Learn the HashiCorp Enterprise Stack 
»Isolated Fork/Exec Driver
Name: exec
The exec driver is used to simply execute a particular command for a task.
However, unlike raw_exec it uses the underlying isolation
primitives of the operating system to limit the task's access to resources. While
simple, since the exec driver can invoke any command, it can be used to call
scripts or other wrappers which provide higher level features.
»Task Configuration
task "webservice" {
driver = "exec"
config {
command = "my-binary"
args = ["-flag", "1"]
}
}
The exec driver supports the following configuration in the job spec:
command- The command to execute. Must be provided. If executing a binary that exists on the host, the path must be absolute and within the task's chroot. If executing a binary that is downloaded from anartifact, the path can be relative from the allocations's root directory.args- (Optional) A list of arguments to thecommand. References to environment variables or any interpretable Nomad variables will be interpreted before launching the task.
»Examples
To run a binary present on the Node:
task "example" {
driver = "exec"
config {
# When running a binary that exists on the host, the path must be absolute.
command = "/bin/sleep"
args = ["1"]
}
}
To execute a binary downloaded from an
artifact:
task "example" {
driver = "exec"
config {
command = "name-of-my-binary"
}
artifact {
source = "https://internal.file.server/name-of-my-binary"
options {
checksum = "sha256:abd123445ds4555555555"
}
}
}
»Capabilities
The exec driver implements the following capabilities.
| Feature | Implementation |
|---|---|
nomad alloc signal | true |
nomad alloc exec | true |
| filesystem isolation | chroot |
| network isolation | host, group |
| volume mounting | all |
»Client Requirements
The exec driver can only be run when on Linux and running Nomad as root.
exec is limited to this configuration because currently isolation of resources
is only guaranteed on Linux. Further, the host must have cgroups mounted properly
in order for the driver to work.
If you are receiving the error:
* Constraint "missing drivers" filtered <> nodes
and using the exec driver, check to ensure that you are running Nomad as root. This also applies for running Nomad in -dev mode.
»Plugin Options
no_pivot_root- Defaults tofalse. Whentrue, the driver useschrootfor file system isolation withoutpivot_root. This is useful for systems where the root is on a ramdisk.
»Client Attributes
The exec driver will set the following client attributes:
driver.exec- This will be set to "1", indicating the driver is available.
»Resource Isolation
The resource isolation provided varies by the operating system of the client and the configuration.
On Linux, Nomad will use cgroups, and a chroot to isolate the resources of a process and as such the Nomad agent must be run as root.
»Chroot
The chroot is populated with data in the following directories from the host machine:
[
"/bin",
"/etc",
"/lib",
"/lib32",
"/lib64",
"/run/resolvconf",
"/sbin",
"/usr",
]
The task's chroot is populated by linking or copying the data from the host into the chroot. Note that this can take considerable disk space. Since Nomad v0.5.3, the client manages garbage collection locally which mitigates any issue this may create.
This list is configurable through the agent client configuration file.