Commit graph

16452 commits

Author SHA1 Message Date
Michael Schurter 780625786f docs: update changelog
Remove 0.10.1 release date until finalizing release
2019-11-01 14:34:18 -07:00
Michael Schurter 80c40ca0fa Merge pull request #6605 from hashicorp/b-allocres-panic
client: fix panic from 0.8 -> 0.10 upgrade
2019-11-01 14:33:19 -07:00
Michael Schurter 8356c704fe
Merge pull request #6605 from hashicorp/b-allocres-panic
client: fix panic from 0.8 -> 0.10 upgrade
2019-11-01 12:58:59 -07:00
Tim Gross 66a34a43cb
docs: note bridge-nf-call-iptables requirement for Connect (#6607)
The Connect integration uses bridge networking and iptables to send
traffic between containers, but the RedHat family of Linux distros
sets some of the kernel tunables this requires to be optimized for VMs
rather than containers. We can document this behavior for now and
consider better operator feedback for pre-flight checking later.
2019-11-01 14:41:21 -04:00
Drew Bailey a7adc54235
Prevent nomad alloc status output inconsistency
Prevent random map ordering and sort alphabetically

better variable name
2019-11-01 14:01:32 -04:00
Michael Schurter 9fed8d1bed client: fix panic from 0.8 -> 0.10 upgrade
makeAllocTaskServices did not do a nil check on AllocatedResources
which causes a panic when upgrading directly from 0.8 to 0.10. While
skipping 0.9 is not supported we intend to fix serious crashers caused
by such upgrades to prevent cluster outages.

I did a quick audit of the client package and everywhere else that
accesses AllocatedResources appears to be properly guarded by a nil
check.
2019-11-01 07:47:03 -07:00
Michael Schurter 5ae7e07857 docs: prep changelog for 0.10.1 release 2019-10-31 09:19:04 -07:00
Mahmood Ali 4f9685e2d8 Merge pull request #6575 from hashicorp/b-gh-6571-missing-service-network
Fix some connect connect validation
2019-10-31 08:57:44 -07:00
Michael Schurter 3354d5d715 Merge pull request #6541 from hashicorp/release-0100-net-panic
core: fix panic when AllocatedResources is nil
2019-10-31 08:49:01 -07:00
Michael Schurter fa2e73fdae
Merge pull request #6541 from hashicorp/release-0100-net-panic
core: fix panic when AllocatedResources is nil
2019-10-31 08:46:34 -07:00
Lars Lehtonen 4ed9427c77 client/allocwatcher: fix dropped test error (#6592) 2019-10-31 08:29:25 -04:00
Lars Lehtonen 0a4542fadc nomad: fix test goroutine (#6593) 2019-10-31 08:23:32 -04:00
RJ Spiker 8f254b6e14 website - font and brand update 2019-10-30 16:17:54 -06:00
Tim Gross b1b20cd479
remove misleading networking log line (#6588)
When a job has a task group network, this log line ends up being
misleading if you're trying to debug networking issues. We really only
care about this when there's no port map set, in which case we get the
error returned anyways.
2019-10-30 13:23:33 -04:00
Charlie Voiselle 946af42906
Merge pull request #6532 from hashicorp/docs-fixup-command
Fixup for command section of website
2019-10-30 10:32:37 -04:00
Tim Gross 256ce6b75d
run 'make hclfmt' so that 'make dev' is idempotent (#6587) 2019-10-30 09:37:18 -04:00
Michael Schurter ab3c215b3b docs: update references 2019-10-29 15:38:48 -07:00
Seth Hoenig 98592113a3
Merge pull request #6582 from hashicorp/b-vault-createToken-log-msg
nomad: fix vault.CreateToken log message printing wrong error
2019-10-29 17:35:05 -05:00
Michael Schurter f174e4dc7c
Merge pull request #6568 from hashicorp/r-vault-deadcode
vault: remove dead lease code
2019-10-29 10:33:35 -07:00
Mahmood Ali 3f6e50617a
Merge pull request #6047 from hashicorp/b-ignore-server-if-disabled
Only warn against BootstrapExpect set in CLI flag
2019-10-29 10:55:44 -04:00
Mahmood Ali 7f2e4dc5d8
Merge pull request #6574 from hashicorp/b-gh-6570-vault-role-validation
vault: honor new `token_period` in vault token role
2019-10-29 10:18:59 -04:00
Seth Hoenig 838c6e3329 nomad: fix vault.CreateToken log message printing wrong error
Fixes typo in word "failed".

