Commit graph

16775 commits

Author SHA1 Message Date
Seth Hoenig 039fbd3f3b connect: enable setting tags on consul connect sidecar service in jobspec (#6415) 2019-10-17 19:25:20 +00:00
Mahmood Ali ac3b555cc8 docker label refactoring and additional tests 2019-10-17 10:45:13 -04:00
Mahmood Ali e24c3fac56 add docker labels 2019-10-17 10:45:12 -04:00
Mahmood Ali 8739cc2a62 refactor reconciler code and address comments 2019-10-17 09:42:23 -04:00
Mahmood Ali 2e04f4b4f2 Merge pull request #6422 from hashicorp/c-api-websocket-mod
api: declare websocket as a dependency
2019-10-17 08:55:00 -04:00
Mahmood Ali c01c6de481 address code review comments 2019-10-17 08:36:02 -04:00
Mahmood Ali 2a63caafba docker: explicit grace period for initial container reconcilation
Ensure we wait for some grace period before killing docker containers
that may have launched in earlier nomad restore.
2019-10-17 08:36:02 -04:00
Mahmood Ali aa59280edc docker: periodically reconcile containers
When running at scale, it's possible that Docker Engine starts
containers successfully but gets wedged in a way where API call fails.
The Docker Engine may remain unavailable for arbitrary long time.

Here, we introduce a periodic reconcilation process that ensures that any
container started by nomad is tracked, and killed if is running
unexpectedly.

Basically, the periodic job inspects any container that isn't tracked in
its handlers.  A creation grace period is used to prevent killing newly
created containers that aren't registered yet.

Also, we aim to avoid killing unrelated containters started by host or
through raw_exec drivers.  The logic is to pattern against containers
environment variables and mounts to infer if they are an alloc docker
container.

Lastly, the periodic job can be disabled to avoid any interference if
need be.
2019-10-17 08:36:01 -04:00
Alvin Huang fd93d9cfcf
remove check for relative url validation (#6504) 2019-10-16 17:50:40 -04:00
Omar Khawaja aa8524bbae
Getting started learn redirect (#6460)
* redirect getting started section to learn

* formatting

* move redirects.txt to source directory
2019-10-16 16:17:29 -04:00
Charlie Voiselle ae8bfce399
Merge pull request #6434 from hashicorp/docs-add-grpc-info
docs: Added grpc info; small style fixes to connect guide
2019-10-16 14:18:20 -04:00
Preetha 79fb1c1682
Merge pull request #6453 from ogadaki/patch-1
fix typo in HCL code
2019-10-16 11:16:53 -05:00
Preetha 988afc1859
Merge pull request #6491 from hashicorp/support-external-redirects
Support external redirects for website
2019-10-16 11:14:22 -05:00
Mahmood Ali 418e0165aa
Merge pull request #6426 from hashicorp/b-dep-go-plugin-8091134
upgrade go-plugin to latest, 8091134
2019-10-16 07:48:29 -04:00
Mahmood Ali 63461ad41c
Merge pull request #6422 from hashicorp/c-api-websocket-mod
api: declare websocket as a dependency
2019-10-16 07:48:11 -04:00
Mahmood Ali 61e66cb077
Merge pull request #6427 from hashicorp/b-fs-endpoint-errors
agent: report fs log errors as http errors
2019-10-15 20:12:59 -04:00
Mahmood Ali 88f8127820 tests: avoid using unnecessary pipe 2019-10-15 17:22:03 -04:00
Mahmood Ali 533120cf5d
Merge pull request #6423 from hashicorp/b-direct-node-failure
cli: recover from client ACL lookup failures
2019-10-15 17:09:59 -04:00
Michael Schurter 229832824d
Merge pull request #6498 from hashicorp/docs-security
docs: link to security page on website
2019-10-15 14:00:47 -07:00
Spencer Owen 2459df5d98 Fix grammar (#6486) 2019-10-15 15:04:57 -05:00
Michael Schurter f731284cea docs: link to security page on website
Add link to https://www.nomadproject.io/security.html
2019-10-15 12:56:48 -07:00
Buck Doyle 9b2fb14e51
UI: Update Ember to 3.12 LTS (#6419)
This is mostly deprecation fixes and blueprint changes. There
are some dependency updates too; the changes to Ember
Basic Dropdown necessitated changing it to angle bracket
component invocation. The conversion of the rest of the
templates will happen separately.
2019-10-15 13:32:58 -05:00
Michael Lange cfd8d2c50a Use max-width to ensure the width rule is observed in Firefox 2019-10-15 11:11:18 -07:00
Michael Lange dd0dd8c233
Merge pull request #6466 from hashicorp/b-ui-firefox-log-window-off-screen
Use max-width to ensure the width rule is observed in Firefox
2019-10-15 11:09:20 -07:00
Mahmood Ali e6d5635e1a
Merge pull request #6425 from hashicorp/f-cli-show-full-ids
cli: show full id for single node or alloc status
2019-10-15 10:54:25 -04:00
Mahmood Ali 4e4a9b252c
Merge pull request #6290 from hashicorp/r-generated-code-refactor
dev: avoid codecgen code in downstream projects
2019-10-15 08:22:31 -04:00
Alvin Huang 89e5b6f299 upload external and relative redirects to two dictionaries 2019-10-14 16:55:14 -04:00
Tim Gross c648c4f998
e2e: upgrade terraform to 0.12.x (#6489) 2019-10-14 11:27:08 -04:00
Tim Gross 15e912ddd6
e2e: move remote-exec inline to script (#6488)
A failing script in a `remote-exec` provisioner's `inline` stanza
won't fail the provisioning step. This lets us continue on to execute
tests against potentially broken deployments, rather than letting us
know the provisioning itself failed.
2019-10-14 10:23:41 -04:00
Danielle fee482ae6c
Merge pull request #6331 from hashicorp/dani/f-volume-mount-propagation
volumes: Add support for mount propagation
2019-10-14 14:29:40 +02:00
Danielle Lancashire 4fbcc668d0
volumes: Add support for mount propagation
This commit introduces support for configuring mount propagation when
mounting volumes with the `volume_mount` stanza on Linux targets.

