Commit graph

20164 commits

Author SHA1 Message Date
Tim Gross 180d6c7ef5
docs: move agent lifecycle doc under Operations heading (#9411) 2020-12-01 11:55:08 -05:00
Michael Schurter ea0e1789f4
Merge pull request #9435 from hashicorp/f-allocupdate-timer
client: always wait 200ms before sending updates
2020-12-01 08:45:17 -08:00
Drew Bailey 9adca240f8
Event Stream: Track ACL changes, unsubscribe on invalidating changes (#9447)
* upsertaclpolicies

* delete acl policies msgtype

* upsert acl policies msgtype

* delete acl tokens msgtype

* acl bootstrap msgtype

wip unsubscribe on token delete

test that subscriptions are closed after an ACL token has been deleted

Start writing policyupdated test

* update test to use before/after policy

* add SubscribeWithACLCheck to run acl checks on subscribe

* update rpc endpoint to use broker acl check

* Add and use subscriptions.closeSubscriptionFunc

This fixes the issue of not being able to defer unlocking the mutex on
the event broker in the for loop.

handle acl policy updates

* rpc endpoint test for terminating acl change

* add comments

Co-authored-by: Kris Hicks <khicks@hashicorp.com>
2020-12-01 11:11:34 -05:00
Drew Bailey 70ae7ec621
return potential errors from txn.Commit (#9483) 2020-12-01 10:05:37 -05:00
Tim Gross 154e62fd3b
docs: warn about Docker auth_soft_fail behavior
If Docker auth helpers are used but aith fails or the image isn't found, we
hard fail the task. Users may set `auth_soft_fail` to fallback to the public
Docker Hub on a per-job basis. But users that mix public and private images
have to set `auth_soft_fail=true` for every job using a public image if Docker
auth helpers are used.
2020-12-01 09:05:35 -05:00
Mark Lewis ec8361fab9 Update proxy.mdx 2020-12-01 08:26:32 -05:00
Mark Lewis 894851a756 Update reschedule.mdx 2020-12-01 08:26:12 -05:00
Mark Lewis 523dad369b Update restart.mdx 2020-12-01 08:22:13 -05:00
Luiz Aoqui 5f4a385070
Merge pull request #9476 from hashicorp/website-update-general-help
website: update general help guidance
2020-11-30 19:29:52 -05:00
Luiz Aoqui 63d6d3b0d1
website: update general help guidance 2020-11-30 19:12:43 -05:00
Benjamin Buzbee e0acbbfcc6
Fix RPC retry logic in nomad client's rpc.go for blocking queries (#9266) 2020-11-30 15:11:10 -05:00
Drew Bailey a0b7f05a7b
Remove Managed Sinks from Nomad (#9470)
* Remove Managed Sinks from Nomad

Managed Sinks were a beta feature in Nomad 1.0-beta2. During the beta
period it was determined that this was not a scalable approach to
support community and third party sinks.

* update comment

* changelog
2020-11-30 14:00:31 -05:00
Seth Hoenig fa6789a087
Merge pull request #9472 from hashicorp/f-connect-upstream-datacenter
consul/connect: enable setting datacenter in upstream
2020-11-30 12:29:05 -06:00
Seth Hoenig d38cd5268a docs: better clarify connect upstream datacenter 2020-11-30 12:28:08 -06:00
Michael Schurter b7c4d16a78 docs: add #9435 to changelog 2020-11-30 10:27:13 -08:00
Seth Hoenig e81e9223ef consul/connect: enable setting datacenter in connect upstream
Before, upstreams could only be defined using the default datacenter.
Now, the `datacenter` field can be set in a connect upstream definition,
informing consul of the desire for an instance of the upstream service
in the specified datacenter. The field is optional and continues to
default to the local datacenter.

