“Nomad is a flexible container orchestration tool that enables an organization to easily deploy and manage any containerized or legacy application using a single, unified workflow. Nomad can run a diverse workload of Docker, non-containerized, microservice, and batch applications, and generally offers the following benefits to developers and operators…”
To get a feel for where it fits in the HashiCorp ecosphere take a look at the following graphic:
I’d like to thank Will Butler for letting me write this up after watching him pwn it.
You can get a dev environment up and running using the tutorial here:
The walkthru has you run it as a dev environment which wont bind to 0.0.0.0 so you’ll need the following server and client files to get an appropriate environment up and running after you Vagrant up.
If you get everything up and running correctly you should be able to connect to the UI on port 4646 and see the example job
raw_execdriver can run on all supported operating systems. For security reasons, it is disabled by default. To enable raw exec, the Nomad client configuration must explicitly enable the
raw_execdriver in the client’s options:”
How can you see if the raw_exec module is enabled on the clients?
You can check it out it the UI:
Info on locking nomad down via ACLs:
*** This is a Security Bloggers Network syndicated blog from Carnal0wnage & Attack Research Blog authored by Unknown. Read the original post at: http://carnal0wnage.attackresearch.com/2019/12/devoops-nomad-with-rawexec-enabled.html