Commit graph

311 commits

Author SHA1 Message Date
Seth Hoenig 039fbd3f3b connect: enable setting tags on consul connect sidecar service in jobspec (#6415) 2019-10-17 19:25:20 +00:00
Danielle fee482ae6c
Merge pull request #6331 from hashicorp/dani/f-volume-mount-propagation
volumes: Add support for mount propagation
2019-10-14 14:29:40 +02:00
Danielle Lancashire 4fbcc668d0
volumes: Add support for mount propagation
This commit introduces support for configuring mount propagation when
mounting volumes with the `volume_mount` stanza on Linux targets.

Similar to Kubernetes, we expose 3 options for configuring mount
propagation:

- private, which is equivalent to `rprivate` on Linux, which does not allow the
           container to see any new nested mounts after the chroot was created.

- host-to-task, which is equivalent to `rslave` on Linux, which allows new mounts
                that have been created _outside of the container_ to be visible
                inside the container after the chroot is created.

- bidirectional, which is equivalent to `rshared` on Linux, which allows both
                 the container to see new mounts created on the host, but
                 importantly _allows the container to create mounts that are
                 visible in other containers an don the host_

private and host-to-task are safe, but bidirectional mounts can be
dangerous, as if the code inside a container creates a mount, and does
not clean it up before tearing down the container, it can cause bad
things to happen inside the kernel.

To add a layer of safety here, we require that the user has ReadWrite
permissions on the volume before allowing bidirectional mounts, as a
defense in depth / validation case, although creating mounts should also require
a priviliged execution environment inside the container.
2019-10-14 14:09:58 +02:00
Danielle Lancashire 199d24d6bf
chore: initial hclfmt 2019-10-11 14:00:05 +02:00
Tim Gross cd9c23617f
client/connect: ConsulProxy LocalServicePort/Address (#6358)
Without a `LocalServicePort`, Connect services will try to use the
mapped port even when delivering traffic locally. A user can override
this behavior by pinning the port value in the `service` stanza but
this prevents us from using the Consul service name to reach the
service.

This commits configures the Consul proxy with its `LocalServicePort`
and `LocalServiceAddress` fields.
2019-09-23 14:30:48 -04:00
Danielle Lancashire 78b61de45f
config: Hoist volume.config.source into volume
Currently, using a Volume in a job uses the following configuration:

```
volume "alias-name" {
  type = "volume-type"
  read_only = true

  config {
    source = "host_volume_name"
  }
}
```

This commit migrates to the following:

```
volume "alias-name" {
  type = "volume-type"
  source = "host_volume_name"
  read_only = true
}
```

The original design was based due to being uncertain about the future of storage
plugins, and to allow maxium flexibility.

However, this causes a few issues, namely:
- We frequently need to parse this configuration during submission,
scheduling, and mounting
- It complicates the configuration from and end users perspective
- It complicates the ability to do validation

As we understand the problem space of CSI a little more, it has become
clear that we won't need the `source` to be in config, as it will be
used in the majority of cases:

- Host Volumes: Always need a source
- Preallocated CSI Volumes: Always needs a source from a volume or claim name
- Dynamic Persistent CSI Volumes*: Always needs a source to attach the volumes
                                   to for managing upgrades and to avoid dangling.
- Dynamic Ephemeral CSI Volumes*: Less thought out, but `source` will probably point
                                  to the plugin name, and a `config` block will
                                  allow you to pass meta to the plugin. Or will
                                  point to a pre-configured ephemeral config.
*If implemented

The new design simplifies this by merging the source into the volume
stanza to solve the above issues with usability, performance, and error
handling.
2019-09-13 04:37:59 +02:00
Jerome Gravel-Niquet cbdc1978bf Consul service meta (#6193)
* adds meta object to service in job spec, sends it to consul

* adds tests for service meta

* fix tests

* adds docs

* better hashing for service meta, use helper for copying meta when registering service

