Commit graph

20500 commits

Author SHA1 Message Date
Drew Bailey c0bd238eb2
fix allocation spelling error, update docs (#9527)
* fix allocation spelling error, update docs

* assign TopicACLPolicy and TopicACLToken properly
2020-12-04 12:04:58 -05:00
James Rasell 3934d3daca
Merge pull request #9520 from hashicorp/b-fix-nullchar-error-msg
core: fix typo msg used when job ID/name contains a null char.
2020-12-04 17:40:08 +01:00
James Rasell be48e89d6c
Merge pull request #9523 from hashicorp/b-improve-consul-template-dep-upgrade-detail-1.0.0
CHANGELOG: amend consul-template dep update to ref correct version.
2020-12-04 16:15:50 +01:00
Drew Bailey f37acc71ba
remove prerelease bug fix from GA changelog (#9524) 2020-12-04 10:15:21 -05:00
James Rasell 58f8afed50
CHANGELOG: amend consul-template dep update to ref correct version. 2020-12-04 14:43:18 +01:00
James Rasell fd53963afb
core: fix typo msg used when job ID/name contains a null char. 2020-12-04 09:49:31 +01:00
Michael Schurter b0ac0a1b8e
Merge pull request #9519 from hashicorp/docs-100rc1
docs: publish v1.0.0-rc1
2020-12-03 14:08:03 -08:00
Michael Schurter 39fdc47914 docs: publish v1.0.0-rc1 2020-12-03 14:03:57 -08:00
Michael Schurter f000351082
Merge pull request #9516 from hashicorp/docs-consul19
docs: clarify connect upgrade procedure
2020-12-03 14:02:57 -08:00
Michael Schurter eb56a75bdd docs: may->will after confirming with Consul
Consul 1.9 switched to agentless intentions which no longer require
synchronous communication from Envoy to Consul.
2020-12-03 13:48:06 -08:00
Michael Schurter e948e0a012 docs: clarify connect upgrade procedure
During testing we discovered old versions of Nomad and Consul seemed to
prevent Envoy from accepting new connections while the Nomad agent was
being upgraded.
2020-12-03 13:36:13 -08:00
Seth Hoenig f7fc0cd7fb
Merge pull request #9513 from hashicorp/f-e2e-upgrade-consul-more
e2e: upgrade terraform consul to 1.9.0
2020-12-03 13:09:25 -06:00
Seth Hoenig ad5918f754 e2e: upgrade terraform consul to 1.9.0 2020-12-03 13:01:14 -06:00
Drew Bailey ce85288f2f
ensure node secret ID is not included in event stream (#9510) 2020-12-03 12:27:14 -05:00
Drew Bailey 17de8ebcb1
API: Event stream use full name instead of Eval/Alloc (#9509)
* use full name for events

use evaluation and allocation instead of short name

* update api event stream package and shortnames

* update docs

* make sync; fix typo

* backwards compat not from 1.0.0-beta event stream api changes

* use api types instead of string

* rm backwards compat note that only changed between prereleases

* remove backwards incompat that only existed in prereleases
2020-12-03 11:48:18 -05:00
Seth Hoenig b167db10c3
Merge pull request #9508 from hashicorp/docs-docker-windows-issues
docs: fix link to windows docker issues
2020-12-03 09:28:18 -06:00
Seth Hoenig 4398511c04 docs: fix link to windows docker issues 2020-12-03 09:19:22 -06:00
Charlie Voiselle 7d37cd3f53
Small website updates (#9504)
* systemd should be downcased
* containerd should be downcased
* spellchecking, adjust list item spacing
* QEMU should be upcased
* spelling, it's->its
* Fewer exclamation points; drive-by list spacing
* Update website/pages/docs/internals/security.mdx
* Namespace is not ent only now.
Co-authored-by: Tim Gross <tgross@hashicorp.com>
2020-12-02 19:02:03 -05:00
Chris Baker f794d40ad3
Merge pull request #9501 from hashicorp/docs-hcl-note
added some discussion of HCL parsing context
2020-12-02 17:00:24 -06:00
Chris Baker 4b31759ef0 formatting fix from github-based commit 2020-12-02 22:25:36 +00:00
Chris Baker a9c151be2c
Update website/pages/docs/job-specification/hcl2/index.mdx
Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
2020-12-02 16:12:07 -06:00
Tim Gross f47b6bb147
docker: kill signal API should include timeout context (#9502)
When the Docker driver kills as task, we send a request via the Docker API for
dockerd to fire the signal. We send that signal and then block for the
`kill_timeout` waiting for the container to exit. But if the Docker API
blocks, we will block indefinitely because we haven't configured the API call
with the same timeout.

