github.com/Ilhicas/nomad@v1.0.4-0.20210304152020-e86851182bc3/website/content/docs/drivers/raw_exec.mdx (about)

     1  ---
     2  layout: docs
     3  page_title: 'Drivers: Raw Exec'
     4  sidebar_title: Raw Fork/Exec
     5  description: The Raw Exec task driver simply fork/execs and provides no isolation.
     6  ---
     7  
     8  # Raw Fork/Exec Driver
     9  
    10  Name: `raw_exec`
    11  
    12  The `raw_exec` driver is used to execute a command for a task without any
    13  isolation. Further, the task is started as the same user as the Nomad process.
    14  As such, it should be used with extreme care and is disabled by default.
    15  
    16  ## Task Configuration
    17  
    18  ```hcl
    19  task "webservice" {
    20    driver = "raw_exec"
    21  
    22    config {
    23      command = "my-binary"
    24      args    = ["-flag", "1"]
    25    }
    26  }
    27  ```
    28  
    29  The `raw_exec` driver supports the following configuration in the job spec:
    30  
    31  - `command` - The command to execute. Must be provided. If executing a binary
    32    that exists on the host, the path must be absolute. If executing a binary that
    33    is downloaded from an [`artifact`](/docs/job-specification/artifact), the
    34    path can be relative from the allocation's root directory.
    35  
    36  - `args` - (Optional) A list of arguments to the `command`. References
    37    to environment variables or any [interpretable Nomad
    38    variables](/docs/runtime/interpolation) will be interpreted before
    39    launching the task.
    40  
    41  ## Examples
    42  
    43  To run a binary present on the Node:
    44  
    45  ```
    46  task "example" {
    47    driver = "raw_exec"
    48  
    49    config {
    50      # When running a binary that exists on the host, the path must be absolute/
    51      command = "/bin/sleep"
    52      args    = ["1"]
    53    }
    54  }
    55  ```
    56  
    57  To execute a binary downloaded from an [`artifact`](/docs/job-specification/artifact):
    58  
    59  ```
    60  task "example" {
    61    driver = "raw_exec"
    62  
    63    config {
    64      command = "name-of-my-binary"
    65    }
    66  
    67    artifact {
    68      source = "https://internal.file.server/name-of-my-binary"
    69      options {
    70        checksum = "sha256:abd123445ds4555555555"
    71      }
    72    }
    73  }
    74  ```
    75  
    76  ## Capabilities
    77  
    78  The `raw_exec` driver implements the following [capabilities](/docs/internals/plugins/task-drivers#capabilities-capabilities-error).
    79  
    80  | Feature              | Implementation |
    81  | -------------------- | -------------- |
    82  | `nomad alloc signal` | true           |
    83  | `nomad alloc exec`   | true           |
    84  | filesystem isolation | none           |
    85  | network isolation    | host, group    |
    86  | volume mounting      | none           |
    87  
    88  ## Client Requirements
    89  
    90  The `raw_exec` driver can run on all supported operating systems. For security
    91  reasons, it is disabled by default. To enable raw exec, the Nomad client
    92  configuration must explicitly enable the `raw_exec` driver in the plugin's options:
    93  
    94  ```
    95  plugin "raw_exec" {
    96    config {
    97      enabled = true
    98    }
    99  }
   100  ```
   101  
   102  Nomad versions before v0.9 use the following client configuration. This configuration is
   103  also supported in Nomad v0.9.0, but is deprecated in favor of the plugin stanza:
   104  
   105  ```
   106  client {
   107    options = {
   108      "driver.raw_exec.enable" = "1"
   109    }
   110  }
   111  ```
   112  
   113  ## Plugin Options
   114  
   115  - `enabled` - Specifies whether the driver should be enabled or disabled.
   116    Defaults to `false`.
   117  
   118  - `no_cgroups` - Specifies whether the driver should not use
   119    cgroups to manage the process group launched by the driver. By default,
   120    cgroups are used to manage the process tree to ensure full cleanup of all
   121    processes started by the task. The driver uses cgroups by default on
   122    Linux and when `/sys/fs/cgroup/freezer/nomad` is writable for the
   123    Nomad process. Using a cgroup significantly reduces Nomad's CPU
   124    usage when collecting process metrics.
   125  
   126  ## Client Options
   127  
   128  ~> Note: client configuration options will soon be deprecated. Please use
   129  [plugin options][plugin-options] instead. See the [plugin stanza][plugin-stanza] documentation for more information.
   130  
   131  - `driver.raw_exec.enable` - Specifies whether the driver should be enabled or
   132    disabled. Defaults to `false`.
   133  
   134  - `driver.raw_exec.no_cgroups` - Specifies whether the driver should not use
   135    cgroups to manage the process group launched by the driver. By default,
   136    cgroups are used to manage the process tree to ensure full cleanup of all
   137    processes started by the task. The driver only uses cgroups when Nomad is
   138    launched as root, on Linux and when cgroups are detected.
   139  
   140  ## Client Attributes
   141  
   142  The `raw_exec` driver will set the following client attributes:
   143  
   144  - `driver.raw_exec` - This will be set to "1", indicating the driver is available.
   145  
   146  ## Resource Isolation
   147  
   148  The `raw_exec` driver provides no isolation.
   149  
   150  If the launched process creates a new process group, it is possible that Nomad
   151  will leak processes on shutdown unless the application forwards signals
   152  properly. Nomad will not leak any processes if cgroups are being used to manage
   153  the process tree. Cgroups are used on Linux when Nomad is being run with
   154  appropriate privileges, the cgroup system is mounted and the operator hasn't
   155  disabled cgroups for the driver.
   156  
   157  [plugin-options]: #plugin-options
   158  [plugin-stanza]: /docs/configuration/plugin