* tried to be DRY, but looks like it would be more work to use the
helper function
2019-08-23 12:49:02 -04:00
Tim Gross a0e923f46c add optional task field to group service checks 2019-08-20 09:35:31 -04:00
Nick Ethier 24f5a4c276
sidecar_task override in connect admission controller (#6140)
* structs: use seperate SidecarTask struct for sidecar_task stanza and add merge

* nomad: merge SidecarTask into proxy task during connect Mutate hook
2019-08-20 01:22:46 -04:00
Danielle Lancashire 7e6c8e5ac1
Copy documentation to api/tasks 2019-08-12 16:22:27 +02:00
Danielle Lancashire dec1a58b47
fixup rebase 2019-08-12 15:41:14 +02:00
Danielle Lancashire b45bd36230
jobspec: Add Volume and VolumeMount declarations 2019-08-12 15:39:07 +02:00
Nick Ethier 1871c1edbc
Add sidecar_task stanza parsing (#6104)
* jobspec: breakup parse.go into smaller files

* add sidecar_task parsing to jobspec and api

* jobspec: combine service parsing logic for task and group service stanzas

* api: use slice of ConsulUpstream values instead of pointers
2019-08-09 15:18:53 -04:00
Preetha Appan a393ea79e8
Add field "kind" to task for use in connect tasks 2019-08-07 18:43:36 -05:00
Michael Schurter 17fd82d6ad consul: add Connect structs
Refactor all Consul structs into {api,structs}/services.go because
api/tasks.go didn't make sense anymore and structs/structs.go is
gigantic.
2019-08-06 08:15:07 -07:00
Michael Schurter fb487358fb
connect: add group.service stanza support 2019-07-31 01:04:05 -04:00
Nick Ethier 8650429e38
Add network stanza to group
Adds a network stanza and additional options to the task group level
in prep for allowing shared networking between tasks of an alloc.
2019-07-31 01:03:12 -04:00
Danielle Lancashire d454dab39b
chore: Format hcl configurations 2019-07-20 16:55:07 +02:00
Lang Martin 10a3fd61b0 comment replace COMPAT 0.7.0 for job.Update with more current info 2019-05-22 12:34:57 -04:00
Lang Martin b5fd735960 add update AutoPromote bool 2019-05-22 12:32:08 -04:00
Chris Baker 3f02119642
copied consts used by jobspec parsing from structs into api package, to avoid referencing structs package in jobspec (#5663) 2019-05-09 08:23:49 -04:00
Alex Dadgar 41265d4d61 Change types of weights on spread/affinity 2019-01-30 12:20:38 -08:00
Alex Dadgar 5198ff05c3 convert driver to device for device constraint/attributes 2019-01-23 10:58:45 -08:00
Alex Dadgar 4bdccab550 goimports 2019-01-22 15:44:31 -08:00
Preetha Appan b46728a88b
Make spread weight a pointer with default value if unset 2019-01-11 10:31:21 -06:00
Alex Dadgar 1e3c3cb287 Deprecate IOPS
IOPS have been modelled as a resource since Nomad 0.1 but has never
actually been detected and there is no plan in the short term to add
detection. This is because IOPS is a bit simplistic of a unit to define
the performance requirements from the underlying storage system. In its
current state it adds unnecessary confusion and can be removed without
impacting any users. This PR leaves IOPS defined at the jobspec parsing
level and in the api/ resources since these are the two public uses of
the field. These should be considered deprecated and only exist to allow
users to stop using them during the Nomad 0.9.x release. In the future,
there should be no expectation that the field will exist.
2018-12-06 15:09:26 -08:00
Alex Dadgar f5a76d8411 review comments 2018-10-15 15:31:13 -07:00
Alex Dadgar 5a07f9f96e parse affinities and constraints on devices 2018-10-11 14:05:19 -07:00
Alex Dadgar 87cacb427f parse devices 2018-10-08 16:09:41 -07:00
Preetha Appan 8581ed1e20
Parse test for spread 2018-09-04 16:10:11 -05:00
Preetha Appan 659cfa3f64
Parsing and API layer for spread stanza 2018-09-04 16:10:11 -05:00
Preetha Appan c407e3626f
More review comments 2018-09-04 16:10:11 -05:00
Preetha Appan 0bc030c6fb
Treat set_contains as a synonym of set_contains_all 2018-09-04 16:10:11 -05:00
Preetha Appan f3c4eead91
Refactor method to return affinity struct, and add extra test at task level 2018-09-04 16:10:11 -05:00
Preetha Appan 9f0caa9c3d
Affinity parsing, api and structs 2018-09-04 16:10:11 -05:00
Alex Dadgar f4af30fbb5
Canary tags structs 2018-05-07 14:50:01 -05:00
Alex Dadgar ee50789c22
Initial implementation 2018-05-07 14:50:01 -05:00
Michael Schurter f6a4713141 consul: make grpc checks more like http checks 2018-05-04 11:08:11 -07:00
Michael Schurter 382caec1e1 consul: initial grpc implementation
Needs to be more like http.
2018-05-04 11:08:11 -07:00
Preetha Appan 33e170c15d
s/linear/constant/g 2018-03-26 14:45:09 -05:00
Alex Dadgar 02019f216a Correct defaulting 2018-03-21 16:51:44 -07:00
Michael Schurter c0542474db drain: initial drainv2 structs and impl 2018-03-21 16:49:48 -07:00
Preetha Appan 9a5e6edf1f
Rename DelayCeiling to MaxDelay 2018-03-14 16:10:32 -05:00
Preetha Appan bdae052ead
Add parsing test cases 2018-03-14 16:10:32 -05:00
Preetha Appan 8491584cda
Add new reschedule stanza fields to list of valid fields 2018-03-14 16:10:32 -05:00
Preetha Appan 780c8cceab
Fix linting 2018-01-31 09:56:53 -06:00
Preetha Appan 1f834d1a31
Add reschedule policy to API, and HCL parsing support. 2018-01-31 09:56:53 -06:00
Michael Schurter 7c282f174b Fix service.check_restart stanza propagation
There was a bug in jobspec parsing, a bug in CheckRestart merging, and a
bug in CheckRestart canonicalization. All are now tested.
2018-01-09 15:15:36 -08:00
Michael Schurter 4ae115dc59 Allow custom ports for services and checks
Fixes #3380

