Commit graph

19021 commits

Author SHA1 Message Date
Michael Lange 765077eb03 Model job scaling and events in Mirage 2020-07-29 19:07:24 -07:00
Michael Lange 17e6d5b836 Data modeling for job scale and scale events 2020-07-29 19:07:24 -07:00
Michael Schurter f7b0e5dec4
Merge pull request #8554 from hashicorp/docs-vault-revoke-batch
docs: add #8553 to changelog
2020-07-29 14:48:43 -07:00
Michael Schurter 1a997b81ab docs: add #8553 to changelog
Fix some capitalization too.
2020-07-29 14:33:20 -07:00
Seth Hoenig 2a8c5249b6
Merge pull request #8443 from hashicorp/x-cnb
consul/connect: add support for bridge networks with connect native tasks
2020-07-29 09:43:47 -05:00
Seth Hoenig a392b19b6a consul/connect: fixup some spelling, comments, consts 2020-07-29 09:26:01 -05:00
Seth Hoenig 04bb6c416f consul/connect: organize lock & fields in http/grpc socket hooks 2020-07-29 09:26:01 -05:00
Seth Hoenig dbee956c05 consul/connect: optimze grpc socket hook check for bridge network first 2020-07-29 09:26:01 -05:00
Seth Hoenig 2511f48351 consul/connect: add support for bridge networks with connect native tasks
Before, Connect Native Tasks needed one of these to work:

- To be run in host networking mode
- To have the Consul agent configured to listen to a unix socket
- To have the Consul agent configured to listen to a public interface

None of these are a great experience, though running in host networking is
still the best solution for non-Linux hosts. This PR establishes a connection
proxy between the Consul HTTP listener and a unix socket inside the alloc fs,
bypassing the network namespace for any Connect Native task. Similar to and
re-uses a bunch of code from the gRPC listener version for envoy sidecar proxies.

Proxy is established only if the alloc is configured for bridge networking and
there is at least one Connect Native task in the Task Group.

Fixes #8290
2020-07-29 09:26:01 -05:00
Drew Bailey e212c24f9e
update changelog for enterprise vault namespacesp (#8542)
* update changelog for enterprise vault namespacesp

* Update CHANGELOG.md

Co-authored-by: Seth Hoenig <shoenig@hashicorp.com>

Co-authored-by: Seth Hoenig <shoenig@hashicorp.com>
2020-07-29 09:45:35 -04:00
Michael Schurter 947491c255
Merge pull request #8553 from hashicorp/b-vault-revoke-batch
vault: expired tokens count toward batch limit
2020-07-28 18:16:17 -07:00
Michael Schurter 80f521cce5 vault: expired tokens count toward batch limit
As of 0.11.3 Vault token revocation and purging was done in batches.
However the batch size was only limited by the number of *non-expired*
tokens being revoked.

Due to bugs prior to 0.11.3, *expired* tokens were not properly purged.
Long-lived clusters could have thousands to *millions* of very old
expired tokens that never got purged from the state store.

Since these expired tokens did not count against the batch limit, very
large batches could be created and overwhelm servers.

This commit ensures expired tokens count toward the batch limit with
this one line change:

```
- if len(revoking) >= toRevoke {
+ if len(revoking)+len(ttlExpired) >= toRevoke {
```

However, this code was difficult to test due to being in a periodically
executing loop. Most of the changes are to make this one line change
testable and test it.
2020-07-28 15:42:47 -07:00
Buck Doyle 7bed453de3
Add acceptance test accessibility auditing and fixes (#8455)
This introduces ember-a11y-testing to acceptance tests via a helper
wrapper that allows us to globally ignore rules that we can address
separately. It also adds fixes for the aXe rules that were failing.
2020-07-28 12:59:14 -05:00
Mahmood Ali 582899277f
Merge pull request #8533 from hashicorp/docs-gh-6987-rebase
Add missing `token list` subcommand in list
2020-07-27 09:19:52 -04:00
Drew Bailey bd421b6197
Merge pull request #8453 from hashicorp/oss-multi-vault-ns
oss compoments for multi-vault namespaces
2020-07-27 08:45:22 -04:00
Michael Lange 7505a5cddb
Merge pull request #7735 from hashicorp/dependabot/npm_and_yarn/scripts/screenshots/src/https-proxy-agent-2.2.4
build(deps): bump https-proxy-agent from 2.2.1 to 2.2.4 in /scripts/screenshots/src
2020-07-24 15:13:36 -07:00
Tim Gross e604220084
docs and changelog entry for nomad volume deregister -force (#8537) 2020-07-24 15:13:11 -04:00
Tim Gross d0b03cad7c
e2e: give containers access to dnsmasq DNS (#8536)
By default, Docker containers get /etc/resolv.conf bound into the container
with the localhost entry stripped out. In order to resolve using the host's
dnsmasq, we need to make sure the container uses the docker0 IP as its
nameserver and that dnsmasq is listening on that port and forwarding to either
the AWS VPC DNS (so that we can query private resources like EFS) or to the
Consul DNS.
2020-07-24 14:09:18 -04:00
Mahmood Ali 2d0b80a0ed
Merge pull request #6517 from hashicorp/b-fingerprint-shutdown-race
client: don't retry fingerprinting on shutdown
2020-07-24 11:56:32 -04:00
Mahmood Ali 61558636df
Merge pull request #7726 from hashicorp/f-update-vagrant-demo-versions
demo: update Nomad and Consul install versions in Vagrant demo.
2020-07-24 11:55:02 -04:00
Mahmood Ali 648bbd9ca2 update nomad to 0.12.1 2020-07-24 11:53:44 -04:00
James Rasell 446cf104df demo: update Nomad and Consul install versions in Vagrant demo. 2020-07-24 11:53:44 -04:00
Mahmood Ali 92766f8b8f
Merge pull request #8348 from hashicorp/je.hard-pin-deps
📌 Hard Pin Website Dependencies
2020-07-24 11:46:56 -04:00
Jeff Escalante 7c80b94c60 hard pin and update dependencies 2020-07-24 11:18:02 -04:00
Mahmood Ali 0cf31d732c
Update website/pages/docs/commands/acl/index.mdx
Co-authored-by: Matteo Gazzetta <matteo_gazzetta@hotmail.it>
2020-07-24 11:01:40 -04:00
Lang Martin deb37c91b7
e2e/bin/run: run & update only attempt to contact linux servers (#8517) 2020-07-24 10:52:12 -04:00
Mahmood Ali 8644eb386a
Merge pull request #6531 from hashicorp/docs-markdownlintrc
Added a markdownlintrc
2020-07-24 10:41:12 -04:00
James Rasell ff351575b3
Merge pull request #8531 from hashicorp/gh-8527-docs-updates
docs: update website and changelog to detail GH-8527
2020-07-24 16:40:52 +02:00
James Rasell b443d335a6
Merge pull request #8530 from hashicorp/b-gh-8527
api: add namespace to scaling status GET response object.
2020-07-24 16:40:42 +02:00
Drew Bailey b296558b8e
oss compoments for multi-vault namespaces
adds in oss components to support enterprise multi-vault namespace feature

