgp.mit.edu --keyserver keys.openpgp.org --keyserver keyserver.ubuntu.com --recv-keys "C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F" \ 44 | && gpg --batch --verify nomad_${NOMAD_VERSION}_SHA256SUMS.sig nomad_${NOMAD_VERSION}_SHA256SUMS \ 45 | && grep nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c \ 46 | && unzip -d /bin nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 47 | && chmod +x /bin/nomad \ 48 | && rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 49 | && apt-get autoremove --purge --yes \ 50 | gnupg \ 51 | unzip \ 52 | && rm -rf /var/lib/apt/lists/* 53 | 54 | RUN nomad version 55 | 56 | EXPOSE 4646 4647 4648 4648/udp 57 | 58 | COPY start.sh /usr/local/bin/ 59 | 60 | ENTRYPOINT ["/usr/local/bin/start.sh"] 61 | -------------------------------------------------------------------------------- /v1.8.x/nomad-version: -------------------------------------------------------------------------------- 1 | 1.8.4 2 | -------------------------------------------------------------------------------- /v1.8.x/start.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/dumb-init /bin/sh 2 | # shellcheck shell=dash 3 | # Script created following Hashicorp's model for Consul: 4 | # https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh 5 | # Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'. 6 | set -e 7 | 8 | # Note above that we run dumb-init as PID 1 in order to reap zombie processes 9 | # as well as forward signals to all processes in its session. Normally, sh 10 | # wouldn't do either of these functions so we'd leak zombies as well as do 11 | # unclean termination of all our sub-processes. 12 | # As of docker 1.13, using docker run --init achieves the same outcome. 13 | 14 | # NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The 15 | # NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional 16 | # config files in there if you use this image as a base, or use NOMAD_LOCAL_CONFIG 17 | # below. 18 | NOMAD_DATA_DIR=${NOMAD_DATA_DIR:-"/nomad/data"} 19 | NOMAD_CONFIG_DIR=${NOMAD_CONFIG_DIR:-"/etc/nomad"} 20 | 21 | # You can also set the NOMAD_LOCAL_CONFIG environemnt variable to pass some 22 | # Nomad configuration JSON without having to bind any volumes. 23 | if [ -n "$NOMAD_LOCAL_CONFIG" ]; then 24 | echo "$NOMAD_LOCAL_CONFIG" > "$NOMAD_CONFIG_DIR/local.json" 25 | fi 26 | 27 | # If the user is trying to run Nomad directly with some arguments, then 28 | # pass them to Nomad. 29 | if [ "$(printf "%s" "$1" | cut -c 1)" = '-' ]; then 30 | set -- nomad "$@" 31 | fi 32 | 33 | # Look for Nomad subcommands. 34 | if [ "$1" = 'agent' ]; then 35 | shift 36 | set -- nomad agent \ 37 | -data-dir="$NOMAD_DATA_DIR" \ 38 | -config="$NOMAD_CONFIG_DIR" \ 39 | "$@" 40 | elif [ "$1" = 'version' ]; then 41 | # This needs a special case because there's no help output. 42 | set -- nomad "$@" 43 | elif nomad --help "$1" 2>&1 | grep -q "nomad $1"; then 44 | # We can't use the return code to check for the existence of a subcommand, so 45 | # we have to use grep to look for a pattern in the help output. 46 | set -- nomad "$@" 47 | fi 48 | 49 | # If we are running Nomad, make sure it executes as the proper user. 50 | if [ "$1" = 'nomad' ] && [ -z "${NOMAD_DISABLE_PERM_MGMT+x}" ]; then 51 | # If the data or config dirs are bind mounted then chown them. 52 | # Note: This checks for root ownership as that's the most common case. 53 | if [ "$(stat -c %u "$NOMAD_DATA_DIR")" != "$(id -u root)" ]; then 54 | chown root:root "$NOMAD_DATA_DIR" 55 | fi 56 | 57 | # If requested, set the capability to bind to privileged ports before 58 | # we drop to the non-root user. Note that this doesn't work with all 59 | # storage drivers (it won't work with AUFS). 60 | if [ -n "${NOMAD+x}" ]; then 61 | setcap "cap_net_bind_service=+ep" /bin/nomad 62 | fi 63 | 64 | exec runuser -u root -- "$@" 65 | fi 66 | 67 | exec "$@" 68 | -------------------------------------------------------------------------------- /v1.9.x/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:12.10-slim 2 | 3 | # Fetch the target information injected by Docker build 4 | ARG TARGETOS 5 | ARG TARGETARCH 6 | 7 | SHELL ["/bin/bash", "-x", "-c", "-o", "pipefail"] 8 | 9 | # https://releases.hashicorp.com/nomad/ 10 | ARG NOMAD_VERSION 11 | RUN test -n "$NOMAD_VERSION" || (echo "NOMAD_VERSION argument must be set" && false) 12 | 13 | RUN groupadd nomad \ 14 | && useradd --system --gid nomad nomad \ 15 | && mkdir --parents /nomad/data \ 16 | && mkdir --parents /etc/nomad \ 17 | && chown --recursive nomad:nomad /nomad /etc/nomad 18 | 19 | # Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after. 