open-nomad/website/content/docs/commands/job/plan.mdx

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

264 lines
9 KiB
Plaintext
Raw Normal View History

2016-06-17 00:23:49 +00:00
---
2020-02-06 23:45:31 +00:00
layout: docs
page_title: 'Commands: job plan'
description: |
2018-03-22 17:56:06 +00:00
The job plan command is used to dry-run a job update to determine its effects.
2016-06-17 00:23:49 +00:00
---
2018-03-22 17:56:06 +00:00
# Command: job plan
2018-03-22 18:09:26 +00:00
**Alias: `nomad plan`**
2016-06-17 00:23:49 +00:00
The `job plan` command can be used to invoke the scheduler in a dry-run mode
with new jobs or when updating existing jobs to determine what would happen if
the job is submitted. Job files must conform to the [job specification] format.
2016-06-17 00:23:49 +00:00
## Usage
```plaintext
2018-03-22 17:56:06 +00:00
nomad job plan [options] <path>
2016-06-17 00:23:49 +00:00
```
2018-03-22 17:56:06 +00:00
The `job plan` command requires a single argument, specifying the path to a file
containing an HCL [job specification]. This file will be read and the resulting
parsed job will be validated. If the supplied path is "-", the job file is read
from STDIN. Otherwise it is read from the file at the supplied path or
downloaded and read from URL specified. Nomad downloads the job file using
[`go-getter`] and supports `go-getter` syntax.
2016-08-16 10:59:25 +00:00
2016-06-17 00:23:49 +00:00
Plan invokes a dry-run of the scheduler to determine the effects of submitting
either a new or updated version of a job. The plan will not result in any
changes to the cluster but gives insight into whether the job could be run
successfully and how it would affect existing allocations.
A job modify index is returned with the plan. This value can be used when
submitting the job using [`nomad job run -check-index`], which will check that
the job was not modified between the plan and run command before invoking the
2016-06-17 00:23:49 +00:00
scheduler. This ensures the job has not been modified since the plan.
A structured diff between the local and remote job is displayed to
give insight into what the scheduler will attempt to do and why.
If the job has specified the region, the `-region` flag and `NOMAD_REGION`
environment variable are overridden and the job's region is used.
2016-06-17 00:23:49 +00:00
2016-08-02 03:07:49 +00:00
Plan will return one of the following exit codes:
- 0: No allocations created or destroyed.
- 1: Allocations created or destroyed.
- 255: Error determining plan results.
2016-08-02 03:07:49 +00:00
The plan command will set the `vault_token` of the job based on the following
precedence, going from highest to lowest: the `-vault-token` flag, the
`$VAULT_TOKEN` environment variable and finally the value in the job file.
When ACLs are enabled, this command requires a token with the `submit-job`
capability for the job's namespace.
2016-06-17 00:23:49 +00:00
## General Options
2020-02-06 23:45:31 +00:00
@include 'general_options.mdx'
2016-06-17 00:23:49 +00:00
## Plan Options
- `-diff`: Determines whether the diff between the remote job and planned job is
2016-06-17 00:23:49 +00:00
shown. Defaults to true.
- `-policy-override`: Sets the flag to force override any soft mandatory
Sentinel policies.
2017-09-19 14:47:10 +00:00
- `-json`: Parses the job file as JSON. If the outer object has a Job field,
such as from "nomad job inspect" or "nomad run -output", the value of the
field is used as the job.
- `-hcl1`: If set, HCL1 parser is used for parsing the job spec.
- `-hcl2-strict`: Whether an error should be produced from the HCL2 parser where
a variable has been supplied which is not defined within the root variables.
Defaults to true.
- `-vault-token`: Used to validate if the user submitting the job has
permission to run the job according to its Vault policies. A Vault token must
be supplied if the [`vault` stanza `allow_unauthenticated`] is disabled in
the Nomad server configuration. If the `-vault-token` flag is set, the passed
Vault token is added to the jobspec before sending to the Nomad servers. This
allows passing the Vault token without storing it in the job file. This
overrides the token found in the `$VAULT_TOKEN` environment variable and the
[`vault_token`] field in the job file. This token is cleared from the job
after planning and cannot be used within the job executing environment. Use
the `vault` stanza when templating in a job with a Vault token.
- `-vault-namespace`: If set, the passed Vault namespace is stored in the job
before sending to the Nomad servers.
- `-var=<key=value>`: Variable for template, can be used multiple times.
- `-var-file=<path>`: Path to HCL2 file containing user variables.
- `-verbose`: Increase diff verbosity.
2016-06-17 00:23:49 +00:00
## Examples
Plan a new job that has not been previously submitted:
2020-05-18 20:53:06 +00:00
```shell-session
$ nomad job plan job1.nomad
2018-03-22 17:56:06 +00:00
nomad job plan example.nomad
2016-06-17 00:23:49 +00:00
+ Job: "example"
+ Task Group: "cache" (1 create)
+ Task: "redis" (forces create)
Scheduler dry-run:
- All tasks successfully allocated.
