Commit graph

20882 commits

Author SHA1 Message Date
Seth Hoenig 8ee9835923 drivers/exec+java: Add task configuration to restore previous PID/IPC isolation behavior
This PR adds pid_mode and ipc_mode options to the exec and java task
driver config options. By default these will defer to the default_pid_mode
and default_ipc_mode agent plugin options created in #9969. Setting
these values to "host" mode disables isolation for the task. Doing so
is not recommended, but may be necessary to support legacy job configurations.

Closes #9970
2021-02-08 14:26:35 -06:00
Nick Ethier 76cb4081f7
Merge pull request #9976 from hashicorp/hack-iptables-isolation
ar: isolate network actions performed by client
2021-02-08 14:15:45 -05:00
Nick Ethier b0a49ff37a
Update CHANGELOG.md 2021-02-08 14:14:39 -05:00
Tim Gross b04a040aed
document that Nomad ENT cannot be downgraded to Nomad OSS 2021-02-08 14:09:45 -05:00
Buck Doyle c22d1114d8
Add handling for license requests in OSS (#9963)
This changes the license-fetching endpoint to respond with 204 in
OSS instead of 501. It closes #9827.
2021-02-08 12:53:06 -06:00
Drew Bailey b5585882e4
address pr comments 2021-02-08 13:43:05 -05:00
Seth Hoenig 85723d6227
Merge pull request #9982 from hashicorp/f-nsiso-driver
drivers/exec+java: Add configuration to restore previous PID/IPC namespace behavior
2021-02-08 11:19:09 -06:00
Seth Hoenig 152534fe21 docs: fixup comments, var names 2021-02-08 10:58:44 -06:00
Seth Hoenig f5cc4c5d44
docs: clarify PID
Co-authored-by: Chris Baker <1675087+cgbaker@users.noreply.github.com>
2021-02-08 10:52:57 -06:00
Seth Hoenig 419044ed08
docs: shorten IPC
Co-authored-by: Chris Baker <1675087+cgbaker@users.noreply.github.com>
2021-02-08 10:52:42 -06:00
Seth Hoenig a911d4ca17
docs: clarify PID
Co-authored-by: Chris Baker <1675087+cgbaker@users.noreply.github.com>
2021-02-08 10:52:31 -06:00
Seth Hoenig 6c101e601d
docs: shorten IPC
Co-authored-by: Chris Baker <1675087+cgbaker@users.noreply.github.com>
2021-02-08 10:52:19 -06:00
Seth Hoenig 0134d2eab9
docs: capitalize posix
Co-authored-by: Chris Baker <1675087+cgbaker@users.noreply.github.com>
2021-02-08 10:52:08 -06:00
Seth Hoenig cb81d38f2e
docs: capitalize posix
Co-authored-by: Chris Baker <1675087+cgbaker@users.noreply.github.com>
2021-02-08 10:51:55 -06:00
Drew Bailey b0cf3ffa54
on_update check_restart e2e 2021-02-08 10:49:25 -05:00
Drew Bailey 8507d54e3b
e2e test for on_update service checks
check_restart not compatible with on_update=ignore

reword caveat
2021-02-08 08:32:40 -05:00
Drew Bailey 82f971f289
OnUpdate configuration for services and checks
Allow for readiness type checks by configuring nomad to ignore warnings
or errors reported by a service check. This allows the deployment to
progress and while Consul handles introducing the sercive into a
resource pool once the check passes.
2021-02-08 08:32:40 -05:00
Seth Hoenig 4bc6e5a215 drivers/exec+java: Add configuration to restore previous PID/IPC namespace behavior.
This PR adds default_pid_mode and default_ipc_mode options to the exec and java
task drivers. By default these will default to "private" mode, enabling PID and
IPC isolation for tasks. Setting them to "host" mode disables isolation. Doing
so is not recommended, but may be necessary to support legacy job configurations.

Closes #9969
2021-02-05 15:52:11 -06:00
Mike Wickett 1fda6a4126
website: update community page to be consistent with other projects (#9863) 2021-02-05 13:54:59 -05:00
Nick Ethier eacc4da499
Merge branch 'master' into b-9477 2021-02-05 11:58:13 -05:00
Alex Chan 768c02eaff
Correct the spelling of heirarchical/hierarchical (#9980) 2021-02-05 09:23:30 -06:00
Alex Iribarren ee15c8e899 Replace &lsquo; and &apos; with ' 2021-02-05 08:36:38 -05:00
Tim Gross eb3dd17fb2 volumes: implement plan diff for volume requests
The details of host volume and CSI volume requests do not show up in `nomad
plan` outputs, although the updates are detected by the scheduler and result
in an update as expected.
2021-02-04 16:55:17 -05:00
Buck Doyle 099162a55c
Change exec URLs to use job’s namespace/region (#9968)
This closes #9966. It was looking at the query parameters
for the namespace and region, but allocation (and task!)
routes don’t have a namespace query parameter. Since the URL
generator requires the job for all calls, it makes sense to
extract the namespace and region from the job instead.
2021-02-04 13:14:15 -06:00
Chris Baker 3c6a3ba63d
Merge pull request #9964 from hashicorp/f-9787-alloc-prefix-cli
add prefix-search and auto-completion for `scaling policy info` command
2021-02-04 10:00:57 -06:00
Chris Baker cbc1506478 changelog for 9964 2021-02-04 15:11:00 +00:00
Chris Baker 84f1902296 scaling policy -verbose flag, plus testing and other recommendations from review 2021-02-04 15:08:13 +00:00
Xopherus 76799c9f07 Fix aws secret key name in autoscaler aws target
- aws secret key is named incorrectly in the target docs.
  It needs to match what is in the nomad-autoscaler repo
  (see link below), otherwise the autoscaler will default to AWS sdk
  behavior, which could end up using an IAM instance profile
  or other environment variables instead of what is passed into the
  autoscaler config file.

