luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

docs: document SIGHUP handling behavior

This commit is contained in:
Tim Gross 2020-12-18 11:55:00 -05:00 committed by GitHub
parent c422f8066a
commit 9c4f52c8aa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
website/pages/docs/configuration/index.mdx
View File

@ -311,6 +311,26 @@ testing.
- `vault` `(`[`Vault`]`: nil)` - Specifies configuration for
connecting to Vault.
## Configuration Reload
You can send the Nomad process a `SIGHUP` signal to reload a limited subset of
its configuration. The fields that currently support reloading are:
- [`log_level`](#log_level): the log level is reloaded but not any other
logging configuration value.
- [`tls`][tls-reload]: note this only reloads the TLS configuration between
Nomad agents (servers and clients), and not the TLS configuration for
communication with Consul or Vault.
- [`vault`][vault-reload]: note this only reloads the TLS configuration
between Nomad and Vault, but not other configuration values.
In order to reload any other configuration values, you must restart the Nomad
agent.
If the Nomad agent receives a `SIGHUP` during initialization, it may crash
(see [GH-3885]). Ensure that the Nomad agent is able to receive RPC traffic
before attempting to reload its configuration.
## Examples
### Custom Region and Datacenter
@ -345,3 +365,6 @@ http_api_response_headers {
[go-sockaddr/template]: https://godoc.org/github.com/hashicorp/go-sockaddr/template
[log-api]: /api-docs/client#stream-logs
[hcl]: https://github.com/hashicorp/hcl 'HashiCorp Configuration Language'
[tls-reload]: /docs/configuration/tls#tls-configuration-reloads
[vault-reload]: /docs/configuration/vault#vault-configuration-reloads
[GH-3885]: https://github.com/hashicorp/nomad/issues/3885

14
website/pages/docs/configuration/tls.mdx
View File

@ -100,4 +100,18 @@ tls {
}
```
### `tls` Configuration Reloads
Nomad supports dynamically reloading both client and server TLS
configuration. To reload an agent's TLS configuration, first update the TLS
block in the agent's configuration file and then send the Nomad agent a
`SIGHUP` signal. Note that this will only reload a subset of the configuration
file, including the TLS configuration.
The agent reloads all its network connections when there are changes to its
TLS configuration during a config reload via `SIGHUP`. Any new connections
established will use the updated configuration, and any outstanding old
connections will be closed. This process works when upgrading to TLS,
downgrading from it, as well as rolling certificates.
[raft]: https://github.com/hashicorp/serf 'Serf by HashiCorp'