2018-06-11 20:33:18 +00:00
|
|
|
package consul
|
2017-02-01 00:43:57 +00:00
|
|
|
|
|
|
|
import (
|
2017-08-07 22:54:05 +00:00
|
|
|
"github.com/hashicorp/nomad/command/agent/consul"
|
2019-11-27 21:41:45 +00:00
|
|
|
"github.com/hashicorp/nomad/nomad/structs"
|
2017-02-01 00:43:57 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// ConsulServiceAPI is the interface the Nomad Client uses to register and
|
2020-03-30 19:26:48 +00:00
|
|
|
// remove services and checks from Consul.
|
2020-03-27 20:07:55 +00:00
|
|
|
//
|
|
|
|
// ACL requirements
|
|
|
|
// - service:write
|
2017-02-01 00:43:57 +00:00
|
|
|
type ConsulServiceAPI interface {
|
2019-11-27 21:41:45 +00:00
|
|
|
// RegisterWorkload with Consul. Adds all service entries and checks to Consul.
|
2019-11-18 18:04:01 +00:00
|
|
|
RegisterWorkload(*consul.WorkloadServices) error
|
2019-11-27 21:41:45 +00:00
|
|
|
|
|
|
|
// RemoveWorkload from Consul. Removes all service entries and checks.
|
2019-11-18 18:04:01 +00:00
|
|
|
RemoveWorkload(*consul.WorkloadServices)
|
2019-11-27 21:41:45 +00:00
|
|
|
|
|
|
|
// UpdateWorkload in Consul. Does not alter the service if only checks have
|
|
|
|
// changed.
|
2019-11-18 18:04:01 +00:00
|
|
|
UpdateWorkload(old, newTask *consul.WorkloadServices) error
|
2019-11-27 21:41:45 +00:00
|
|
|
|
|
|
|
// AllocRegistrations returns the registrations for the given allocation.
|
2017-08-07 22:54:05 +00:00
|
|
|
AllocRegistrations(allocID string) (*consul.AllocRegistration, error)
|
2019-11-27 21:41:45 +00:00
|
|
|
|
|
|
|
// UpdateTTL is used to update the TTL of a check.
|
support script checks for task group services (#6197)
In Nomad prior to Consul Connect, all Consul checks work the same
except for Script checks. Because the Task being checked is running in
its own container namespaces, the check is executed by Nomad in the
Task's context. If the Script check passes, Nomad uses the TTL check
feature of Consul to update the check status. This means in order to
run a Script check, we need to know what Task to execute it in.
To support Consul Connect, we need Group Services, and these need to
be registered in Consul along with their checks. We could push the
Service down into the Task, but this doesn't work if someone wants to
associate a service with a task's ports, but do script checks in
another task in the allocation.
Because Nomad is handling the Script check and not Consul anyways,
this moves the script check handling into the task runner so that the
task runner can own the script check's configuration and
lifecycle. This will allow us to pass the group service check
configuration down into a task without associating the service itself
with the task.
When tasks are checked for script checks, we walk back through their
task group to see if there are script checks associated with the
task. If so, we'll spin off script check tasklets for them. The
group-level service and any restart behaviors it needs are entirely
encapsulated within the group service hook.
2019-09-03 19:09:04 +00:00
|
|
|
UpdateTTL(id, output, status string) error
|
2017-02-01 00:43:57 +00:00
|
|
|
}
|
2019-11-27 21:41:45 +00:00
|
|
|
|
|
|
|
// TokenDeriverFunc takes an allocation and a set of tasks and derives a
|
|
|
|
// service identity token for each. Requests go through nomad server.
|
|
|
|
type TokenDeriverFunc func(*structs.Allocation, []string) (map[string]string, error)
|
|
|
|
|
|
|
|
// ServiceIdentityAPI is the interface the Nomad Client uses to request Consul
|
|
|
|
// Service Identity tokens through Nomad Server.
|
2020-03-27 20:07:55 +00:00
|
|
|
//
|
|
|
|
// ACL requirements
|
|
|
|
// - acl:write (used by Server only)
|
2019-11-27 21:41:45 +00:00
|
|
|
type ServiceIdentityAPI interface {
|
|
|
|
// DeriveSITokens contacts the nomad server and requests consul service
|
|
|
|
// identity tokens be generated for tasks in the allocation.
|
|
|
|
DeriveSITokens(alloc *structs.Allocation, tasks []string) (map[string]string, error)
|
|
|
|
}
|