Ref: e60fb5268d/plugins/builtin/target/aws-asg/plugin/plugin.go (L27)
2021-02-03 16:56:12 -05:00
Chris Baker 452b738db1 updated "scaling policy info" with prefix search and auto-complete 2021-02-03 21:29:44 +00:00
Chris Baker 02bef2df0a bad boolean logic for List-on-Info commands 2021-02-03 21:29:05 +00:00
Chris Baker 7264823c6f api: added scaling_policy context to global search 2021-02-03 21:28:32 +00:00
Nick Ethier 8c4481287b
Merge pull request #9951 from hashicorp/b-8284
drivers/docker: support mapping multiple host ports to the same container port
2021-02-03 15:04:05 -05:00
Chris Baker ebbb760ec4 support for scaling_policy in global prefix search 2021-02-03 19:26:57 +00:00
Nick Ethier 88793e92b6 ar: isolate network actions performed by client 2021-02-02 23:24:57 -05:00
Nick Ethier 05ea452d2c add changelog item 2021-02-02 23:00:03 -05:00
Nick Ethier d2f192821e drivers/docker: support mapping multiple host ports to the same container port 2021-02-02 22:54:23 -05:00
Nick Ethier 978107ba8d update CHANGELOG 2021-02-02 15:36:31 -05:00
Nick Ethier 43a4d72fda structs: namespace port validation by host_network 2021-02-02 14:56:52 -05:00
Buck Doyle 369d030467
Remove support for IE11 (#9578)
This changes the Babel compilation targets to exclude IE 11,
which results in significant payload size savings.
2021-02-02 13:14:51 -06:00
Michael Lange 455132e990
Merge pull request #9913 from hashicorp/b-ui/cross-region-server-monitor
UI: Cross region server monitor
2021-02-02 11:11:59 -08:00
Chris Baker d53259d111
Merge pull request #9943 from hashicorp/e2e-fix-failing-java-test
e2e packer build: upgrade jdk to java 14
2021-02-02 13:11:32 -06:00
Nick Ethier dc29b679b4
Merge pull request #9937 from hashicorp/b-9728
scheduler: add tests and fix for detected host_network and to port field changes
2021-02-02 13:54:41 -05:00
Buck Doyle e77c685d0d
Update ember-a11y-testing (#9912)
This includes seemingly-unrelated changes because of dependency updates.
2021-02-02 12:45:40 -06:00
Chris Baker b1bb8a760e e2e packer build: upgrade jdk to java 14 2021-02-02 17:33:48 +00:00
Tim Gross b32cb563cd changelog: add issue link for quota enforcement change 2021-02-02 10:31:55 -05:00
Tim Gross 76d880bbda docs: add changelog entry for removing mbits from quotas 2021-02-02 10:10:44 -05:00
Tim Gross 9701d292ce docs: remove mbits examples from documentation 2021-02-02 10:10:44 -05:00
Nick Ethier 93095917dc scheduler: add tests and fix for detected host_network and to port field changes 2021-02-01 15:56:43 -05:00
Mahmood Ali 4693d8f65c
Merge pull request #9936 from hashicorp/b-hcl2-task-env
Allow expressing `meta` and `env` blocks as map attributes as well.

`env` and `meta` should support arbitrary key and values, yet hcl2
restricts the keys to valid identifiers. For example, block attribute
identifiers may not contain dots, `.`, which frequently used in meta
fields, and sometimes in environment variable fields.

By adding attribute syntax support, we maintain backward compatibility and relax the block attribute key restrictions. This change attempts to parse `env`/`meta` both as an attribute and as a
block.

Additionally, the change allows better expressivity for env/meta blocks, using
functions and for expressions. For example, one can reuse a set of environment variables for
multiple tasks, using a local `common_envs` value:

```hcl
env = merge(local.common_envs, {"more_env_key", "..."})
```

Note that the map/attribute compatibility workaround is currently a pattern we recommend for driver config blocks: https://www.nomadproject.io/docs/job-specification/hcl2#blocks . :( Sadly, the document isn't accurate, as only `meta` appearing inside driver config was handled in 1.0.1.

Closes https://github.com/hashicorp/nomad/issues/9606
2021-02-01 13:55:12 -05:00
Buck Doyle 8d1f823c34
Change down to highest-priority composite status (#9927)
As pointed out by Nick Ethier, if a node was ineligible before
it went down, downness should be displayed, not ineligibility.
2021-02-01 12:00:34 -06:00