Fixes bug where incorrect error is printed. The old code would only
ever print a nil error, instead of the validationErr which is being
created.
2019-10-28 23:05:32 -05:00
Michael Schurter c6bbe85f42 core: fix panic when AllocatedResources is nil
Fix for #6540
2019-10-28 14:38:21 -07:00
Mahmood Ali 0c55e85d04
Merge pull request #6575 from hashicorp/b-gh-6571-missing-service-network
Fix some connect connect validation
2019-10-28 11:45:09 -04:00
Mahmood Ali c5d8d66787 Fix admissionValidators
`admissionValidators` doesn't aggregate errors correctly, as it
aggregates errors in `errs` reference yet it always returns the nil
`err`.

Here, we avoid shadowing `err`, and move variable declarations to where
they are used.
2019-10-28 10:52:53 -04:00
Mahmood Ali abb930249a consul connect: do basic validation before mutating job
`groupConnectHook` assumes that Networks is a non-empty slice, but TG
hasn't been validated yet and validation may depend on mutation results.
As such, we do basic check here before dereferencing network slice
elements.
2019-10-28 10:49:02 -04:00
Mahmood Ali bb45a7a776 add tests for consul connect validation 2019-10-28 10:41:51 -04:00
Mahmood Ali e8581166aa Test with Vault latest, 1.2.3
To ensure we test with latest with latest configuration.
2019-10-28 09:37:06 -04:00
Mahmood Ali 4c64658397 vault: Support new role field token_role
Vault 1.2.0 deprecated `period` field in favor of `token_period` in auth
role:

>  * Token store roles use new, common token fields for the values
>    that overlap with other auth backends. `period`, `explicit_max_ttl`, and
>    `bound_cidrs` will continue to work, with priority being given to the
>    `token_` prefixed versions of those parameters. They will also be returned
>    when doing a read on the role if they were used to provide values initially;
>    however, in Vault 1.4 if `period` or `explicit_max_ttl` is zero they will no
>    longer be returned. (`explicit_max_ttl` was already not returned if empty.)
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#120-july-30th-2019
2019-10-28 09:33:26 -04:00
Tim Gross 3e9ae481ce
e2e: refactor Consul configurations (#6559)
Ensure that we're reusing the base configuration between client and
servers without the possibility of drift. Reduce the amount of `sed`
mangling of the configuration file, and make recommended changes from
`shellcheck` for this section of the provisioning script.

Fixes some rebase errors on the Nomad config as well.
2019-10-28 09:27:40 -04:00
Drew Bailey fa2c3450ea
updates default consul version to 1.6.1 2019-10-28 08:39:46 -04:00
Tim Gross ba7e7413ef
e2e: refactor Nomad configuration (#6560)
Share base configuration for telemetry and consul. Have the server
configurations respect the `var.server_count` config. Make changes
recommended by `shellcheck` in the provisioning scripts for this section.

Switch to OS/arch-tagged release bundles on S3 for compatibility with
adding Windows builds in the near future.
2019-10-28 08:21:02 -04:00
Michael Schurter eba4d4cd6f vault: remove dead lease code 2019-10-25 15:08:35 -07:00
Tim Gross 8be403f47b
e2e: refactor Vault configuration (#6561)
Match the configuration directory layout we're using for Consul and
other services. Make recommended changes from `shellcheck` for this
section of the provisioning script.
2019-10-25 15:29:01 -04:00
Omar Khawaja b1d2fa77d3
separate vars and outputs into their own files and update default link in nomad binary variable to 0.10.0 release (#6550) 2019-10-25 14:15:30 -04:00
Tim Gross 87b3abddd3
e2e: use sockaddr for IP address configuration (#6548)
Update the Consul and Vault configs to take advantage of their
included `go-sockaddr` library for getting the IP addresses we need in
a portable way. This particularly avoids problems with "predictable"
interface names provided by systemd.

Also adds the `sockaddr` binary to the Packer build so we can use it
in our provisioning scripts.
2019-10-25 14:08:38 -04:00
Omar Khawaja cb6cfd61c1
take out port_map config for traefik and haproxy and add health check to haproxy (#6565) 2019-10-25 13:52:07 -04:00
Omar Khawaja 4ed5380bbd
add traefik lb guide (#6551) 2019-10-25 10:46:09 -04:00
Mahmood Ali 548ef4a15e
Merge pull request #6547 from hashicorp/b-docker-task-user
docs: Docker driver supports task user option
2019-10-25 09:22:28 -04:00
Mahmood Ali fd5d4c1657 fix grammar 2019-10-25 09:22:03 -04:00
Tim Gross efbd680d4e
e2e: split Packer build scripts from TF provisioning (#6542)
Make a clear split between Packer and Terraform provisioning steps:
the scripts in the `packer/linux` directory are run when we build the
AMI whereas the stuff in shared are run at Terraform provisioning time.

