Commit graph

48 commits

Author SHA1 Message Date
Tim Gross 1785822386
template: trigger change_mode for dynamic secrets on restore (#9636)
When a task is restored after a client restart, the template runner will
create a new lease for any dynamic secret (ex. Consul or PKI secrets
engines). But because this lease is being created in the prestart hook, we
don't trigger the `change_mode`.

This changeset uses the the existence of the task handle to detect a
previously running task that's been restored, so that we can trigger the
template `change_mode` if the template is changed, as it will be only with
dynamic secrets.
2020-12-16 13:36:19 -05:00
Seth Hoenig 52c9dbbb91 consul/connect: set default Envoy worker threads for gateways
Applying the default --concurrency for gateways was missed before.
Set the default Envoy concurrency to 1 for connect gateways. The
same override value meta.connect.proxy_concurrency applies.
2020-12-10 10:36:29 -06:00
Michael Schurter eb56a75bdd docs: may->will after confirming with Consul
Consul 1.9 switched to agentless intentions which no longer require
synchronous communication from Envoy to Consul.
2020-12-03 13:48:06 -08:00
Michael Schurter e948e0a012 docs: clarify connect upgrade procedure
During testing we discovered old versions of Nomad and Consul seemed to
prevent Envoy from accepting new connections while the Nomad agent was
being upgraded.
2020-12-03 13:36:13 -08:00
Charlie Voiselle 7d37cd3f53
Small website updates (#9504)
* systemd should be downcased
* containerd should be downcased
* spellchecking, adjust list item spacing
* QEMU should be upcased
* spelling, it's->its
* Fewer exclamation points; drive-by list spacing
* Update website/pages/docs/internals/security.mdx
* Namespace is not ent only now.
Co-authored-by: Tim Gross <tgross@hashicorp.com>
2020-12-02 19:02:03 -05:00
Seth Hoenig bf857684d1 consul/connect: default envoy concurrency to 1
Previously, every Envoy Connect sidecar would spawn as many worker
threads as logical CPU cores. That is Envoy's default behavior when
`--concurrency` is not explicitly set. Nomad now sets the concurrency
flag to 1, which is sensible for the default cpu = 250 Mhz resources
allocated for sidecar proxies. The concurrency value can be configured
in Client configuration by setting `meta.connect.proxy_concurrency`.

Closes #9341
2020-12-01 13:12:45 -06:00
Nick Ethier c4ddb0a43a website: add mbits and network deprecation notice 2020-11-23 10:09:36 -06:00
Michael Schurter 876144302a docs: avoid the regression in 0.12.[78]
The suggest version, 0.12.7, includes regressions that are best avoided
so steer users to 0.12.9.
2020-11-19 14:32:59 -08:00
Tim Gross 0ef0b17b82
docker: disallow volume mounts from host by default (#9321)
The default behavior for `docker.volumes.enabled` is intended to be `false`,
but the HCL schema defaults to `true` if the value is unset. Set the default
literal value to `true`.

Additionally, Docker driver mounts of type "volume" (but not "bind") are not
being properly sandboxed with that setting. Disable Docker mounts with type
"volume" entirely whenever the `docker.volumes.enabled` flag is set to
false. Note this is unrelated to the `volume_mount` feature, which is
constrained to preconfigured host volumes or whatever is mounted by a CSI
plugin.

This changeset includes updates to unit tests that should have been failing
under the documented behavior but were not.
2020-11-11 10:03:46 -05:00
Mahmood Ali 895fa1e3fa
First draft of HCLv2 docs (#9218)
This is a first draft of HCLv2 docs - I added the details under hcl2 doc with some minimal info highlighting the hcl2 introductions.

As a longer term strategy, we'll want to mimic the Packer HCL docs structure that details all the blocks and allowed expressions/functions in greater details. However, given that the exact functions and templating syntax is still somewhat influx, I opt to push that to another time.
2020-11-02 12:27:53 -05:00
Tim Gross 10b6551065
docs: add regression warning for GH-9148 to upgrade guide (#9157)
* docs: add regression warning for GH-9148 to upgrade guide
* changelog entry
2020-10-23 10:05:56 -04:00
Tim Gross 70c9faabd2 upgrade guide documentation 2020-10-21 14:34:12 -04:00
Michael Schurter 9c3972937b s/0.13/1.0/g
1.0 here we come!
2020-10-14 15:17:47 -07:00
Chris Baker 1d35578bed removed backwards-compatible/untagged metrics deprecated in 0.7 2020-10-13 20:18:39 +00:00
Seth Hoenig ed13e5723f consul/connect: dynamically select envoy sidecar at runtime
As newer versions of Consul are released, the minimum version of Envoy
it supports as a sidecar proxy also gets bumped. Starting with the upcoming
Consul v1.9.X series, Envoy v1.11.X will no longer be supported. Current
versions of Nomad hardcode a version of Envoy v1.11.2 to be used as the
default implementation of Connect sidecar proxy.

