Commit graph

17737 commits

Author SHA1 Message Date
Mahmood Ali 130d8d36e7 update docs 2020-05-12 11:07:12 -04:00
Mahmood Ali 182b95f7b1 use allow_runtimes for consistency
Other allow lists use allow_ prefix (e.g. allow_caps, allow_privileged).
2020-05-12 11:03:08 -04:00
Mahmood Ali 54565e3836
Apply suggestions from code review
Co-authored-by: Tim Gross <tgross@hashicorp.com>
2020-05-12 10:56:47 -04:00
Mahmood Ali 06c672cbf2 more tests 2020-05-12 10:14:54 -04:00
Mahmood Ali 0d692f0931 Add a knob to restrict docker runtimes 2020-05-12 10:14:43 -04:00
Ben Buzbee 769a3cd8b3 Rename OCIRuntime to Runtime; allow gpu conflicts is they are the same runtime; add conflict test 2020-04-03 12:15:11 -07:00
Ben Buzbee d4f26d1eee Support custom docker runtimes
This enables customers who want to use gvisor and have it configured on their clients.
2020-04-03 11:07:37 -07:00
Chris Baker 277d29c6e7
Merge pull request #7572 from hashicorp/f-7422-scaling-events
finalizing scaling API work
2020-04-01 13:49:22 -05:00
Mike Wickett a4ec40c043
Merge pull request #7586 from hashicorp/mw.update-netlify-redirects
website: update Netlify redirects syntax
2020-04-01 14:40:02 -04:00
Chris Baker c3ab837d9e job_endpoint: fixed bad test 2020-04-01 18:11:58 +00:00
Seth Hoenig 2996116969
Merge pull request #7588 from hashicorp/b-unbreak-connect-proxy-nil
connect: fix bug where absent connect.proxy stanza needs default config
2020-04-01 11:34:59 -06:00
Chris Baker 285728f3fa Merge branch 'f-7422-scaling-events' of github.com:hashicorp/nomad into f-7422-scaling-events 2020-04-01 17:28:50 +00:00
Chris Baker 8ec252e627 added indices to the job scaling events, so we could properly do
blocking queries on the job scaling status
2020-04-01 17:28:19 +00:00
Seth Hoenig 9aa9721143 connect: fix bug where absent connect.proxy stanza needs default config
In some refactoring, a bug was introduced where if the connect.proxy
stanza in a submitted job was nil, the default proxy configuration
would not be initialized with default values, effectively breaking
Connect.

      connect {
        sidecar_service {} # should work
      }

In contrast, by setting an empty proxy stanza, the config values would
be inserted correctly.

      connect {
        sidecar_service {
	  proxy {} # workaround
	}
      }

This commit restores the original behavior, where having a proxy
stanza present is not required.

The unit test for this case has also been corrected.
2020-04-01 11:19:32 -06:00
Chris Baker 4ac36b7c89
Update nomad/state/state_store.go
Co-Authored-By: Drew Bailey <2614075+drewbailey@users.noreply.github.com>
2020-04-01 11:56:12 -05:00
Chris Baker eb19fe16d2
Update nomad/state/state_store.go
Co-Authored-By: Drew Bailey <2614075+drewbailey@users.noreply.github.com>
2020-04-01 11:56:01 -05:00
Chris Baker 6dbfb36e14
Update nomad/job_endpoint.go
Co-Authored-By: Drew Bailey <2614075+drewbailey@users.noreply.github.com>
2020-04-01 11:55:55 -05:00
Chris Baker b2ab42afbb scaling api: more testing around the scaling events api 2020-04-01 16:39:23 +00:00
Mike Wickett 04d98f095e website: update netlify redirects syntax 2020-04-01 12:33:34 -04:00
Buck Doyle eba07dabe5
CI: add xUnit reporting for UI tests (#7585)
This surfaces test failures more clearly on CircleCI by adding
testem-multi-reporter to report both via the default TAP reporter
as well as an xUnit reporter whose output is stored as an artefact.
2020-04-01 11:19:44 -05:00
Chris Baker 40d6b3bbd1 adding raft and state_store support to track job scaling events
updated ScalingEvent API to record "message string,error bool" instead
of confusing "reason,error *string"
2020-04-01 16:15:14 +00:00
Tim Gross f3bae55fae
set safe default for CSI plugin MaxVolumes (#7583) 2020-04-01 11:08:55 -04:00
Tim Gross a258ae813a
hclfmt test fixtures (#7584) 2020-04-01 10:48:28 -04:00
Buck Doyle eaf64849f6
UI: Add localStorage persistence of exec command (#7563)
This closes #7469. Trivial thanks to localStorageProperty! 🥳
2020-04-01 08:08:42 -05:00
James Rasell f18d8cab23
Merge pull request #7558 from hashicorp/b-ensure-correct-plugin-version-mapping
plugin: ensure plugin loader maps correct API version to type.
2020-04-01 12:34:24 +02:00
Mahmood Ali ee637db97f
Merge pull request #7578 from hashicorp/b-fix-structs-generation
fix codegen for ugorji/go
2020-03-31 21:33:27 -04:00
Mahmood Ali 37c0dbcfe6 fix codegen for ugorji/go
When generating ugorji/go package, we should use
github.com/hashicorp/go-msgpack/codec instead.

