Commit Graph

25097 Commits

Author SHA1 Message Date
hc-github-team-nomad-core b9581ad187
backport of commit 5f98e6473ccf2c5dd643fa6d79c43d113c56519b (#18987)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-11-03 08:59:05 +00:00
hc-github-team-nomad-core 3052ddf8f1
acl/client: fix incorrect denied error on calls with dangling policies. (#18972) (#18981)
When a user performs a client API call, the Nomad client will
perform an RPC which looks up the ACL policies which the callers
ACL token is assigned. If the ACL token includes dangling (deleted)
policies, the call would previously fail with a permission denied
error.

This change ensures this error is not returned and that the lookup
will succeed in the event of dangling policies.

Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-11-02 15:47:21 +00:00
James Rasell a6239adf76
cli: remove unused raft tool helper. (#18954) (#18971) 2023-11-02 08:19:04 +00:00
hc-github-team-nomad-core 8c4eff2d23
backport of commit 4ec27a97d163c010c2d00f49e9e81d20496c8e6e (#18953)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-11-01 13:57:21 +00:00
hc-github-team-nomad-core 74e03514fc
backport of commit 0748918a3a355ad5616e32c1aad041321a771418 (#18919)
Co-authored-by: Dave May <dmay@hashicorp.com>
2023-10-30 14:00:40 -04:00
Seth Hoenig 1a0fb2f4fa Merge branch 'release/1.6.3' into release/1.6.x 2023-10-30 17:38:56 +00:00
hc-github-team-nomad-core d799b95beb Prepare for next release 2023-10-30 12:58:17 +00:00
hc-github-team-nomad-core 8511d831e2 Generate files for 1.6.3 release 2023-10-30 12:58:10 +00:00
hc-github-team-nomad-core 90cb544835
scheduler: ensure dup alloc names are fixed before plan submit. (#18873) (#18891)
This change fixes a bug within the generic scheduler which meant
duplicate alloc indexes (names) could be submitted to the plan
applier and written to state. The bug originates from the
placements calculation notion that names of allocations being
replaced are blindly copied to their replacement. This is not
correct in all cases, particularly when dealing with canaries.

The fix updates the alloc name index tracker to include minor
duplicate tracking. This can be used when computing placements to
ensure duplicate are found, and a new name picked before the plan
is submitted. The name index tracking is now passed from the
reconciler to the generic scheduler via the results, so this does
not have to be regenerated, or another data structure used.

Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-10-27 17:04:04 +01:00
hc-github-team-nomad-core 50c9af53b7
backport of commit e8efe2d251bf3628f13c7eb3ce2422eb7e5b85f6 (#18884)
Co-authored-by: Juana De La Cuesta <juanita.delacuestamorales@hashicorp.com>
2023-10-27 17:20:53 +02:00
hc-github-team-nomad-core c21331bc21
backport of commit 9ae4b10dc68cdec4a9a8498ddc9fa466e6b04b5a (#18887)
Co-authored-by: Seth Hoenig <shoenig@duck.com>
2023-10-27 07:32:38 -05:00
hc-github-team-nomad-core d8ec23da45
backport of commit b3e41bec2d593ae9bb24f7c6fe252854914d795f (#18862)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-10-25 09:32:10 +01:00
hc-github-team-nomad-core 76b2360213
backport of commit 9b3c38b3ed886f06cd945a3dfd34aa7d8f8817c1 (#18859)
Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
2023-10-24 16:23:44 -07:00
hc-github-team-nomad-core 497d91f4bc
backport of commit b46b41a2e99ad85d18189b44836f6436a2149a8b (#18855)
Co-authored-by: Daniel Bennett <dbennett@hashicorp.com>
2023-10-24 11:51:04 -05:00
hc-github-team-nomad-core c3546e80a1
backport of commit f64ade2304583ba338c4da3c6c11de722ea4b497 (#18852)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-10-24 17:15:35 +01:00
Tim Gross 2d65dc418c
metrics: prevent negative counter from iowait decrease (#18849)
The iowait metric obtained from `/proc/stat` can under some circumstances
decrease. The relevant condition is when an interrupt arrives on a different
core than the one that gets woken up for the IO, and a particular counter in the
kernel for that core gets interrupted. This is documented in the man page for
the `proc(5)` pseudo-filesystem, and considered an unfortunate behavior that
can't be changed for the sake of ABI compatibility.

In Nomad, we get the current "busy" time (everything except for idle) and
compare it to the previous busy time to get the counter incremeent. If the
iowait counter decreases and the idle counter increases more than the increase
in the total busy time, we can get a negative total. This previously caused a
panic in our metrics collection (see #15861) but that is being prevented by
reporting an error message.

Fix the bug by putting a zero floor on the values we return from the host CPU
stats calculator.

