luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-nomad/client/fingerprint/consul.go

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

237 lines
6.7 KiB
Go
Raw Normal View History

[COMPLIANCE] Add Copyright and License Headers
2023-04-10 15:36:59 +00:00
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
Added basic consul functionality; currently hard-coded to a test instance
2015-08-28 10:26:23 +00:00
package fingerprint
import (
"fmt"
"strconv"
client: accommodate Consul 1.14.0 gRPC and agent self changes. (#15309) * client: accommodate Consul 1.14.0 gRPC and agent self changes. Consul 1.14.0 changed the way in which gRPC listeners are configured, particularly when using TLS. Prior to the change, a single listener was responsible for handling plain-text and encrypted gRPC requests. In 1.14.0 and beyond, separate listeners will be used for each, defaulting to 8502 and 8503 for plain-text and TLS respectively. The change means that Nomad’s Consul Connect integration would not work when integrated with Consul clusters using TLS and running 1.14.0 or greater. The Nomad Consul fingerprinter identifies the gRPC port Consul has exposed using the "DebugConfig.GRPCPort" value from Consul’s “/v1/agent/self” endpoint. In Consul 1.14.0 and greater, this only represents the plain-text gRPC port which is likely to be disbaled in clusters running TLS. In order to fix this issue, Nomad now takes into account the Consul version and configured scheme to optionally use “DebugConfig.GRPCTLSPort” value from Consul’s agent self return. The “consul_grcp_socket” allocrunner hook has also been updated so that the fingerprinted gRPC port attribute is passed in. This provides a better fallback method, when the operator does not configure the “consul.grpc_address” option. * docs: modify Consul Connect entries to detail 1.14.0 changes. * changelog: add entry for #15309 * fixup: tidy tests and clean version match from review feedback. * fixup: use strings tolower func.
2022-11-21 15:19:09 +00:00
"strings"
Added basic consul functionality; currently hard-coded to a test instance
2015-08-28 10:26:23 +00:00
"time"
consul: probe consul namespace feature before using namespace api This PR changes Nomad's wrapper around the Consul NamespaceAPI so that it will detect if the Consul Namespaces feature is enabled before making a request to the Namespaces API. Namespaces are not enabled in Consul OSS, and require a suitable license to be used with Consul ENT. Previously Nomad would check for a 404 status code when makeing a request to the Namespaces API to "detect" if Consul OSS was being used. This does not work for Consul ENT with Namespaces disabled, which returns a 500. Now we avoid requesting the namespace API altogether if Consul is detected to be the OSS sku, or if the Namespaces feature is not licensed. Since Consul can be upgraded from OSS to ENT, or a new license applied, we cache the value for 1 minute, refreshing on demand if expired. Fixes https://github.com/hashicorp/nomad-enterprise/issues/575 Note that the ticket originally describes using attributes from https://github.com/hashicorp/nomad/issues/10688. This turns out not to be possible due to a chicken-egg situation between bootstrapping the agent and setting up the consul client. Also fun: the Consul fingerprinter creates its own Consul client, because there is no [currently] no way to pass the agent's client through the fingerprint factory.
2021-06-07 15:54:33 +00:00
consulapi "github.com/hashicorp/consul/api"
client uses passed logger and fix fingerprinters
2018-09-16 00:48:59 +00:00
log "github.com/hashicorp/go-hclog"
client: accommodate Consul 1.14.0 gRPC and agent self changes. (#15309) * client: accommodate Consul 1.14.0 gRPC and agent self changes. Consul 1.14.0 changed the way in which gRPC listeners are configured, particularly when using TLS. Prior to the change, a single listener was responsible for handling plain-text and encrypted gRPC requests. In 1.14.0 and beyond, separate listeners will be used for each, defaulting to 8502 and 8503 for plain-text and TLS respectively. The change means that Nomad’s Consul Connect integration would not work when integrated with Consul clusters using TLS and running 1.14.0 or greater. The Nomad Consul fingerprinter identifies the gRPC port Consul has exposed using the "DebugConfig.GRPCPort" value from Consul’s “/v1/agent/self” endpoint. In Consul 1.14.0 and greater, this only represents the plain-text gRPC port which is likely to be disbaled in clusters running TLS. In order to fix this issue, Nomad now takes into account the Consul version and configured scheme to optionally use “DebugConfig.GRPCTLSPort” value from Consul’s agent self return. The “consul_grcp_socket” allocrunner hook has also been updated so that the fingerprinted gRPC port attribute is passed in. This provides a better fallback method, when the operator does not configure the “consul.grpc_address” option. * docs: modify Consul Connect entries to detail 1.14.0 changes. * changelog: add entry for #15309 * fixup: tidy tests and clean version match from review feedback. * fixup: use strings tolower func.
2022-11-21 15:19:09 +00:00
"github.com/hashicorp/go-version"
consul: probe consul namespace feature before using namespace api This PR changes Nomad's wrapper around the Consul NamespaceAPI so that it will detect if the Consul Namespaces feature is enabled before making a request to the Namespaces API. Namespaces are not enabled in Consul OSS, and require a suitable license to be used with Consul ENT. Previously Nomad would check for a 404 status code when makeing a request to the Namespaces API to "detect" if Consul OSS was being used. This does not work for Consul ENT with Namespaces disabled, which returns a 500. Now we avoid requesting the namespace API altogether if Consul is detected to be the OSS sku, or if the Namespaces feature is not licensed. Since Consul can be upgraded from OSS to ENT, or a new license applied, we cache the value for 1 minute, refreshing on demand if expired. Fixes https://github.com/hashicorp/nomad-enterprise/issues/575 Note that the ticket originally describes using attributes from https://github.com/hashicorp/nomad/issues/10688. This turns out not to be possible due to a chicken-egg situation between bootstrapping the agent and setting up the consul client. Also fun: the Consul fingerprinter creates its own Consul client, because there is no [currently] no way to pass the agent's client through the fingerprint factory.
