Commit graph

19375 commits

Author SHA1 Message Date
Mahmood Ali 10954bf717 close file when done reading 2020-08-24 20:22:42 -04:00
Mahmood Ali 0be632debf don't lock if ref is nil
Ensure that d.mu is only dereferenced if d is not-nil, to avoid a null
dereference panic.
2020-08-24 20:19:40 -04:00
Jamie Finnigan 95bae2e6ca
Merge pull request #8728 from hashicorp/gh_sec_pol
remove local SECURITY.md in favor of org-wide policy
2020-08-24 16:03:51 -07:00
Jamie Finnigan a70dbe9a6a remove local SECURITY.md in favor of org-wide policy 2020-08-24 15:41:28 -07:00
Michael Lange 3f2a846d5e
Merge pull request #8714 from hashicorp/f-ui/always-show-scale-event-accordion
UI: Always show the scaling events accordion
2020-08-24 11:07:31 -07:00
Michael Lange 114909c5e8 Always show the scaling events accordion 2020-08-24 10:34:34 -07:00
Seth Hoenig 26e77623e5 consul/connect: fixup tests to use new consul sdk 2020-08-24 12:02:41 -05:00
Seth Hoenig 4bfe830074 consul/connect: update consul to match current 2020-08-24 10:48:27 -05:00
Seth Hoenig 7272a8bdb9
Merge pull request #8715 from greut/consul-v1.7.7
Consul v1.7.7
2020-08-24 10:43:46 -05:00
Seth Hoenig a09d1746bf
Merge branch 'master' into consul-v1.7.7 2020-08-24 10:43:00 -05:00
Seth Hoenig 37b827be0a
Merge pull request #8717 from greut/cors-v1.7.0
vendor: rs/cors v1.7.0
2020-08-24 10:23:53 -05:00
Seth Hoenig 80afe97719
Merge pull request #8721 from code0x9/b-kernel-builtin-module
client/fingerprint: lookup kernel builtin bridge modules
2020-08-24 10:01:34 -05:00
Tim Gross d26f30bba8
docs: add contributor docs for issue labels (#8723) 2020-08-24 10:19:57 -04:00
Seth Hoenig c4fa644315 consul/connect: remove envoy dns option from gateway proxy config 2020-08-24 09:11:55 -05:00
Seth Hoenig d6b0f43f3f consul/connect: update consul version used in circleci 2020-08-24 08:21:27 -05:00
Yoan Blanc 327d17e0dc
fixup! vendor: consul/api, consul/sdk v1.6.0
Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2020-08-24 08:59:03 +02:00
Mark Lee cd23fd7ca2 refactor lookup code 2020-08-24 12:24:16 +09:00
Mark Lee cd7aabca72 lookup kernel builtin modules too 2020-08-24 11:09:13 +09:00
Mahmood Ali ff01f521a1
Merge pull request #8656 from JanMa/update-nspawn-docs
Update docs for nspawn driver
2020-08-23 21:24:56 -04:00
Mahmood Ali 8aa39f1a91
Merge pull request #8704 from hashicorp/docs-gh-6305
docs: fix job run -detach example
2020-08-23 20:52:34 -04:00
Yoan Blanc 7b873b7746
vendor: rs/cors v1.7.0
The Olivier Poitrey Go CORS handler through 1.3.0 actively converts
a wildcard CORS policy into reflecting an arbitrary Origin header
value, which is incompatible with the CORS security design, and
could lead to CORS misconfiguration security problems.

CVE-2018-20744

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2020-08-23 10:36:38 +02:00
Yoan Blanc 63b27d42a2
vendor: consul/api, consul/sdk v1.6.0
Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2020-08-23 09:43:37 +02:00
Yoan Blanc 5e629775ac
vendor: consul v1.7.7
Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2020-08-23 09:41:27 +02:00
Seth Hoenig 5b072029f2 consul/connect: add initial support for ingress gateways
This PR adds initial support for running Consul Connect Ingress Gateways (CIGs) in Nomad. These gateways are declared as part of a task group level service definition within the connect stanza.

```hcl
service {
  connect {
    gateway {
      proxy {
        // envoy proxy configuration
      }
      ingress {
        // ingress-gateway configuration entry
      }
    }
  }
}
```

A gateway can be run in `bridge` or `host` networking mode, with the caveat that host networking necessitates manually specifying the Envoy admin listener (which cannot be disabled) via the service port value.

Currently Envoy is the only supported gateway implementation in Consul, and Nomad only supports running Envoy as a gateway using the docker driver.

Aims to address #8294 and tangentially #8647
2020-08-21 16:21:54 -05:00
Tim Gross 693a8a2613
e2e: fix platform path for installing for Linux from s3 (#8708) 2020-08-21 09:20:09 -04:00
Tim Gross b23150057a
E2E: move Nomad installation to script on remote hosts (#8706)
This changeset moves the installation of Nomad binaries out of the
provisioning framework and into scripts that are installed on the remote host
during AMI builds.