Backport-of: #18835
2023-10-24 10:37:46 -04:00
hc-github-team-nomad-core 922512677e
backport of commit b55dcb39672e00686b70b1ec5f6b99c66c5397ce (#18841)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-10-24 08:08:35 +01:00
hc-github-team-nomad-core 95cd0bcdda
backport of commit 1a0d1efb0d10f7508cdf5919a3e5d9bc72cadf5d (#18816)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-10-20 08:49:59 +01:00
hc-github-team-nomad-core 63c2013ec1
backport of commit ca9e08e6b5eee00d055b9429df5976a70cdcb2d6 (#18813)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-10-20 08:35:54 +01:00
hc-github-team-nomad-core 8f1713dcd4
backport of commit 99e54da9a9aeb3a62a05f50af1dcc74c06cd9657 (#18797)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-10-18 10:22:36 -04:00
hc-github-team-nomad-core 897bcef932
backport: do not embed *Server (#18786) (#18789)
these structs embedding Server, then Server _also embedding them_,
confused my IDE, isn't necessary, and just feels wrong!
2023-10-17 15:55:56 -05:00
Daniel Bennett b6298dc073
Only generate default workload identity once per alloc task - 1.6.x (#18783)
this can save a bit of cpu when
running plans for tasks that already exist,
and prevents Nomad tokens from changing,
which can cause task template{}s to restart
unnecessarily.
2023-10-17 13:06:20 -05:00
hc-github-team-nomad-core 657c430e0b
backport of commit 1ffdd576bbcea1f32aa179934b63450808c022c4 (#18772)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-10-16 16:19:58 +01:00
hc-github-team-nomad-core fe612a4d18
backport of commit 6dcc4021882fcaecb7ee73655bd46eb84e4671d4 (#18767)
Co-authored-by: Kevin Wang <kwangsan@gmail.com>
2023-10-16 09:15:16 +01:00
hc-github-team-nomad-core 17f752e896
backport of commit cb2363f2fbbb771af9c8a62ed09a60250df647a2 (#18763)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-16 08:47:57 +01:00
hc-github-team-nomad-core c96ca6f81c
vault: use an importable const for Vault header string. (#18740) (#18750)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-10-13 08:11:54 +01:00
hc-github-team-nomad-core a532f3c321
chore(deps): bump golang.org/x/net from 0.14.0 to 0.17.0 (#18734) (#18738)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-12 08:43:51 +01:00
hc-github-team-nomad-core f6900307e8
backport deps: remove Vault SDK into release/1.6.x (#18727)
Co-authored-by: Tim Gross <tgross@hashicorp.com>
2023-10-11 12:02:48 -04:00
hc-github-team-nomad-core 60747ed93d
Backport of build: bump to go 1.21.3 into release/1.6.x (#18722)
Co-authored-by: Tim Gross <tgross@hashicorp.com>
2023-10-11 08:51:43 -04:00
hc-github-team-nomad-core 441d733046
backport of commit ef6814388c1adae3ee2bbe317719aded15275648 (#18720)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-10-10 17:34:58 -04:00
hc-github-team-nomad-core 7725931942
backport of commit 9c57ddd8383c2302884272d0b01b034e2509f194 (#18714)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-10-10 10:15:23 +01:00
hc-github-team-nomad-core 20a928805f
backport of commit 9a38a9c188533c856affda84f272a83856085942 (#18711)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-10 09:37:13 +01:00
hc-github-team-nomad-core db61b01482
backport of commit fbf792f895dffbf7e53fd9922de1a8d50a5ab58a (#18708)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-10 08:46:09 +01:00
hc-github-team-nomad-core 7685e62494
chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#18694) (#18700)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-09 12:12:11 +01:00
hc-github-team-nomad-core 451260fa4f
backport of commit c6ce966d9811384557d04329b89ad1b4b8ffc44c (#18688)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-10-06 15:32:17 -04:00
hc-github-team-nomad-core 102e31bf3c
backport of commit 0ccf942b26f8c47582f18f324114d02d0bb03a43 (#18684)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-10-06 12:19:52 -04:00
hc-github-team-nomad-core bfc15e5aa0
backport of commit d425c90e0f5acc6947c3d3e32a3e54942d1cd2bf (#18674)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-10-05 12:14:18 -04:00
hc-github-team-nomad-core 88fd96daea
backport of commit ed204e0fd985bbb43da7e19e07cf541ad74284a8 (#18670)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-10-05 11:40:50 -04:00
hc-github-team-nomad-core 252515a84c
backport of commit 673a7713a84a4a8a894bb60aeecb1946b0c42379 (#18667)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-10-05 08:33:48 +01:00
hc-github-team-nomad-core b0c575ff22
backport of commit aa9ff3a5b306645311dc4687e97561c0dfccbf90 (#18655)
Co-authored-by: Matthew Salsamendi <matthewsalsamendi@gmail.com>
2023-10-04 09:31:59 -05:00
hc-github-team-nomad-core ce6c86a057
backport of commit e7136f80c5c1277ea2dea4eeeda84005224d7835 (#18648)
Co-authored-by: Daniel Bennett <dbennett@hashicorp.com>
2023-10-03 12:27:26 -05:00
hc-github-team-nomad-core 5147682d40
backport of commit df16c96a9fc6bfaf2afd661cb2bebb30a9e5b2d4 (#18640)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-10-03 10:39:12 +01:00
hc-github-team-nomad-core 57c97b39b1
backport of commit ccafb946452c68e781bf9758a52ea2263143a158 (#18632)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-02 08:49:05 +01:00
Michael Schurter 43fb0e82dc client: prevent watching stale alloc state (#18612)
When waiting on a previous alloc we must query against the leader before
switching to a stale query with index set.