2021-06-07 15:54:33 +00:00
agentconsul "github.com/hashicorp/nomad/command/agent/consul"
Added basic consul functionality; currently hard-coded to a test instance
2015-08-28 10:26:23 +00:00
)
Print consul debug messages only when the consul agent is available
2015-12-11 17:01:28 +00:00
const (
Renaming constants
2015-12-11 21:47:35 +00:00
consulAvailable = "available"
consulUnavailable = "unavailable"
Print consul debug messages only when the consul agent is available
2015-12-11 17:01:28 +00:00
)
client: accommodate Consul 1.14.0 gRPC and agent self changes. (#15309) * client: accommodate Consul 1.14.0 gRPC and agent self changes. Consul 1.14.0 changed the way in which gRPC listeners are configured, particularly when using TLS. Prior to the change, a single listener was responsible for handling plain-text and encrypted gRPC requests. In 1.14.0 and beyond, separate listeners will be used for each, defaulting to 8502 and 8503 for plain-text and TLS respectively. The change means that Nomad’s Consul Connect integration would not work when integrated with Consul clusters using TLS and running 1.14.0 or greater. The Nomad Consul fingerprinter identifies the gRPC port Consul has exposed using the "DebugConfig.GRPCPort" value from Consul’s “/v1/agent/self” endpoint. In Consul 1.14.0 and greater, this only represents the plain-text gRPC port which is likely to be disbaled in clusters running TLS. In order to fix this issue, Nomad now takes into account the Consul version and configured scheme to optionally use “DebugConfig.GRPCTLSPort” value from Consul’s agent self return. The “consul_grcp_socket” allocrunner hook has also been updated so that the fingerprinted gRPC port attribute is passed in. This provides a better fallback method, when the operator does not configure the “consul.grpc_address” option. * docs: modify Consul Connect entries to detail 1.14.0 changes. * changelog: add entry for #15309 * fixup: tidy tests and clean version match from review feedback. * fixup: use strings tolower func.
2022-11-21 15:19:09 +00:00
var (
// consulGRPCPortChangeVersion is the Consul version which made a breaking
// change to the way gRPC API listeners are created. This means Nomad must
// perform different fingerprinting depending on which version of Consul it
// is communicating with.
consulGRPCPortChangeVersion = version.Must(version.NewVersion("1.14.0"))
)
small fixes
2016-09-01 20:38:31 +00:00
// ConsulFingerprint is used to fingerprint for Consul
Added basic consul functionality; currently hard-coded to a test instance
2015-08-28 10:26:23 +00:00
type ConsulFingerprint struct {
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
logger log.Logger
consul: probe consul namespace feature before using namespace api This PR changes Nomad's wrapper around the Consul NamespaceAPI so that it will detect if the Consul Namespaces feature is enabled before making a request to the Namespaces API. Namespaces are not enabled in Consul OSS, and require a suitable license to be used with Consul ENT. Previously Nomad would check for a 404 status code when makeing a request to the Namespaces API to "detect" if Consul OSS was being used. This does not work for Consul ENT with Namespaces disabled, which returns a 500. Now we avoid requesting the namespace API altogether if Consul is detected to be the OSS sku, or if the Namespaces feature is not licensed. Since Consul can be upgraded from OSS to ENT, or a new license applied, we cache the value for 1 minute, refreshing on demand if expired. Fixes https://github.com/hashicorp/nomad-enterprise/issues/575 Note that the ticket originally describes using attributes from https://github.com/hashicorp/nomad/issues/10688. This turns out not to be possible due to a chicken-egg situation between bootstrapping the agent and setting up the consul client. Also fun: the Consul fingerprinter creates its own Consul client, because there is no [currently] no way to pass the agent's client through the fingerprint factory.
2021-06-07 15:54:33 +00:00
client *consulapi.Client
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
lastState string
extractors map[string]consulExtractor
Added basic consul functionality; currently hard-coded to a test instance
2015-08-28 10:26:23 +00:00
}
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
// consulExtractor is used to parse out one attribute from consulInfo. Returns
// the value of the attribute, and whether the attribute exists.
consul: probe consul namespace feature before using namespace api This PR changes Nomad's wrapper around the Consul NamespaceAPI so that it will detect if the Consul Namespaces feature is enabled before making a request to the Namespaces API. Namespaces are not enabled in Consul OSS, and require a suitable license to be used with Consul ENT. Previously Nomad would check for a 404 status code when makeing a request to the Namespaces API to "detect" if Consul OSS was being used. This does not work for Consul ENT with Namespaces disabled, which returns a 500. Now we avoid requesting the namespace API altogether if Consul is detected to be the OSS sku, or if the Namespaces feature is not licensed. Since Consul can be upgraded from OSS to ENT, or a new license applied, we cache the value for 1 minute, refreshing on demand if expired. Fixes https://github.com/hashicorp/nomad-enterprise/issues/575 Note that the ticket originally describes using attributes from https://github.com/hashicorp/nomad/issues/10688. This turns out not to be possible due to a chicken-egg situation between bootstrapping the agent and setting up the consul client. Also fun: the Consul fingerprinter creates its own Consul client, because there is no [currently] no way to pass the agent's client through the fingerprint factory.
2021-06-07 15:54:33 +00:00
type consulExtractor func(agentconsul.Self) (string, bool)
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
Fingerprint
2016-09-01 18:02:19 +00:00
// NewConsulFingerprint is used to create a Consul fingerprint
client uses passed logger and fix fingerprinters
2018-09-16 00:48:59 +00:00
func NewConsulFingerprint(logger log.Logger) Fingerprint {
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
return &ConsulFingerprint{
logger: logger.Named("consul"),
lastState: consulUnavailable,
}
Added basic consul functionality; currently hard-coded to a test instance
2015-08-28 10:26:23 +00:00
}
client: Move fingerprint structs to pkg This removes a cyclical dependency when importing client/structs from dependencies of the plugin_loader, specifically, drivers. Due to client/config also depending on the plugin_loader. It also better reflects the ownership of fingerprint structs, as they are fairly internal to the fingerprint manager.
