func (e *UniversalExecutor) Start() error { // Parse the commands arguments and replace instances of Nomad environment // variables. envVars, err := environment.ParseFromList(e.cmd.Env) if err != nil { return err } parsedPath, err := args.ParseAndReplace(e.cmd.Path, envVars.Map()) if err != nil { return err } else if len(parsedPath) != 1 { return fmt.Errorf("couldn't properly parse command path: %v", e.cmd.Path) } e.cmd.Path = parsedPath[0] combined := strings.Join(e.cmd.Args, " ") parsed, err := args.ParseAndReplace(combined, envVars.Map()) if err != nil { return err } e.Cmd.Args = parsed // We don't want to call ourself. We want to call Start on our embedded Cmd return e.cmd.Start() }
func (e *LinuxExecutor) Start() error { // Run as "nobody" user so we don't leak root privilege to the spawned // process. if err := e.runAs("nobody"); err == nil && e.user != nil { e.cmd.SetUID(e.user.Uid) e.cmd.SetGID(e.user.Gid) } // Parse the commands arguments and replace instances of Nomad environment // variables. envVars, err := environment.ParseFromList(e.Cmd.Env) if err != nil { return err } parsedPath, err := args.ParseAndReplace(e.cmd.Path, envVars.Map()) if err != nil { return err } else if len(parsedPath) != 1 { return fmt.Errorf("couldn't properly parse command path: %v", e.cmd.Path) } e.cmd.Path = parsedPath[0] combined := strings.Join(e.Cmd.Args, " ") parsed, err := args.ParseAndReplace(combined, envVars.Map()) if err != nil { return err } e.Cmd.Args = parsed spawnState := filepath.Join(e.allocDir, fmt.Sprintf("%s_%s", e.taskName, "exit_status")) e.spawn = spawn.NewSpawner(spawnState) e.spawn.SetCommand(&e.cmd.Cmd) e.spawn.SetChroot(e.taskDir) e.spawn.SetLogs(&spawn.Logs{ Stdout: filepath.Join(e.taskDir, allocdir.TaskLocal, fmt.Sprintf("%v.stdout", e.taskName)), Stderr: filepath.Join(e.taskDir, allocdir.TaskLocal, fmt.Sprintf("%v.stderr", e.taskName)), Stdin: os.DevNull, }) enterCgroup := func(pid int) error { // Join the spawn-daemon to the cgroup. manager := e.getCgroupManager(e.groups) // Apply will place the spawn dameon into the created cgroups. if err := manager.Apply(pid); err != nil { return fmt.Errorf("Failed to join spawn-daemon to the cgroup (%+v): %v", e.groups, err) } return nil } return e.spawn.Spawn(enterCgroup) }
func (e *LinuxExecutor) Start() error { // Run as "nobody" user so we don't leak root privilege to the // spawned process. if err := e.runAs("nobody"); err == nil && e.user != nil { e.cmd.SetUID(e.user.Uid) e.cmd.SetGID(e.user.Gid) } if e.alloc == nil { return errors.New("ConfigureTaskDir() must be called before Start()") } // Parse the commands arguments and replace instances of Nomad environment // variables. envVars, err := environment.ParseFromList(e.Cmd.Env) if err != nil { return err } combined := strings.Join(e.Cmd.Args, " ") parsed, err := args.ParseAndReplace(combined, envVars.Map()) if err != nil { return err } e.Cmd.Args = parsed return e.spawnDaemon() }
func (e *BasicExecutor) Start() error { // Parse the commands arguments and replace instances of Nomad environment // variables. envVars, err := environment.ParseFromList(e.cmd.Env) if err != nil { return err } e.cmd.Path = args.ReplaceEnv(e.cmd.Path, envVars.Map()) combined := strings.Join(e.cmd.Args, " ") parsed, err := args.ParseAndReplace(combined, envVars.Map()) if err != nil { return err } e.cmd.Args = parsed spawnState := filepath.Join(e.allocDir, fmt.Sprintf("%s_%s", e.taskName, "exit_status")) e.spawn = spawn.NewSpawner(spawnState) e.spawn.SetCommand(&e.cmd) e.spawn.SetLogs(&spawn.Logs{ Stdout: filepath.Join(e.taskDir, allocdir.TaskLocal, fmt.Sprintf("%v.stdout", e.taskName)), Stderr: filepath.Join(e.taskDir, allocdir.TaskLocal, fmt.Sprintf("%v.stderr", e.taskName)), Stdin: os.DevNull, }) return e.spawn.Spawn(nil) }