Also check to ensure the response is fresh before using it like #18269
2023-09-29 14:37:10 -07:00
Michael Schurter 547a95795a client: prevent using stale allocs (#18601)
Similar to #18269, it is possible that even if Node.GetClientAllocs
retrieves fresh allocs that the subsequent Alloc.GetAllocs call
retrieves stale allocs. While `diffAlloc(existing, updated)` properly
ignores stale alloc *updates*, alloc deletions have no such check.

So if a client retrieves an alloc created at index 123, and then a
subsequent Alloc.GetAllocs call hits a new server which returns results
at index 100, the client will stop the alloc created at 123 because it
will be missing from the stale response.

This change applies the same logic as #18269 and ensures only fresh
responses are used.

Glossary:
* fresh - modified at an index > the query index
* stale - modified at an index <= the query index
2023-09-29 14:34:04 -07:00
Phil Renaud cce22ad73b
[ui, backport] Access Control CRUD: Make name fields for Policies and Roles required (#18605) (#18626)
* Access Control CRUD: Make name fields for Policies and Roles required (#18605)

* Removed file since merged with access-control.scss
2023-09-29 15:30:51 -04:00
hc-github-team-nomad-core 269111a369
backport of commit 8da40465af3133df150cf0e0d10c7e1b36fd2151 (#18625)
Co-authored-by: Phil Renaud <phil.renaud@hashicorp.com>
2023-09-29 15:21:01 -04:00
hc-github-team-nomad-core 00cf4f973d
backport of commit b44cef0e66fa02f76f7fa69c045a54f371d2c908 (#18618)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-09-29 08:43:01 +01:00
Phil Renaud bfba4f5e13
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles

* Models and adapters

* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)

* combinedPolicies as a concept

* Classic decorator on role adapter

* We added a new request for roles, so the test based on a specific order of requests got fickle fast

* Mirage roles cluster scaffolded

* Acceptance test for roles and policies on the login page

* Update mirage mock for nodes fetch to account for role policies / empty token.policies

* Roles-derived policies checks

* [ui] Access Control with Roles and Tokens (#18413)

* top level policies routes moved into access control

* A few more routes and name cleanup

* Delog and test fixes to account for new url prefix and document titles

* Overview page

* Tokens and Roles routes

* Tokens helios table

* Add a role

* Hacky role page and deletion

* New policy keyboard shortcut and roles breadcrumb nav

* If you leave New Role but havent made any changes, remove the newly-created record from store

* Roles index list and general role route crud

* Roles index actually links to roles now

* Helios button styles for new roles and policies

* Handle when you try to create a new role without having any policies

* Token editing generally

* Create Token functionality

* Cant delete self-token but management token editing and deleting is fine

* Upgrading helios caused codemirror to explode, shimmed

* Policies table fix

* without bang-element condition, modifier would refire over and over

* Token TTL or Time setting

* time will take you on

* Mirage hooks for create and list roles

* Ensure policy names only use allow characters in mirage mocks

* Mirage mocked roles and policies in the default cluster

* log and lintfix

* chromedriver to 2.1.2

* unused unit tests removed

* Nice profile dropdown

* With the HDS accordion, rename our internal component scss ref

* design revisions after discussion

* Tooltip on deleted-policy tokens

* Two-step button peripheral isDeleting gcode removed

* Never to null on token save

* copywrite headers added and empty routefiles removed

* acceptance test fixes for policies endpoint

* Route for updating a token

* Policies testfixes

* Ember on-click-outside modifier upgraded with general ember-modifier upgrade

* Test adjustments to account for new profile header dropdown

* Test adjustments for tokens via policy pages

* Removed an unused route

* Access Control index page tests

* a11y tests

* Tokens index acceptance tests generally

* Lintfix

* Token edit page tests

* Token editing tests

* New token expiration tests

* Roles Index tests

* Role editing policies tests

* A complete set of Access Control Roles tests

* Policies test

* Be more specific about which row to check for expiration time

* Nil check on expirationTime equality

* Management tokens shouldnt show No Roles/Policies, give them their own designation

* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save

* Policy unloading on delete and other todos plus autofocus conditionally re-enabled

* Invalid policies non-links now a concept for Roles index

* HDS style links to make job.variables.alert links look like links again

* Mirage finding looks weird so making model async in hash even though redundant

* Drop rsvp

* RSVP wasnt the problem, cached lookups were

* remove old todo comments

* de-log
2023-09-27 17:02:48 -04:00
hc-github-team-nomad-core 3cc387749e
backport of commit 9b74e11f064ecc53a53f13e82419927b533a9e4a (#18589)
Co-authored-by: Daniel Bennett <dbennett@hashicorp.com>
2023-09-26 15:23:35 -05:00