2018-12-01 16:10:39 +00:00
func (f *ConsulFingerprint) Fingerprint(req *FingerprintRequest, resp *FingerprintResponse) error {
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
// establish consul client if necessary
if err := f.initialize(req); err != nil {
return err
}
// query consul for agent self api
info := f.query(resp)
if len(info) == 0 {
// unable to reach consul, nothing to do this time
return nil
}
// apply the extractor for each attribute
for attr, extractor := range f.extractors {
if s, ok := extractor(info); !ok {
f.logger.Warn("unable to fingerprint consul", "attribute", attr)
} else {
resp.AddAttribute(attr, s)
}
}
// create link for consul
f.link(resp)
// indicate Consul is now available
if f.lastState == consulUnavailable {
f.logger.Info("consul agent is available")
}
f.lastState = consulAvailable
resp.Detected = true
return nil
}
func (f *ConsulFingerprint) Periodic() (bool, time.Duration) {
return true, 15 * time.Second
}
func (f *ConsulFingerprint) initialize(req *FingerprintRequest) error {
// Only create the Consul client once to avoid creating many connections
Fingerprinter only creates one consul client
2015-11-22 21:42:06 +00:00
if f.client == nil {
refactor Fingerprint to request/response construct
2018-01-24 14:09:53 +00:00
consulConfig, err := req.Config.ConsulConfig.ApiConfig()
Fingerprinter only creates one consul client
2015-11-22 21:42:06 +00:00
if err != nil {
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
return fmt.Errorf("failed to initialize Consul client config: %v", err)
Fingerprinter only creates one consul client
2015-11-22 21:42:06 +00:00
}
Added basic consul functionality; currently hard-coded to a test instance
2015-08-28 10:26:23 +00:00
consul: probe consul namespace feature before using namespace api This PR changes Nomad's wrapper around the Consul NamespaceAPI so that it will detect if the Consul Namespaces feature is enabled before making a request to the Namespaces API. Namespaces are not enabled in Consul OSS, and require a suitable license to be used with Consul ENT. Previously Nomad would check for a 404 status code when makeing a request to the Namespaces API to "detect" if Consul OSS was being used. This does not work for Consul ENT with Namespaces disabled, which returns a 500. Now we avoid requesting the namespace API altogether if Consul is detected to be the OSS sku, or if the Namespaces feature is not licensed. Since Consul can be upgraded from OSS to ENT, or a new license applied, we cache the value for 1 minute, refreshing on demand if expired. Fixes https://github.com/hashicorp/nomad-enterprise/issues/575 Note that the ticket originally describes using attributes from https://github.com/hashicorp/nomad/issues/10688. This turns out not to be possible due to a chicken-egg situation between bootstrapping the agent and setting up the consul client. Also fun: the Consul fingerprinter creates its own Consul client, because there is no [currently] no way to pass the agent's client through the fingerprint factory.
2021-06-07 15:54:33 +00:00
f.client, err = consulapi.NewClient(consulConfig)
Fingerprinter only creates one consul client
2015-11-22 21:42:06 +00:00
if err != nil {
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
return fmt.Errorf("failed to initialize Consul client: %s", err)
}
f.extractors = map[string]consulExtractor{
client/fingerprint/consul: add new attributes to consul fingerprinter This PR adds new probes for detecting these new Consul related attributes: Consul namespaces are a Consul enterprise feature that may be disabled depending on the enterprise license associated with the Consul servers. Having this attribute available will enable Nomad to properly decide whether to query the Consul Namespace API. Consul connect must be explicitly enabled before Connect APIs will work. Currently Nomad only checks for a minimum Consul version. Having this attribute available will enable Nomad to properly schedule Connect tasks only on nodes with a Consul agent that has Connect enabled. Consul connect requires the grpc port to be explicitly set before Connect APIs will work. Currently Nomad only checks for a minimal Consul version. Having this attribute available will enable Nomad to schedule Connect tasks only on nodes with a Consul agent that has the grpc listener enabled.
2021-06-03 17:38:43 +00:00
"consul.server": f.server,
"consul.version": f.version,
"consul.sku": f.sku,
"consul.revision": f.revision,
"unique.consul.name": f.name,
"consul.datacenter": f.dc,
"consul.segment": f.segment,
"consul.connect": f.connect,
client: accommodate Consul 1.14.0 gRPC and agent self changes. (#15309) * client: accommodate Consul 1.14.0 gRPC and agent self changes. Consul 1.14.0 changed the way in which gRPC listeners are configured, particularly when using TLS. Prior to the change, a single listener was responsible for handling plain-text and encrypted gRPC requests. In 1.14.0 and beyond, separate listeners will be used for each, defaulting to 8502 and 8503 for plain-text and TLS respectively. The change means that Nomad’s Consul Connect integration would not work when integrated with Consul clusters using TLS and running 1.14.0 or greater. The Nomad Consul fingerprinter identifies the gRPC port Consul has exposed using the "DebugConfig.GRPCPort" value from Consul’s “/v1/agent/self” endpoint. In Consul 1.14.0 and greater, this only represents the plain-text gRPC port which is likely to be disbaled in clusters running TLS. In order to fix this issue, Nomad now takes into account the Consul version and configured scheme to optionally use “DebugConfig.GRPCTLSPort” value from Consul’s agent self return. The “consul_grcp_socket” allocrunner hook has also been updated so that the fingerprinted gRPC port attribute is passed in. This provides a better fallback method, when the operator does not configure the “consul.grpc_address” option. * docs: modify Consul Connect entries to detail 1.14.0 changes. * changelog: add entry for #15309 * fixup: tidy tests and clean version match from review feedback. * fixup: use strings tolower func.
