open-nomad/website/content/docs/commands/alloc/exec.mdx

---
layout: docs
page_title: 'Commands: alloc exec'
description: |
  Runs a command in a container.
---

# Command: alloc exec

**Alias: `nomad exec`**

The `alloc exec` command runs a command in a running allocation.

## Usage

```plaintext
nomad alloc exec [options] <allocation> <command> [<args>...]
```

The nomad exec command can be use to run commands inside a running task/allocation.

Use cases are for inspecting container state, debugging a failed application
without needing ssh access into the node that's running the allocation.

This command executes the command in the given task in the allocation. If the
allocation is only running a single task, the task name can be omitted.
Optionally, the `-job` option may be used in which case a random allocation from
the given job will be chosen.

When ACLs are enabled, this command requires a token with the `alloc-exec`,
`read-job`, and `list-jobs` capabilities for the allocation's namespace. If
the task driver does not have file system isolation (as with `raw_exec`),
this command requires the `alloc-node-exec`, `read-job`, and `list-jobs`
capabilities for the allocation's namespace.

## General Options

@include 'general_options.mdx'

## Exec Options

- `-task`: Sets the task to exec command in.

- `-job`: Use a random allocation from the specified job ID.

- `-i`: Pass stdin to the container, defaults to true. Pass `-i=false` to
  disable explicitly.

- `-t`: Allocate a pseudo-tty, defaults to true if stdin is detected to be a tty
  session. Pass `-t=false` to disable explicitly.

- `-e` <escape_char>: Sets the escape character for sessions with a pty
  (default: '~'). The escape character is only recognized at the beginning of a
  line. The escape character followed by a dot ('.') closes the connection.
  Setting the character to 'none' disables any escapes and makes the session
  fully transparent.

## Examples

To start an interactive debugging session in a particular alloc, invoke exec
command with your desired shell available inside the task:

```shell-session
$ nomad alloc exec eb17e557 /bin/bash
root@eb17e557:/data# # now run any debugging commands inside container
root@eb17e557:/data# # ps -ef
```

To run a command and stream results without starting an interactive shell, you
can pass the command and its arguments to exec directly:

```shell-session# run commands without starting an interactive session
$ nomad alloc exec eb17e557 cat /etc/resolv.conf
...
```

When passing command arguments to be evaluated in task, you may need to ensure
that your host shell doesn't interpolate values before invoking `exec` command.
For example, the following command would return the environment variable on
operator shell rather than task containers:

```shell-session
$ nomad alloc exec eb17e557 echo $NOMAD_ALLOC_ID # wrong
...
```

Here, we must start a shell in task to interpolate `$NOMAD_ALLOC_ID`, and quote
command or use the [heredoc syntax][heredoc]

```shell-session# by quoting argument
$ nomad alloc exec eb17e557 /bin/sh -c 'echo $NOMAD_ALLOC_ID'
eb17e557-443e-4c51-c049-5bba7a9850bc

$ # by using heredoc and passing command in stdin
$ nomad alloc exec eb17e557 /bin/sh <<'EOF'
> echo $NOMAD_ALLOC_ID
> EOF
eb17e557-443e-4c51-c049-5bba7a9850bc
```

This technique applies when aiming to run a shell pipeline without streaming
intermediate command output across the network:

```shell-session# e.g. find top appearing lines in some output
$ nomad alloc exec eb17e557 /bin/sh -c 'cat /output | sort | uniq -c | sort -rn | head -n 5'
...
```

## Using Job ID instead of Allocation ID

Setting the `-job` flag causes a random allocation of the specified job to be
selected.

```plaintext
nomad alloc exec -job <job-id> <command> [<args>...]
```

Choosing a specific allocation is useful for debugging issues with a specific
instance of a service. For other operations using the `-job` flag may be more
convenient than looking up an allocation ID to use.

## Disabling remote execution

`alloc exec` is enabled by default to aid with debugging. Operators can disable
the feature by setting [`disable_remote_exec` client config
option][disable_remote_exec_flag] on all clients, or a subset of clients that
run sensitive workloads.