This changeset is a minimal intervention to add the timeout to the Docker API
call _only_ when we have the `kill_timeout` set. Future work should examine
whether we should be threading contexts through other `go-dockerclient` API
calls.
2020-12-02 16:53:17 -05:00
Tim Gross d286d941dc docker: kill signal API should include timeout context
When the Docker driver kills as task, we send a request via the Docker API for
dockerd to fire the signal. We send that signal and then block for the
`kill_timeout` waiting for the container to exit. But if the Docker API
blocks, we will block indefinitely because we haven't configured the API call
with the same timeout.

This changeset is a minimal intervention to add the timeout to the Docker API
call _only_ when we have the `kill_timeout` set. Future work should examine
whether we should be threading contexts through other `go-dockerclient` API
calls.
2020-12-02 16:51:57 -05:00
Chris Baker e1010c9227 added some discussion of HCL parsing context 2020-12-02 20:41:53 +00:00
Seth Hoenig 1e8cab2eec
Merge pull request #9498 from hashicorp/f-update-e2e-cpu
env_aws: run ec2info to update ec2 info
2020-12-02 09:47:27 -06:00
Seth Hoenig 1ca5ea3240 env_aws: run ec2info to update ec2 info
Use `tools/ec2info` to update the generated table of instance types.
`$ go run .`
2020-12-02 09:35:03 -06:00
Tim Gross 74b8375fc9
docs: using interpolation for volumes (#9449)
Expand `volume` and `volume_mount` sections to describe how to use HCL2
dynamic blocks and interpolation to have finer-grained control over how
allocations get volumes.
2020-12-02 08:57:47 -05:00
James Rasell 68e04e9605
Merge pull request #9494 from hashicorp/e2e-poststop-sigterm
lifecycle: update e2e test for service job with new docker signal #8932
2020-12-02 09:06:14 +01:00
Jasmine Dahilig 6ea00284f1 lifecycle: update e2e test for service job with new docker signal #8932 2020-12-01 23:41:32 -08:00
Seth Hoenig 3b2b083cbf
Merge pull request #9487 from hashicorp/f-connect-sidecar-concurrency
consul/connect: default envoy concurrency to 1
2020-12-01 15:51:41 -06:00
Drew Bailey f9f5fe8236
Events switch on memdb change table instead of type to prevent duplicates (#9486)
* prevent duplicate job events

when a job is updated, the job_version table is updated with a structs.Job, this caused there to be multiple job events since we are switching off the change type and not the table

* test length

* add table value to tests
2020-12-01 15:14:05 -05:00
Michael Schurter 8ed8d9f786
Merge pull request #9485 from hashicorp/docs-check-restart
docs: check_restart is broken for group networks
2020-12-01 11:39:45 -08:00
Seth Hoenig bf857684d1 consul/connect: default envoy concurrency to 1
Previously, every Envoy Connect sidecar would spawn as many worker
threads as logical CPU cores. That is Envoy's default behavior when
`--concurrency` is not explicitly set. Nomad now sets the concurrency
flag to 1, which is sensible for the default cpu = 250 Mhz resources
allocated for sidecar proxies. The concurrency value can be configured
in Client configuration by setting `meta.connect.proxy_concurrency`.