2022-11-21 15:19:09 +00:00
"consul.grpc": f.grpc(consulConfig.Scheme),
client/fingerprint/consul: add new attributes to consul fingerprinter This PR adds new probes for detecting these new Consul related attributes: Consul namespaces are a Consul enterprise feature that may be disabled depending on the enterprise license associated with the Consul servers. Having this attribute available will enable Nomad to properly decide whether to query the Consul Namespace API. Consul connect must be explicitly enabled before Connect APIs will work. Currently Nomad only checks for a minimum Consul version. Having this attribute available will enable Nomad to properly schedule Connect tasks only on nodes with a Consul agent that has Connect enabled. Consul connect requires the grpc port to be explicitly set before Connect APIs will work. Currently Nomad only checks for a minimal Consul version. Having this attribute available will enable Nomad to schedule Connect tasks only on nodes with a Consul agent that has the grpc listener enabled.
2021-06-03 17:38:43 +00:00
"consul.ft.namespaces": f.namespaces,
Fingerprinter only creates one consul client
2015-11-22 21:42:06 +00:00
}
Added basic consul functionality; currently hard-coded to a test instance
2015-08-28 10:26:23 +00:00
}
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
return nil
}
consul: probe consul namespace feature before using namespace api This PR changes Nomad's wrapper around the Consul NamespaceAPI so that it will detect if the Consul Namespaces feature is enabled before making a request to the Namespaces API. Namespaces are not enabled in Consul OSS, and require a suitable license to be used with Consul ENT. Previously Nomad would check for a 404 status code when makeing a request to the Namespaces API to "detect" if Consul OSS was being used. This does not work for Consul ENT with Namespaces disabled, which returns a 500. Now we avoid requesting the namespace API altogether if Consul is detected to be the OSS sku, or if the Namespaces feature is not licensed. Since Consul can be upgraded from OSS to ENT, or a new license applied, we cache the value for 1 minute, refreshing on demand if expired. Fixes https://github.com/hashicorp/nomad-enterprise/issues/575 Note that the ticket originally describes using attributes from https://github.com/hashicorp/nomad/issues/10688. This turns out not to be possible due to a chicken-egg situation between bootstrapping the agent and setting up the consul client. Also fun: the Consul fingerprinter creates its own Consul client, because there is no [currently] no way to pass the agent's client through the fingerprint factory.
2021-06-07 15:54:33 +00:00
func (f *ConsulFingerprint) query(resp *FingerprintResponse) agentconsul.Self {
Made consul fingerprinter configurable
2015-09-01 02:56:25 +00:00
// We'll try to detect consul by making a query to to the agent's self API.
// If we can't hit this URL consul is probably not running on this machine.
Fingerprinter only creates one consul client
2015-11-22 21:42:06 +00:00
info, err := f.client.Agent().Self()
Added basic consul functionality; currently hard-coded to a test instance
2015-08-28 10:26:23 +00:00
if err != nil {
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
// indicate consul no longer available
Renaming constants
2015-12-11 21:47:35 +00:00
if f.lastState == consulAvailable {
client uses passed logger and fix fingerprinters
2018-09-16 00:48:59 +00:00
f.logger.Info("consul agent is unavailable")
Print consul debug messages only when the consul agent is available
2015-12-11 17:01:28 +00:00
}
Renaming constants
2015-12-11 21:47:35 +00:00
f.lastState = consulUnavailable
refactor Fingerprint to request/response construct
2018-01-24 14:09:53 +00:00
return nil
Added basic consul functionality; currently hard-coded to a test instance
2015-08-28 10:26:23 +00:00
}
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
return info
}
Added basic consul functionality; currently hard-coded to a test instance
2015-08-28 10:26:23 +00:00
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
func (f *ConsulFingerprint) link(resp *FingerprintResponse) {
add applicable boolean to fingerprint response public fields and remove getter functions
2018-01-30 17:57:37 +00:00
if dc, ok := resp.Attributes["consul.datacenter"]; ok {
if name, ok2 := resp.Attributes["unique.consul.name"]; ok2 {
resp.AddLink("consul", fmt.Sprintf("%s.%s", dc, name))
}
Don't panic on unexpeced Consul response Fixes #3326
2017-10-12 01:25:54 +00:00
} else {
client uses passed logger and fix fingerprinters
2018-09-16 00:48:59 +00:00
f.logger.Warn("malformed Consul response prevented linking")
Don't panic on unexpeced Consul response Fixes #3326
2017-10-12 01:25:54 +00:00
}
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
}
Add consul data to node.Links
2015-08-28 10:35:44 +00:00
consul: probe consul namespace feature before using namespace api This PR changes Nomad's wrapper around the Consul NamespaceAPI so that it will detect if the Consul Namespaces feature is enabled before making a request to the Namespaces API. Namespaces are not enabled in Consul OSS, and require a suitable license to be used with Consul ENT. Previously Nomad would check for a 404 status code when makeing a request to the Namespaces API to "detect" if Consul OSS was being used. This does not work for Consul ENT with Namespaces disabled, which returns a 500. Now we avoid requesting the namespace API altogether if Consul is detected to be the OSS sku, or if the Namespaces feature is not licensed. Since Consul can be upgraded from OSS to ENT, or a new license applied, we cache the value for 1 minute, refreshing on demand if expired. Fixes https://github.com/hashicorp/nomad-enterprise/issues/575 Note that the ticket originally describes using attributes from https://github.com/hashicorp/nomad/issues/10688. This turns out not to be possible due to a chicken-egg situation between bootstrapping the agent and setting up the consul client. Also fun: the Consul fingerprinter creates its own Consul client, because there is no [currently] no way to pass the agent's client through the fingerprint factory.