## Exec targeting a specific task

When trying to `alloc exec` for a job that has more than one task associated
with it, you may want to target a specific task.

```shell-session
# open a shell session in one of your allocation's tasks
$ nomad alloc exec -i -t -task mytask a1827f93 /bin/bash
a1827f93$
```

[heredoc]: http://tldp.org/LDP/abs/html/here-docs.html
[disable_remote_exec_flag]: /docs/configuration/client#disable_remote_exec
Document `nomad exec` command 2019-05-13 00:03:31 +00:00			`---`
new website :sparkles: 2020-02-06 23:45:31 +00:00			`layout: docs`
			`page_title: 'Commands: alloc exec'`
			`description: \|`
elaborate on shell interpolation and examples 2019-05-20 14:06:15 +00:00			`Runs a command in a container.`
Document `nomad exec` command 2019-05-13 00:03:31 +00:00			`---`

revert 0.9.2 super script tags 2019-06-05 15:09:22 +00:00			`# Command: alloc exec`
Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00
Document `nomad exec` command 2019-05-13 00:03:31 +00:00			Alias: `nomad exec`

			The `alloc exec` command runs a command in a running allocation.

			`## Usage`

Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00			```plaintext
Document `nomad exec` command 2019-05-13 00:03:31 +00:00			`nomad alloc exec [options] <allocation> <command> [<args>...]`
elaborate on shell interpolation and examples 2019-05-20 14:06:15 +00:00			```
address review feedback 2019-05-17 17:39:09 +00:00
			`The nomad exec command can be use to run commands inside a running task/allocation.`
Document `nomad exec` command 2019-05-13 00:03:31 +00:00
address review feedback 2019-05-17 17:39:09 +00:00			`Use cases are for inspecting container state, debugging a failed application`
			`without needing ssh access into the node that's running the allocation.`
Document `nomad exec` command 2019-05-13 00:03:31 +00:00
new website :sparkles: 2020-02-06 23:45:31 +00:00			`This command executes the command in the given task in the allocation. If the`
Document `nomad exec` command 2019-05-13 00:03:31 +00:00			`allocation is only running a single task, the task name can be omitted.`
			Optionally, the `-job` option may be used in which case a random allocation from
			`the given job will be chosen.`
elaborate on shell interpolation and examples 2019-05-20 14:06:15 +00:00
docs: describe required ACLs for all commands 2020-11-19 21:38:08 +00:00			When ACLs are enabled, this command requires a token with the `alloc-exec`,
			`read-job`, and `list-jobs` capabilities for the allocation's namespace. If
			the task driver does not have file system isolation (as with `raw_exec`),
			this command requires the `alloc-node-exec`, `read-job`, and `list-jobs`
			`capabilities for the allocation's namespace.`

Document `nomad exec` command 2019-05-13 00:03:31 +00:00			`## General Options`

new website :sparkles: 2020-02-06 23:45:31 +00:00			`@include 'general_options.mdx'`
Document `nomad exec` command 2019-05-13 00:03:31 +00:00
			`## Exec Options`

Docs: correct that exec task flag is not optional (#6729) The task is required, not optional, there’s no default as was described. 2019-11-19 17:20:07 +00:00			- `-task`: Sets the task to exec command in.
Document `nomad exec` command 2019-05-13 00:03:31 +00:00
Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00			- `-job`: Use a random allocation from the specified job ID.
Document `nomad exec` command 2019-05-13 00:03:31 +00:00
Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00			- `-i`: Pass stdin to the container, defaults to true. Pass `-i=false` to
			`disable explicitly.`
address review feedback 2019-05-17 17:39:09 +00:00
Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00			- `-t`: Allocate a pseudo-tty, defaults to true if stdin is detected to be a tty
			session. Pass `-t=false` to disable explicitly.
Document `nomad exec` command 2019-05-13 00:03:31 +00:00
Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00			- `-e` <escape_char>: Sets the escape character for sessions with a pty
			`(default: '~'). The escape character is only recognized at the beginning of a`
			`line. The escape character followed by a dot ('.') closes the connection.`
			`Setting the character to 'none' disables any escapes and makes the session`
			`fully transparent.`
Document `nomad exec` command 2019-05-13 00:03:31 +00:00
			`## Examples`

elaborate on shell interpolation and examples 2019-05-20 14:06:15 +00:00			`To start an interactive debugging session in a particular alloc, invoke exec`
			`command with your desired shell available inside the task:`

