Commit graph

1995 commits

Author SHA1 Message Date
Alex Dadgar 6b748fef9e Remove consul log line 2018-01-04 15:08:12 -08:00
Alex Dadgar 2f561609b7 Fix detection of successful batch allocations
This PR restores older behavior of detecting successful batch
allocations (04d86ffd1006fde9dfb2ca8c1237fe60b995b0e3). This has the
side effect that we correctly filter desired status stop but not
successful batch allocations and create their replacements.
2018-01-04 14:20:32 -08:00
Michael Schurter 8496cc8192
Merge pull request #3685 from filipochnik/abs-path
Prevent absolute URLs in checks paths
2018-01-04 10:55:36 -08:00
Preetha 1712b03705
Merge branch 'master' into 0.8 2018-01-03 16:06:38 -06:00
Fabian Holler f99aaa9134 revert change to increase min. CPU resource value from 20 to 100
In the commit 622d3ddb92ea7e656ef831641c02024cb5a5d6d1
"Fixed test and moved constants into standalone func" the minimum CPU
resource value for a job was increased from 100 to 20.

This can break the nomad setup for people that used lower CPU
values and are at the maximum MHz value of the available CPU on a
machine.
Change the minimum back to 20 MHz to ensure downwards compatibility.
2018-01-02 16:09:44 +01:00
Filip Ochnik fc99d3fc2d Prevent absolute URLs in checks paths 2017-12-21 10:32:12 +01:00
James Rasell 45e8f977f7
Update node-status verbose command to include node address.
This change updates the `nomad node-status -verbose` command to
also include the addreess of the node. This is helpful for cluster
administrators to quickly discover information and access nodes
when required.
2017-12-21 08:58:35 +00:00
Chelsea Holland Komlo 940bc59790 Fixes #3679
code review fixups; add changelog
2017-12-20 17:58:07 -05:00
Chelsea Holland Komlo 24c56e3976 search endpoint forwarding 2017-12-20 17:57:28 -05:00
Alex Dadgar bfc62ae41c bump version and remove generated structs 2017-12-19 17:10:52 -08:00
Alex Dadgar f0127afd93 generated files 2017-12-19 16:57:34 -08:00
Michael Schurter 5d65eba2e6 Strip mocked dynamic port for fsm test 2017-12-19 16:41:35 -08:00
Michael Schurter 714eb0b266 Services should not require a port
Fixes #3673
2017-12-19 15:50:23 -08:00
Preetha Appan d788c0464c
Clean up error logging 2017-12-18 17:56:12 -06:00
Alex Dadgar 1791cc3ca5 Handle upgrade path 2017-12-18 15:51:35 -08:00
Kyle Havlovitz 1c07066064 Add autopilot functionality based on Consul's autopilot 2017-12-18 14:29:41 -08:00
Preetha Appan 40cb1d327c
Address some code review comments 2017-12-18 15:22:23 -06:00
Preetha Appan 51bd0b59c7
Return an error if evaluation doesn't exist in state store at plan apply time. 2017-12-18 14:55:36 -06:00
Preetha Appan 3c36abfe14
Update eval modify index as part of plan apply. 2017-12-18 10:03:55 -06:00
Preetha Appan 3b4d7ac2a3
Fix some typos 2017-12-14 13:29:27 -06:00
Kyle Havlovitz 045f346293
Use region instead of datacenter for version checking 2017-12-12 10:17:16 -06:00
Kyle Havlovitz f088446d48
Add missing exist checks and doc line 2017-12-12 10:17:16 -06:00
Kyle Havlovitz b775fc7b33
Added support for v2 raft APIs and -raft-protocol option 2017-12-12 10:17:16 -06:00
Alex Dadgar d61ade8f02 remove generated structs 2017-12-11 17:51:41 -08:00
Alex Dadgar 8e63d545c4 generated assets 2017-12-11 17:30:37 -08:00
Chelsea Holland Komlo 5951222ccb fix for rpc_upgrade_mode 2017-12-11 19:23:45 -05:00
Alex Dadgar 86608124ca Fix followers not creating periodic launch
Fix an issue in which periodic launches wouldn't be made on followers.
2017-12-11 13:55:17 -08:00
Michael Schurter 2dca0671b7 Lowercase service IDs to prevent eye bleeding 2017-12-08 15:54:04 -08:00
Michael Schurter 45494f7304 Fix port labels on mock Alloc/Job/Node 2017-12-08 14:50:06 -08:00
Michael Schurter 0d8995fb83 Improve validation and testing of service/check ports 2017-12-08 13:52:23 -08:00
Michael Schurter d613e0aaf5 Move service hash logic to Service.Hash method 2017-12-08 12:03:43 -08:00
Michael Schurter b71edf846f Hash fields used in task service IDs
Fixes #3620