2021-06-07 15:54:33 +00:00
func (f *ConsulFingerprint) server(info agentconsul.Self) (string, bool) {
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
s, ok := info["Config"]["Server"].(bool)
return strconv.FormatBool(s), ok
}
consul: probe consul namespace feature before using namespace api This PR changes Nomad's wrapper around the Consul NamespaceAPI so that it will detect if the Consul Namespaces feature is enabled before making a request to the Namespaces API. Namespaces are not enabled in Consul OSS, and require a suitable license to be used with Consul ENT. Previously Nomad would check for a 404 status code when makeing a request to the Namespaces API to "detect" if Consul OSS was being used. This does not work for Consul ENT with Namespaces disabled, which returns a 500. Now we avoid requesting the namespace API altogether if Consul is detected to be the OSS sku, or if the Namespaces feature is not licensed. Since Consul can be upgraded from OSS to ENT, or a new license applied, we cache the value for 1 minute, refreshing on demand if expired. Fixes https://github.com/hashicorp/nomad-enterprise/issues/575 Note that the ticket originally describes using attributes from https://github.com/hashicorp/nomad/issues/10688. This turns out not to be possible due to a chicken-egg situation between bootstrapping the agent and setting up the consul client. Also fun: the Consul fingerprinter creates its own Consul client, because there is no [currently] no way to pass the agent's client through the fingerprint factory.
2021-06-07 15:54:33 +00:00
func (f *ConsulFingerprint) version(info agentconsul.Self) (string, bool) {
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
v, ok := info["Config"]["Version"].(string)
return v, ok
}
consul: probe consul namespace feature before using namespace api This PR changes Nomad's wrapper around the Consul NamespaceAPI so that it will detect if the Consul Namespaces feature is enabled before making a request to the Namespaces API. Namespaces are not enabled in Consul OSS, and require a suitable license to be used with Consul ENT. Previously Nomad would check for a 404 status code when makeing a request to the Namespaces API to "detect" if Consul OSS was being used. This does not work for Consul ENT with Namespaces disabled, which returns a 500. Now we avoid requesting the namespace API altogether if Consul is detected to be the OSS sku, or if the Namespaces feature is not licensed. Since Consul can be upgraded from OSS to ENT, or a new license applied, we cache the value for 1 minute, refreshing on demand if expired. Fixes https://github.com/hashicorp/nomad-enterprise/issues/575 Note that the ticket originally describes using attributes from https://github.com/hashicorp/nomad/issues/10688. This turns out not to be possible due to a chicken-egg situation between bootstrapping the agent and setting up the consul client. Also fun: the Consul fingerprinter creates its own Consul client, because there is no [currently] no way to pass the agent's client through the fingerprint factory.
2021-06-07 15:54:33 +00:00
func (f *ConsulFingerprint) sku(info agentconsul.Self) (string, bool) {
return agentconsul.SKU(info)
Added basic consul functionality; currently hard-coded to a test instance
2015-08-28 10:26:23 +00:00
}
Merge fix
2015-11-05 21:46:02 +00:00
consul: probe consul namespace feature before using namespace api This PR changes Nomad's wrapper around the Consul NamespaceAPI so that it will detect if the Consul Namespaces feature is enabled before making a request to the Namespaces API. Namespaces are not enabled in Consul OSS, and require a suitable license to be used with Consul ENT. Previously Nomad would check for a 404 status code when makeing a request to the Namespaces API to "detect" if Consul OSS was being used. This does not work for Consul ENT with Namespaces disabled, which returns a 500. Now we avoid requesting the namespace API altogether if Consul is detected to be the OSS sku, or if the Namespaces feature is not licensed. Since Consul can be upgraded from OSS to ENT, or a new license applied, we cache the value for 1 minute, refreshing on demand if expired. Fixes https://github.com/hashicorp/nomad-enterprise/issues/575 Note that the ticket originally describes using attributes from https://github.com/hashicorp/nomad/issues/10688. This turns out not to be possible due to a chicken-egg situation between bootstrapping the agent and setting up the consul client. Also fun: the Consul fingerprinter creates its own Consul client, because there is no [currently] no way to pass the agent's client through the fingerprint factory.
2021-06-07 15:54:33 +00:00
func (f *ConsulFingerprint) revision(info agentconsul.Self) (string, bool) {
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
r, ok := info["Config"]["Revision"].(string)
return r, ok
remove attributes from periodic fingerprints when state changes write test for client periodic fingerprinters
2018-01-26 19:31:37 +00:00
}
consul: probe consul namespace feature before using namespace api This PR changes Nomad's wrapper around the Consul NamespaceAPI so that it will detect if the Consul Namespaces feature is enabled before making a request to the Namespaces API. Namespaces are not enabled in Consul OSS, and require a suitable license to be used with Consul ENT. Previously Nomad would check for a 404 status code when makeing a request to the Namespaces API to "detect" if Consul OSS was being used. This does not work for Consul ENT with Namespaces disabled, which returns a 500. Now we avoid requesting the namespace API altogether if Consul is detected to be the OSS sku, or if the Namespaces feature is not licensed. Since Consul can be upgraded from OSS to ENT, or a new license applied, we cache the value for 1 minute, refreshing on demand if expired. Fixes https://github.com/hashicorp/nomad-enterprise/issues/575 Note that the ticket originally describes using attributes from https://github.com/hashicorp/nomad/issues/10688. This turns out not to be possible due to a chicken-egg situation between bootstrapping the agent and setting up the consul client. Also fun: the Consul fingerprinter creates its own Consul client, because there is no [currently] no way to pass the agent's client through the fingerprint factory.