// Run an existing Rkt image. func (d *RktDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle, error) { // Validate that the config is valid. img, ok := task.Config["image"] if !ok || img == "" { return nil, fmt.Errorf("Missing ACI image for rkt") } // Get the tasks local directory. taskName := d.DriverContext.taskName taskDir, ok := ctx.AllocDir.TaskDirs[taskName] if !ok { return nil, fmt.Errorf("Could not find task directory for task: %v", d.DriverContext.taskName) } taskLocal := filepath.Join(taskDir, allocdir.TaskLocal) // Add the given trust prefix trust_prefix, trust_cmd := task.Config["trust_prefix"] if trust_cmd { var outBuf, errBuf bytes.Buffer cmd := exec.Command("rkt", "trust", fmt.Sprintf("--prefix=%s", trust_prefix)) cmd.Stdout = &outBuf cmd.Stderr = &errBuf if err := cmd.Run(); err != nil { return nil, fmt.Errorf("Error running rkt trust: %s\n\nOutput: %s\n\nError: %s", err, outBuf.String(), errBuf.String()) } d.logger.Printf("[DEBUG] driver.rkt: added trust prefix: %q", trust_prefix) } // Build the command. var cmd_args []string // Inject the environment variables. envVars := TaskEnvironmentVariables(ctx, task) // Clear the task directories as they are not currently supported. envVars.ClearTaskLocalDir() envVars.ClearAllocDir() for k, v := range envVars.Map() { cmd_args = append(cmd_args, fmt.Sprintf("--set-env=%v=%v", k, v)) } // Disble signature verification if the trust command was not run. if !trust_cmd { cmd_args = append(cmd_args, "--insecure-skip-verify") } // Append the run command. cmd_args = append(cmd_args, "run", "--mds-register=false", img) // Check if the user has overriden the exec command. if exec_cmd, ok := task.Config["command"]; ok { cmd_args = append(cmd_args, fmt.Sprintf("--exec=%v", exec_cmd)) } // Add user passed arguments. if userArgs, ok := task.Config["args"]; ok { parsed, err := args.ParseAndReplace(userArgs, envVars.Map()) if err != nil { return nil, err } // Need to start arguments with "--" if len(parsed) > 0 { cmd_args = append(cmd_args, "--") } for _, arg := range parsed { cmd_args = append(cmd_args, fmt.Sprintf("%v", arg)) } } // Create files to capture stdin and out. stdoutFilename := filepath.Join(taskLocal, fmt.Sprintf("%s.stdout", taskName)) stderrFilename := filepath.Join(taskLocal, fmt.Sprintf("%s.stderr", taskName)) stdo, err := os.OpenFile(stdoutFilename, os.O_CREATE|os.O_RDWR|os.O_APPEND, 0666) if err != nil { return nil, fmt.Errorf("Error opening file to redirect stdout: %v", err) } stde, err := os.OpenFile(stderrFilename, os.O_CREATE|os.O_RDWR|os.O_APPEND, 0666) if err != nil { return nil, fmt.Errorf("Error opening file to redirect stderr: %v", err) } cmd := exec.Command("rkt", cmd_args...) cmd.Stdout = stdo cmd.Stderr = stde if err := cmd.Start(); err != nil { return nil, fmt.Errorf("Error running rkt: %v", err) } d.logger.Printf("[DEBUG] driver.rkt: started ACI %q with: %v", img, cmd.Args) h := &rktHandle{ proc: cmd.Process, image: img, logger: d.logger, doneCh: make(chan struct{}), waitCh: make(chan error, 1), } go h.run() return h, nil }
// createContainer initializes a struct needed to call docker.client.CreateContainer() func (d *DockerDriver) createContainer(ctx *ExecContext, task *structs.Task) (docker.CreateContainerOptions, error) { var c docker.CreateContainerOptions if task.Resources == nil { d.logger.Printf("[ERR] driver.docker: task.Resources is empty") return c, fmt.Errorf("task.Resources is nil and we can't constrain resource usage. We shouldn't have been able to schedule this in the first place.") } binds, err := d.containerBinds(ctx.AllocDir, task) if err != nil { return c, err } hostConfig := &docker.HostConfig{ // Convert MB to bytes. This is an absolute value. // // This value represents the total amount of memory a process can use. // Swap is added to total memory and is managed by the OS, not docker. // Since this may cause other processes to swap and cause system // instability, we will simply not use swap. // // See: https://www.kernel.org/doc/Documentation/cgroups/memory.txt Memory: int64(task.Resources.MemoryMB) * 1024 * 