This PR introduces a change such that each Nomad Client will query its
local Consul for a list of Envoy proxies that it supports (https://github.com/hashicorp/consul/pull/8545)
and then launch the Connect sidecar proxy task using the latest supported version
of Envoy. If the `SupportedProxies` API component is not available from
Consul, Nomad will fallback to the old version of Envoy supported by old
versions of Consul.

Setting the meta configuration option `meta.connect.sidecar_image` or
setting the `connect.sidecar_task` stanza will take precedence as is
the current behavior for sidecar proxies.

Setting the meta configuration option `meta.connect.gateway_image`
will take precedence as is the current behavior for connect gateways.

`meta.connect.sidecar_image` and `meta.connect.gateway_image` may make
use of the special `${NOMAD_envoy_version}` variable interpolation, which
resolves to the newest version of Envoy supported by the Consul agent.

Addresses #8585 #7665
2020-10-13 09:14:12 -05:00
Tim Gross 98a70d789e
docs: inclusive language configuration changes (#9069) 2020-10-13 08:02:29 -04:00
Seth Hoenig e693d15a5b env_aws: get ec2 cpu perf data from AWS API
Previously, Nomad was using a hand-made lookup table for looking
up EC2 CPU performance characteristics (core count + speed = ticks).

This data was incomplete and incorrect depending on region. The AWS
API has the correct data but requires API keys to use (i.e. should not
be queried directly from Nomad).

This change introduces a lookup table generated by a small command line
tool in Nomad's tools module which uses the Amazon AWS API.

Running the tool requires AWS_* environment variables set.
  $ # in nomad/tools/cpuinfo
  $ go run .

Going forward, Nomad can incorporate regeneration of the lookup table
somewhere in the CI pipeline so that we remain up-to-date on the latest
offerings from EC2.

Fixes #7830
2020-10-08 12:01:09 -05:00
Chris Baker 7f701fddd0 updated docs and validation to further prohibit null chars in region, datacenter, and job name 2020-10-05 18:01:50 +00:00
Chris Baker 23ea7cd27c updated job validate to refute job/group/task IDs containing null characters
updated CHANGELOG and upgrade guide
2020-10-05 18:01:49 +00:00
Ryan Oaks da3e4a9e71
Merge pull request #8991 from hashicorp/ro.docs-formatting
docs: Format docs website code and mdx
2020-10-05 10:31:40 -04:00
Ryan Oaks 536aab271d Format docs website code and mdx 2020-10-02 13:31:40 -04:00
Seth Hoenig a8869bd304 docs: document docker signal fix, add tests
This PR adds a version specific upgrade note about the docker stop
signal behavior. Also adds test for the signal logic in docker driver.

Closes #8932 which was fixed in #8933
2020-10-02 10:06:43 -05:00
Charlie Voiselle 9d85195361
[docs] Update redirects and links for learn.hashicorp.com (#8598)
* Fix links to ACL guides
* Managing Nomad guide links; links in jsx pages
* job updates guide URLS
* node-drain guide URLS
* outage recovery guide links
* fix guide links - sentinel
* fix guide links - namespaces
* fix guide links - quotas
* fix guide links - autopilot
* more guide links.
* more guide links - continued.
* Updating redirects for learn
* Getting Started
* Load Balancing Guides
* update redirects for ui guide
* Consolidate spark redirects to point to GH repo
* operating job update part 1
* finish operating job links; operations guides links.
* finish guide redirects
* coalesce EOL redirects for spark guides.
* one last link
* Checked links and found a few more stray links
* Found more .htmls
* Fixup links for new HC websites
* Post-merge fixups
* linkcheck caught missing ids
2020-09-29 12:48:32 -04:00
Mahmood Ali 1bf98d3a24 tweak the language about mbit scheduling factor 2020-09-17 08:35:38 -04:00
Mahmood Ali f41cf9c67b Update website with network mbit deprecation 2020-09-16 11:06:35 -04:00
Drew Bailey c06a84e4a2
ignore VAULT_NAMESPACE (#8581)
VAULT_NAMESPACE in 0.12.1 and previous versions is already ignored. \n revert change that used it as a default since it will break oss users
2020-07-31 10:33:21 -04:00
Drew Bailey b296558b8e
oss compoments for multi-vault namespaces
adds in oss components to support enterprise multi-vault namespace feature