Closes #8964
2020-11-30 10:38:30 -06:00
Chris Piwarski 955bf23e8e command: Fix node help error 2020-11-30 11:12:06 -05:00
Seth Hoenig 8fe8f7ba1f docs: note manual jobspec parsing generally no longer required 2020-11-30 09:46:40 -06:00
Mark Lewis 338e8995e6
Update migrate.mdx 2020-11-30 10:35:25 -05:00
Mahmood Ali 7a629b7da9
docs: add sidebar title for cidrsubnets (#9469) 2020-11-30 10:34:51 -05:00
Seth Hoenig 9500e9446e
Merge pull request #9468 from hashicorp/b-fix-hcl2-doc-typo
docs: spell preceding the normal way
2020-11-30 09:30:56 -06:00
Seth Hoenig 49fd063324 docs: spell preceding the normal way 2020-11-30 09:29:24 -06:00
Seth Hoenig b7756bd652
Merge pull request #9454 from hashicorp/f-add-ig-demo-e2e
e2e: add e2e test for consul connect ingress gateway demo
2020-11-30 09:01:42 -06:00
Seth Hoenig 1b3d409eba e2e: use test framework Assertions in connect tests 2020-11-30 08:48:40 -06:00
Buck Doyle 3b0f876ae5
Add DAS namespaces toggle and fix empty card bug (#9337)
This builds on filtering to allow the optimize page to show recommendations
for the active namespace vs all namespaces. If turning off the toggle causes
the summary from the active card to become excluded from the filtered list,
the active summary changes, as with the facets.

It also includes a fix for this bug:
https://github.com/hashicorp/nomad/pull/9294#pullrequestreview-527748994
2020-11-30 08:18:44 -06:00
Buck Doyle ba147a4fca
Add query parameter to override Mirage scenario (#9380) 2020-11-30 08:12:15 -06:00
Mark Lewis 6334ad1b42 Update network.mdx 2020-11-30 08:53:17 -05:00
Mahmood Ali d1e139c3fb
Docs for HCL2 (#9322)
Add more detailed HCL2 docs, mostly lifted from Packer with tweaks for Nomad.

The function docs are basically verbatim taken from Packer with basic string substitutions. I commented out some for_each details as the examples are mostly driven towards Packer resources. I'll iterate on those with better Nomad examples.
2020-11-29 20:36:41 -05:00
James Rasell 1776047e6b
Merge pull request #9459 from hashicorp/ml4-patch-3
Update ephemeral_disk.mdx
2020-11-27 11:56:22 +01:00
James Rasell 1779d5f89c
Merge pull request #9460 from hashicorp/ml4-patch-4
Update group.mdx
2020-11-27 11:44:01 +01:00
James Rasell 4e378bb3f8
Merge pull request #9458 from hashicorp/ml4-patch-2-1
Update device.mdx
2020-11-27 11:36:02 +01:00
James Rasell 7b3f84e0ff
Merge pull request #9457 from hashicorp/ml4-patch-1
Update csi_plugin.mdx
2020-11-27 11:32:44 +01:00
James Rasell c2cacf7c92
Merge pull request #9455 from Quiq/azure-more-fingerprinting
Add "compute/zone" to Azure fingerprinting
2020-11-27 09:12:49 +01:00
Mark Lewis 385a06d8e0
Update group.mdx
Typo
2020-11-27 07:37:44 +00:00
Mark Lewis fa3a5e5a7d
Update ephemeral_disk.mdx
Document says size is an `int`, but snippet shows string type.
2020-11-27 07:16:01 +00:00
Mark Lewis d5bfcba1fd
Update device.mdx
Fixed typos
2020-11-27 07:10:04 +00:00
Mark Lewis 1ac9d1c2bb
Update csi_plugin.mdx
typo
2020-11-27 06:56:13 +00:00
Roman Vynar b957f87cd7 Add compute/zone to Azure fingerprinting 2020-11-26 13:26:51 +02:00
Seth Hoenig 546a8bfb95 e2e: add e2e test for consul connect ingress gateway demo
Add the ingress gateway example from the noamd connect examples
to the e2e Connect suite. Includes the ACLs enabled version,
which means the nomad server consul acl policy will require
operator=write permission.
2020-11-25 16:54:02 -06:00
Tim Gross 8ba9bde2ff changelog entries for CSI 2020-11-25 16:44:20 -05:00
Tim Gross 4e79ddea45
csi/api: populate ReadAllocs/WriteAllocs fields (#9377)
The API is missing values for `ReadAllocs` and `WriteAllocs` fields, resulting
in allocation claims not being populated in the web UI. These fields mirror
the fields in `nomad/structs.CSIVolume`. Returning a separate list of stubs
for read and write would be ideal, but this can't be done without either
bloating the API response with repeated full `Allocation` data, or causing a
panic in previous versions of the CLI.