1024, MemorySwap: -1, // Convert Mhz to shares. This is a relative value. // // There are two types of CPU limiters available: Shares and Quotas. A // Share allows a particular process to have a proportion of CPU time // relative to other processes; 1024 by default. A CPU Quota is enforced // over a Period of time and is a HARD limit on the amount of CPU time a // process can use. Processes with quotas cannot burst, while processes // with shares can, so we'll use shares. // // The simplest scale is 1 share to 1 MHz so 1024 = 1GHz. This means any // given process will have at least that amount of resources, but likely // more since it is (probably) rare that the machine will run at 100% // CPU. This scale will cease to work if a node is overprovisioned. // // See: // - https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt // - https://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt CPUShares: int64(task.Resources.CPU), // Binds are used to mount a host volume into the container. We mount a // local directory for storage and a shared alloc directory that can be // used to share data between different tasks in the same task group. Binds: binds, } d.logger.Printf("[DEBUG] driver.docker: using %d bytes memory for %s", hostConfig.Memory, task.Config["image"]) d.logger.Printf("[DEBUG] driver.docker: using %d cpu shares for %s", hostConfig.CPUShares, task.Config["image"]) d.logger.Printf("[DEBUG] driver.docker: binding directories %#v for %s", hostConfig.Binds, task.Config["image"]) // set privileged mode hostPrivileged, err := strconv.ParseBool(d.config.ReadDefault("docker.privileged.enabled", "false")) if err != nil { return c, fmt.Errorf("Unable to parse docker.privileged.enabled: %s", err) } if v, ok := task.Config["privileged"]; ok { taskPrivileged, err := strconv.ParseBool(v) if err != nil { return c, fmt.Errorf("Unable to parse boolean value from task config option 'privileged': %v", err) } if taskPrivileged && !hostPrivileged { return c, fmt.Errorf(`Unable to set privileged flag since "docker.privileged.enabled" is false`) } hostConfig.Privileged = taskPrivileged } // set DNS servers dns, ok := task.Config["dns-servers"] if ok && dns != "" { for _, v := range strings.Split(dns, ",") { ip := strings.TrimSpace(v) if net.ParseIP(ip) != nil { hostConfig.DNS = append(hostConfig.DNS, ip) } else { d.logger.Printf("[ERR] driver.docker: invalid ip address for container dns server: %s", ip) } } } // set DNS search domains dnsSearch, ok := task.Config["search-domains"] if ok && dnsSearch != "" { for _, v := range strings.Split(dnsSearch, ",") { hostConfig.DNSSearch = append(hostConfig.DNSSearch, strings.TrimSpace(v)) } } mode, ok := task.Config["network_mode"] if !ok || mode == "" { // docker default d.logger.Printf("[WARN] driver.docker: no mode specified for networking, defaulting to bridge") mode = "bridge" } // Ignore the container mode for now switch mode { case "default", "bridge", "none", "host": d.logger.Printf("[DEBUG] driver.docker: using %s as network mode", mode) default: d.logger.Printf("[ERR] driver.docker: invalid setting for network mode: %s", mode) return c, fmt.Errorf("Invalid setting for network mode: %s", mode) } hostConfig.NetworkMode = mode // Setup port mapping (equivalent to -p on docker CLI). Ports must already be // exposed in the container. if len(task.Resources.Networks) == 0 { d.logger.Print("[WARN] driver.docker: No networks are available for port mapping") } else { network := task.Resources.Networks[0] dockerPorts := map[docker.Port][]docker.PortBinding{} for _, port := range network.ListStaticPorts() { dockerPorts[docker.Port(strconv.Itoa(port)+"/tcp")] = []docker.PortBinding{docker.PortBinding{HostIP: network.IP, HostPort: strconv.Itoa(port)}} dockerPorts[docker.Port(strconv.Itoa(port)+"/udp")] = []docker.PortBinding{docker.PortBinding{HostIP: network.IP, HostPort: strconv.Itoa(port)}} d.logger.Printf("[DEBUG] driver.docker: allocated