2021-06-07 15:54:33 +00:00
func (f *ConsulFingerprint) name(info agentconsul.Self) (string, bool) {
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
n, ok := info["Config"]["NodeName"].(string)
return n, ok
}
consul: probe consul namespace feature before using namespace api This PR changes Nomad's wrapper around the Consul NamespaceAPI so that it will detect if the Consul Namespaces feature is enabled before making a request to the Namespaces API. Namespaces are not enabled in Consul OSS, and require a suitable license to be used with Consul ENT. Previously Nomad would check for a 404 status code when makeing a request to the Namespaces API to "detect" if Consul OSS was being used. This does not work for Consul ENT with Namespaces disabled, which returns a 500. Now we avoid requesting the namespace API altogether if Consul is detected to be the OSS sku, or if the Namespaces feature is not licensed. Since Consul can be upgraded from OSS to ENT, or a new license applied, we cache the value for 1 minute, refreshing on demand if expired. Fixes https://github.com/hashicorp/nomad-enterprise/issues/575 Note that the ticket originally describes using attributes from https://github.com/hashicorp/nomad/issues/10688. This turns out not to be possible due to a chicken-egg situation between bootstrapping the agent and setting up the consul client. Also fun: the Consul fingerprinter creates its own Consul client, because there is no [currently] no way to pass the agent's client through the fingerprint factory.
2021-06-07 15:54:33 +00:00
func (f *ConsulFingerprint) dc(info agentconsul.Self) (string, bool) {
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
d, ok := info["Config"]["Datacenter"].(string)
return d, ok
}
consul: probe consul namespace feature before using namespace api This PR changes Nomad's wrapper around the Consul NamespaceAPI so that it will detect if the Consul Namespaces feature is enabled before making a request to the Namespaces API. Namespaces are not enabled in Consul OSS, and require a suitable license to be used with Consul ENT. Previously Nomad would check for a 404 status code when makeing a request to the Namespaces API to "detect" if Consul OSS was being used. This does not work for Consul ENT with Namespaces disabled, which returns a 500. Now we avoid requesting the namespace API altogether if Consul is detected to be the OSS sku, or if the Namespaces feature is not licensed. Since Consul can be upgraded from OSS to ENT, or a new license applied, we cache the value for 1 minute, refreshing on demand if expired. Fixes https://github.com/hashicorp/nomad-enterprise/issues/575 Note that the ticket originally describes using attributes from https://github.com/hashicorp/nomad/issues/10688. This turns out not to be possible due to a chicken-egg situation between bootstrapping the agent and setting up the consul client. Also fun: the Consul fingerprinter creates its own Consul client, because there is no [currently] no way to pass the agent's client through the fingerprint factory.
2021-06-07 15:54:33 +00:00
func (f *ConsulFingerprint) segment(info agentconsul.Self) (string, bool) {
client/fingerprint/consul: refactor the consul fingerprinter to test individual attributes This PR refactors the ConsulFingerprint implementation, breaking individual attributes into individual functions to make testing them easier. This is in preparation for additional extractors about to be added. Behavior should be otherwise unchanged. It adds the attribute consul.sku, which can be used to differentiate between Consul OSS vs Consul ENT.
2021-06-03 15:28:48 +00:00
tags, tagsOK := info["Member"]["Tags"].(map[string]interface{})
if !tagsOK {
return "", false
}
s, ok := tags["segment"].(string)
return s, ok
Merge fix
2015-11-05 21:46:02 +00:00
}
client/fingerprint/consul: add new attributes to consul fingerprinter This PR adds new probes for detecting these new Consul related attributes: Consul namespaces are a Consul enterprise feature that may be disabled depending on the enterprise license associated with the Consul servers. Having this attribute available will enable Nomad to properly decide whether to query the Consul Namespace API. Consul connect must be explicitly enabled before Connect APIs will work. Currently Nomad only checks for a minimum Consul version. Having this attribute available will enable Nomad to properly schedule Connect tasks only on nodes with a Consul agent that has Connect enabled. Consul connect requires the grpc port to be explicitly set before Connect APIs will work. Currently Nomad only checks for a minimal Consul version. Having this attribute available will enable Nomad to schedule Connect tasks only on nodes with a Consul agent that has the grpc listener enabled.
2021-06-03 17:38:43 +00:00
consul: probe consul namespace feature before using namespace api This PR changes Nomad's wrapper around the Consul NamespaceAPI so that it will detect if the Consul Namespaces feature is enabled before making a request to the Namespaces API. Namespaces are not enabled in Consul OSS, and require a suitable license to be used with Consul ENT. Previously Nomad would check for a 404 status code when makeing a request to the Namespaces API to "detect" if Consul OSS was being used. This does not work for Consul ENT with Namespaces disabled, which returns a 500. Now we avoid requesting the namespace API altogether if Consul is detected to be the OSS sku, or if the Namespaces feature is not licensed. Since Consul can be upgraded from OSS to ENT, or a new license applied, we cache the value for 1 minute, refreshing on demand if expired. Fixes https://github.com/hashicorp/nomad-enterprise/issues/575 Note that the ticket originally describes using attributes from https://github.com/hashicorp/nomad/issues/10688. This turns out not to be possible due to a chicken-egg situation between bootstrapping the agent and setting up the consul client. Also fun: the Consul fingerprinter creates its own Consul client, because there is no [currently] no way to pass the agent's client through the fingerprint factory.
2021-06-07 15:54:33 +00:00
func (f *ConsulFingerprint) connect(info agentconsul.Self) (string, bool) {
client/fingerprint/consul: add new attributes to consul fingerprinter This PR adds new probes for detecting these new Consul related attributes: Consul namespaces are a Consul enterprise feature that may be disabled depending on the enterprise license associated with the Consul servers. Having this attribute available will enable Nomad to properly decide whether to query the Consul Namespace API. Consul connect must be explicitly enabled before Connect APIs will work. Currently Nomad only checks for a minimum Consul version. Having this attribute available will enable Nomad to properly schedule Connect tasks only on nodes with a Consul agent that has Connect enabled. Consul connect requires the grpc port to be explicitly set before Connect APIs will work. Currently Nomad only checks for a minimal Consul version. Having this attribute available will enable Nomad to schedule Connect tasks only on nodes with a Consul agent that has the grpc listener enabled.