20 | # Install timezone data so we can run Nomad periodic jobs containing timezone information 21 | RUN apt-get update \ 22 | && apt-get install --yes --no-install-recommends \ 23 | ca-certificates \ 24 | dumb-init \ 25 | libcap2 \ 26 | tzdata \ 27 | && update-ca-certificates \ 28 | && rm -rf /var/lib/apt/lists/* 29 | 30 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 31 | nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip 32 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \ 33 | nomad_${NOMAD_VERSION}_SHA256SUMS 34 | ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 35 | nomad_${NOMAD_VERSION}_SHA256SUMS.sig 36 | 37 | RUN apt-get update \ 38 | && apt-get install --yes --no-install-recommends \ 39 | gnupg \ 40 | unzip \ 41 | && GNUPGHOME="$(mktemp -d)" \ 42 | && export GNUPGHOME \ 43 | && gpg --keyserver pgp.mit.edu --keyserver keys.openpgp.org --keyserver keyserver.ubuntu.com --recv-keys "C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F" \ 44 | && gpg --batch --verify nomad_${NOMAD_VERSION}_SHA256SUMS.sig nomad_${NOMAD_VERSION}_SHA256SUMS \ 45 | && grep nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c \ 46 | && unzip -d /bin nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ 47 | && chmod +x /bin/nomad \ 48 | && rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_${TARGETOS}_${TARGETARCH}.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \ 49 | && apt-get autoremove --purge --yes \ 50 | gnupg \ 51 | unzip \ 52 | && rm -rf /var/lib/apt/lists/* 53 | 54 | RUN nomad version 55 | 56 | EXPOSE 4646 4647 4648 4648/udp 57 | 58 | COPY start.sh /usr/local/bin/ 59 | 60 | ENTRYPOINT ["/usr/local/bin/start.sh"] 61 | -------------------------------------------------------------------------------- /v1.9.x/nomad-version: -------------------------------------------------------------------------------- 1 | 1.9.7 2 | -------------------------------------------------------------------------------- /v1.9.x/start.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/dumb-init /bin/sh 2 | # shellcheck shell=dash 3 | # Script created following Hashicorp's model for Consul: 4 | # https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh 5 | # Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'. 6 | set -e 7 | 8 | # Note above that we run dumb-init as PID 1 in order to reap zombie processes 9 | # as well as forward signals to all processes in its session. Normally, sh 10 | # wouldn't do either of these functions so we'd leak zombies as well as do 11 | # unclean termination of all our sub-processes. 12 | # As of docker 1.13, using docker run --init achieves the same outcome. 13 | 14 | # NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The 15 | # NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional 16 | # config files in there if you use this image as a base, or use NOMAD_LOCAL_CONFIG 17 | # below. 18 | NOMAD_DATA_DIR=${NOMAD_DATA_DIR:-"/nomad/data"} 19 | NOMAD_CONFIG_DIR=${NOMAD_CONFIG_DIR:-"/etc/nomad"} 20 | 21 | # You can also set the NOMAD_LOCAL_CONFIG environemnt variable to pass some 22 | # Nomad configuration JSON without having to bind any volumes. 23 | if [ -n "$NOMAD_LOCAL_CONFIG" ]; then 24 | echo "$NOMAD_LOCAL_CONFIG" > "$NOMAD_CONFIG_DIR/local.json" 25 | fi 26 | 27 | # If the user is trying to run Nomad directly with some arguments, then 28 | # pass them to Nomad. 29 | if [ "$(printf "%s" "$1" | cut -c 1)" = '-' ]; then 30 | set -- nomad "$@" 31 | fi 32 | 33 | # Look for Nomad subcommands. 34 | if [ "$1" = 'agent' ]; then 35 | shift 36 | set -- nomad agent \ 37 | -data-dir="$NOMAD_DATA_DIR" \ 38 | -config="$NOMAD_CONFIG_DIR" \ 39 | "$@" 40 | elif [ "$1" = 'version' ]; then 41 | # This needs a special case because there's no help output. 42 | set -- nomad "$@" 43 | elif nomad --help "$1" 2>&1 | grep -q "nomad $1"; then 44 | # We can't use the return code to check for the existence of a subcommand, so 45 | # we have to use grep to look for a pattern in the help output. 46 | set -- nomad "$@" 47 | fi 48 | 49 | # If we are running Nomad, make sure it executes as the proper user. 50 | if [ "$1" = 'nomad' ] && [ -z "${NOMAD_DISABLE_PERM_MGMT+x}" ]; then 51 | # If the data or config dirs are bind mounted then chown them. 52 | # Note: This checks for root ownership as that's the most common case. 53 | if [ "$(stat -c %u "$NOMAD_DATA_DIR")" != "$(id -u root)" ]; then 54 | chown root:root "$NOMAD_DATA_DIR" 55 | fi 56 | 57 | # If requested, set the capability to bind to privileged ports before 58 | # we drop to the non-root user. Note that this doesn't work with all 59 | # storage drivers (it won't work with AUFS). 60 | if [ -n "${NOMAD+x}" ]; then 61 | setcap "cap_net_bind_service=+ep" /bin/nomad 62 | fi 63 | 64 | exec runuser -u root -- "$@" 65 | fi 66 | 67 | exec "$@" 68 | --------------------------------------------------------------------------------