This change modifies the template task runner to utilise the
new consul-template which includes Nomad service lookup template
funcs.
In order to provide security and auth to consul-template, we use
a custom HTTP dialer which is passed to consul-template when
setting up the runner. This method follows Vault implementation.
Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
The only difference is DefaultTransport sets DisableKeepAlives
This doesn't make much sense to me - every http connection from the
nomad client goes to the same NOMAD_ADDR so it's a great case for keep
alive. Except round robin DNS and anycast perhaps.
Consul does this already
1e47e3c82b/api/api.go (L397)
* planner: expose ServerMeetsMinimumVersion via Planner interface
* filterByTainted: add flag indicating disconnect support
* allocReconciler: accept and pass disconnect support flag
* tests: update dependent tests
* chore: prettify gutter-menu
* chore: add portal packages
* styling: add styles sidebar and portal behavior
* ui: sidebar component
* ui: create and implement statechart for evals
* ui: actor-relationship service and provider component
* ui: d3 hierarchy computation
* chore: add render-modifiers and curved arrows
* ui: create evaluation actor div
* fix related evaluations schema
* ui: register/deregister evaluation divs
* ui: handle resize behavior
* bug: infinite re-render cycle
* fix: conditional logic to prevent infinite render of flex resizing
* ui: related evaluations schema and request param
* ui: fix testing for evaluations
* refact: make related-evals a proper has-many
* chore: don't pauseTest
* temp: debug d3 hierarchy
* ui: move derived state logic into backing component class for detail
* ui: deprecated related evaluations logic in statechart
* ui: update evaluation models
* ui: update logic to paint svg in non-viewable scroll region
* ui: update styling
* ui: testing for eval detail view
* ui: delete detail from template directory
* ui: break detail component down
* ui: static data for /evaluation/:id endpoint
* ui: fix styling of d3 viz
* ui: add query parameter adapter for evals
* ui: last minute design requests
* wip: address browser updating detail view behavior
* refact: handle query-state change in statechart
* conditional class looking for currentEval equality (#12411)
* F UI/evaluation detail sidebar rel evals (#12415)
* ui: remove busy id alias from statechart
* ui: edit related evaluations viz error message
* ui: bug fixes on related evaluations view (#12423)
* ui: remove busy id alias from statechart
* ui: edit related evaluations viz error message
* ui: update error state
* ui: related evaluation outline styling
* Related evaluation stylefile and non-link if it matches the active sidebar (#12428)
* Adds tabbable and keyboard pressable evaluation table rows (#12433)
* ui: fix failing eval list tests (#12437)
* ui: move styling into classes (#12438)
* fix test failures (#12444)
* ui: move styling into classes
* ui: eslint disable
* ui: allocations have evaluations as async relationships
* ui: fix evaluation refresh button (#12447)
* ui: move styling into classes
* ui: eslint disable
* ui: allocations have evaluations as async relationships
* ui: refresh bug
* ui: final touches on sidebar (#12462)
* chore: turn off template linting rules
Temporarily turning off template linting because we dont have a set CSS convention and the release needs to go out ASAP.
* doc: deprecate out of date comments and vars
* ui: edit mirage server fetch logic
* ui: style sidebar relative
* Modification to mocked related evals and manually set 100% height on svg (#12460)
* F UI/evaluation detail sidebar final touches (#12463)
* chore: turn off template linting rules
Temporarily turning off template linting because we dont have a set CSS convention and the release needs to go out ASAP.
* doc: deprecate out of date comments and vars
* ui: edit mirage server fetch logic
* ui: style sidebar relative
* ui: account for new related eval added to chain
Co-authored-by: Michael Klein <michael@firstiwaslike.com>
Co-authored-by: Phil Renaud <phil@riotindustries.com>
Move some common Vault API data struct decoding out of the Vault client
so it can be reused in other situations.
Make Vault job validation its own function so it's easier to expand it.
Rename the `Job.VaultPolicies` method to just `Job.Vault` since it
returns the full Vault block, not just their policies.
Set `ChangeMode` on `Vault.Canonicalize`.
Add some missing tests.
Allows specifying an entity alias that will be used by Nomad when
deriving the task Vault token.
An entity alias assigns an indentity to a token, allowing better control
and management of Vault clients since all tokens with the same indentity
alias will now be considered the same client. This helps track Nomad
activity in Vault's audit logs and better control over Vault billing.
Add support for a new Nomad server configuration to define a default
entity alias to be used when deriving Vault tokens. This default value
will be used if the task doesn't have an entity alias defined.
When we unmount a volume we need to be able to recover from cases
where the plugin has been shutdown before the allocation that needs
it, so in #11892 we blocked shutting down the alloc runner hook. But
this blocks client shutdown if we're in the middle of unmounting. The
client won't be able to communicate with the plugin or send the
unpublish RPC anyways, so we should cancel the context and assume that
we'll resume the unmounting process when the client restarts.
For `-dev` mode we don't send the graceful `Shutdown()` method and
instead destroy all the allocations. In this case, we'll never be able
to communicate with the plugin but also never close the context we
need to prevent the hook from blocking. To fix this, move the retries
into their own goroutine that doesn't block the main `Postrun`.
This PR adds support for the raw_exec driver on systems with only cgroups v2.
The raw exec driver is able to use cgroups to manage processes. This happens
only on Linux, when exec_driver is enabled, and the no_cgroups option is not
set. The driver uses the freezer controller to freeze processes of a task,
issue a sigkill, then unfreeze. Previously the implementation assumed cgroups
v1, and now it also supports cgroups v2.
There is a bit of refactoring in this PR, but the fundamental design remains
the same.
Closes#12351#12348