2021-06-03 17:38:43 +00:00
c, ok := info["DebugConfig"]["ConnectEnabled"].(bool)
return strconv.FormatBool(c), ok
}
client: accommodate Consul 1.14.0 gRPC and agent self changes. (#15309) * client: accommodate Consul 1.14.0 gRPC and agent self changes. Consul 1.14.0 changed the way in which gRPC listeners are configured, particularly when using TLS. Prior to the change, a single listener was responsible for handling plain-text and encrypted gRPC requests. In 1.14.0 and beyond, separate listeners will be used for each, defaulting to 8502 and 8503 for plain-text and TLS respectively. The change means that Nomad’s Consul Connect integration would not work when integrated with Consul clusters using TLS and running 1.14.0 or greater. The Nomad Consul fingerprinter identifies the gRPC port Consul has exposed using the "DebugConfig.GRPCPort" value from Consul’s “/v1/agent/self” endpoint. In Consul 1.14.0 and greater, this only represents the plain-text gRPC port which is likely to be disbaled in clusters running TLS. In order to fix this issue, Nomad now takes into account the Consul version and configured scheme to optionally use “DebugConfig.GRPCTLSPort” value from Consul’s agent self return. The “consul_grcp_socket” allocrunner hook has also been updated so that the fingerprinted gRPC port attribute is passed in. This provides a better fallback method, when the operator does not configure the “consul.grpc_address” option. * docs: modify Consul Connect entries to detail 1.14.0 changes. * changelog: add entry for #15309 * fixup: tidy tests and clean version match from review feedback. * fixup: use strings tolower func.
2022-11-21 15:19:09 +00:00
func (f *ConsulFingerprint) grpc(scheme string) func(info agentconsul.Self) (string, bool) {
return func(info agentconsul.Self) (string, bool) {
// The version is needed in order to understand which config object to
// query. This is because Consul 1.14.0 added a new gRPC port which
// broke the previous behaviour.
v, ok := info["Config"]["Version"].(string)
if !ok {
return "", false
}
client: fix Consul version finterprint (#17349) Consul v1.13.8 was released with a breaking change in the /v1/agent/self endpoint version where a line break was being returned. This caused the Nomad finterprint to fail because `NewVersion` errors on parse. This commit removes any extra space from the Consul version returned by the API.
2023-05-30 15:07:57 +00:00
consulVersion, err := version.NewVersion(strings.TrimSpace(v))
client: accommodate Consul 1.14.0 gRPC and agent self changes. (#15309) * client: accommodate Consul 1.14.0 gRPC and agent self changes. Consul 1.14.0 changed the way in which gRPC listeners are configured, particularly when using TLS. Prior to the change, a single listener was responsible for handling plain-text and encrypted gRPC requests. In 1.14.0 and beyond, separate listeners will be used for each, defaulting to 8502 and 8503 for plain-text and TLS respectively. The change means that Nomad’s Consul Connect integration would not work when integrated with Consul clusters using TLS and running 1.14.0 or greater. The Nomad Consul fingerprinter identifies the gRPC port Consul has exposed using the "DebugConfig.GRPCPort" value from Consul’s “/v1/agent/self” endpoint. In Consul 1.14.0 and greater, this only represents the plain-text gRPC port which is likely to be disbaled in clusters running TLS. In order to fix this issue, Nomad now takes into account the Consul version and configured scheme to optionally use “DebugConfig.GRPCTLSPort” value from Consul’s agent self return. The “consul_grcp_socket” allocrunner hook has also been updated so that the fingerprinted gRPC port attribute is passed in. This provides a better fallback method, when the operator does not configure the “consul.grpc_address” option. * docs: modify Consul Connect entries to detail 1.14.0 changes. * changelog: add entry for #15309 * fixup: tidy tests and clean version match from review feedback. * fixup: use strings tolower func.
2022-11-21 15:19:09 +00:00
if err != nil {
client: fix Consul version finterprint (#17349) Consul v1.13.8 was released with a breaking change in the /v1/agent/self endpoint version where a line break was being returned. This caused the Nomad finterprint to fail because `NewVersion` errors on parse. This commit removes any extra space from the Consul version returned by the API.
2023-05-30 15:07:57 +00:00
f.logger.Warn("invalid Consul version", "version", v)
client: accommodate Consul 1.14.0 gRPC and agent self changes. (#15309) * client: accommodate Consul 1.14.0 gRPC and agent self changes. Consul 1.14.0 changed the way in which gRPC listeners are configured, particularly when using TLS. Prior to the change, a single listener was responsible for handling plain-text and encrypted gRPC requests. In 1.14.0 and beyond, separate listeners will be used for each, defaulting to 8502 and 8503 for plain-text and TLS respectively. The change means that Nomad’s Consul Connect integration would not work when integrated with Consul clusters using TLS and running 1.14.0 or greater. The Nomad Consul fingerprinter identifies the gRPC port Consul has exposed using the "DebugConfig.GRPCPort" value from Consul’s “/v1/agent/self” endpoint. In Consul 1.14.0 and greater, this only represents the plain-text gRPC port which is likely to be disbaled in clusters running TLS. In order to fix this issue, Nomad now takes into account the Consul version and configured scheme to optionally use “DebugConfig.GRPCTLSPort” value from Consul’s agent self return. The “consul_grcp_socket” allocrunner hook has also been updated so that the fingerprinted gRPC port attribute is passed in. This provides a better fallback method, when the operator does not configure the “consul.grpc_address” option. * docs: modify Consul Connect entries to detail 1.14.0 changes. * changelog: add entry for #15309 * fixup: tidy tests and clean version match from review feedback. * fixup: use strings tolower func.