Adds address_mode to checks (but no auto) and allows services and checks
to set literal port numbers when using address_mode=driver.

This allows SDNs, overlays, etc to advertise internal and host addresses
as well as do checks against either.
2017-12-08 12:03:00 -08:00
Chelsea Holland Komlo 021336eaee fix up test fixture to properly parse 2017-12-06 16:23:55 -05:00
Chelsea Holland Komlo a010db084b fix up basic test
add conversion for KillSignal for api/struct representation of task
2017-12-06 14:36:45 -05:00
Chelsea Holland Komlo 69e4d03694 add missing new file 2017-12-06 14:36:45 -05:00
Chelsea Holland Komlo b08611cfac move kill_signal to task level, extend to docker 2017-12-06 14:36:39 -05:00
Alex Dadgar c1cc51dbee sync 2017-10-13 14:36:02 -07:00
Alex Dadgar 76e4230833 Merge pull request #3284 from hashicorp/f-lint
Enable more linters
2017-09-26 15:46:42 -07:00
Alex Dadgar 4173834231 Enable more linters 2017-09-26 15:26:33 -07:00
Michael Schurter d0140f07ca grace_period -> grace 2017-09-26 10:21:35 -07:00
Michael Schurter 801cea7264 Add check_restart to jobspec tests 2017-09-14 16:48:39 -07:00
Michael Schurter a180c00fc3 on_warning=false -> ignore_warnings=false
Treat warnings as unhealthy by default
2017-09-14 16:46:54 -07:00
Michael Schurter 22690c5f4c Add check watcher for restarting unhealthy tasks 2017-09-14 16:46:54 -07:00
Michael Schurter bf34505509 Add restart fields 2017-09-14 16:46:54 -07:00
Alex Dadgar 84d06f6abe Sync namespace changes 2017-09-07 17:04:21 -07:00
Michael Schurter e65fe686ed Test check header error conditions 2017-08-17 16:49:14 -07:00
Michael Schurter fd0e6b092b Error should tell user exactly what type to use 2017-08-17 16:49:14 -07:00
Michael Schurter a4029a7948 Add jobspec test for check method/header 2017-08-17 16:44:21 -07:00
Michael Schurter bb8d5689d8 Add Header and Method support for HTTP checks 2017-08-17 16:44:21 -07:00
Michael Schurter d529b422b2 Add optional shutdown delay to tasks
Fixes #2441

