Commit Graph

19514 Commits

Author SHA1 Message Date
Seth Hoenig 80afe97719
Merge pull request #8721 from code0x9/b-kernel-builtin-module
client/fingerprint: lookup kernel builtin bridge modules
2020-08-24 10:01:34 -05:00
Tim Gross d26f30bba8
docs: add contributor docs for issue labels (#8723) 2020-08-24 10:19:57 -04:00
Seth Hoenig c4fa644315 consul/connect: remove envoy dns option from gateway proxy config 2020-08-24 09:11:55 -05:00
Seth Hoenig d6b0f43f3f consul/connect: update consul version used in circleci 2020-08-24 08:21:27 -05:00
Yoan Blanc 327d17e0dc
fixup! vendor: consul/api, consul/sdk v1.6.0
Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2020-08-24 08:59:03 +02:00
Mark Lee cd23fd7ca2 refactor lookup code 2020-08-24 12:24:16 +09:00
Mark Lee cd7aabca72 lookup kernel builtin modules too 2020-08-24 11:09:13 +09:00
Mahmood Ali ff01f521a1
Merge pull request #8656 from JanMa/update-nspawn-docs
Update docs for nspawn driver
2020-08-23 21:24:56 -04:00
Mahmood Ali 8aa39f1a91
Merge pull request #8704 from hashicorp/docs-gh-6305
docs: fix job run -detach example
2020-08-23 20:52:34 -04:00
Yoan Blanc 7b873b7746
vendor: rs/cors v1.7.0
The Olivier Poitrey Go CORS handler through 1.3.0 actively converts
a wildcard CORS policy into reflecting an arbitrary Origin header
value, which is incompatible with the CORS security design, and
could lead to CORS misconfiguration security problems.

CVE-2018-20744

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2020-08-23 10:36:38 +02:00
Yoan Blanc 63b27d42a2
vendor: consul/api, consul/sdk v1.6.0
Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2020-08-23 09:43:37 +02:00
Yoan Blanc 5e629775ac
vendor: consul v1.7.7
Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2020-08-23 09:41:27 +02:00
Seth Hoenig 5b072029f2 consul/connect: add initial support for ingress gateways
This PR adds initial support for running Consul Connect Ingress Gateways (CIGs) in Nomad. These gateways are declared as part of a task group level service definition within the connect stanza.

```hcl
service {
  connect {
    gateway {
      proxy {
        // envoy proxy configuration
      }
      ingress {
        // ingress-gateway configuration entry
      }
    }
  }
}
```

A gateway can be run in `bridge` or `host` networking mode, with the caveat that host networking necessitates manually specifying the Envoy admin listener (which cannot be disabled) via the service port value.

Currently Envoy is the only supported gateway implementation in Consul, and Nomad only supports running Envoy as a gateway using the docker driver.

Aims to address #8294 and tangentially #8647
2020-08-21 16:21:54 -05:00
Tim Gross 693a8a2613
e2e: fix platform path for installing for Linux from s3 (#8708) 2020-08-21 09:20:09 -04:00
Tim Gross b23150057a
E2E: move Nomad installation to script on remote hosts (#8706)
This changeset moves the installation of Nomad binaries out of the
provisioning framework and into scripts that are installed on the remote host
during AMI builds.

This provides a few advantages:

* The provisioning framework can be reduced in scope (with the goal of moving
  most of it into the Terraform stack entirely).
* The scripts can be arbitrarily complex if we don't have to stuff them into
  ssh commands, so it's easier to make them idempotent. In this changeset, the
  scripts check the version of the existing binary and don't re-download when
  using the `--nomad_sha` or `--nomad_version` flags.
* The scripts can be OS/distro specific, which helps in building new test
  targets.
2020-08-20 16:10:00 -04:00
Buck Doyle 4394c5b9ff
Add common serialiser abstractions (#8634)
This extracts some common API-idiosyncracy-handling patterns from model serialisers into properties that are processed by the application serialiser:

* arrayNullOverrides converts a null property value to an empty array
* mapToArray converts a map to an array of maps, using the original map keys as Name properties on the array maps
* separateNanos splits nanosecond-containing timestamps into millisecond timestamps and separate nanosecond properties
2020-08-20 12:14:49 -05:00
Michael Schurter 86a31d0df6
Merge pull request #8701 from hashicorp/doc-e2e
docs: clarify e2e tests
2020-08-20 08:53:58 -07:00
Jasmine Dahilig a7b8adfe01 task lifecycle: e2e fix more alloc stop races 2020-08-20 08:49:58 -07:00
Mahmood Ali 8515885227 docs: fix job run -detach example 2020-08-20 11:42:36 -04:00
Jasmine Dahilig 681eb407db task lifecycle: make e2e service job test block until poststart task has started 2020-08-20 08:11:16 -07:00
Nick Ethier 3cd5f46613
Update UI to use new allocated ports fields (#8631)
* nomad: canonicalize alloc shared resources to populate ports

* ui: network ports

* ui: remove unused task network references and update tests with new shared ports model

* ui: lint

* ui: revert auto formatting

* ui: remove unused page objects

* structs: remove unrelated test from bad conflict resolution

* ui: formatting
2020-08-20 11:07:13 -04:00
Tim Gross 0fd4a05b2f
E2E AMI cleanup (#8697)
* move CNI install/podman config to build-time
* move DNS config to userdata
* consolidate apt updates for performance
2020-08-20 10:09:31 -04:00
Mahmood Ali 29d49f0a09
Merge pull request #8700 from shishir-a412ed/f-ui-podman-driver
Podman driver: Add support for signal task.
2020-08-20 07:11:45 -04:00
Mahmood Ali 80b10a3181
Merge pull request #8693 from zhsj/update-runc
Update runc to v1.0.0-rc92
2020-08-20 07:11:27 -04:00
Michael Schurter 72bd8f477c docs: clarify e2e tests
Just a smattering of attempted improvements as I read through this
again. Some of my goals:

- Tried to add more high level info to the intro to set the context
- Clarify the difference between *test* dev and *agent* dev workflows
- Add -timeout to provisioning step because cable Internet is lol
2020-08-19 20:32:31 -07:00
Michael Schurter 4d2bb7e660
Merge pull request #8688 from hashicorp/test-deflake-consul-e2e
test: deflake consul e2e tests
2020-08-19 20:11:25 -07:00
Shishir Mahajan 7055477860
Podman driver: Add support for signal task. 2020-08-19 17:25:52 -07:00
Michael Schurter 66bc07d01a test: deflake consul e2e tests
Modernize test patterns by removing gomega and avoiding the mock_driver.
2020-08-19 14:29:22 -07:00
Tim Gross 9a3caa49db
e2e: remove unused spark dependency (#8695) 2020-08-19 14:59:36 -04:00
Shengjing Zhu 311fe43b3c Vendor sync 2020-08-20 00:31:07 +08:00
Shengjing Zhu 7a4f48795d Adjust cgroup change in libcontainer 2020-08-20 00:31:07 +08:00
Shengjing Zhu c69984f853 Update runc to v1.0.0-rc92 2020-08-19 23:56:35 +08:00
Mahmood Ali 8a342926b7 Respect alloc job version for lost/failed allocs
This change fixes a bug where lost/failed allocations are replaced by
allocations with the latest versions, even if the version hasn't been
promoted yet.

Now, when generating a plan for lost/failed allocations, the scheduler
first checks if the current deployment is in Canary stage, and if so, it
ensures that any lost/failed allocations is replaced one with the latest
promoted version instead.
2020-08-19 09:52:48 -04:00
Tim Gross a49732816c
migrate AMI builds to new account (#8674) 2020-08-19 08:20:59 -04:00
Tim Gross 1aa242c15a
failed core jobs should not have follow-ups (#8682)
If a core job fails more than the delivery limit, the leader will create a new
eval with the TriggeredBy field set to `failed-follow-up`.

Evaluations for core jobs have the leader's ACL, which is not valid on another
leader after an election. The `failed-follow-up` evals do not have ACLs, so
core job evals that fail more than the delivery limit or core job evals that
span leader elections will never succeed and will be re-enqueued forever. So
we should not retry with a `failed-follow-up`.
2020-08-18 16:48:43 -04:00
Tim Gross 22e77bb03c
mrd: remove redundant validation in HTTP endpoint (#8685)
The `regionForJob` function in the HTTP job endpoint overrides the region for
multiregion jobs to `global`, which is used as a sentinel value in the
server's job endpoint to avoid re-registration loops. This changeset removes
an extraneous check that results in errors in the web UI and makes
round-tripping through the HTTP API cumbersome for all consumers.
2020-08-18 16:48:09 -04:00
Tim Gross 38ec70eb8d
multiregion: validation should always return error for OSS (#8687) 2020-08-18 15:35:38 -04:00
Tim Gross d810dab50b
migrate E2E test runs to new AWS account (#8676) 2020-08-18 14:24:34 -04:00
Jasmine Dahilig ee522ab587 task lifecycle: e2e tests 2020-08-18 10:49:50 -07:00
Drew Bailey 4e35a5a83e
Merge pull request #8680 from hashicorp/dmay-website-license-put
Change 'license set' to 'license put' to reflect correct syntax
2020-08-18 12:01:28 -04:00
James Rasell 3eead6d071
Merge pull request #8678 from hashicorp/f-gh-8142-changelog
changelog: add entry for GH-8142.
2020-08-18 09:08:42 +02:00
davemay99 3c12ef8f70 Change 'license set' to 'license put' to reflect correct syntax 2020-08-17 14:10:21 -04:00
Nick Ethier 1849a20b66
docker: use Nomad managed resolv.conf when DNS options are set (#8600) 2020-08-17 10:22:08 -04:00
Buck Doyle 2f022a6a5e
Add missing server shutdown (#8677)
This removes repeated instances of this warning from test logs:
You created a second Pretender instance while there was already one running.
2020-08-17 08:17:29 -05:00
James Rasell 39351e1902
changelog: add entry for GH-8142. 2020-08-17 08:58:50 +01:00
James Rasell b6a884a7cb
Merge pull request #8636 from hashicorp/f-gh-8142
api: add node purge SDK function.
2020-08-17 09:45:54 +02:00
Luiz Aoqui 5296e5b5c2
Merge pull request #8675 from hashicorp/docs/alloc-metrics-labels
docs: update allocation metrics
2020-08-14 16:59:15 -04:00
Luiz Aoqui d4f8629968
docs: update allocation metrics 2020-08-14 14:16:38 -04:00
James Rasell c90a2da3ff
Merge pull request #8672 from hashicorp/f-gh-8142-docs
docs: update docs to reference new Docker driver image_pull_timeout params.
2020-08-14 16:08:18 +02:00
James Rasell dab8282be5
Merge pull request #8589 from hashicorp/f-gh-5718
driver/docker: allow configurable pull context timeout setting.
2020-08-14 16:07:59 +02:00