Also fix the reference for codegen_generated
2020-03-31 21:30:21 -04:00
Jasmine Dahilig a7d1c44883
Merge pull request #7575 from hashicorp/b-fix-deps
Use latest go-bindata and go-bindata-assetfs
2020-03-31 17:42:06 -07:00
Mahmood Ali 5378b557e9 Use latest go-bindata and go-bindata-assetfs
These dep tools aren't tagged properly so shouldn't be installed with go
mod
2020-03-31 20:28:25 -04:00
Seth Hoenig 1e49ada3e0
Merge pull request #7573 from hashicorp/f-connect-expose-checks-percheck
merge changes for expose checks percheck
2020-03-31 17:52:33 -06:00
Mahmood Ali 33e34f06df
batch updates of changelog items (#7570)
* batch updates of changelog items

[ci skip]

* Update CHANGELOG.md

Co-Authored-By: Jasmine Dahilig <jasmine@dahilig.com>

* add PR to changelog

* update ui changelog message

* docs: note connect expose paths configuration in changelog

Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
Co-authored-by: Jasmine Dahilig <jasmine@dahilig.com>
Co-authored-by: Seth Hoenig <shoenig@hashicorp.com>
2020-03-31 16:28:11 -07:00
Seth Hoenig 2d73d92510
Merge pull request #7323 from hashicorp/f-connect-expose-checks
connect: enable proxy.expose configuration
2020-03-31 17:20:23 -06:00
Seth Hoenig 9880e798bf docs: note why check.Expose is not part of chech.Hash 2020-03-31 17:15:50 -06:00
Seth Hoenig 14c7cebdea connect: enable automatic expose paths for individual group service checks
Part of #6120

Building on the support for enabling connect proxy paths in #7323, this change
adds the ability to configure the 'service.check.expose' flag on group-level
service check definitions for services that are connect-enabled. This is a slight
deviation from the "magic" that Consul provides. With Consul, the 'expose' flag
exists on the connect.proxy stanza, which will then auto-generate expose paths
for every HTTP and gRPC service check associated with that connect-enabled
service.

A first attempt at providing similar magic for Nomad's Consul Connect integration
followed that pattern exactly, as seen in #7396. However, on reviewing the PR
we realized having the `expose` flag on the proxy stanza inseperably ties together
the automatic path generation with every HTTP/gRPC defined on the service. This
makes sense in Consul's context, because a service definition is reasonably
associated with a single "task". With Nomad's group level service definitions
however, there is a reasonable expectation that a service definition is more
abstractly representative of multiple services within the task group. In this
case, one would want to define checks of that service which concretely make HTTP
or gRPC requests to different underlying tasks. Such a model is not possible
with the course `proxy.expose` flag.

Instead, we now have the flag made available within the check definitions themselves.
By making the expose feature resolute to each check, it is possible to have
some HTTP/gRPC checks which make use of the envoy exposed paths, as well as
some HTTP/gRPC checks which make use of some orthongonal port-mapping to do
checks on some other task (or even some other bound port of the same task)
within the task group.

Given this example,

group "server-group" {
  network {
    mode = "bridge"
    port "forchecks" {
      to = -1
    }
  }

  service {
    name = "myserver"
    port = 2000

    connect {
      sidecar_service {
      }
    }

    check {
      name     = "mycheck-myserver"
      type     = "http"
      port     = "forchecks"
      interval = "3s"
      timeout  = "2s"
      method   = "GET"
      path     = "/classic/responder/health"
      expose   = true
    }
  }
}

Nomad will automatically inject (via job endpoint mutator) the
extrapolated expose path configuration, i.e.

expose {
  path {
    path            = "/classic/responder/health"
    protocol        = "http"
    local_path_port = 2000
    listener_port   = "forchecks"
  }
}

Documentation is coming in #7440 (needs updating, doing next)

Modifications to the `countdash` examples in https://github.com/hashicorp/demo-consul-101/pull/6
which will make the examples in the documentation actually runnable.

Will add some e2e tests based on the above when it becomes available.
2020-03-31 17:15:50 -06:00
Seth Hoenig 41244c5857 jobspec: parse multi expose.path instead of explicit slice 2020-03-31 17:15:27 -06:00
Seth Hoenig 0266f056b8 connect: enable proxy.passthrough configuration
Enable configuration of HTTP and gRPC endpoints which should be exposed by
the Connect sidecar proxy. This changeset is the first "non-magical" pass
that lays the groundwork for enabling Consul service checks for tasks
running in a network namespace because they are Connect-enabled. The changes
here provide for full configuration of the

  connect {
    sidecar_service {
      proxy {
        expose {
          paths = [{
		path = <exposed endpoint>
                protocol = <http or grpc>
                local_path_port = <local endpoint port>
                listener_port = <inbound mesh port>
	  }, ... ]
       }
    }
  }

stanza. Everything from `expose` and below is new, and partially implements
the precedent set by Consul:
  https://www.consul.io/docs/connect/registration/service-registration.html#expose-paths-configuration-reference

Combined with a task-group level network port-mapping in the form:

  port "exposeExample" { to = -1 }

it is now possible to "punch a hole" through the network namespace
to a specific HTTP or gRPC path, with the anticipated use case of creating
Consul checks on Connect enabled services.