Defaults to 0 (no delay) for backward compat and because this feature
should be opt-in.
2017-08-16 17:59:46 -07:00
Alex Dadgar 067a638478 Allow template to set Vault grace
This PR allows a template to specify the Vault grace duration.

Fixes https://github.com/hashicorp/nomad/issues/2922
2017-08-01 14:14:08 -07:00
Alex Dadgar 45712c6ca3 test fixes 2017-07-07 14:11:27 -07:00
Michael Schurter 0d3bdf7210 Add support for go-getter modes
Fixes #2678
2017-07-06 10:45:44 -07:00
Michael Schurter b9bfb84b53 Implement DriverNetwork and Service.AddressMode
Ideally DriverNetwork would be fully populated in Driver.Prestart, but
Docker doesn't assign the container's IP until you start the container.

However, it's important to setup the port env vars before calling
Driver.Start, so Prestart should populate that.
2017-06-21 17:19:08 -07:00
Michael Schurter f9bd50a338 Test env parsing 2017-05-26 15:31:40 -07:00
Michael Schurter 10b6610e56 Functional consul template env file support 2017-05-23 13:45:14 -07:00
Alex Dadgar 10b040aea3 New update block; still need to handle the upgrade path 2017-05-08 17:44:26 -07:00
Michael Schurter 45a8635ea2 Add TLSSkipVerify support to api and parser 2017-04-19 12:45:34 -07:00
Alex Dadgar d83a8fe9f2 Unoptimized implementation + testing 2017-03-07 14:48:54 -08:00
Alex Dadgar 3b9bdfef1c Make validate work without a Nomad agent 2017-03-03 15:02:03 -08:00
Alex Dadgar 8827b4f4d0 Fix canonicalization of services 2017-03-01 15:30:01 -08:00
Alex Dadgar 5be806a3df Fix vet script and fix vet problems
This PR fixes our vet script and fixes all the missed vet changes.