Previously we concatenated tags into task service IDs. This could break
deregistration of tag names that contained double //s like some Fabio
tags.

This change breaks service ID backward compatibility so on upgrade all
users services and checks will be removed and re-added with new IDs.

This change has the side effect of including all service fields in the
ID's hash, so we no longer have to track PortLabel and AddressMode
changes independently.
2017-12-08 12:03:43 -08:00
Michael Schurter af8964e896 Improve port label validation and diff testing 2017-12-08 12:03:43 -08:00
Michael Schurter 4b20441eef Validate port label for host address mode
Also skip getting an address for script checks which don't use them.

Fixed a weird invalid reserved port in a TaskRunner test helper as well
as a problem with our mock Alloc/Job. Hopefully the latter doesn't cause
other tests to fail, but we were referencing an invalid PortLabel and
just not catching it before.
2017-12-08 12:03:43 -08:00
Michael Schurter 4ae115dc59 Allow custom ports for services and checks
Fixes #3380

Adds address_mode to checks (but no auto) and allows services and checks
to set literal port numbers when using address_mode=driver.

This allows SDNs, overlays, etc to advertise internal and host addresses
as well as do checks against either.
2017-12-08 12:03:00 -08:00
Chelsea Holland Komlo 3f231a0856 add test for kill signal in required signals
update changelog
2017-12-07 11:40:15 -05:00
Chelsea Holland Komlo 2f22442370 use assert library 2017-12-06 15:03:02 -05:00
Chelsea Holland Komlo b08611cfac move kill_signal to task level, extend to docker 2017-12-06 14:36:39 -05:00
Thomas Bartelmess 9acfa166c0
Changed Superset to only return the resource name
The Superset method on Resources used to return a string in the format of “[resource name] exhausted”.
This was leading to the output in plan/create job API DimensionExhausted to return keys like
```
"DimensionExhausted": {"cpu exhausted": 1}
```
This was not anywhere documented, however, one of the examples on the website showed it like this.

The other side effect of this is that the CLI formats the strings from the name of the key leading to output like
```
* Dimension "cpu exhausted" exhausted on 1 nodes
```
2017-11-28 23:16:08 -05:00
Thomas Bartelmess 60e4c777ac
Fixed error messges for MeetsMinResources 2017-11-28 19:44:33 -05:00
Preetha Appan 8e01dc27a3 Use request namespace in Register method 2017-11-20 17:12:13 -06:00
Charlie Voiselle 679e49448e Changed permission check to requested namespace
Original code checked to see if the user had submit-job on the default namespace.
2017-11-20 15:00:24 -05:00
Preetha 785a1a3fcc
Merge pull request #3569 from iconara/patch-2
Fix error messages for transitioning jobs to/from periodic
2017-11-20 07:57:36 -06:00
Preetha ff23499145
Shorter comment for SetEventDisplayMessage 2017-11-18 09:30:50 -06:00
Theo Hultberg 5a6984693f
Fix error messages for transitioning jobs to/from periodic
The error messages are flipped; when you transition a job from _not_ being periodic to being periodic you get the message "cannot update periodic job to being non-periodic", and vice versa.
2017-11-18 11:50:52 +01:00
Preetha Appan 3592635ede Populate DisplayMessage in various http endpoints that return allocations, plus unit tests. 2017-11-17 14:53:26 -06:00
Preetha Appan 1c4375163a Change error message to use original name for clarity, rather than the name after substituting env vars with placeholder. 2017-11-17 08:44:18 -06:00
Preetha Appan d3110f21bd Changes service name validation logic to ignore any environment variables first. 2017-11-15 15:35:43 -06:00
Chelsea Komlo 2dfda33703 Nomad agent reload TLS configuration on SIGHUP (#3479)
* Allow server TLS configuration to be reloaded via SIGHUP

