Commit graph

23283 commits

Author SHA1 Message Date
Seth Hoenig dca954faac build: update golangci-lint to v1.46.2
This version of golangci-lint improves support for generics, but also
is more strict in copy vs. loop for slice copying.
2022-05-31 23:32:01 +00:00
Anthony d5e084b297
docs: added note about vault -period flag (#13185) 2022-05-31 14:26:03 -07:00
Seth Hoenig 54efec5dfe docs: add docs and tests for tagged_addresses 2022-05-31 13:02:48 -05:00
pabloyoyoista d0ff73ddbe
docs: add podman ulimit option (#13180) 2022-05-31 11:16:46 -04:00
Jorge Marey f966614602 Allow setting tagged addresses on services 2022-05-31 10:06:55 -05:00
James Rasell 59a4a19a4f
docs: add allocation and job services API endpoint docs. (#13174) 2022-05-30 16:15:09 +02:00
Waquid Valiya Peedikakkal c06edaacc8
docs: add nomad-pipeline to community tools page (#13172) 2022-05-30 09:05:38 +02:00
Luiz Aoqui bb7b44a9ae
docs: add wander to the community tools page (#13165) 2022-05-27 11:53:01 -04:00
Toyam Cox 06b934ccf6
docs: make the example for 'load' work (#13102) 2022-05-27 08:48:58 -04:00
James Rasell 84aabe8963
cli: fix minor formatting issue with alloc restart help. (#13135) 2022-05-27 13:18:47 +02:00
Seth Hoenig c2ba1e2e29
Merge pull request #13125 from hashicorp/b-connect-upstream-namespace
connect: enable setting connect upstream destination namespace
2022-05-26 10:29:11 -05:00
Seth Hoenig 4631045d83 connect: enable setting connect upstream destination namespace 2022-05-26 09:39:36 -05:00
Amier Chery 05274c9c9f
Merge pull request #13083 from josegonzalez/patch-1
Update service.check.task definition to match code
2022-05-26 10:38:49 -04:00
Seth Hoenig 9e476c75b8
Merge pull request #13036 from hashicorp/f-update-golang-1.18.2
build: update golang version to 1.18.2
2022-05-25 13:32:20 -05:00
Seth Hoenig 069f13a533 git: add go.work to gitignore 2022-05-25 11:15:00 -05:00
Seth Hoenig f7c0e078a9 build: update golang version to 1.18.2
This PR update to Go 1.18.2. Also update the versions of hclfmt
and go-hclogfmt which includes newer dependencies necessary for dealing
with go1.18.

The hcl v2 branch is now 'nomad-v2.9.1+tweaks2', to include a fix for
newer macOS versions: 8927e75e82
2022-05-25 10:04:04 -05:00
Luiz Aoqui 769ff1dcc3
Merge pull request #13109 from hashicorp/merge-release-1.3.1-branch
Merge release 1.3.1 branch
2022-05-25 10:45:09 -04:00
Seth Hoenig 10b029a1fd
Merge pull request #13107 from hashicorp/b-docker-test-fixes
tests: minor fixes for some docker tests
2022-05-25 09:26:34 -05:00
Seth Hoenig 8af061ffc5 docker: remove dead comment 2022-05-25 09:26:20 -05:00
Seth Hoenig 92685bad63 tests: minor fixes for some docker tests 2022-05-25 08:48:24 -05:00
Seth Hoenig 48e3405cda
Merge pull request #13059 from hashicorp/ci-gha-22.04
ci: switch to 22.04 for GHA Core CI tests
2022-05-25 08:44:36 -05:00
Seth Hoenig 626a345fb2 ci: switch to 22.04 LTS for GHA Core CI tests 2022-05-25 08:19:40 -05:00
Seth Hoenig 20b6bf3c22
Merge pull request #13104 from hashicorp/b-blocked-eval-math
core: fix blocked eval math
2022-05-24 16:23:06 -05:00
Luiz Aoqui 63441b54b3
Post 1.3.1 release changes 2022-05-24 16:33:30 -04:00
hc-github-team-nomad-core e9630d31be
Prepare for next release 2022-05-24 16:29:47 -04:00
hc-github-team-nomad-core 15caf5eab2
Generate files for 1.3.1 release 2022-05-24 16:29:46 -04:00
Luiz Aoqui fb41b82e82
prepare release 1.3.1 2022-05-24 16:29:46 -04:00
Michael Schurter 2965dc6a1a
artifact: fix numerous go-getter security issues
Fix numerous go-getter security issues:

- Add timeouts to http, git, and hg operations to prevent DoS
- Add size limit to http to prevent resource exhaustion
- Disable following symlinks in both artifacts and `job run`
- Stop performing initial HEAD request to avoid file corruption on
  retries and DoS opportunities.

**Approach**

Since Nomad has no ability to differentiate a DoS-via-large-artifact vs
a legitimate workload, all of the new limits are configurable at the
client agent level.

