Commit Graph

16199 Commits

Author SHA1 Message Date
Mahmood Ali 8739cc2a62 refactor reconciler code and address comments 2019-10-17 09:42:23 -04:00
Mahmood Ali c01c6de481 address code review comments 2019-10-17 08:36:02 -04:00
Mahmood Ali 2a63caafba docker: explicit grace period for initial container reconcilation
Ensure we wait for some grace period before killing docker containers
that may have launched in earlier nomad restore.
2019-10-17 08:36:02 -04:00
Mahmood Ali aa59280edc docker: periodically reconcile containers
When running at scale, it's possible that Docker Engine starts
containers successfully but gets wedged in a way where API call fails.
The Docker Engine may remain unavailable for arbitrary long time.

Here, we introduce a periodic reconcilation process that ensures that any
container started by nomad is tracked, and killed if is running
unexpectedly.

Basically, the periodic job inspects any container that isn't tracked in
its handlers.  A creation grace period is used to prevent killing newly
created containers that aren't registered yet.

Also, we aim to avoid killing unrelated containters started by host or
through raw_exec drivers.  The logic is to pattern against containers
environment variables and mounts to infer if they are an alloc docker
container.

Lastly, the periodic job can be disabled to avoid any interference if
need be.
2019-10-17 08:36:01 -04:00
Alvin Huang fd93d9cfcf
remove check for relative url validation (#6504) 2019-10-16 17:50:40 -04:00
Omar Khawaja aa8524bbae
Getting started learn redirect (#6460)
* redirect getting started section to learn

* formatting

* move redirects.txt to source directory
2019-10-16 16:17:29 -04:00
Charlie Voiselle ae8bfce399
Merge pull request #6434 from hashicorp/docs-add-grpc-info
docs: Added grpc info; small style fixes to connect guide
2019-10-16 14:18:20 -04:00
Preetha 79fb1c1682
Merge pull request #6453 from ogadaki/patch-1
fix typo in HCL code
2019-10-16 11:16:53 -05:00
Preetha 988afc1859
Merge pull request #6491 from hashicorp/support-external-redirects
Support external redirects for website
2019-10-16 11:14:22 -05:00
Mahmood Ali 418e0165aa
Merge pull request #6426 from hashicorp/b-dep-go-plugin-8091134
upgrade go-plugin to latest, 8091134
2019-10-16 07:48:29 -04:00
Mahmood Ali 63461ad41c
Merge pull request #6422 from hashicorp/c-api-websocket-mod
api: declare websocket as a dependency
2019-10-16 07:48:11 -04:00
Mahmood Ali 61e66cb077
Merge pull request #6427 from hashicorp/b-fs-endpoint-errors
agent: report fs log errors as http errors
2019-10-15 20:12:59 -04:00
Mahmood Ali 88f8127820 tests: avoid using unnecessary pipe 2019-10-15 17:22:03 -04:00
Mahmood Ali 533120cf5d
Merge pull request #6423 from hashicorp/b-direct-node-failure
cli: recover from client ACL lookup failures
2019-10-15 17:09:59 -04:00
Michael Schurter 229832824d
Merge pull request #6498 from hashicorp/docs-security
docs: link to security page on website
2019-10-15 14:00:47 -07:00
Spencer Owen 2459df5d98 Fix grammar (#6486) 2019-10-15 15:04:57 -05:00
Michael Schurter f731284cea docs: link to security page on website
Add link to https://www.nomadproject.io/security.html
2019-10-15 12:56:48 -07:00
Buck Doyle 9b2fb14e51
UI: Update Ember to 3.12 LTS (#6419)
This is mostly deprecation fixes and blueprint changes. There
are some dependency updates too; the changes to Ember
Basic Dropdown necessitated changing it to angle bracket
component invocation. The conversion of the rest of the
templates will happen separately.
2019-10-15 13:32:58 -05:00
Michael Lange dd0dd8c233
Merge pull request #6466 from hashicorp/b-ui-firefox-log-window-off-screen
Use max-width to ensure the width rule is observed in Firefox
2019-10-15 11:09:20 -07:00
Mahmood Ali e6d5635e1a
Merge pull request #6425 from hashicorp/f-cli-show-full-ids
cli: show full id for single node or alloc status
2019-10-15 10:54:25 -04:00
Mahmood Ali 4e4a9b252c
Merge pull request #6290 from hashicorp/r-generated-code-refactor
dev: avoid codecgen code in downstream projects
2019-10-15 08:22:31 -04:00
Alvin Huang 89e5b6f299 upload external and relative redirects to two dictionaries 2019-10-14 16:55:14 -04:00
Tim Gross c648c4f998
e2e: upgrade terraform to 0.12.x (#6489) 2019-10-14 11:27:08 -04:00
Tim Gross 15e912ddd6
e2e: move remote-exec inline to script (#6488)
A failing script in a `remote-exec` provisioner's `inline` stanza
won't fail the provisioning step. This lets us continue on to execute
tests against potentially broken deployments, rather than letting us
know the provisioning itself failed.
2019-10-14 10:23:41 -04:00
Danielle fee482ae6c
Merge pull request #6331 from hashicorp/dani/f-volume-mount-propagation
volumes: Add support for mount propagation
2019-10-14 14:29:40 +02:00
Danielle Lancashire 4fbcc668d0
volumes: Add support for mount propagation
This commit introduces support for configuring mount propagation when
mounting volumes with the `volume_mount` stanza on Linux targets.

