Hey Nomad team!
I’ve been struggling for a while with a particular setup where nomad client is running as root (systemd unit) but is able to run tasks as a non-root user, meaning when nomad is pulling an image, it is pulling it for a user I intent to run a task with, and not for root user (non-root user being set via task.user field). Considering following discussions ( Rootless in combination with rootful · Issue #284 · hashicorp/nomad-driver-podman · GitHub , Run rootless containers while running nomad as root · Issue #84 · hashicorp/nomad-driver-podman · GitHub ) it seems I might achieve what I need adding multiple sockets, each for a non-root user, then referencing these sockets in tasks via task.config.socket. Yet doing so I’m getting mysterious comnon errors, with little addition info in them to debug further, e.g.:
[conmon:e]: Failed to open log file Permission denied`
or
conmon failed: exit status 1
The ideal setup would be the following: on host there are 2 users: usr1, user2 , there are 2 containers: cont1 ,cont2; inside cont1 there is a process run by usr1, inside cont2 there is a process run by usr2; host users fully match container users: same ids, gids, names; there are 2 tasks, task1, task2, each starts respective container; image for cont1 is pulled for usr1, image for cont2 is pulled for usr2
Is this setup even possible? Would appreciate any help or refs to look at.
Thanks