A future PR may introduce more automagic behavior, where we can do things like

1) auto-fill the 'expose.path.local_path_port' with the default value of the
   'service.port' value for task-group level connect-enabled services.

2) automatically generate a port-mapping

3) enable an 'expose.checks' flag which automatically creates exposed endpoints
   for every compatible consul service check (http/grpc checks on connect
   enabled services).
2020-03-31 17:15:27 -06:00
Seth Hoenig 1ce4eb17fa client: use consistent name for struct receiver parameter
This helps reduce the number of squiggly lines in Goland.
2020-03-31 17:15:27 -06:00
Zack Smith 89c2c322fb
Merge pull request #7569 from acidprime/fix/syntax/codeblock
[docs] Fix syntax error in docs
2020-03-31 15:07:41 -07:00
Zack Smith c1f67395aa Fix syntax error in docs
Prior to this commit, the HCL syntax was invalid. This commit adds a `,`
to make the example pass syntax checks.
2020-03-31 14:32:23 -07:00
Lang Martin e03c328792
csi: use node MaxVolumes during scheduling (#7565)
* nomad/state/state_store: CSIVolumesByNodeID ignores namespace

* scheduler/scheduler: add CSIVolumesByNodeID to the state interface

* scheduler/feasible: check node MaxVolumes

* nomad/csi_endpoint: no namespace inn CSIVolumesByNodeID anymore

* nomad/state/state_store: avoid DenormalizeAllocationSlice

* nomad/state/iterator: clean up SliceIterator Next

* scheduler/feasible_test: block with MaxVolumes

* nomad/state/state_store_test: fix args to CSIVolumesByNodeID
2020-03-31 17:16:47 -04:00
Lang Martin 8d4f39fba1
csi: add node events to report progress mounting and unmounting volumes (#7547)
* nomad/structs/structs: new NodeEventSubsystemCSI

* client/client: pass triggerNodeEvent in the CSIConfig

* client/pluginmanager/csimanager/instance: add eventer to instanceManager

* client/pluginmanager/csimanager/manager: pass triggerNodeEvent

* client/pluginmanager/csimanager/volume: node event on [un]mount

* nomad/structs/structs: use storage, not CSI

* client/pluginmanager/csimanager/volume: use storage, not CSI

* client/pluginmanager/csimanager/volume_test: eventer

* client/pluginmanager/csimanager/volume: event on error

* client/pluginmanager/csimanager/volume_test: check event on error

* command/node_status: remove an extra space in event detail format

* client/pluginmanager/csimanager/volume: use snake_case for details

* client/pluginmanager/csimanager/volume_test: snake_case details
2020-03-31 17:13:52 -04:00
Buck Doyle d70c3fbb3e
UI: Add exec loading template (#7566)
This closes #7460. Before this, there was an incongruous flash
of the non-exec UI during loading.
2020-03-31 13:59:43 -05:00
Buck Doyle 61164b856e
UI: Change exec button to not show on dead jobs (#7548)
I still want to add acceptance tests for the existence
of these buttons but this change makes the exec button
for jobs behave similarly to the others.
2020-03-31 13:11:26 -05:00
Mahmood Ali db4c263180
Merge pull request #7554 from benbuzbee/benbuz/fix-seccomp-file
Parse security_opts before sending them to docker daemon
2020-03-31 11:54:17 -04:00
Ben Buzbee 4f6ea87ec4 Parse security_opts before sending them to docker daemon
Fixes #6720

Copy the parsing function from the docker CLI. Docker daemon expects to see JSON for seccomp file not a path.
2020-03-31 08:34:41 -07:00
Mahmood Ali 14a461d6c4
Merge pull request #7560 from hashicorp/vendor-go-msgpack-v1.1.5
vendor: explicit use of hashicorp/go-msgpack
2020-03-31 10:09:05 -04:00
Tim Gross 4a834ea0fa
client: use NewNodeEvent builder for consistency (#7559) 2020-03-31 10:02:16 -04:00
Mahmood Ali 64dd10ac92 vendor: use tagged hashicorp/go-msgpack
This is to ease go mod migration
2020-03-31 09:51:17 -04:00
Yoan Blanc 225c9c1215 fixup! vendor: explicit use of hashicorp/go-msgpack
Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2020-03-31 09:48:07 -04:00
Yoan Blanc 761d014071 vendor: explicit use of hashicorp/go-msgpack
Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2020-03-31 09:45:21 -04:00