Similar to Kubernetes, we expose 3 options for configuring mount
propagation:

- private, which is equivalent to `rprivate` on Linux, which does not allow the
           container to see any new nested mounts after the chroot was created.

- host-to-task, which is equivalent to `rslave` on Linux, which allows new mounts
                that have been created _outside of the container_ to be visible
                inside the container after the chroot is created.

- bidirectional, which is equivalent to `rshared` on Linux, which allows both
                 the container to see new mounts created on the host, but
                 importantly _allows the container to create mounts that are
                 visible in other containers an don the host_

private and host-to-task are safe, but bidirectional mounts can be
dangerous, as if the code inside a container creates a mount, and does
not clean it up before tearing down the container, it can cause bad
things to happen inside the kernel.

To add a layer of safety here, we require that the user has ReadWrite
permissions on the volume before allowing bidirectional mounts, as a
defense in depth / validation case, although creating mounts should also require
a priviliged execution environment inside the container.
2019-10-14 14:09:58 +02:00
Alvin Huang 465d9da8c7 repoint deploy script to new redirects file location 2019-10-12 23:17:19 -04:00
Alvin Huang 18dc2ed8d7 generate a _redirects for netlify previews 2019-10-12 23:17:03 -04:00
Alvin Huang a89b2f037d move redirects.txt into source/ for netlify previews 2019-10-12 23:16:23 -04:00
Michael Lange 2949a38f7c
Merge pull request #6396 from hashicorp/d-updated-ui-guides
Docs: Updated UI guides
2019-10-11 10:33:37 -07:00
Luiz Aoqui 14cda1aa0a
Merge pull request #6473 from hashicorp/docs-fix-acl-prefix-param
docs: fix ACL `prefix` param documentation
2019-10-11 10:51:34 -04:00
Luiz Aoqui 488a2f6f3a
docs: fix ACL prefix param documentation 2019-10-11 10:28:44 -04:00
Danielle a17a0cde80
Merge pull request #6472 from hashicorp/b-docs-config
docs: Update stateful workloads guide to reflect rc-1 config changes
2019-10-11 15:08:12 +02:00
Danielle 71fe2bd981
Merge pull request #6071 from hashicorp/dani/hclfmt
make: Add task for formatting hcl/nomad files
2019-10-11 15:08:00 +02:00
Danielle Lancashire 199d24d6bf
chore: initial hclfmt 2019-10-11 14:00:05 +02:00
Danielle Lancashire 935c86b404
make: Add make task for formatting HCL 2019-10-11 13:59:22 +02:00
Danielle Lancashire 4056899708
docs: Update stateful workloads guide to reflect rc-1 config changes 2019-10-11 13:45:28 +02:00
Danielle 2640155ae5
Merge pull request #6429 from hashicorp/f-log-to-file
Add support for logging to a file
2019-10-11 13:35:39 +02:00
Michael Schurter 7ece26cf8a
Merge pull request #6469 from hashicorp/docs-0100-rc1
docs: 0.10.0-beta1 -> 0.10.0-rc1
2019-10-10 13:36:25 -07:00
Michael Schurter 2992cb80b0 Remove 0.10.0-rc1 generated files 2019-10-10 13:31:42 -07:00
Michael Schurter 9d85df26dd docs: 0.10.0-beta1 -> 0.10.0-rc1 2019-10-10 13:09:19 -07:00
Michael Schurter ce09070176
Merge pull request #6465 from hashicorp/docs-nobeta
docs: remove beta flag from connect
2019-10-10 13:05:45 -07:00
Michael Schurter 1466392c05
Release v0.10.0-rc1 2019-10-10 13:05:00 -07:00
Lang Martin 1f8a538186
Merge pull request #6467 from hashicorp/test-disable-test-rkt
circleci: disable test-rkt, which is deprecated and often fails
2019-10-10 15:49:46 -04:00
Nomad Release bot 3007f1662e Generate files for 0.10.0-rc1 release 2019-10-10 19:08:23 +00:00