upgrade specific doc on vault multi-namespaces

vault docs

update test to reflect new error
2020-07-24 10:14:59 -04:00
Mahmood Ali bc19dd6b76 Just a small doc fix, acl token list subcommand was missing in the list. 2020-07-24 10:09:30 -04:00
Mahmood Ali ab25616add
Merge pull request #7234 from derekmarcotte/dm-freebsd
Fix undefined: getEphemeralPortRange error on FreeBSD.
2020-07-24 10:01:41 -04:00
Mahmood Ali 4fb205343d
Merge pull request #8513 from hashicorp/security-model-add-recommendations
Add TLS and HTTP Header recommendations to security model documentation
2020-07-24 09:56:56 -04:00
Mahmood Ali b800a4f80e
Merge pull request #8514 from sashaaKr/bugfix/cli_ui
change url to client
2020-07-24 09:54:39 -04:00
Lars Lehtonen fb7b2282b1
scheduler: label loops with nested switch statements for effective break (#8528) 2020-07-24 08:50:41 -04:00
James Rasell 29fbc15bb5
docs: add Namespace field to scale status GET example. 2020-07-24 14:45:50 +02:00
James Rasell b4ca4e09c5
changelog: add entry for GH-8530. 2020-07-24 14:45:07 +02:00
James Rasell 90aa15d39b
Merge pull request #8529 from hashicorp/gh-8481-docs-updates
docs: update website and changelog to clarify and detail GH-8481
2020-07-24 14:20:47 +02:00
James Rasell 95db43eaf0
Merge pull request #8491 from hashicorp/b-gh-8481
api: task groups in system jobs do not support scaling stanzas.
2020-07-24 14:20:26 +02:00
Tim Gross 43d2052c99
csi: avoid panic in CLI for failed node attachment cleanup (#8525)
If the node API returns an attached volume that doesn't belong to an
alloc (because it's failed to clean up properly), `nomad node status`
will panic when rendering the response.

Also, avoid empty volumes output in node status
2020-07-24 08:17:27 -04:00
James Rasell da91e1d0fc
api: add namespace to scaling status GET response object. 2020-07-24 11:19:25 +02:00
James Rasell 71d9c23e47
docs: clarify scaling stanza is not supported within system jobs. 2020-07-24 10:05:38 +02:00
James Rasell 5980877931
changelog: add entry for GH-8481 2020-07-24 10:05:14 +02:00
Michael Schurter 1400e0480d
Merge pull request #8521 from hashicorp/docs-hearbeat
docs: s/hearbeat/heartbeat and fix link
2020-07-23 14:07:24 -07:00
Tim Gross 56c6dacd38
csi: NodePublish should not create target_path, only its parent dir (#8505)
The NodePublish workflow currently creates the target path and its parent
directory. However, the CSI specification says that the CO shall ensure the
parent directory of the target path exists, and that the SP shall place the
block device or mounted directory at the target path. Much of our testing has
been with CSI plugins that are more forgiving, but our behavior breaks
spec-compliant CSI plugins.

This changeset ensures we only create the parent directory.
2020-07-23 15:52:22 -04:00
Drew Bailey fb21e592cd
Merge pull request #8523 from hashicorp/update-website-version
update version for 0.12.1
2020-07-23 15:37:38 -04:00
Drew Bailey f04a1d73bc
update version for 0.12.1 2020-07-23 15:36:33 -04:00
Mahmood Ali 5068dcb6fc
update changelog for GH-7785 (#8522) 2020-07-23 14:45:21 -04:00
Michael Schurter 8340ad4da8 docs: s/hearbeat/heartbeat and fix link
Also fixed the same typo in a test. Fixing the typo fixes the link, but
the link was still broken when running the website locally due to the
trailing slash. It would have worked in prod thanks to redirects, but
using the canonical URL seems ideal.
2020-07-23 11:33:34 -07:00
Drew Bailey 93f8561386
Merge pull request #8518 from hashicorp/release-0.12.1
update changelog for 0.12.1 release
2020-07-23 14:26:23 -04:00