The max size of HTTP downloads is also exposed as a node attribute so
that if some workloads have large artifacts they can specify a high
limit in their jobspecs.

In the future all of this plumbing could be extended to enable/disable
specific getters or artifact downloading entirely on a per-node basis.
2022-05-24 16:29:39 -04:00
Luiz Aoqui 0a00059f3c
core: test duplicated blocked eval stats
In the original test, the eval generator would use a random value for
the job ID, resulting in an unxercised code path for duplicate blocked
evals.
2022-05-24 15:44:06 -04:00
Seth Hoenig 83bab8ed64
Merge pull request #13058 from hashicorp/b-cgroupsv1-docker-cgparent
drivers/docker: do not set cgroup parent in v1 mode
2022-05-24 14:07:40 -05:00
Seth Hoenig c6c3ae020d drivers/docker: do not set cgroup parent in v1 mode
This PR fixes a bug where the CgroupParent on the docker
HostConfig struct was accidently being set when running in
cgroups v1 mode.
2022-05-24 11:22:50 -05:00
Seth Hoenig 27d0c0dc9f docs: add changelog 2022-05-24 09:13:15 -05:00
Seth Hoenig a5943da0c7 core: add tests for blocked evals math 2022-05-24 09:05:18 -05:00
Seth Hoenig 0c145ac1e4 core: remove correct set of resources on blocked eval 2022-05-23 15:18:55 -05:00
PinkLolicorn 83dd9e801e
docs: mount_flags takes a slice of strings (#13087)
The description of `mount_flags` provides incorrect example
of the accepted value format.

This fixes the issue by changing the example from a string
`ro,noatime` to a slice of strings `["ro", "noatime"]`.
2022-05-20 09:16:17 -04:00
Tim Gross cc4a1f2ec4
e2e: upgrade playwright package and container image (#13080)
The nightly playwright tests are currently failing because of a
mismatch between the expected version of Chromium and what's in the
container image. Unfortunately the previous specific tag we were using
for the container image is no longer tagged on the registry. With some
testing, I was able to find an image tag that results in a good run.
2022-05-20 08:41:07 -04:00
Jose Diaz-Gonzalez fa1077fbcd
docs: correct where task cannot be defined 2022-05-19 21:24:58 -04:00
Jose Diaz-Gonzalez ea01fe398f
Update service.check.task definition to match code
Nomad errors out when attempting to specify a task for a service that uses consul connect but does not have script or gRPC checks. See 304d0cf595/nomad/structs/structs.go (L6643) for details.
2022-05-19 20:54:49 -04:00
Will Jordan d515e5c3b0
Don't buffer json logs on agent startup (#13076)
There's no reason to buffer json logs on agent startup
since logs in this format already aren't reordered.
2022-05-19 15:40:30 -04:00
Seth Hoenig d9c10fccde
Merge pull request #13070 from hashicorp/b-vault-validator-env
cli: correctly validate job with vault token set
2022-05-19 14:31:10 -05:00
claire labry 7693818d56
Merge pull request #13068 from twunderlich-grapl/twunderlich/run-postinstall-script
[CI-only] Use the postinstall script for linux packages
2022-05-19 14:16:08 -04:00
Seth Hoenig fc58f4972c cli: correctly use and validate job with vault token set
This PR fixes `job validate` to respect '-vault-token', '$VAULT_TOKEN',
'-vault-namespace' if set.
2022-05-19 12:13:34 -05:00
Thomas Wunderlich ba6f81d843
Use the postinstall script
It appears that the postinstall script was created but never used.
This change is to actually use the post-install script.
2022-05-19 12:49:44 -04:00
Tim Gross b72ff42ada
api: include Consul token in job revert API (#13065) 2022-05-19 11:30:29 -04:00
Seth Hoenig 89c72d74d7
Merge pull request #13044 from hashicorp/b-fixup-init-redis
cli: update default redis and use nomad service discovery
2022-05-17 11:19:27 -05:00
Seth Hoenig 29d3da6dfd cl: update changelog 2022-05-17 10:35:08 -05:00
Seth Hoenig 65f7abf2f4 cli: update default redis and use nomad service discovery
Closes #12927
Closes #12958

This PR updates the version of redis used in our examples from 3.2 to 7.
The old version is very not supported anymore, and we should be setting
a good example by using a supported version.

The long-form example job is now fixed so that the service stanza uses
nomad as the service discovery provider, and so now the job runs without
a requirement of having Consul running and configured.
2022-05-17 10:24:19 -05:00
Seth Hoenig 26b5c01431
Merge pull request #12817 from twunderlich-grapl/fix-network-interpolation
Fix network.dns interpolation
2022-05-17 09:31:32 -05:00
Seth Hoenig 08becb117c cl: add changelog note for network interpolation 2022-05-17 09:14:55 -05:00
Luiz Aoqui 854209af0b
Merge pull request #13033 from hashicorp/docs-consul-upgrade-banner
docs: add Consul 1.12.0 upgrade notice
2022-05-16 19:23:08 -04:00