Brainstorming A Migration to Nomad; Hoping for Advice

Hi all,

My team and I have been struggling to automate our mostly-Windows infrastructure around us. We’re dealing with old .NET web applications and Windows Services, for the most part. While some are moving on to .NET Core, we’re still having a hard time convincing development teams to consider moving to Linux. Despite this, we’ve gotten better at automating our infrastructure (Terraform & Chef), but we’re having a harder time with application orchestration as a result.

I’m considering a way forward with Nomad since it would not require us to containerize our applications (until teams were ready to) and since we’re already utilizing the other typical components of a Nomad cluster in varying degrees (Consul & Vault). I’ve read about the Nomad IIS driver, so no concern there. But I have had some express concerns about trying to migrate .NET applications that are currently running as Windows Services into Nomad.

These Windows Services usually consume queues on various RabbitMQ clusters we have. There are a few edge-cases that interact with old MSMQ queues or perform some operation that may take authentication for granted (meaning, the Windows Service is running under a domain service account, so things often “just work”). Has anyone had any experience with this? Or does anyone have somewhere I might do some reading? My research hasn’t turned up much, so far.

I’m at the early stages, still. So I’m very open to any suggestions, advice or reading material you may have.

1 Like

Hi @nick.dunn. Thanks so much for using Nomad! I’m really excited about your use case. I’m wondering if you could use the raw_exec driver on Windows to solve your problem.

This older post has some details on how to configure the client and run a raw_exec command. Note the final comment about syntax change!

The gist is that using raw_exec, you could execute a PowerShell script or sc.exe to start your services. Does this fit your use case? If not, can you tell me what the gaps are for you? Maybe I can help you work through a solution.

Hi @DerekStrickland, thank you for responding. I looked over the older post and it is possible that I might be able to use raw_exec. However, while I could likely install and start a Windows Service using sc.exe, I believe the process is then detached from the session. So, I think that would mean that Nomad would think the execution had stopped/finished with an exit code of 0.

I should add that I now realize that I did not mention this in the initial post. But our hope is to not only start/execute these applications in Nomad, but for Nomad to track them as it would any other long-running job. I had considered trying to have Nomad run the .NET app’s executable directly, but it’s unclear to me if Nomad really supports impersonating other users (such as a service account) and it’s not clear to me if running the executable like that would provide a similar experience. I wasn’t sure if anyone else has had experience running .NET applications in Nomad much like a Windows Service might as a long-running job.

If running the binary directly is not a good idea, then I’m forced back to having Nomad create, start, and monitor Windows Services (much like the IIS driver does with websites). I don’t mind this, but it sounds a lot like I need to write my own driver. From what I can tell, writing Nomad drivers is pretty straightforward and in this case it would really just be a Win32 API wrapper. But to be honest, I’m kind of hoping that isn’t necessary.

Hi @nick.dunn,

I think you are spot on. raw_exec is not going to give you the task driver experience you are looking for. I’ve discussed it with my colleagues and here is some of the feedback I’ve gathered.

  • Nomad runs windows containers on Windows. There is no need to migrate these apps to linux. Is migrating to Windows containers a viable option for you?
  • Nomad itself has to run as admin, so in theory, if admin has the right permissions any raw_exec task would have the permissions it needs.
  • That said, docker has features for running as different users. While we haven’t tested this on Windows, I’d be curious to see if that works for you.

All that said, if you do end up writing a windows task driver, that would be amazing!!! We’d love to feature it on our community plugins page. Here is a link to an abandoned project called damon that may give you some inspiration or even code you could repurpose.

I’m looking forward to your reply and seeing if the windows containers approach works for you.


Derek and the Nomad Team