* dynamic tls reloading for nomad agents

* code cleanup and refactoring

* ensure keyloader is initialized, add comments

* allow downgrading from TLS

* initalize keyloader if necessary

* integration test for tls reload

* fix up test to assert success on reloaded TLS configuration

* failure in loading a new TLS config should remain at current

Reload only the config if agent is already using TLS

* reload agent configuration before specific server/client

lock keyloader before loading/caching a new certificate

* introduce a get-or-set method for keyloader

* fixups from code review

* fix up linting errors

* fixups from code review

* add lock for config updates; improve copy of tls config

* GetCertificate only reloads certificates dynamically for the server

* config updates/copies should be on agent

* improve http integration test

* simplify agent reloading storing a local copy of config

* reuse the same keyloader when reloading

* Test that server and client get reloaded but keep keyloader

* Keyloader exposes GetClientCertificate as well for outgoing connections

* Fix spelling

* correct changelog style
2017-11-14 17:53:23 -08:00
Preetha 0e6484a397
Merge pull request #3536 from angrycub/b-resource-memory-test-fix
Fixed test and moved constants into standalone func
2017-11-13 17:00:14 -06:00
Charlie Voiselle eda764c0ca Review feedback + re-add dropped import 2017-11-13 12:51:19 -05:00
Charlie Voiselle 4b186861a9 gofmt and goimports nomad/structs/structs.go 2017-11-13 12:32:52 -05:00
Preetha Appan be5fd87b9a Fixes bug with display message logic due to deprecating GenericSource. Also added more test cases to cover a bunch more edge cases 2017-11-13 11:14:57 -06:00
Charlie Voiselle 26acd7f025 Fixed test and moved constants into standalone func
In #3520, work was done to true up the defaults for Nomad resource
stanzas with the documentation.  This fixes the tests that I
accidentally broke in the process.  Some questions were raised about
using dynamic elements as part of expects, which is why I opted to
copy the MinResources pattern.   During this refactor I also noticed
that structs.go had a similar issue and an inconsistent minium for CPU.
2017-11-13 12:05:30 -05:00
Preetha 0d0804d6ff
Merge pull request #3496 from hashicorp/b-auto-revert-stable
Makes auto reverts robust against infinite revert cycles
2017-11-03 17:28:28 -05:00
Preetha Appan 6468883cd1 Adds comment to handleRollbackValidity method and other small test readability fixes. 2017-11-03 17:05:15 -05:00
Preetha Appan 7526853b4b Added more unit tests for testing rollback when job has identical spec to AllocHealth and DeploymentStatus endpoints. 2017-11-03 16:07:06 -05:00
Preetha Appan b9f44c0ae0 Check that job version doesn't change when rollback does not occur due to identical spec 2017-11-03 15:46:37 -05:00
Alex Dadgar 2c587fd67b
Merge pull request #3402 from hashicorp/leader-loop
Applies leader loop fixes from Consul.
2017-11-03 13:40:59 -07:00
Preetha Appan 317fbf04b1 Adds SpecChanged check to alloc health and fail deployment end points, and other code review comments. 2017-11-03 15:33:34 -05:00
Preetha Appan 97474a1521 Clarify comment about infinite revert cycles 2017-11-03 14:25:14 -05:00
Preetha Appan 0eaef09675 Remove event GenericSource, and address other code review comments. Also added deprecation info in comments. 2017-11-03 10:10:06 -05:00
Preetha Appan 1a864dd7e8 Revert unintentional change to plan_apply.go during rebase 2017-11-03 09:13:01 -05:00
Preetha Appan 797af051b8 Address some code review comments 2017-11-03 09:13:01 -05:00
Preetha Appan b86c5a99b1 Unit test for PopulateEventDisplayMessage 2017-11-03 09:13:01 -05:00
Preetha Appan 7672535290 Added explanatory comment 2017-11-03 09:13:01 -05:00
Preetha Appan 5f09c968b3 Move logic for determinic event display message to task_runner, added two new fields DisplayMessage and Details. 2017-11-03 09:13:01 -05:00
Preetha Appan 5b94a1ab45 Add ModifyTime to Allocation and update it both on plan applies and client initiated updates 2017-11-03 09:13:01 -05:00
Preetha Appan b5e7985461 Remove extra newline 2017-11-03 08:15:11 -05:00
Preetha Appan abbe4103d1 Update rollback test to add a spec change, and add new test for rollback failed status 2017-11-02 19:53:27 -05:00
Preetha Appan 5505391663 Fixes auto revert to check if the job's spec has changed before reverting. This prevents infinite reverting when reverting to a job version that was previously stable, but not so after attempting a revert. 2017-11-02 19:53:27 -05:00
Preetha 2f67e839c1
Merge pull request #3484 from hashicorp/b-nomad-0.7.1
merge nomad 0.7.1 branch
2017-11-01 16:50:37 -05:00
Chelsea Holland Komlo bf90176278 connection receives only EOF 2017-11-01 15:21:05 -05:00
Chelsea Holland Komlo e348deecf5 fixups from code review 2017-11-01 15:21:05 -05:00
Chelsea Holland Komlo afe9f9a714 add rpc_upgrade_mode as config option for tls upgrades 2017-11-01 15:19:52 -05:00
