HashiCorp Developer AI Private beta now available Sign up today
Nomad
Nomad Home

You are viewing documentation for version v1.0.x. View latest version.

Command: job run

Alias: nomad run

The job run command is used to submit new jobs to Nomad or to update existing jobs. Job files must conform to the job specification format.

Usage

nomad job run [options] <job file>

The job run command requires a single argument, specifying the path to a file containing a valid job specification. This file will be read and the job will be submitted to Nomad for scheduling. If the supplied path is "-", the job file is read from STDIN. Otherwise it is read from the file at the supplied path or downloaded and read from URL specified. Nomad downloads the job file using go-getter and supports go-getter syntax.

By default, on successful job submission the run command will enter an interactive monitor and display log information detailing the scheduling decisions and placement information for the provided job. The monitor will exit after scheduling has finished or failed.

On successful job submission and scheduling, exit code 0 will be returned. If there are job placement issues encountered (unsatisfiable constraints, resource exhaustion, etc), then the exit code will be 2. Any other errors, including client connection issues or internal errors, are indicated by exit code 1.

If the job has specified the region, the -region flag and $NOMAD_REGION environment variable are overridden and the job's region is used.

The run command will set the consul_token of the job based on the following precedence, going from highest to lowest: the -consul-token flag, the $CONSUL_HTTP_TOKEN environment variable and finally the value in the job file.

The run command will set the vault_token of the job based on the following precedence, going from highest to lowest: the -vault-token flag, the $VAULT_TOKEN environment variable and finally the value in the job file.

When ACLs are enabled, this command requires a token with the submit-job capability for the job's namespace. Jobs that mount CSI volumes require a token with the csi-mount-volume capability for the volume's namespace. Jobs that mount host volumes require a token with the host_volume capability for that volume.

General Options

  • -address=<addr>: The address of the Nomad server. Overrides the NOMAD_ADDR environment variable if set. Defaults to http://127.0.0.1:4646.

  • -region=<region>: The region of the Nomad server to forward commands to. Overrides the NOMAD_REGION environment variable if set. Defaults to the Agent's local region.

  • -namespace=<namespace>: The target namespace for queries and actions bound to a namespace. Overrides the NOMAD_NAMESPACE environment variable if set. If set to '*', job and alloc subcommands query all namespacecs authorized to user. Defaults to the "default" namespace.

  • -no-color: Disables colored command output. Alternatively, NOMAD_CLI_NO_COLOR may be set.

  • -ca-cert=<path>: Path to a PEM encoded CA cert file to use to verify the Nomad server SSL certificate. Overrides the NOMAD_CACERT environment variable if set.

  • -ca-path=<path>: Path to a directory of PEM encoded CA cert files to verify the Nomad server SSL certificate. If both -ca-cert and -ca-path are specified, -ca-cert is used. Overrides the NOMAD_CAPATH environment variable if set.

  • -client-cert=<path>: Path to a PEM encoded client certificate for TLS authentication to the Nomad server. Must also specify -client-key. Overrides the NOMAD_CLIENT_CERT environment variable if set.

  • -client-key=<path>: Path to an unencrypted PEM encoded private key matching the client certificate from -client-cert. Overrides the NOMAD_CLIENT_KEY environment variable if set.

  • -tls-server-name=<value>: The server name to use as the SNI host when connecting via TLS. Overrides the NOMAD_TLS_SERVER_NAME environment variable if set.

  • -tls-skip-verify: Do not verify TLS certificate. This is highly not recommended. Verification will also be skipped if NOMAD_SKIP_VERIFY is set.

  • -token: The SecretID of an ACL token to use to authenticate API requests with. Overrides the NOMAD_TOKEN environment variable if set.

Run Options

  • -check-index: If set, the job is only registered or updated if the passed job modify index matches the server side version. If a check-index value of zero is passed, the job is only registered if it does not yet exist. If a non-zero value is passed, it ensures that the job is being updated from a known state. The use of this flag is most common in conjunction with job plan command.

  • -detach: Return immediately instead of monitoring. A new evaluation ID will be output, which can be used to examine the evaluation using the eval status command.

  • -output: Output the JSON that would be submitted to the HTTP API without submitting the job.

  • -policy-override: Sets the flag to force override any soft mandatory Sentinel policies.

  • -preserve-counts: If set, the existing task group counts will be preserved when updating a job.

  • -consul-token: If set, the passed Consul token is stored in the job before sending to the Nomad servers. This allows passing the Consul token without storing it in the job file. This overrides the token found in the $CONSUL_HTTP_TOKEN environment variable and that found in the job.

  • -vault-token: If set, the passed Vault token is stored in the job before sending to the Nomad servers. This allows passing the Vault token without storing it in the job file. This overrides the token found in the $VAULT_TOKEN environment variable and that found in the job.

  • -hcl1: If set, HCL1 parser is used for parsing the job spec.

  • -verbose: Show full information.

Examples

Schedule the job contained in the file job1.nomad, monitoring placement:

$ nomad job run job1.nomad
==> Monitoring evaluation "52dee78a"
    Evaluation triggered by job "example"
    Evaluation within deployment: "62eb607c"
    Allocation "5e0b39f0" created: node "3e84d3d2", group "group1"
    Allocation "5e0b39f0" status changed: "pending" -> "running"
    Evaluation status changed: "pending" -> "complete"
==> Evaluation "52dee78a" finished with status "complete"
Update the job using `check-index`:
$ nomad job run -check-index 5 example.nomad
Enforcing job modify index 5: job exists with conflicting job modify index: 6
Job not updated

$ nomad job run -check-index 6 example.nomad
==> Monitoring evaluation "5ef16dff"
    Evaluation triggered by job "example"
    Evaluation within deployment: "62eb607c"
    Allocation "6ec7d16f" modified: node "6e1f9bf6", group "cache"
    Evaluation status changed: "pending" -> "complete"
==> Evaluation "5ef16dff" finished with status "complete"

Schedule the job contained in job1.nomad and return immediately:

$ nomad job run -detach job1.nomad
Job registration successful
Evaluation ID: e18819c1-b83d-dc17-5e7b-b6f264990283

Schedule a job which cannot be successfully placed. This results in a scheduling failure and the specifics of the placement are printed:

$ nomad job run failing.nomad
==> Monitoring evaluation "2ae0e6a5"
    Evaluation triggered by job "example"
    Evaluation status changed: "pending" -> "complete"
==> Evaluation "2ae0e6a5" finished with status "complete" but failed to place all allocations:
    Task Group "cache" (failed to place 1 allocation):
      * Class "foo" filtered 1 nodes
      * Constraint "${attr.kernel.name} = linux" filtered 1 nodes
    Evaluation "67493a64" waiting for additional capacity to place remainder