port %s:%d -> %d (static)\n", network.IP, port, port) } for label, port := range network.MapDynamicPorts() { // If the label is numeric we expect that there is a service // listening on that port inside the container. In this case we'll // setup a mapping from our random host port to the label port. // // Otherwise we'll setup a direct 1:1 mapping from the host port to // the container, and assume that the process inside will read the // environment variable and bind to the correct port. if _, err := strconv.Atoi(label); err == nil { dockerPorts[docker.Port(label+"/tcp")] = []docker.PortBinding{docker.PortBinding{HostIP: network.IP, HostPort: strconv.Itoa(port)}} dockerPorts[docker.Port(label+"/udp")] = []docker.PortBinding{docker.PortBinding{HostIP: network.IP, HostPort: strconv.Itoa(port)}} d.logger.Printf("[DEBUG] driver.docker: allocated port %s:%d -> %s (mapped)", network.IP, port, label) } else { dockerPorts[docker.Port(strconv.Itoa(port)+"/tcp")] = []docker.PortBinding{docker.PortBinding{HostIP: network.IP, HostPort: strconv.Itoa(port)}} dockerPorts[docker.Port(strconv.Itoa(port)+"/udp")] = []docker.PortBinding{docker.PortBinding{HostIP: network.IP, HostPort: strconv.Itoa(port)}} d.logger.Printf("[DEBUG] driver.docker: allocated port %s:%d -> %d for label %s\n", network.IP, port, port, label) } } hostConfig.PortBindings = dockerPorts } // Create environment variables. env := TaskEnvironmentVariables(ctx, task) env.SetAllocDir(filepath.Join("/", allocdir.SharedAllocName)) env.SetTaskLocalDir(filepath.Join("/", allocdir.TaskLocal)) config := &docker.Config{ Env: env.List(), Image: task.Config["image"], } rawArgs, hasArgs := task.Config["args"] parsedArgs, err := args.ParseAndReplace(rawArgs, env.Map()) if err != nil { return c, err } // If the user specified a custom command to run, we'll inject it here. if command, ok := task.Config["command"]; ok { cmd := []string{command} if hasArgs { cmd = append(cmd, parsedArgs...) } config.Cmd = cmd } else if hasArgs { d.logger.Println("[DEBUG] driver.docker: ignoring args because command not specified") } return docker.CreateContainerOptions{ Config: config, HostConfig: hostConfig, }, nil }
// createContainer initializes a struct needed to call docker.client.CreateContainer() func (d *DockerDriver) createContainer(ctx *ExecContext, task *structs.Task, driverConfig *DockerDriverConfig) (docker.CreateContainerOptions, error) { var c docker.CreateContainerOptions if task.Resources == nil { // Guard against missing resources. We should never have been able to // schedule a job without specifying this. d.logger.Println("[ERR] driver.docker: task.Resources is empty") return c, fmt.Errorf("task.Resources is empty") } binds, err := d.containerBinds(ctx.AllocDir, task) if err != nil { return c, err } // Create environment variables. env := TaskEnvironmentVariables(ctx, task) env.SetAllocDir(filepath.Join("/", allocdir.SharedAllocName)) env.SetTaskLocalDir(filepath.Join("/", allocdir.TaskLocal)) config := &docker.Config{ Image: driverConfig.ImageName, Hostname: driverConfig.Hostname, } hostConfig := &docker.HostConfig{ // Convert MB to bytes. This is an absolute value. // // This value represents the total amount of memory a process can use. // Swap is added to total memory and is managed by the OS, not docker. // Since this may cause other processes to swap and cause system // instability, we will simply not use swap. // // See: https://www.kernel.org/doc/Documentation/cgroups/memory.txt Memory: int64(task.Resources.MemoryMB) * 1024 * 1024, MemorySwap: -1, // Convert Mhz to shares. This is a relative value. // // There are two types of CPU limiters available: Shares and Quotas. A // Share allows a particular process to have a proportion of CPU time // relative to other processes; 1024 by default. A CPU Quota is enforced // over a Period of time and is a HARD limit on the amount of CPU time a // process can use. Processes with