2022-11-21 15:19:09 +00:00
return "", false
}
// If the Consul agent being fingerprinted is running a version less
// than 1.14.0 we use the original single gRPC port.
if consulVersion.Core().LessThan(consulGRPCPortChangeVersion.Core()) {
return f.grpcPort(info)
}
// Now that we know we are querying a Consul agent running v1.14.0 or
// greater, we need to select the correct port parameter from the
// config depending on whether we have been asked to speak TLS or not.
switch strings.ToLower(scheme) {
case "https":
return f.grpcTLSPort(info)
default:
return f.grpcPort(info)
}
}
}
func (f *ConsulFingerprint) grpcPort(info agentconsul.Self) (string, bool) {
client/fingerprint/consul: add new attributes to consul fingerprinter This PR adds new probes for detecting these new Consul related attributes: Consul namespaces are a Consul enterprise feature that may be disabled depending on the enterprise license associated with the Consul servers. Having this attribute available will enable Nomad to properly decide whether to query the Consul Namespace API. Consul connect must be explicitly enabled before Connect APIs will work. Currently Nomad only checks for a minimum Consul version. Having this attribute available will enable Nomad to properly schedule Connect tasks only on nodes with a Consul agent that has Connect enabled. Consul connect requires the grpc port to be explicitly set before Connect APIs will work. Currently Nomad only checks for a minimal Consul version. Having this attribute available will enable Nomad to schedule Connect tasks only on nodes with a Consul agent that has the grpc listener enabled.
2021-06-03 17:38:43 +00:00
p, ok := info["DebugConfig"]["GRPCPort"].(float64)
return fmt.Sprintf("%d", int(p)), ok
}
client: accommodate Consul 1.14.0 gRPC and agent self changes. (#15309) * client: accommodate Consul 1.14.0 gRPC and agent self changes. Consul 1.14.0 changed the way in which gRPC listeners are configured, particularly when using TLS. Prior to the change, a single listener was responsible for handling plain-text and encrypted gRPC requests. In 1.14.0 and beyond, separate listeners will be used for each, defaulting to 8502 and 8503 for plain-text and TLS respectively. The change means that Nomad’s Consul Connect integration would not work when integrated with Consul clusters using TLS and running 1.14.0 or greater. The Nomad Consul fingerprinter identifies the gRPC port Consul has exposed using the "DebugConfig.GRPCPort" value from Consul’s “/v1/agent/self” endpoint. In Consul 1.14.0 and greater, this only represents the plain-text gRPC port which is likely to be disbaled in clusters running TLS. In order to fix this issue, Nomad now takes into account the Consul version and configured scheme to optionally use “DebugConfig.GRPCTLSPort” value from Consul’s agent self return. The “consul_grcp_socket” allocrunner hook has also been updated so that the fingerprinted gRPC port attribute is passed in. This provides a better fallback method, when the operator does not configure the “consul.grpc_address” option. * docs: modify Consul Connect entries to detail 1.14.0 changes. * changelog: add entry for #15309 * fixup: tidy tests and clean version match from review feedback. * fixup: use strings tolower func.
2022-11-21 15:19:09 +00:00
func (f *ConsulFingerprint) grpcTLSPort(info agentconsul.Self) (string, bool) {
p, ok := info["DebugConfig"]["GRPCTLSPort"].(float64)
return fmt.Sprintf("%d", int(p)), ok
}
consul: probe consul namespace feature before using namespace api This PR changes Nomad's wrapper around the Consul NamespaceAPI so that it will detect if the Consul Namespaces feature is enabled before making a request to the Namespaces API. Namespaces are not enabled in Consul OSS, and require a suitable license to be used with Consul ENT. Previously Nomad would check for a 404 status code when makeing a request to the Namespaces API to "detect" if Consul OSS was being used. This does not work for Consul ENT with Namespaces disabled, which returns a 500. Now we avoid requesting the namespace API altogether if Consul is detected to be the OSS sku, or if the Namespaces feature is not licensed. Since Consul can be upgraded from OSS to ENT, or a new license applied, we cache the value for 1 minute, refreshing on demand if expired. Fixes https://github.com/hashicorp/nomad-enterprise/issues/575 Note that the ticket originally describes using attributes from https://github.com/hashicorp/nomad/issues/10688. This turns out not to be possible due to a chicken-egg situation between bootstrapping the agent and setting up the consul client. Also fun: the Consul fingerprinter creates its own Consul client, because there is no [currently] no way to pass the agent's client through the fingerprint factory.
2021-06-07 15:54:33 +00:00
func (f *ConsulFingerprint) namespaces(info agentconsul.Self) (string, bool) {
consul: pr cleanup namespace probe function signatures
2021-06-07 20:22:26 +00:00
return strconv.FormatBool(agentconsul.Namespaces(info)), true
client/fingerprint/consul: add new attributes to consul fingerprinter This PR adds new probes for detecting these new Consul related attributes: Consul namespaces are a Consul enterprise feature that may be disabled depending on the enterprise license associated with the Consul servers. Having this attribute available will enable Nomad to properly decide whether to query the Consul Namespace API. Consul connect must be explicitly enabled before Connect APIs will work. Currently Nomad only checks for a minimum Consul version. Having this attribute available will enable Nomad to properly schedule Connect tasks only on nodes with a Consul agent that has Connect enabled. Consul connect requires the grpc port to be explicitly set before Connect APIs will work. Currently Nomad only checks for a minimal Consul version. Having this attribute available will enable Nomad to schedule Connect tasks only on nodes with a Consul agent that has the grpc listener enabled.
2021-06-03 17:38:43 +00:00
}