github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/website/content/docs/drivers/raw_exec.mdx (about)

     1  ---
     2  layout: docs
     3  page_title: 'Drivers: Raw Exec'
     4  description: The Raw Exec task driver simply fork/execs and provides no isolation.
     5  ---
     6  
     7  # Raw Fork/Exec Driver
     8  
     9  Name: `raw_exec`
    10  
    11  The `raw_exec` driver is used to execute a command for a task without any
    12  isolation. Further, the task is started as the same user as the Nomad process.
    13  As such, it should be used with extreme care and is disabled by default.
    14  
    15  ## Task Configuration
    16  
    17  ```hcl
    18  task "webservice" {
    19    driver = "raw_exec"
    20  
    21    config {
    22      command = "my-binary"
    23      args    = ["-flag", "1"]
    24    }
    25  }
    26  ```
    27  
    28  The `raw_exec` driver supports the following configuration in the job spec:
    29  
    30  - `command` - The command to execute. Must be provided. If executing a binary
    31    that exists on the host, the path must be absolute. If executing a binary that
    32    is downloaded from an [`artifact`](/docs/job-specification/artifact), the
    33    path can be relative from the allocation's root directory.
    34  
    35  - `args` - (Optional) A list of arguments to the `command`. References
    36    to environment variables or any [interpretable Nomad
    37    variables](/docs/runtime/interpolation) will be interpreted before
    38    launching the task.
    39  
    40  ## Examples
    41  
    42  To run a binary present on the Node:
    43  
    44  ```
    45  task "example" {
    46    driver = "raw_exec"
    47  
    48    config {
    49      # When running a binary that exists on the host, the path must be absolute/
    50      command = "/bin/sleep"
    51      args    = ["1"]
    52    }
    53  }
    54  ```
    55  
    56  To execute a binary downloaded from an [`artifact`](/docs/job-specification/artifact):
    57  
    58  ```
    59  task "example" {
    60    driver = "raw_exec"
    61  
    62    config {
    63      command = "name-of-my-binary"
    64    }
    65  
    66    artifact {
    67      source = "https://internal.file.server/name-of-my-binary"
    68      options {
    69        checksum = "sha256:abd123445ds4555555555"
    70      }
    71    }
    72  }
    73  ```
    74  
    75  ## Capabilities
    76  
    77  The `raw_exec` driver implements the following [capabilities](/docs/concepts/plugins/task-drivers#capabilities-capabilities-error).
    78  
    79  | Feature              | Implementation |
    80  | -------------------- | -------------- |
    81  | `nomad alloc signal` | true           |
    82  | `nomad alloc exec`   | true           |
    83  | filesystem isolation | none           |
    84  | network isolation    | host, group    |
    85  | volume mounting      | none           |
    86  
    87  ## Client Requirements
    88  
    89  The `raw_exec` driver can run on all supported operating systems. For security
    90  reasons, it is disabled by default. To enable raw exec, the Nomad client
    91  configuration must explicitly enable the `raw_exec` driver in the plugin's options:
    92  
    93  ```
    94  plugin "raw_exec" {
    95    config {
    96      enabled = true
    97    }
    98  }
    99  ```
   100  
   101  Nomad versions before v0.9 use the following client configuration. This configuration is
   102  also supported in Nomad v0.9.0, but is deprecated in favor of the plugin stanza:
   103  
   104  ```
   105  client {
   106    options = {
   107      "driver.raw_exec.enable" = "1"
   108    }
   109  }
   110  ```
   111  
   112  ## Plugin Options
   113  
   114  - `enabled` - Specifies whether the driver should be enabled or disabled.
   115    Defaults to `false`.
   116  
   117  - `no_cgroups` - Specifies whether the driver should not use
   118    cgroups to manage the process group launched by the driver. By default,
   119    cgroups are used to manage the process tree to ensure full cleanup of all
   120    processes started by the task. The driver uses cgroups by default on
   121    Linux and when `/sys/fs/cgroup/freezer/nomad` is writable for the
   122    Nomad process. Using a cgroup significantly reduces Nomad's CPU
   123    usage when collecting process metrics.
   124  
   125  ## Client Options
   126  
   127  ~> Note: client configuration options will soon be deprecated. Please use
   128  [plugin options][plugin-options] instead. See the [plugin stanza][plugin-stanza] documentation for more information.
   129  
   130  - `driver.raw_exec.enable` - Specifies whether the driver should be enabled or
   131    disabled. Defaults to `false`.
   132  
   133  - `driver.raw_exec.no_cgroups` - Specifies whether the driver should not use
   134    cgroups to manage the process group launched by the driver. By default,
   135    cgroups are used to manage the process tree to ensure full cleanup of all
   136    processes started by the task. The driver only uses cgroups when Nomad is
   137    launched as root, on Linux and when cgroups are detected.
   138  
   139  ## Client Attributes
   140  
   141  The `raw_exec` driver will set the following client attributes:
   142  
   143  - `driver.raw_exec` - This will be set to "1", indicating the driver is available.
   144  
   145  ## Resource Isolation
   146  
   147  The `raw_exec` driver provides no isolation.
   148  
   149  If the launched process creates a new process group, it is possible that Nomad
   150  will leak processes on shutdown unless the application forwards signals
   151  properly. Nomad will not leak any processes if cgroups are being used to manage
   152  the process tree. Cgroups are used on Linux when Nomad is being run with
   153  appropriate privileges, the cgroup system is mounted and the operator hasn't
   154  disabled cgroups for the driver.
   155  
   156  [plugin-options]: #plugin-options
   157  [plugin-stanza]: /docs/configuration/plugin