Preetha Appan f483e81ffe Fix node end point test that was failing compilation 2017-11-01 15:16:38 -05:00
Diptanu Choudhury 5a0edf646b Resetting the timer at the beginning of the loop 2017-11-01 13:15:06 -07:00
Diptanu Choudhury 46bc4280b2 Adding support for tagged metrics 2017-11-01 13:15:06 -07:00
Diptanu Choudhury d4128f0e5a Setting the default stats collection interval 2017-11-01 13:15:06 -07:00
Diptanu Choudhury 524a1f0712 Publishing metrics for job summary 2017-11-01 13:15:06 -07:00
Preetha Appan d340c3adb1 Always set modify time on allocations, and other changes addressing review comments 2017-11-01 15:13:48 -05:00
Preetha Appan 39d70be009 Add ModifyTime to Allocation and update it both on plan applies and client initiated updates 2017-11-01 15:13:48 -05:00
Alex Dadgar 51c87ec858 bump version and remove generated 2017-11-01 10:02:25 -07:00
Alex Dadgar 11c24e90a1 generated 2017-11-01 09:42:18 -07:00
Alex Dadgar 51f869040f remove generated structs 2017-10-31 13:50:16 -07:00
Alex Dadgar 08ffcd6dd1 spelling error 2017-10-31 13:32:31 -07:00
Alex Dadgar 586eeedd3c
Merge pull request #3447 from hashicorp/f-node-purge-api
Added the purge API on node endpoints
2017-10-27 10:42:26 -07:00
Alex Dadgar 635f320b18
Merge pull request #3452 from hashicorp/f-system-gc
GetClientAllocs handles garbage collection events
2017-10-27 09:50:55 -07:00
Alex Dadgar 7df78be840 Changelog + assert 2017-10-27 09:50:10 -07:00
Alex Dadgar 5d9db4c2df Bypass status checks for system, periodic, parameterized jobs 2017-10-27 09:34:50 -07:00
Alex Dadgar 51795a6cb4 GetClientAllocs handles garbage collection events 2017-10-26 17:24:54 -07:00
Diptanu Choudhury 2868389c25 Added ACLs to the node de-register endpoint 2017-10-26 14:12:17 -07:00
Diptanu Choudhury 9b18737d15 Added the purge API on node endpoints 2017-10-25 23:51:53 -07:00
Alex Dadgar 593d4ceb45 generated code 2017-10-25 17:34:24 -07:00
Alex Dadgar 99496b2de3 Merge pull request #3431 from hashicorp/b-core-gc
Fix garbage collecting nodes/jobs when using ACLs
2017-10-25 16:30:26 -07:00
Alex Dadgar 3327dc8d2d Merge pull request #3434 from hashicorp/f-flaky
Fix flaky tests
2017-10-25 10:49:54 -07:00
Alex Dadgar f4aa5ea0c7 lax timing 2017-10-24 10:58:06 -07:00
Alex Dadgar cb0d0ef009 move to consul freeport implementation 2017-10-23 16:51:40 -07:00
Alex Dadgar 10a07c525f fix flaky vault test 2017-10-23 16:48:20 -07:00
Alex Dadgar 1d6cdfbdc3 lax timing 2017-10-23 16:48:20 -07:00
Alex Dadgar 9f91ce64f6 Fix some flaky tests 2017-10-23 16:48:20 -07:00
Alex Dadgar dbc014b360 Standardize retrieving a free port into a helper package 2017-10-23 16:48:20 -07:00
Alex Dadgar ae6be0dac7 spelling mistake 2017-10-23 15:12:45 -07:00
Alex Dadgar 794daefa5e clear the token 2017-10-23 15:11:13 -07:00
Alex Dadgar d3e119f4d0 thread leader token through core gc and test 2017-10-23 15:04:00 -07:00
Alex Dadgar 5c34af1ee1 leader acl token 2017-10-23 14:10:14 -07:00
Alex Dadgar 1192385c63 Lax blocking query test timing 2017-10-20 13:07:17 -07:00
Alex Dadgar e7299676f6 generated 2017-10-19 15:20:39 -07:00
James Phillips 9a5651e83a
Applies leader loop fixes from Consul.
There was a deadlock issue we fixed under https://github.com/hashicorp/consul/issues/3230,
and then discovered an issue with under https://github.com/hashicorp/consul/issues/3545. This
PR ports over those fixes, as well as makes the revoke actions only happen if leadership was
established. This brings the Nomad leader loop inline with Consul's.
2017-10-16 22:01:49 -07:00
Chelsea Komlo 1ccc1f79f6 Merge pull request #3393 from hashicorp/b-delete-nonexistent-tokens
Return error if tokens cannot be deleted because they do not exist
2017-10-16 18:36:41 -04:00
Alex Dadgar be053364ba no namespaces in oss test 2017-10-16 14:21:29 -07:00
Chelsea Holland Komlo a8becb96c0 review feedback 2017-10-16 17:14:48 -04:00
Chelsea Holland Komlo 2377d97d51 return error if tokens cannot be deleted because they do not exist 2017-10-16 17:14:48 -04:00
Alex Dadgar c3f06b2134 Merge pull request #3384 from hashicorp/f-self-policies
Ability to introspect self token
2017-10-13 17:11:22 -07:00
Alex Dadgar c559f6652f Merge pull request #3386 from hashicorp/f-sync
sync
2017-10-13 15:32:58 -07:00
Alex Dadgar c1cc51dbee sync 2017-10-13 14:36:02 -07:00
Michael Schurter b63eee17e9 Merge pull request #3383 from hashicorp/b-migrate-token
base64 migrate token
2017-10-13 13:46:54 -07:00
Alex Dadgar 5d4f467519 ListPolicies and GetPolicy work w/o management token 2017-10-13 13:12:20 -07:00
Michael Schurter dfd2967cdb Merge pull request #3376 from hashicorp/f-node-acls
Allow Node.SecretID for Node.GetNode and Allocs.GetAlloc
2017-10-13 11:51:48 -07:00
Michael Schurter 93cea382dd Remove support for pre-0.5 nodes
Nodes before 0.5 did not have a SecretID. Since SecretID is now a
required field and 0.4.x is >2 point releases ago, drop support for it.
2017-10-13 11:28:47 -07:00
Michael Schurter 15b991e039 base64 migrate token
HTTP header values must be ASCII.