It also fixes pointers being printed in `nomad stop <job>` and `nomad
node-status <node>`.
2017-02-27 16:00:19 -08:00
Alex Dadgar 556fb2562f Remove defaulting from parse and fix parser tests
This PR removes defaulting from the parse, fixes some regressions that
existed as part of the parser refactor and fixes the tests.
2017-02-22 12:30:05 -08:00
Alex Dadgar b49fceb491 rebase 2017-02-20 16:43:28 -08:00
Alex Dadgar b67c59f03c Merge branch 'master' into refactor-parser 2017-02-20 15:13:21 -08:00
Diptanu Choudhury d0d7c92bab Added tests 2017-02-16 13:52:39 -08:00
Diptanu Choudhury 7567209857 Making the job spec return api.Job 2017-02-16 13:52:39 -08:00
Alex Dadgar 7e918003ba Allow specification of timezones 2017-02-15 14:37:06 -08:00
Alex Dadgar 3ba8faeae3 Add leader task to api and server side 2017-02-10 16:57:47 -08:00
Alex Dadgar 6b7efa1ba6 Template destination file permissions.
This PR allows setting the file permissions of the rendered template.
2017-01-31 20:10:01 -08:00
Alex Dadgar 3e35f453e4 Rename meta/parsing 2017-01-25 21:27:44 -08:00
Alex Dadgar 8196a58c4c Rename dispatch_input to dispatch_payload 2017-01-25 21:27:44 -08:00
Michael Schurter c7e1b1b9c7 parameterized_job -> parameterized 2017-01-20 12:46:04 -08:00
Michael Schurter 1f7b5b4b47 Rename Constructor -> Parameterized Job 2017-01-20 12:43:10 -08:00
Alex Dadgar 8d5f0fea69 Merge pull request #2128 from hashicorp/f-dispatch
Nomad Constructor Jobs and Dispatch
2017-01-06 05:22:49 +08:00
Alex Dadgar 4a5c3c8db0 Rename structs 2016-12-14 14:28:43 -08:00
Alex Dadgar f0b6d5953c Remove paused 2016-12-01 13:17:34 -08:00
Gábor Lipták 93148456ed Improve parsing of job struct 2016-11-23 20:18:50 -05:00
Alex Dadgar 8fb83fbb6c Parse 2016-11-23 15:48:36 -08:00
Diptanu Choudhury 7ea3efbd28 Added a warning message if disk attribute is non zero 2016-11-08 17:06:37 -08:00
Alex Dadgar 989827e402 Add set contains 2016-10-19 13:06:28 -07:00
Alex Dadgar d6606ecbe5 tests 2016-10-18 14:54:14 -07:00
Alex Dadgar ba0b3963ef Comments 2016-10-18 11:36:04 -07:00
Alex Dadgar 36cfe6e89e Large refactor of task runner and Vault token rehandling 2016-10-18 11:24:20 -07:00
Alex Dadgar af036be754 Struct/api/parsing 2016-10-18 11:24:20 -07:00
Alex Dadgar 4eaabd675c Consul Template Manager 2016-10-03 12:59:31 -07:00
Diptanu Choudhury d50c395421 Getting snapshot of allocation from remote node (#1741)
* Added the alloc dir move

* Moving allocdirs when starting allocations

* Added the migrate flag to ephemeral disk

* Stopping migration if the allocation doesn't need migration any more

* Added the GetAllocDir method

* refactored code

* Added a test for alloc runner

* Incorporated review comments
2016-10-03 09:59:57 -07:00
Alex Dadgar fca2becaa5 Parse 2016-09-26 15:36:11 -07:00
Alex Dadgar 12de69a66f Struct and parse 2016-09-21 11:31:09 -07:00
Alex Dadgar 5e846ce2f9 Vault defined at all levels 2016-09-21 11:31:09 -07:00
Diptanu Choudhury 1b3c5e98c8 Renaming LocalDisk to EphemeralDisk (#1710)
Renaming LocalDisk to EphemeralDisk
2016-09-14 15:43:42 -07:00
Diptanu Choudhury 2f681b6415 Added copy method to LocalDisk 2016-08-26 14:24:47 -05:00
Diptanu Choudhury b844dc3600 Fixed more tests 2016-08-26 01:51:19 -05:00
Diptanu Choudhury d156f32f94 Implemented job spec parsing for sticky volumes 2016-08-24 13:51:15 -05:00
vishalnayak bd0a89bdae Added mapstructure tag for VaultToken 2016-08-17 16:23:29 -07:00
vishalnayak fb7db1143c Update jobspec parsing to contain vault_token at job level and not task level 2016-08-17 16:23:29 -07:00
Alex Dadgar 067f02a9af Add vault to jobspec 2016-08-17 16:23:29 -07:00
Diptanu Choudhury 4683aa3dc6 Cleaning up some code 2016-08-16 15:22:26 -07:00
Marin 8fc52974a3 fix initial status tests 2016-08-16 14:34:36 -07:00
Marin 69bc3a8fc8 Add support for initial check status 2016-08-16 12:05:15 -07:00
Diptanu Choudhury b180223f4b Allowing ports to be overriden in check definitions 2016-07-08 14:14:25 -07:00
Alex Dadgar 8e231fa382 Rename ConsulService back to Service 2016-06-12 16:36:49 -07:00
Sean Chittenden 2f036231e5 Merge pull request #1201 from hashicorp/f-dyn-server-list
Dynamic Server Lists/Client Bootstrapping via consul.
2016-06-11 18:58:25 -04:00
Sean Chittenden 7956eb0c80
Rename structs.Task's Service attribute to ConsulService 2016-06-10 15:54:39 -04:00
Sean Chittenden 4973ec32bb
Rename structs.Services to structs.ConsulServices 2016-06-10 15:54:39 -04:00
Alex Dadgar 19f6a00568 test 2016-06-10 12:28:27 -07:00
Alex Dadgar 68cac2d0bc Don't create options unless necessary 2016-06-10 12:27:56 -07:00
Ivo Verberk e25a2d2f4f Docker labels configuration should be of type "array" in schema 2016-04-25 23:58:31 +02:00
Ivo Verberk 13a2d62bfa Implement configuration validation for all task drivers 2016-04-10 00:42:57 +02:00
Ivo Verberk 542603dec6 Add helper to validate raw configuration data 2016-04-10 00:42:43 +02:00
Diptanu Choudhury 2963c3f1f4 Renamed checks cmd to command to be consistent with exec driver config 2016-03-28 14:05:12 -07:00
Diptanu Choudhury 2a9e522ed4 Added an impl for Nomad Checks 2016-03-24 19:00:24 -07:00
Miquel Sabaté Solà 8c56c64615 client/driver: added the user config value
This way Nomad allows to set which user has to run the task.