Closes #9341
2020-12-01 13:12:45 -06:00
Drew Bailey 1f8e1aa631
pass in msgType for UpsertJob (#9475) 2020-12-01 14:00:52 -05:00
Dave May e045bd3a5e
nomad operator debug - add pprof duration / csi details (#9346)
* debug: add pprof duration CLI argument
* debug: add CSI plugin details
* update help text with ACL requirements
* debug: provide ACL hints upon permission failures
* debug: only write file when pprof retrieve is successful
* debug: add helper function to clean bad characters from dynamic filenames
* debug: ensure files are unable to escape the capture directory
2020-12-01 12:36:05 -05:00
Tim Gross 180d6c7ef5
docs: move agent lifecycle doc under Operations heading (#9411) 2020-12-01 11:55:08 -05:00
Michael Schurter c087a1d46f docs: check_restart is broken for group networks
Add a warning about check_restart being limited to task networks and
link to the relevant issue: #9176.
2020-12-01 08:52:00 -08:00
Michael Schurter ea0e1789f4
Merge pull request #9435 from hashicorp/f-allocupdate-timer
client: always wait 200ms before sending updates
2020-12-01 08:45:17 -08:00
Drew Bailey 9adca240f8
Event Stream: Track ACL changes, unsubscribe on invalidating changes (#9447)
* upsertaclpolicies

* delete acl policies msgtype

* upsert acl policies msgtype

* delete acl tokens msgtype

* acl bootstrap msgtype

wip unsubscribe on token delete

test that subscriptions are closed after an ACL token has been deleted

Start writing policyupdated test

* update test to use before/after policy

* add SubscribeWithACLCheck to run acl checks on subscribe

* update rpc endpoint to use broker acl check

* Add and use subscriptions.closeSubscriptionFunc

This fixes the issue of not being able to defer unlocking the mutex on
the event broker in the for loop.

handle acl policy updates

* rpc endpoint test for terminating acl change

* add comments

Co-authored-by: Kris Hicks <khicks@hashicorp.com>
2020-12-01 11:11:34 -05:00
Drew Bailey 70ae7ec621
return potential errors from txn.Commit (#9483) 2020-12-01 10:05:37 -05:00
Tim Gross 154e62fd3b
docs: warn about Docker auth_soft_fail behavior
If Docker auth helpers are used but aith fails or the image isn't found, we
hard fail the task. Users may set `auth_soft_fail` to fallback to the public
Docker Hub on a per-job basis. But users that mix public and private images
have to set `auth_soft_fail=true` for every job using a public image if Docker
auth helpers are used.
2020-12-01 09:05:35 -05:00
Mark Lewis ec8361fab9 Update proxy.mdx 2020-12-01 08:26:32 -05:00
Mark Lewis 894851a756 Update reschedule.mdx 2020-12-01 08:26:12 -05:00
Mark Lewis 523dad369b Update restart.mdx 2020-12-01 08:22:13 -05:00
Luiz Aoqui 5f4a385070
Merge pull request #9476 from hashicorp/website-update-general-help
website: update general help guidance
2020-11-30 19:29:52 -05:00
Luiz Aoqui 63d6d3b0d1
website: update general help guidance 2020-11-30 19:12:43 -05:00
Benjamin Buzbee e0acbbfcc6
Fix RPC retry logic in nomad client's rpc.go for blocking queries (#9266) 2020-11-30 15:11:10 -05:00
Drew Bailey a0b7f05a7b
Remove Managed Sinks from Nomad (#9470)
* Remove Managed Sinks from Nomad

Managed Sinks were a beta feature in Nomad 1.0-beta2. During the beta
period it was determined that this was not a scalable approach to
support community and third party sinks.

* update comment

* changelog
2020-11-30 14:00:31 -05:00
Seth Hoenig fa6789a087
Merge pull request #9472 from hashicorp/f-connect-upstream-datacenter
consul/connect: enable setting datacenter in upstream
2020-11-30 12:29:05 -06:00
Seth Hoenig d38cd5268a docs: better clarify connect upstream datacenter 2020-11-30 12:28:08 -06:00