kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-02 08:25:43 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
65c7f34f2d4c92ffbb51646aacc264f8db33cc06
nomad/website/content/commands/alloc/exec.mdx
Aimee Ukasick 53b083b8c5 Docs: Nomad IA (#26063) 
* Move commands from docs to its own root-level directory

* temporarily use modified dev-portal branch with nomad ia changes

* explicitly clone nomad ia exp branch

* retrigger build, fixed dev-portal broken build

* architecture, concepts and get started individual pages

* fix get started section destinations

* reference section

* update repo comment in website-build.sh to show branch

* docs nav file update capitalization

* update capitalization to force deploy

* remove nomad-vs-kubernetes dir; move content to what is nomad pg

* job section

* Nomad operations category, deploy section

* operations category, govern section

* operations - manage

* operations/scale; concepts scheduling fix

* networking

* monitor

* secure section

* remote auth-methods folder and move up pages to sso; linkcheck

* Fix install2deploy redirects

* fix architecture redirects

* Job section: Add missing section index pages

* Add section index pages so breadcrumbs build correctly

* concepts/index fix front matter indentation

* move task driver plugin config to new deploy section

* Finish adding full URL to tutorials links in nav

* change SSO to Authentication in nav and file system

* Docs NomadIA: Move tutorials into NomadIA branch (#26132)

* Move governance and policy from tutorials to docs

* Move tutorials content to job-declare section

* run jobs section

* stateful workloads

* advanced job scheduling

* deploy section

* manage section

* monitor section

* secure/acl and secure/authorization

* fix example that contains an unseal key in real format

* remove images from sso-vault

* secure/traffic

* secure/workload-identities

* vault-acl change unseal key and root token in command output sample

* remove lines from sample output

* fix front matter

* move nomad pack tutorials to tools

* search/replace /nomad/tutorials links

* update acl overview with content from deleted architecture/acl

* fix spelling mistake

* linkcheck - fix broken links

* fix link to Nomad variables tutorial

* fix link to Prometheus tutorial

* move who uses Nomad to use cases page; move spec/config shortcuts

add dividers

* Move Consul out of Integrations; move namespaces to govern

* move integrations/vault to secure/vault; delete integrations

* move ref arch to docs; rename Deploy Nomad back to Install Nomad

* address feedback

* linkcheck fixes

* Fixed raw_exec redirect

* add info from /nomad/tutorials/manage-jobs/jobs

* update page content with newer tutorial

* link updates for architecture sub-folders

* Add redirects for removed section index pages. Fix links.

* fix broken links from linkcheck

* Revert to use dev-portal main branch instead of nomadIA branch

* build workaround: add intro-nav-data.json with single entry

* fix content-check error

* add intro directory to get around Vercel build error

* workound for emtpry directory

* remove mdx from /intro/ to fix content-check and git snafu

* Add intro index.mdx so Vercel build should work

---------

Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2025-07-08 19:24:52 -05:00

149 lines
4.9 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: 'nomad alloc exec command reference'
description: |
The `nomad alloc exec` runs a command inside a running task allocation, which is useful for debugging. Execute commands with or without an interactive shell inside the allocation.
---
# `nomad alloc exec` command reference
**Alias: `nomad exec`**
The `alloc exec` command runs a command in a running allocation.
## Usage
```plaintext
nomad alloc exec [options] <allocation> <command> [<args>...]
```
The nomad exec command can be used to run commands inside a running task/allocation.
Use cases are for inspecting container state, debugging a failed application
without needing ssh access into the node that's running the allocation.
This command executes the command in the given task in the allocation. If the
allocation is only running a single task, the task name can be omitted.
Optionally, the `-job` option may be used in which case a random allocation from
the given job will be chosen.
When ACLs are enabled, this command requires a token with the `alloc-exec`,
`read-job`, and `list-jobs` capabilities for the allocation's namespace. If
the task driver does not have file system isolation (as with `raw_exec`),
this command requires the `alloc-node-exec`, `read-job`, and `list-jobs`
capabilities for the allocation's namespace.
### Use Job ID instead of Allocation ID
Setting the `-job` flag causes a random allocation of the specified job to be
selected.
```plaintext
nomad alloc exec -job <job-id> <command> [<args>...]
```
Choosing a specific allocation is useful for debugging issues with a specific
instance of a service. For other operations using the `-job` flag may be more
convenient than looking up an allocation ID to use.
### Disable remote execution
`alloc exec` is enabled by default to aid with debugging. Operators can disable
the feature by setting [`disable_remote_exec` client config
option][disable_remote_exec_flag] on all clients, or a subset of clients that
run sensitive workloads.
### Exec targeting a specific task
When trying to `alloc exec` for a job that has more than one task associated
with it, you may want to target a specific task.
```shell-session
# open a shell session in one of your allocation's tasks
$ nomad alloc exec -i -t -task mytask a1827f93 /bin/bash
a1827f93$
```
## Options
- `-task=<task-name>`: Sets the task to exec command in.
- `-job=<job-name|job-id>`: Use a random allocation from the specified job or
job ID prefix, preferring a running allocation.
- `-group=<group-name>`: Specifies the task group where the task is located
when a random allocation is selected
- `-i`: Pass stdin to the container, defaults to true. Pass `-i=false` to
disable explicitly.
- `-t`: Allocate a pseudo-tty, defaults to true if stdin is detected to be a tty
session. Pass `-t=false` to disable explicitly.
- `-e` `<escape_char>`: Sets the escape character for sessions with a pty
(default: '~'). The escape character is only recognized at the beginning of a
line. The escape character followed by a dot ('.') closes the connection.
Setting the character to 'none' disables any escapes and makes the session
fully transparent.
## Examples
To start an interactive debugging session in a particular alloc, invoke exec
command with your desired shell available inside the task:
```shell-session
$ nomad alloc exec eb17e557 /bin/bash
root@eb17e557:/data# # now run any debugging commands inside container
root@eb17e557:/data# # ps -ef
```
To run a command and stream results without starting an interactive shell, you
can pass the command and its arguments to exec directly:
```shell-session
# run commands without starting an interactive session
$ nomad alloc exec eb17e557 cat /etc/resolv.conf
...
```
When passing command arguments to be evaluated in task, you may need to ensure
that your host shell doesn't interpolate values before invoking `exec` command.
For example, the following command would return the environment variable on
operator shell rather than task containers:
```shell-session
$ nomad alloc exec eb17e557 echo $NOMAD_ALLOC_ID # wrong
...
```
Here, we must start a shell in task to interpolate `$NOMAD_ALLOC_ID`, and quote
command or use the [heredoc syntax][heredoc]
```shell-session
# by quoting argument
$ nomad alloc exec eb17e557 /bin/sh -c 'echo $NOMAD_ALLOC_ID'
eb17e557-443e-4c51-c049-5bba7a9850bc
$ # by using heredoc and passing command in stdin
$ nomad alloc exec eb17e557 /bin/sh <<'EOF'
> echo $NOMAD_ALLOC_ID
> EOF
eb17e557-443e-4c51-c049-5bba7a9850bc
```
This technique applies when aiming to run a shell pipeline without streaming
intermediate command output across the network:
```shell-session
# e.g. find top appearing lines in some output
$ nomad alloc exec eb17e557 /bin/sh -c 'cat /output | sort | uniq -c | sort -rn | head -n 5'
...
```
## General options
@include 'general_options.mdx'
[heredoc]: http://tldp.org/LDP/abs/html/here-docs.html
[disable_remote_exec_flag]: /nomad/docs/configuration/client#disable_remote_exec
Reference in New Issue View Git Blame Copy Permalink