Signed-off-by: Miquel Sabaté Solà <msabate@suse.com>
2016-03-23 12:57:31 +01:00
Alex Dadgar 823261c974 add destination to artifact block and validate it 2016-03-18 12:01:46 -07:00
Alex Dadgar e6d50f96ef Respond to comments and fix test 2016-03-15 20:21:52 -07:00
Alex Dadgar 68059fa85c Go-getter options are generic and validation of checksums 2016-03-15 13:28:57 -07:00
Alex Dadgar 277a91336d Switch from string to artifact struct 2016-03-15 13:28:57 -07:00
Alex Dadgar 315fd954ea Parse artifacts and options 2016-03-15 13:28:57 -07:00
Ivo Verberk 318352cc0f Validate config keys 2016-03-10 19:16:35 +01:00
Alex Dadgar 1a34066daa update hashicorp dependencies 2016-02-15 17:38:08 -08:00
Diptanu Choudhury c84a000416 Fixed some more tests 2016-02-11 22:33:41 -08:00
Diptanu Choudhury 43206bfc1c Made a DefaultLogConfig method 2016-02-10 16:44:31 -08:00
Diptanu Choudhury 5b9dcf9926 Added parsing logic for the logrotator 2016-02-04 23:28:01 -08:00
Alex Dadgar 8aa3853399 Fix test 2016-02-02 17:39:01 -08:00
Alex Dadgar 6f20d3f435 Restart on-success shouldn't be user specifiable 2016-02-02 17:35:06 -08:00
Alex Dadgar 5142f1e4c0 Validate min resources and default them 2016-02-02 13:27:50 -08:00
Alex Dadgar 24fd4a8c27 Add ProhibitOverlap option to PeriodicConfig 2016-01-07 11:19:46 -08:00
Alex Dadgar 1e5c776e40 Merge pull request #624 from hashicorp/f-adjustable-timeout
User specifiable kill timeout and operator configurable max
2016-01-04 11:44:22 -08:00
Alex Dadgar ea799b88cb merge 2015-12-23 18:26:39 -08:00
Alex Dadgar ddf392c6be User specifiable kill timeout and operator configurable max 2015-12-22 16:10:30 -08:00
Diptanu Choudhury 20766e9c5d Merge branch 'master' of github.com:hashicorp/nomad 2015-12-18 12:33:54 -08:00
Diptanu Choudhury df08a412a8 Fixed the job spec test 2015-12-18 12:33:38 -08:00
Alex Dadgar 3bdd372413 Merge pull request #594 from hashicorp/f-restart-policy
More restart policy options and consolidate batch/service restart tracker
2015-12-18 12:25:13 -08:00