quotas cannot burst, while processes // with shares can, so we'll use shares. // // The simplest scale is 1 share to 1 MHz so 1024 = 1GHz. This means any // given process will have at least that amount of resources, but likely // more since it is (probably) rare that the machine will run at 100% // CPU. This scale will cease to work if a node is overprovisioned. // // See: // - https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt // - https://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt CPUShares: int64(task.Resources.CPU), // Binds are used to mount a host volume into the container. We mount a // local directory for storage and a shared alloc directory that can be // used to share data between different tasks in the same task group. Binds: binds, } d.logger.Printf("[DEBUG] driver.docker: using %d bytes memory for %s", hostConfig.Memory, task.Config["image"]) d.logger.Printf("[DEBUG] driver.docker: using %d cpu shares for %s", hostConfig.CPUShares, task.Config["image"]) d.logger.Printf("[DEBUG] driver.docker: binding directories %#v for %s", hostConfig.Binds, task.Config["image"]) // set privileged mode hostPrivileged := d.config.ReadBoolDefault("docker.privileged.enabled", false) if driverConfig.Privileged && !hostPrivileged { return c, fmt.Errorf(`Docker privileged mode is disabled on this Nomad agent`) } hostConfig.Privileged = hostPrivileged // set DNS servers for _, ip := range driverConfig.DNSServers { if net.ParseIP(ip) != nil { hostConfig.DNS = append(hostConfig.DNS, ip) } else { d.logger.Printf("[ERR] driver.docker: invalid ip address for container dns server: %s", ip) } } // set DNS search domains for _, domain := range driverConfig.DNSSearchDomains { hostConfig.DNSSearch = append(hostConfig.DNSSearch, domain) } hostConfig.NetworkMode = driverConfig.NetworkMode if hostConfig.NetworkMode == "" { // docker default d.logger.Println("[DEBUG] driver.docker: networking mode not specified; defaulting to bridge") hostConfig.NetworkMode = "bridge" } // Setup port mapping and exposed ports if len(task.Resources.Networks) == 0 { d.logger.Println("[DEBUG] driver.docker: No network interfaces are available") if len(driverConfig.PortMap) > 0 { return c, fmt.Errorf("Trying to map ports but no network interface is available") } } else { // TODO add support for more than one network network := task.Resources.Networks[0] publishedPorts := map[docker.Port][]docker.PortBinding{} exposedPorts := map[docker.Port]struct{}{} for _, port := range network.ReservedPorts { // By default we will map the allocated port 1:1 to the container containerPortInt := port.Value // If the user has mapped a port using port_map we'll change it here if mapped, ok := driverConfig.PortMap[port.Label]; ok { containerPortInt = mapped } hostPortStr := strconv.Itoa(port.Value) containerPort := docker.Port(strconv.Itoa(containerPortInt)) publishedPorts[containerPort+"/tcp"] = []docker.PortBinding{docker.PortBinding{HostIP: network.IP, HostPort: hostPortStr}} publishedPorts[containerPort+"/udp"] = []docker.PortBinding{docker.PortBinding{HostIP: network.IP, HostPort: hostPortStr}} d.logger.Printf("[DEBUG] driver.docker: allocated port %s:%d -> %d (static)", network.IP, port.Value, port.Value) exposedPorts[containerPort+"/tcp"] = struct{}{} exposedPorts[containerPort+"/udp"] = struct{}{} d.logger.Printf("[DEBUG] driver.docker: exposed port %d", port.Value) } for _, port := range network.DynamicPorts { // By default we will map the allocated port 1:1 to the container containerPortInt := port.Value // If the user has mapped a port using port_map we'll change it here if mapped, ok := driverConfig.PortMap[port.Label]; ok { containerPortInt = mapped } hostPortStr := strconv.Itoa(port.Value) containerPort := docker.Port(strconv.Itoa(containerPortInt)) publishedPorts[containerPort+"/tcp"] = []docker.PortBinding{docker.PortBinding{HostIP: network.IP, HostPort: hostPortStr}} publishedPorts[containerPort+"/udp"] = []docker.PortBinding{docker.PortBinding{HostIP: network.IP, HostPort: hostPortStr}} d.logger.Printf("[DEBUG] driver.docker: allocated port %s:%d -> %d (mapped)", network.IP, port.Value, containerPortInt) exposedPorts[containerPort+"/tcp"] = struct{}{} exposedPorts[containerPort+"/udp"] = struct{}{} d.logger.Printf("[DEBUG] driver.docker: exposed port %s", containerPort) } // This was set above in a call to TaskEnvironmentVariables but if we // have mapped any ports we will need to override them. // // TODO refactor the implementation in TaskEnvironmentVariables to match // the 0.2 ports world view. Docker seems to be the only place where // this is actually needed, but this is kinda hacky. if len(driverConfig.PortMap) > 0 { env.SetPorts(network.MapLabelToValues(driverConfig.PortMap)) } hostConfig.PortBindings = publishedPorts config.ExposedPorts = exposedPorts } parsedArgs := args.ParseAndReplace(driverConfig.Args, env.Map()) // If the user specified a custom command to run as their entrypoint, we'll // inject it here. if driverConfig.Command != "" { cmd := []string{driverConfig.Command} if len(driverConfig.Args) != 0 { cmd = append(cmd, parsedArgs...) } d.logger.Printf("[DEBUG] driver.docker: setting container startup command to: %s", strings.Join(cmd, " ")) config.Cmd = cmd } else if len(driverConfig.Args) != 0 { d.logger.Println("[DEBUG] driver.docker: ignoring command arguments because command is not specified") } if len(driverConfig.Labels) > 0 { config.Labels = driverConfig.Labels d.logger.Printf("[DEBUG] driver.docker: applied labels on the container: %+v", config.Labels) } config.Env = env.List() containerName := fmt.Sprintf("%s-%s", task.Name, ctx.AllocID) d.logger.Printf("[DEBUG] driver.docker: setting container name to: %s", containerName) return docker.CreateContainerOptions{ Name: containerName, Config: config, HostConfig: hostConfig, }, nil }
func (d *RawExecDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle, error) { // Get the command command, ok := task.Config["command"] if !ok || command == "" { return nil, fmt.Errorf("missing command for raw_exec driver") } // Get the tasks local directory. taskName := d.DriverContext.taskName taskDir, ok := ctx.AllocDir.TaskDirs[taskName] if !ok { return nil, fmt.Errorf("Could not find task directory for task: %v", d.DriverContext.taskName) } taskLocal := filepath.Join(taskDir, allocdir.TaskLocal) // Get the environment variables. envVars := TaskEnvironmentVariables(ctx, task) // Look for arguments var cmdArgs []string if argRaw, ok := task.Config["args"]; ok { parsed, err := args.ParseAndReplace(argRaw, envVars.Map()) if err != nil { return nil, err } cmdArgs = append(cmdArgs, parsed...) } // Setup the command cmd := exec.Command(command, cmdArgs...) cmd.Dir = taskDir cmd.Env = envVars.List() // Capture the stdout/stderr and redirect stdin to /dev/null stdoutFilename := filepath.Join(taskLocal, fmt.Sprintf("%s.stdout", taskName)) stderrFilename := filepath.Join(taskLocal, fmt.Sprintf("%s.stderr", taskName)) stdinFilename := unixNull if runtime.GOOS == "windows" { stdinFilename = windowsNull } stdo, err := os.OpenFile(stdoutFilename, os.O_CREATE|os.O_RDWR|os.O_APPEND, 0666) if err != nil { return nil, fmt.Errorf("Error opening file to redirect stdout: %v", err) } stde, err := os.OpenFile(stderrFilename, os.O_CREATE|os.O_RDWR|os.O_APPEND, 0666) if err != nil { return nil, fmt.Errorf("Error opening file to redirect stderr: %v", err) } stdi, err := os.OpenFile(stdinFilename, os.O_CREATE|os.O_RDONLY, 0666) if err != nil { return nil, fmt.Errorf("Error opening file to redirect stdin: %v", err) } cmd.Stdout = stdo cmd.Stderr = stde cmd.Stdin = stdi if err := cmd.Start(); err != nil { return nil, fmt.Errorf("failed to start command: %v", err) } // Return a driver handle h := &rawExecHandle{ proc: cmd.Process, doneCh: make(chan struct{}), waitCh: make(chan error, 1), } go h.run() return h, nil }