The `nomad/structs` fields are persisted with nil values and are populated
during RPC, so we'll do the same in the HTTP API and populate the `ReadAllocs`
and `WriteAllocs` fields with a map of allocation IDs, but with null
values. The web UI will then create its `ReadAllocations` and
`WriteAllocations` fields by mapping from those IDs to the values in
`Allocations`, instead of flattening the map into a list.
2020-11-25 16:44:06 -05:00
Seth Hoenig 00caf2c204
Merge pull request #9452 from hashicorp/f-e2e-print-consulacls-string
e2e: print consulacls scripts output as string
2020-11-25 15:06:48 -06:00
Seth Hoenig d850f17bc1 e2e: print consulacls scripts output as string
The clean up in #8908 inadvertently caused the output from the scripts
involved in the Consul ACL bootstrap process to be printed as a big blob
of bytes, which is slightly less useful than the text version.
2020-11-25 15:03:33 -06:00
Mahmood Ali 98c02851c8
use comment ignores (#9448)
Use targetted ignore comments for the cases where we are bound by
backward compatibility.

I've left some file based linters, especially when the file is riddled
with linter voilations (e.g. enum names), or if it's a property of the
file (e.g. package and file names).

I encountered an odd behavior related to RPC_REQUEST_RESPONSE_UNIQUE and
RPC_REQUEST_STANDARD_NAME.  Apparently, if they target a `stream` type,
we must separate them into separate lines so that the ignore comment
targets the type specifically.
2020-11-25 16:03:01 -05:00
Tim Gross aa7c77d324
csi/ui: show Node Only for volumes when controllers aren't required (#9416)
Plugin health for controllers should show "Node Only" in the UI only when both
conditions are true: controllers are not required, and no controllers have
registered themselves (0 expected controllers). This accounts for "monolith"
plugins which might register as both controllers and nodes but not necessarily
have `ControllerRequired = true` because they don't implement the Controller
RPC endpoints we need (this requirement was added in #7844)

This changeset includes the following fixes:

* Update the Plugins tab of the UI so that monolith plugins don't show "Node
  Only" once they've registered.
* Add the missing "Node Only" logic to the Volumes tab of the UI.
2020-11-25 14:50:33 -05:00
Michael Schurter 5ec065b180 client: always wait 200ms before sending updates
Always wait 200ms before calling the Node.UpdateAlloc RPC to send
allocation updates to servers.

Prior to this change we only reset the update ticker when an error was
encountered. This meant the 200ms ticker was running while the RPC was
being performed. If the RPC was slow due to network latency or server
load and took >=200ms, the ticker would tick during the RPC.

Then on the next loop only the select would randomly choose between the
two viable cases: receive an update or fire the RPC again.

If the RPC case won it would immediately loop again due to there being
no updates to send.

When the update chan receive is selected a single update is added to the
slice. The odds are then 50/50 that the subsequent loop will send the
single update instead of receiving any more updates.

This could cause a couple of problems:

1. Since only a small number of updates are sent, the chan buffer may
   fill, applying backpressure, and slowing down other client
   operations.
2. The small number of updates sent may already be stale and not
   represent the current state of the allocation locally.

A risk here is that it's hard to reason about how this will interact
with the 50ms batches on servers when the servers under load.

A further improvement would be to completely remove the alloc update
chan and instead use a mutex to build a map of alloc updates. I wanted
to test the lowest risk possible change on loaded servers first before
making more drastic changes.
2020-11-25 11:36:51 -08:00
Mahmood Ali 8ca33b24f0
Merge pull request #9414 from hashicorp/b-tweak-buf-linter
Parameterize buf compatibility check
2020-11-25 12:19:10 -05:00
Tim Gross b2cd0da0a2
CSI: fix transaction handling in state store (#9438)
When making updates to CSI plugins, the state store methods that have open
write transactions were querying the state store using the same methods used
by the CSI RPC endpoint, but these method creates their own top-level read
transactions. During concurrent plugin updates (as happens when a plugin job
is stopped), this can cause write skew in the plugin counts.

* Refactor the CSIPlugin query methods to have an implementation method that
accepts a transaction, which can be called with either a read txn or a write
txn.
* Refactor the CSIVolume query methods to have an implementation method that
accepts a transaction, which can be called with either a read txn or a write
txn.
* CSI volumes need to be "denormalized" with their plugins and (optionally)
allocations. Read-only RPC endpoints should take a snapshot so that we can
make multiple state store method calls with a consistent view.
2020-11-25 11:15:57 -05:00
Tim Gross b9842c32c1 docs: enumerate required cgroups for exec driver 2020-11-25 09:41:37 -05:00
Mahmood Ali b2a8752c5f
honor task user when execing into raw_exec task (#9439)
Fix #9210 .

This update the executor so it honors the User when using nomad alloc exec. The bug was that the exec task didn't honor the init command when execing.
2020-11-25 09:34:10 -05:00