Merging all runtime provisioning scripts into a single script for each
of server/client solves the following:

* Userdata scripts can't take arguments, they can only be templated
  and that means we have to do TF escaping in bash/powershell scripts.
* TF provisioning scripts race with userdata scripts.
2019-10-25 08:08:24 -04:00
Omar Khawaja 3c1b48e9d9
fix typos (#6552) 2019-10-25 01:15:22 -04:00
Mahmood Ali fe14993582 docs: Docker driver supports task user option
Also, add a test case.
2019-10-24 14:00:37 -04:00
Omar Khawaja 16615fe9ab
Nomad HAProxy load balancing guide (#6534)
* add nginx to load balancing nav menu and fix bullets

* fill out nginx lb guide

* formatting

* change Nginx to NGINX

* add step to verify load balancer config

* update docker image and web app output

* add HAProxy lb guide

* format haproxy config

* add haproxy stats page with screenshot

* add note about external load balancer

* Update website/source/guides/load-balancing/haproxy.html.md

Co-Authored-By: Chris Baker <1675087+cgbaker@users.noreply.github.com>

* Update website/source/guides/load-balancing/haproxy.html.md

Co-Authored-By: Chris Baker <1675087+cgbaker@users.noreply.github.com>

* Update website/source/guides/load-balancing/haproxy.html.md

Co-Authored-By: Chris Baker <1675087+cgbaker@users.noreply.github.com>

* Update website/source/guides/load-balancing/haproxy.html.md

Co-Authored-By: Chris Baker <1675087+cgbaker@users.noreply.github.com>

* Update website/source/guides/load-balancing/haproxy.html.md

Co-Authored-By: Chris Baker <1675087+cgbaker@users.noreply.github.com>

* Update website/source/guides/load-balancing/haproxy.html.md

Co-Authored-By: Chris Baker <1675087+cgbaker@users.noreply.github.com>

* Update website/source/guides/load-balancing/haproxy.html.md

Co-Authored-By: Chris Baker <1675087+cgbaker@users.noreply.github.com>

* Update website/source/guides/load-balancing/haproxy.html.md

Co-Authored-By: Chris Baker <1675087+cgbaker@users.noreply.github.com>

* add port mapping an static port for haproxy ui + bullet changes

* remove extra spaces

* Update website/source/guides/load-balancing/haproxy.html.md

Co-Authored-By: Chris Baker <1675087+cgbaker@users.noreply.github.com>

* Update website/source/guides/load-balancing/haproxy.html.md

Co-Authored-By: Chris Baker <1675087+cgbaker@users.noreply.github.com>

* Update website/source/guides/load-balancing/haproxy.html.md

Co-Authored-By: Chris Baker <1675087+cgbaker@users.noreply.github.com>
2019-10-24 13:02:07 -04:00
Omar Khawaja f4d78ce0ff
Nomad NGINX Load Balancing Guide (#6529)
* add nginx to load balancing nav menu and fix bullets

* fill out nginx lb guide

* formatting

* change Nginx to NGINX

* add step to verify load balancer config

* update docker image and web app output

* change Nginx to NGINX in main load balancing page

* modify change signal to SIGHUP and add else condition in template stanza to prevent nginx from crashing when no services are available to load balance

* add note about external load balancer

* clarifications and link to reference architecture
2019-10-24 11:48:37 -04:00
Lang Martin aa77ea4032
quota: parse network stanza in quotas (#6511) 2019-10-24 10:41:54 -04:00
Buck Doyle e525ff99d3
Remove inverse block for list-pagination (#6523)
As the angle bracket invocation RFC says:

> There is no dedicated syntax for passing an "else" block
> directly. If needed, that can be passed using the named
> blocks syntax.

https://github.com/emberjs/rfcs/blob/master/text/0311-angle-bracket-invocation.md#block

Unfortunately, using a contextual component doesn’t help as
the yield inside that component will still result in content
rendering that would show when the source isn’t empty. So
we decided to change the interface so you have to check
whether the source is empty before using it, which aligns with
how list-table works.
2019-10-24 07:05:43 -05:00
Lang Martin bcde556f30
Merge pull request #6539 from hashicorp/docs-job-volume-no-config
docs: job volume spec tasks source, not config > source
2019-10-23 16:01:24 -04:00
Lang Martin 75393fad41 docs: job volume spec tasks source, not config > source 2019-10-23 15:28:53 -04:00
Michael Schurter 42e21ade39
Merge pull request #6533 from hashicorp/docs-fixup-connect
docs: fix links to connect
2019-10-23 08:28:42 -07:00