Similar to Kubernetes, we expose 3 options for configuring mount
propagation:

- private, which is equivalent to `rprivate` on Linux, which does not allow the
           container to see any new nested mounts after the chroot was created.

- host-to-task, which is equivalent to `rslave` on Linux, which allows new mounts
                that have been created _outside of the container_ to be visible
                inside the container after the chroot is created.

- bidirectional, which is equivalent to `rshared` on Linux, which allows both
                 the container to see new mounts created on the host, but
                 importantly _allows the container to create mounts that are
                 visible in other containers an don the host_

private and host-to-task are safe, but bidirectional mounts can be
dangerous, as if the code inside a container creates a mount, and does
not clean it up before tearing down the container, it can cause bad
things to happen inside the kernel.

To add a layer of safety here, we require that the user has ReadWrite
permissions on the volume before allowing bidirectional mounts, as a
defense in depth / validation case, although creating mounts should also require
a priviliged execution environment inside the container.
2019-10-14 14:09:58 +02:00
Alvin Huang 465d9da8c7 repoint deploy script to new redirects file location 2019-10-12 23:17:19 -04:00
Alvin Huang 18dc2ed8d7 generate a _redirects for netlify previews 2019-10-12 23:17:03 -04:00
Alvin Huang a89b2f037d move redirects.txt into source/ for netlify previews 2019-10-12 23:16:23 -04:00
Michael Lange 2949a38f7c
Merge pull request #6396 from hashicorp/d-updated-ui-guides
Docs: Updated UI guides
2019-10-11 10:33:37 -07:00
Luiz Aoqui 14cda1aa0a
Merge pull request #6473 from hashicorp/docs-fix-acl-prefix-param
docs: fix ACL `prefix` param documentation
2019-10-11 10:51:34 -04:00
Luiz Aoqui 488a2f6f3a
docs: fix ACL `prefix` param documentation 2019-10-11 10:28:44 -04:00
Danielle a17a0cde80
Merge pull request #6472 from hashicorp/b-docs-config
docs: Update stateful workloads guide to reflect rc-1 config changes
2019-10-11 15:08:12 +02:00
Danielle 71fe2bd981
Merge pull request #6071 from hashicorp/dani/hclfmt
make: Add task for formatting hcl/nomad files
2019-10-11 15:08:00 +02:00
Danielle Lancashire 199d24d6bf
chore: initial hclfmt 2019-10-11 14:00:05 +02:00
Danielle Lancashire 935c86b404
make: Add make task for formatting HCL 2019-10-11 13:59:22 +02:00
Danielle Lancashire 4056899708
docs: Update stateful workloads guide to reflect rc-1 config changes 2019-10-11 13:45:28 +02:00
Danielle 2640155ae5
Merge pull request #6429 from hashicorp/f-log-to-file
Add support for logging to a file
2019-10-11 13:35:39 +02:00
Michael Schurter 7ece26cf8a
Merge pull request #6469 from hashicorp/docs-0100-rc1
docs: 0.10.0-beta1 -> 0.10.0-rc1
2019-10-10 13:36:25 -07:00
Michael Schurter 9d85df26dd docs: 0.10.0-beta1 -> 0.10.0-rc1 2019-10-10 13:09:19 -07:00
Michael Schurter ce09070176
Merge pull request #6465 from hashicorp/docs-nobeta
docs: remove beta flag from connect
2019-10-10 13:05:45 -07:00
Lang Martin 1f8a538186
Merge pull request #6467 from hashicorp/test-disable-test-rkt
circleci: disable test-rkt, which is deprecated and often fails
2019-10-10 15:49:46 -04:00
Michael Schurter 9b073b8113
Merge pull request #6468 from hashicorp/release-fix-dist
release: tag on HEAD not master
2019-10-10 11:55:34 -07:00
Michael Schurter d29ff2a1b0 release: tag on HEAD not master 2019-10-10 11:49:59 -07:00
Michael Schurter 890409864d
Merge pull request #6464 from hashicorp/docs-noraft
docs: drop raft from 0.10.0 upgrade guide
2019-10-10 11:13:00 -07:00
Lang Martin d1e173c476 circleci: disable test-rkt, which is deprecated and often fails 2019-10-10 13:46:33 -04:00
Michael Lange d6bbd0f9e5 Use max-width to ensure the width rule is observed in Firefox 2019-10-10 10:34:33 -07:00
Michael Schurter a32aa7c819 docs: remove beta flag from connect 2019-10-10 10:31:06 -07:00
Michael Schurter dd7b9adcf8 docs: drop raft from 0.10.0 upgrade guide
Unforutunately we are not changing the default for 0.10.0 and the 0.8
upgrade docs are more detailed when it comes to manually updating your
version.
2019-10-10 10:22:36 -07:00
Danielle Lancashire 5cedf6d024
logging: Correctly track number of written bytes
Currently this assumes that a short write will never happen. While these
are improbable in a case where rotation being off a few bytes would
matter, this now correctly tracks the number of written bytes.
2019-10-10 14:02:14 +02:00