Also constant time compare tokens and test the generate and compare
helper functions.
2017-10-13 10:59:13 -07:00
Michael Schurter 6a1a509ea5 Fix Request.SecretID -> Request.AuthToken 2017-10-13 09:56:56 -07:00
Michael Schurter 021b4c1ae9 Fix AuthToken use on Node.GetAllocs 2017-10-12 17:12:41 -07:00
Michael Schurter 15b3df0b80 Merge pull request #3374 from hashicorp/f-auth-token
SecretID -> AuthToken
2017-10-12 16:57:49 -07:00
Michael Schurter ab7b6d1315 Allow Node.SecretID for GetNode and GetAlloc 2017-10-12 16:27:33 -07:00
Michael Schurter a003e3dd43 Add StateStore.NodeBySecretID 2017-10-12 15:27:29 -07:00
Michael Schurter 51bce7b1a3 Add index to Node.SecretID 2017-10-12 15:21:20 -07:00
Michael Schurter 84d8a51be1 SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
Alex Dadgar e7e18c931c Fix sorting of job versions
Fixes an issue in which the versions were improperly sorted which would
cause pruning of the wrong job version. This essentially meant that job
versions above 255 would be dropped from the job version table (note
this was due to the prefix walk crossing from the 1-byte to 2-byte
threshold).

