* navigation and initial steps of guide
* generate certs with appropriate token
* configure Nomad to use TLS
* add cli keys and certs
* add server gossip encryption section
* fix mislabeled steps
* vault paths formatting
* remove bit about cert revocation
* add clarification in challenge that we will be securing an existing Nomad cluster
* add some comments to consul-template.hcl to help user walk through it
* clarifying comments for CLI certs templates
* reorganize steps, change permissions on certs, and sub pkill command with systemctl reload nomad
* correct step reference
* add rpc upgrade mode instructions
* correct typo
Point users to security doc instead. Right now it takes a lot of
explaining to describe to users exactly how to validate the binary and
what the output of the tools used means.
For example, this is the output when validating according to the
instructions in this guide and the linked doc:
```
vagrant@linux:/tmp$ gpg --verify nomad_0.8.7_SHA256SUMS.sig
nomad_0.8.7_SHA256SUMS
gpg: Signature made Fri 11 Jan 2019 09:47:56 PM UTC using RSA key ID
348FFC4C
gpg: Good signature from "HashiCorp Security <security@hashicorp.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 91A6 E7F8 5D05 C656 30BE F189 5185 2D87 348F
FC4C
vagrant@linux:/tmp$ shasum -a 256 -c nomad_0.8.7_SHA256SUMS
shasum: ./nomad_0.8.7_darwin_amd64.zip:
./nomad_0.8.7_darwin_amd64.zip: FAILED open or read
shasum: ./nomad_0.8.7_linux_386.zip: No such file or directory
./nomad_0.8.7_linux_386.zip: FAILED open or read
shasum: ./nomad_0.8.7_linux_amd64-lxc.zip: No such file or directory
./nomad_0.8.7_linux_amd64-lxc.zip: FAILED open or read
./nomad_0.8.7_linux_amd64.zip: OK
shasum: ./nomad_0.8.7_linux_arm64.zip: No such file or directory
./nomad_0.8.7_linux_arm64.zip: FAILED open or read
shasum: ./nomad_0.8.7_linux_arm.zip: No such file or directory
./nomad_0.8.7_linux_arm.zip: FAILED open or read
shasum: ./nomad_0.8.7_windows_386.zip: No such file or directory
./nomad_0.8.7_windows_386.zip: FAILED open or read
shasum: ./nomad_0.8.7_windows_amd64.zip: No such file or directory
./nomad_0.8.7_windows_amd64.zip: FAILED open or read
shasum: WARNING: 7 listed files could not be read
```
There are only two lines that matter in all of that output:
```
...
gpg: Good signature from "HashiCorp Security <security@hashicorp.com>"
...
./nomad_0.8.7_linux_amd64.zip: OK
...
```
I feel like trying to teach users how to use and interpret these tools
in our deployment guide may be as likely to reduce confidence as
increase it.
The systemd configs spread across our repo were fairly out of sync. This
should get them on our best practices.
The deployment guide also had some strange things like running Nomad as
a non-root user. It would be fine for servers but completely breaks
clients. For simplicity I simply removed the non-root user references.
* skeleton
* configure portworx
* destroy and redeploy mysql with data intact
* rename all directories and references from persistent storage to stateful workloads
* add considerations and remove references to StorageOS
* update wording and headings
* create portworx volume externally and modify jobfile to reflect that
* fix typo
* Update website/source/guides/stateful-workloads/portworx.html.md
Co-Authored-By: Omar-Khawaja <Omar-Khawaja@users.noreply.github.com>
* Update website/source/guides/stateful-workloads/portworx.html.md
Co-Authored-By: Omar-Khawaja <Omar-Khawaja@users.noreply.github.com>
Made small adjustment to make it clear that 0.8.7 would require the legacy syntax and that the deprecation notice was more about the legacy syntax becoming unsupported at some point after v0.9.0
* update formatting and add toJSON function with explanation
* edit typo
* Update website/source/guides/operations/vault-integration/index.html.md
Co-Authored-By: Omar-Khawaja <Omar-Khawaja@users.noreply.github.com>
* fixing clarification bullet explaining the use of toJSON
* skeleton for external plugins guide section
* initial content
* add installation and configuration steps
* complete steps to deployg lxc workload
* update link
* correct typo in link
* change link name
* fix alignment and word wrap at 80
* updates
* update lxc driver download link and commands in step 3
* fix link typo
* call out pluggable drivers in task drivers section and link/add info to plugin stanza
* fix hyphenation
* removing page and nav that tells users drivers are not pluggable
* show new syntax for configuring raw_exec plugin on client
* enabled option value for raw_exec is boolean
* add plugin options section and mark client options as soon to be deprecated
* fix typos
* add plugin options for rkt task drivers and place deprecation warning in client options
* add some plugin options with plugin configuration example + mark client options as soon to be deprecated
* modify deprecation warning
* replace colon with - for options
* add docker plugin options
* update links within docker task driver to point to plugin options
* fix typo and clarify config options for lxc task driver
* replace raw_exec plugin syntax example with docker example
* create external section
* restructure lxc docs and add backward incompatibility warning
* update lxc driver doc
* add redirect for lxc driver doc
* call out plugin options and mark client config options for drivers as deprecated
* add placeholder for lxc driver binary download
* update data_dir/plugins reference with plugin_dir reference
* Update website/source/docs/external/lxc.html.md
Co-Authored-By: Omar-Khawaja <Omar-Khawaja@users.noreply.github.com>
* corrections
* remove lxc from built-in drivers navigation
* reorganize doc structure and fix redirect
* add detail about 0.9 changes
* implement suggestions/fixes
* removed extraneous punctuation
* add official lxc driver link
* initial structure
* add to affinity guide
* add to affinity guide
* update affinity guide
* spread guide
* update content
* update step 3 to spread stanza
* update
* add wording to motivate the use of spread and affinity
* improve guide description and use clearer wording to distinguish constrain from affinity
* clarify challenge to user with specific example
* improve wording in the solution section
* incorporate rest of suggestions into affinity guide
* modify spread guide description
* improve wording of spread docs
* change instance count from 5 to 10 to more easily show spread
* improving spread guide and changing demo architecture
* motivate spread a bit more
* clarification about spread
* fix wording