Job Modify Index: 0
To submit the job with version verification run:
2018-03-22 20:39:18 +00:00
nomad job run -check-index 0 example.nomad
2016-06-17 00:23:49 +00:00
When running the job with the check-index flag, the job will only be run if the
job modify index given matches the server-side version. If the index has
2016-06-17 00:23:49 +00:00
changed, another user has modified the job and the plan's results are
potentially invalid.
```
Increase the count of an existing without sufficient cluster capacity:
2020-05-18 20:53:06 +00:00
```shell-session
$ nomad job plan example.nomad
2016-06-17 00:23:49 +00:00
+/- Job: "example"
+/- Task Group: "cache" (7 create, 1 in-place update)
+/- Count: "1" => "8" (forces create)
Task: "redis"
Scheduler dry-run:
- WARNING: Failed to place all allocations.
Task Group "cache" (failed to place 3 allocations):
* Resources exhausted on 1 nodes
* Dimension "cpu" exhausted on 1 nodes
2016-06-17 00:23:49 +00:00
Job Modify Index: 15
To submit the job with version verification run:
2018-03-22 20:39:18 +00:00
nomad job run -check-index 15 example.nomad
2016-06-17 00:23:49 +00:00
When running the job with the check-index flag, the job will only be run if the
job modify index given matches the server-side version. If the index has
2016-06-17 00:23:49 +00:00
changed, another user has modified the job and the plan's results are
potentially invalid.
```
Update an existing job such that it would cause a rolling update:
2020-05-18 20:53:06 +00:00
```shell-session
$ nomad job plan example.nomad
2016-06-17 00:23:49 +00:00
+/- Job: "example"
+/- Task Group: "cache" (3 create/destroy update)
+/- Task: "redis" (forces create/destroy update)
+/- Config {
+/- image: "redis:2.8" => "redis:7"
2016-06-17 00:23:49 +00:00
port_map[0][db]: "6379"
}
Scheduler dry-run:
- All tasks successfully allocated.
- Rolling update, next evaluation will be in 10s.
Job Modify Index: 7
To submit the job with version verification run:
2018-03-22 20:39:18 +00:00
nomad job run -check-index 7 example.nomad
2016-06-17 00:23:49 +00:00
When running the job with the check-index flag, the job will only be run if the
job modify index given matches the server-side version. If the index has
2016-06-17 00:23:49 +00:00
changed, another user has modified the job and the plan's results are
potentially invalid.
```
Add a task to the task group using verbose mode:
2020-05-18 20:53:06 +00:00
```shell-session
$ nomad job plan -verbose example.nomad
2016-06-17 00:23:49 +00:00
+/- Job: "example"
+/- Task Group: "cache" (3 create/destroy update)
+ Task: "my-website" (forces create/destroy update)
+ Driver: "docker"
+ KillTimeout: "5000000000"
+ Config {
+ image: "node:6.2"
+ port_map[0][web]: "80"
}
+ Resources {
+ CPU: "500"
+ DiskMB: "300"
+ MemoryMB: "256"
+ Network {
+ MBits: "10"
+ Dynamic Port {
+ Label: "web"
}
}
}
+ LogConfig {
+ MaxFileSizeMB: "10"
+ MaxFiles: "10"
}
+ Service {
+ Name: "website"
+ PortLabel: "web"
+ Check {
Command: ""
+ Interval: "10000000000"
+ Name: "alive"
Path: ""
Protocol: ""
+ Timeout: "2000000000"
+ Type: "tcp"
}
}
Task: "redis"
Scheduler dry-run:
- All tasks successfully allocated.
- Rolling update, next evaluation will be in 10s.
Job Modify Index: 7
To submit the job with version verification run:
2018-03-22 20:39:18 +00:00
nomad job run -check-index 7 example.nomad
2016-06-17 00:23:49 +00:00
When running the job with the check-index flag, the job will only be run if the
job modify index given matches the server-side version. If the index has
2016-06-17 00:23:49 +00:00
changed, another user has modified the job and the plan's results are
potentially invalid.
```
When using the `nomad job plan` command in automated environments, such as
in CI/CD pipelines, it is useful to output the plan result for manual
validation and also store the check index on disk so it can be used later to
guarantee that a job deployment will match the expected changes described in
the plan result.
This can be done by parsing the command output and redirecting the index to a
file. For example, in Linux environments the [`tee`] command can be used for
this purpose:
```console
$ nomad job plan -no-color example.nomad | tee /dev/stderr | grep 'Job Modify Index:' | awk -F': ' '{ print $2 }' > check-index || true
```
The [`-no-color`](#no-color) flag prevents style characters from impacting
parsing. Colored output may be helpful when analyzing the plan result, so the
[`-force-color`](#force-color) flag can be used. This will affect how parsing
is done to avoid hidden control characters. Adding `|| true` at the end
prevents undesired failures since `nomad job plan` returns a non-zero exit code
if a change is detected.
2020-02-06 23:45:31 +00:00
[job specification]: /docs/job-specification
[hcl job specification]: /docs/job-specification
[`go-getter`]: https://github.com/hashicorp/go-getter
[`nomad job run -check-index`]: /docs/commands/job/run#check-index
[`tee`]: https://man7.org/linux/man-pages/man1/tee.1.html
[`vault` stanza `allow_unauthenticated`]: /docs/configuration/vault#allow_unauthenticated
[`vault_token`]: /docs/job-specification/job#vault_token