Fixes https://github.com/hashicorp/nomad/issues/3357
2017-10-12 13:33:55 -07:00
Michael Schurter e9c17c56d1 Merge pull request #3353 from hashicorp/f-acl-prefix-search
Prefix Search ACL enforcement
2017-10-11 20:26:03 -07:00
Alex Dadgar d34c6e0135 fix test 2017-10-11 18:08:37 -07:00
Michael Schurter 2673481a48 Refactor permissions checks into funcs
funcs are in the _oss file to ease creating Enterprise versions which
support Quotas and Namespaces.
2017-10-11 18:05:27 -07:00
Alex Dadgar 53f2ea88a5 Small fixes
This commit:

* Fixes the error checking in migration tests now that we are using the
canonical ErrPermissionDenied error
* Guard against NPE when looking up objects to generate the migration
token
* Handle an additional case in ShouldMigrate()
2017-10-11 17:13:50 -07:00
Chelsea Holland Komlo c67bfc2ee4 fixups from code review
change creation of a migrate token to be for a previous allocation
2017-10-11 17:13:50 -07:00
Chelsea Holland Komlo b018ca4d46 fixing up code review comments 2017-10-11 17:09:20 -07:00
Chelsea Holland Komlo 410adaf726 Add functionality for authenticated volumes 2017-10-11 17:09:20 -07:00
Chelsea Holland Komlo 36ad6bc6bf add MigrateTokens to server response for allocs 2017-10-11 17:09:20 -07:00
Michael Schurter be69374ecd Prefix Search ACL enforcement 2017-10-11 17:00:12 -07:00
Michael Schurter d82db5ab45 Merge pull request #3351 from hashicorp/f-acl-system
System ACL enforcement
2017-10-11 16:32:50 -07:00
Michael Schurter 51fe1d8f73 Merge pull request #3350 from hashicorp/f-acl-status-members
Status.Members ACL enforcement
2017-10-11 16:32:25 -07:00
Michael Schurter 8c1a97765e Merge pull request #3339 from hashicorp/f-acl-force-periodic
Force Periodic ACL enforcement
2017-10-11 16:26:29 -07:00
Michael Schurter 0d27053aab Operator ACL enforcement 2017-10-10 15:18:19 -07:00
Michael Schurter 0cf7a3950b Force Periodic ACL enforcement 2017-10-10 15:16:41 -07:00
Michael Schurter 4e005d4753 System ACL enforcement
Enforce ACL for System.GarbageCollect and System.ReconcileJobSummaries
RPC endpoints.
2017-10-10 10:53:10 -07:00
Michael Schurter de767ffa04 Status.Members ACL enforcement
Was incorrectly checked on the HTTP API before. Moved to RPC endpoint.
2017-10-10 10:36:54 -07:00
Michael Schurter e50acae1a9 ForceLeave endpoint must use Server.ResolveToken
The ForceLeaveRequest endpoint may only be called on servers, but the
code was using a Client to resolve tokens. This would cause a panic when
an agent wasn't both a Server and a Client.
2017-10-09 15:49:04 -07:00
Michael Schurter 492c861419 /v1/client/agent/* ACL enforcement 2017-10-09 12:18:54 -07:00
Michael Schurter 57ff12432b Move acl helpers from nomad/ into nomad/mock
They're useful in command/agent/ tests.
2017-10-06 14:50:06 -07:00
Michael Schurter 4acff9c2bd Support AnonymousACLToken in GetPolicies 2017-10-06 14:35:14 -07:00
Chelsea Komlo 7c8a5228d4 Merge pull request #3290 from hashicorp/f-acl-job-dispatch
Add ACL for dispatch job
2017-10-06 13:33:21 -04:00