fix shell-session snippet error 2020-05-18 20:53:06 +00:00			```shell-session
			`$ nomad alloc exec eb17e557 /bin/bash`
elaborate on shell interpolation and examples 2019-05-20 14:06:15 +00:00			`root@eb17e557:/data# # now run any debugging commands inside container`
			`root@eb17e557:/data# # ps -ef`
			```

			`To run a command and stream results without starting an interactive shell, you`
			`can pass the command and its arguments to exec directly:`
Document `nomad exec` command 2019-05-13 00:03:31 +00:00
fix some highlighting issues 2020-05-01 20:02:21 +00:00			```shell-session# run commands without starting an interactive session
address review feedback 2019-05-17 17:39:09 +00:00			`$ nomad alloc exec eb17e557 cat /etc/resolv.conf`
Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00			`...`
elaborate on shell interpolation and examples 2019-05-20 14:06:15 +00:00			```

			`When passing command arguments to be evaluated in task, you may need to ensure`
			that your host shell doesn't interpolate values before invoking `exec` command.
			`For example, the following command would return the environment variable on`
			`operator shell rather than task containers:`

fix shell-session snippet error 2020-05-18 20:53:06 +00:00			```shell-session
			`$ nomad alloc exec eb17e557 echo $NOMAD_ALLOC_ID # wrong`
Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00			`...`
elaborate on shell interpolation and examples 2019-05-20 14:06:15 +00:00			```

			Here, we must start a shell in task to interpolate `$NOMAD_ALLOC_ID`, and quote
			`command or use the [heredoc syntax][heredoc]`
Document `nomad exec` command 2019-05-13 00:03:31 +00:00
fix some highlighting issues 2020-05-01 20:02:21 +00:00			```shell-session# by quoting argument
elaborate on shell interpolation and examples 2019-05-20 14:06:15 +00:00			`$ nomad alloc exec eb17e557 /bin/sh -c 'echo $NOMAD_ALLOC_ID'`
			`eb17e557-443e-4c51-c049-5bba7a9850bc`

			`$ # by using heredoc and passing command in stdin`
			`$ nomad alloc exec eb17e557 /bin/sh <<'EOF'`
			`> echo $NOMAD_ALLOC_ID`
			`> EOF`
			`eb17e557-443e-4c51-c049-5bba7a9850bc`
			```

			`This technique applies when aiming to run a shell pipeline without streaming`
			`intermediate command output across the network:`

fix some highlighting issues 2020-05-01 20:02:21 +00:00			```shell-session# e.g. find top appearing lines in some output
elaborate on shell interpolation and examples 2019-05-20 14:06:15 +00:00			`$ nomad alloc exec eb17e557 /bin/sh -c 'cat /output \| sort \| uniq -c \| sort -rn \| head -n 5'`
Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00			`...`
elaborate on shell interpolation and examples 2019-05-20 14:06:15 +00:00			```

Document `nomad exec` command 2019-05-13 00:03:31 +00:00			`## Using Job ID instead of Allocation ID`

			Setting the `-job` flag causes a random allocation of the specified job to be
			`selected.`

Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00			```plaintext
Document `nomad exec` command 2019-05-13 00:03:31 +00:00			`nomad alloc exec -job <job-id> <command> [<args>...]`
			```

address review feedback 2019-05-17 17:39:09 +00:00			`Choosing a specific allocation is useful for debugging issues with a specific`
			instance of a service. For other operations using the `-job` flag may be more
			`convenient than looking up an allocation ID to use.`
link to flag from alloc exec doc 2019-06-04 18:37:56 +00:00
			`## Disabling remote execution`

new website :sparkles: 2020-02-06 23:45:31 +00:00			`alloc exec` is enabled by default to aid with debugging. Operators can disable
Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00			the feature by setting [`disable_remote_exec` client config
			`option][disable_remote_exec_flag] on all clients, or a subset of clients that`
			`run sensitive workloads.`
syntax fix; add example for alloc exec -task 2019-08-09 14:16:45 +00:00
			`## Exec targeting a specific task`

Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00			When trying to `alloc exec` for a job that has more than one task associated
			`with it, you may want to target a specific task.`
syntax fix; add example for alloc exec -task 2019-08-09 14:16:45 +00:00
fix shell-session snippet error 2020-05-18 20:53:06 +00:00			```shell-session
syntax fix; add example for alloc exec -task 2019-08-09 14:16:45 +00:00			`# open a shell session in one of your allocation's tasks`
			`$ nomad alloc exec -i -t -task mytask a1827f93 /bin/bash`
Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00			`a1827f93$`
syntax fix; add example for alloc exec -task 2019-08-09 14:16:45 +00:00			```
Fixup for command section of website * changed list indicator from * -> - * moved in-text links to reference links * made commands `plaintext` * made command examples `console` * rewrapped text 2019-10-22 13:44:00 +00:00
			`[heredoc]: http://tldp.org/LDP/abs/html/here-docs.html`
new website :sparkles: 2020-02-06 23:45:31 +00:00			`[disable_remote_exec_flag]: /docs/configuration/client#disable_remote_exec`