This provides a few advantages:

* The provisioning framework can be reduced in scope (with the goal of moving
  most of it into the Terraform stack entirely).
* The scripts can be arbitrarily complex if we don't have to stuff them into
  ssh commands, so it's easier to make them idempotent. In this changeset, the
  scripts check the version of the existing binary and don't re-download when
  using the `--nomad_sha` or `--nomad_version` flags.
* The scripts can be OS/distro specific, which helps in building new test
  targets.
2020-08-20 16:10:00 -04:00
Buck Doyle 4394c5b9ff
Add common serialiser abstractions (#8634)
This extracts some common API-idiosyncracy-handling patterns from model serialisers into properties that are processed by the application serialiser:

* arrayNullOverrides converts a null property value to an empty array
* mapToArray converts a map to an array of maps, using the original map keys as Name properties on the array maps
* separateNanos splits nanosecond-containing timestamps into millisecond timestamps and separate nanosecond properties
2020-08-20 12:14:49 -05:00
Michael Schurter 86a31d0df6
Merge pull request #8701 from hashicorp/doc-e2e
docs: clarify e2e tests
2020-08-20 08:53:58 -07:00
Jasmine Dahilig a7b8adfe01 task lifecycle: e2e fix more alloc stop races 2020-08-20 08:49:58 -07:00
Mahmood Ali 8515885227 docs: fix job run -detach example 2020-08-20 11:42:36 -04:00
Jasmine Dahilig 681eb407db task lifecycle: make e2e service job test block until poststart task has started 2020-08-20 08:11:16 -07:00
Nick Ethier 3cd5f46613
Update UI to use new allocated ports fields (#8631)
* nomad: canonicalize alloc shared resources to populate ports

* ui: network ports

* ui: remove unused task network references and update tests with new shared ports model

* ui: lint

* ui: revert auto formatting

* ui: remove unused page objects

* structs: remove unrelated test from bad conflict resolution

* ui: formatting
2020-08-20 11:07:13 -04:00
Tim Gross 0fd4a05b2f
E2E AMI cleanup (#8697)
* move CNI install/podman config to build-time
* move DNS config to userdata
* consolidate apt updates for performance
2020-08-20 10:09:31 -04:00
Mahmood Ali 29d49f0a09
Merge pull request #8700 from shishir-a412ed/f-ui-podman-driver
Podman driver: Add support for signal task.
2020-08-20 07:11:45 -04:00
Mahmood Ali 80b10a3181
Merge pull request #8693 from zhsj/update-runc
Update runc to v1.0.0-rc92
2020-08-20 07:11:27 -04:00
Michael Schurter 72bd8f477c docs: clarify e2e tests
Just a smattering of attempted improvements as I read through this
again. Some of my goals:

- Tried to add more high level info to the intro to set the context
- Clarify the difference between *test* dev and *agent* dev workflows
- Add -timeout to provisioning step because cable Internet is lol
2020-08-19 20:32:31 -07:00
Michael Schurter 4d2bb7e660
Merge pull request #8688 from hashicorp/test-deflake-consul-e2e
test: deflake consul e2e tests
2020-08-19 20:11:25 -07:00
Shishir Mahajan 7055477860
Podman driver: Add support for signal task. 2020-08-19 17:25:52 -07:00
Michael Schurter 66bc07d01a test: deflake consul e2e tests
Modernize test patterns by removing gomega and avoiding the mock_driver.
2020-08-19 14:29:22 -07:00
Tim Gross 9a3caa49db
e2e: remove unused spark dependency (#8695) 2020-08-19 14:59:36 -04:00
Shengjing Zhu 311fe43b3c Vendor sync 2020-08-20 00:31:07 +08:00
Shengjing Zhu 7a4f48795d Adjust cgroup change in libcontainer 2020-08-20 00:31:07 +08:00
Shengjing Zhu c69984f853 Update runc to v1.0.0-rc92 2020-08-19 23:56:35 +08:00
Mahmood Ali 8a342926b7 Respect alloc job version for lost/failed allocs
This change fixes a bug where lost/failed allocations are replaced by
allocations with the latest versions, even if the version hasn't been
promoted yet.

Now, when generating a plan for lost/failed allocations, the scheduler
first checks if the current deployment is in Canary stage, and if so, it
ensures that any lost/failed allocations is replaced one with the latest
promoted version instead.
2020-08-19 09:52:48 -04:00
Tim Gross a49732816c
migrate AMI builds to new account (#8674) 2020-08-19 08:20:59 -04:00
Tim Gross 1aa242c15a
failed core jobs should not have follow-ups (#8682)
If a core job fails more than the delivery limit, the leader will create a new
eval with the TriggeredBy field set to `failed-follow-up`.

Evaluations for core jobs have the leader's ACL, which is not valid on another
leader after an election. The `failed-follow-up` evals do not have ACLs, so
core job evals that fail more than the delivery limit or core job evals that
span leader elections will never succeed and will be re-enqueued forever. So
we should not retry with a `failed-follow-up`.
2020-08-18 16:48:43 -04:00
Tim Gross 22e77bb03c
mrd: remove redundant validation in HTTP endpoint (#8685)
The `regionForJob` function in the HTTP job endpoint overrides the region for
multiregion jobs to `global`, which is used as a sentinel value in the
server's job endpoint to avoid re-registration loops. This changeset removes
an extraneous check that results in errors in the web UI and makes
round-tripping through the HTTP API cumbersome for all consumers.
2020-08-18 16:48:09 -04:00
Tim Gross 38ec70eb8d
multiregion: validation should always return error for OSS (#8687) 2020-08-18 15:35:38 -04:00
Tim Gross d810dab50b
migrate E2E test runs to new AWS account (#8676) 2020-08-18 14:24:34 -04:00
Jasmine Dahilig ee522ab587 task lifecycle: e2e tests 2020-08-18 10:49:50 -07:00