upgrade specific doc on vault multi-namespaces

vault docs

update test to reflect new error
2020-07-24 10:14:59 -04:00
Michael Schurter 30fbec3557 docs: document enterprise upgrade bug #8457 2020-07-17 11:57:29 -07:00
Ricardo Martins ce1fdc0dfc
docs: fix typo in upgrade instructions (#8301)
The suggested plugin configuration to re-enable Docker volumes was erroneously
using the singlular `volume` instead of the correct `volumes`, making the
client fail to parse the configuration and causing it not to start.
2020-06-29 08:27:45 -04:00
Mahmood Ali 2d64a404e6 docs: update docs for host path flags 2020-06-24 08:03:56 -04:00
Mahmood Ali 9669446b56 docs: note 0.11.3 fixes a critical issue 2020-06-22 12:02:01 -04:00
Michael Schurter 31f36620db docs: finally document the 0.9 port_map break 2020-06-18 14:56:47 -07:00
Mahmood Ali be6cc94346
fix grammar in DST upgrade snippet (#7985) 2020-05-15 15:59:56 -04:00
Michael Schurter f9067fe03c docs: clarify periodic dst behavior 2020-05-13 13:24:35 -07:00
Mahmood Ali c2e80386f0 document daylight saving change 2020-05-13 08:21:19 -04:00
Michael Schurter 439a9f7301
Update website/pages/docs/upgrade/upgrade-specific.mdx
Co-authored-by: Alex Dadgar <alex@hashicorp.com>
2020-04-30 14:47:12 -07:00
Michael Schurter 11c6a6e81c docs: mention scoring change from #7730 2020-04-23 14:51:34 -07:00
Michael Schurter fa9bf43cad
Update website/pages/docs/upgrade/upgrade-specific.mdx
Co-Authored-By: Buck Doyle <buck@hashicorp.com>
2020-04-07 11:08:40 -07:00
Michael Schurter a338597ec1 docs: update changelog/upgrade for 0.11.0 2020-04-07 10:32:23 -07:00
Charlie Voiselle 4e4fbbebdd fix search and replace error 2020-03-27 11:39:03 -04:00
Charlie Voiselle 169a6f2ba2 Fixed pages with new changes 2020-03-26 19:58:26 -04:00
Charlie Voiselle a72208eebe more links
(cherry picked from commit 0e39e2e49b0371c246dc1a9b4bb20af0b2f642a0)
2020-03-26 19:27:55 -04:00
Charlie Voiselle 4b580df670 fixing links
(cherry picked from commit 575f22e970e2429b8f9871f11b8c3e0924c82dc2)
2020-03-26 19:27:05 -04:00
Charlie Voiselle e1e1dab5fe correcting layout for reparented pages
(cherry picked from commit ce9d9b5e69fe5f47847cc511ffd73f6b43de92e7)
2020-03-26 19:26:52 -04:00
Charlie Voiselle 2328e3dcac link-fixup; move navigation 2020-03-26 19:26:38 -04:00
Charlie Voiselle 0aaca7d969 Removing guide folder
reparented some elements to docs.

(cherry picked from commit 4fa35e51e0e0d193bf81f4465f4e1ba4caa5b3ca)
2020-03-26 19:20:39 -04:00
Jeff Escalante 77e6ad8867 Revert "Merge pull request #7322 from hashicorp/docs-fix-guide-links"
This reverts commit 4311f5e95657a2eb7b231daf326af252e6c75ae7, reversing
changes made to 5d5469e6facfc4ab59235d5532664bb95a597728.
2020-03-12 18:18:14 -04:00
Charlie Voiselle e1f6cf4734 Working on "/guides" links 2020-03-12 15:46:39 -04:00
Renamed from website/pages/guides/upgrade/upgrade-specific.mdx (Browse further)