open-nomad/website/pages/docs/drivers/exec.mdx

153 lines
4 KiB
Plaintext
Raw Normal View History

2015-09-20 22:31:33 +00:00
---
2020-02-06 23:45:31 +00:00
layout: docs
page_title: 'Drivers: Exec'
sidebar_title: Isolated Fork/Exec
description: The Exec task driver is used to run binaries using OS isolation primitives.
2015-09-20 22:31:33 +00:00
---
2015-10-08 18:36:22 +00:00
# Isolated Fork/Exec Driver
2015-09-20 22:31:33 +00:00
Name: `exec`
2015-09-20 22:42:33 +00:00
The `exec` driver is used to simply execute a particular command for a task.
2020-02-10 19:20:59 +00:00
However, unlike [`raw_exec`](/docs/drivers/raw_exec) it uses the underlying isolation
2016-08-27 12:56:39 +00:00
primitives of the operating system to limit the task's access to resources. While
2020-02-06 23:45:31 +00:00
simple, since the `exec` driver can invoke any command, it can be used to call
2015-10-08 19:18:44 +00:00
scripts or other wrappers which provide higher level features.
2015-09-20 22:42:33 +00:00
## Task Configuration
```hcl
task "webservice" {
driver = "exec"
config {
command = "my-binary"
args = ["-flag", "1"]
}
}
```
2015-09-20 22:42:33 +00:00
The `exec` driver supports the following configuration in the job spec:
2020-02-06 23:45:31 +00:00
- `command` - The command to execute. Must be provided. If executing a binary
that exists on the host, the path must be absolute and within the task's
2020-02-10 19:20:59 +00:00
[chroot](#chroot). If executing a binary that is downloaded from
2020-02-06 23:45:31 +00:00
an [`artifact`](/docs/job-specification/artifact), the path can be
relative from the allocations's root directory.
2020-02-06 23:45:31 +00:00
- `args` - (Optional) A list of arguments to the `command`. References
to environment variables or any [interpretable Nomad
2020-02-06 23:45:31 +00:00
variables](/docs/runtime/interpolation) will be interpreted before
launching the task.
2015-09-20 22:42:33 +00:00
## Examples
To run a binary present on the Node:
```hcl
task "example" {
driver = "exec"
2016-03-16 16:56:04 +00:00
config {
# When running a binary that exists on the host, the path must be absolute.
command = "/bin/sleep"
args = ["1"]
}
}
```
To execute a binary downloaded from an
2020-02-06 23:45:31 +00:00
[`artifact`](/docs/job-specification/artifact):
```hcl
task "example" {
driver = "exec"
2016-03-16 16:56:04 +00:00
config {
command = "name-of-my-binary"
}
2016-03-16 16:56:04 +00:00
artifact {
source = "https://internal.file.server/name-of-my-binary"
options {
checksum = "sha256:abd123445ds4555555555"
2016-03-16 16:56:04 +00:00
}
}
}
```
## Capabilities
The `exec` driver implements the following [capabilities](/docs/internals/plugins/task-drivers#capabilities-capabilities-error).
2020-09-30 13:48:40 +00:00
| Feature | Implementation |
| -------------------- | -------------- |
| `nomad alloc signal` | true |
| `nomad alloc exec` | true |
| filesystem isolation | chroot |
| network isolation | host, group |
| volume mounting | all |
2016-03-16 16:56:04 +00:00
## Client Requirements
The `exec` driver can only be run when on Linux and running Nomad as root.
`exec` is limited to this configuration because currently isolation of resources
2016-08-27 12:56:39 +00:00
is only guaranteed on Linux. Further, the host must have cgroups mounted properly
2016-03-16 16:56:04 +00:00
in order for the driver to work.
If you are receiving the error:
```
* Constraint "missing drivers" filtered <> nodes
```
and using the exec driver, check to ensure that you are running Nomad as root.
This also applies for running Nomad in -dev mode.
2016-03-16 16:56:04 +00:00
## Plugin Options
2020-03-26 20:21:24 +00:00
- `no_pivot_root` - Defaults to `false`. When `true`, the driver uses `chroot`
for file system isolation without `pivot_root`. This is useful for systems
where the root is on a ramdisk.
2015-09-20 22:42:33 +00:00
## Client Attributes
The `exec` driver will set the following client attributes:
2020-02-06 23:45:31 +00:00
- `driver.exec` - This will be set to "1", indicating the driver is available.
2015-09-20 22:42:33 +00:00
## Resource Isolation
The resource isolation provided varies by the operating system of
the client and the configuration.
2015-11-03 20:57:39 +00:00
On Linux, Nomad will use cgroups, and a chroot to isolate the
resources of a process and as such the Nomad agent must be run as root.
2016-01-21 23:02:51 +00:00
2020-03-26 20:21:24 +00:00
### Chroot
2020-02-06 23:45:31 +00:00
2016-08-27 12:56:39 +00:00
The chroot is populated with data in the following directories from the host
2016-01-21 23:02:51 +00:00
machine:
```
[
"/bin",
"/etc",
"/lib",
"/lib32",
"/lib64",
"/run/resolvconf",
"/sbin",
"/usr",
]
```
2017-01-23 18:51:57 +00:00
The task's chroot is populated by linking or copying the data from the host into
the chroot. Note that this can take considerable disk space. Since Nomad v0.5.3,
the client manages garbage collection locally which mitigates any issue this may
create.
This list is configurable through the agent client
2020-02-06 23:45:31 +00:00
[configuration file](/docs/configuration/client#chroot_env).