Commit graph

121 commits

Author SHA1 Message Date
Nick Ethier 8efa3c355a website: add mbits field back to network docs with notice 2020-11-23 10:11:00 -06:00
Tim Gross b844aeabae docs: template signal change_mode not compatible with env
Only `change_mode = "restart"` will result in the template environment
variables being updated in the task. Clarify the behavior of the unsupported
options.
2020-11-23 10:11:03 -05:00
Tim Gross 6cc5c40cdb docs: clarify default signal for raw_exec on Windows 2020-11-20 13:25:48 -05:00
Tim Gross 716451b793 docs: template behavior warnings
* vault secrets named with `-` characters cannot be read by `consul-template`
  due to limitations in golang's template rendering engine.
* environment variables are not modified in running tasks if
`change_mode.noop` is set.
2020-11-19 16:06:48 -05:00
Tim Gross 47ce5ff471 docs: expand artifact getter options
Adds an example of using HTTP Basic Auth, git options, and using HCL2 syntax
to encode an SSH key from file.
2020-11-19 12:07:02 -05:00
Michael Schurter cb9f9800bf docs: document artifact bug #6929 2020-11-17 22:00:21 -08:00
Seth Hoenig bb8a5816a0 jobspec: add support for headers in artifact stanza
This PR adds the ability to set HTTP headers when downloading
an artifact from an `http` or `https` resource.

The implementation in `go-getter` is such that a new `HTTPGetter`
must be created for each artifact that sets headers (as opposed
to conveniently setting headers per-request). This PR maintains
the memoization of the default Getter objects, creating new ones
only for artifacts where headers are set.

Closes #9306
2020-11-13 12:03:54 -06:00
Tim Gross c15a16301e
docs: internals documentation for alloc filesystem (#9195)
We recently added documentation disambiguating the terminology of the
allocation/task working directories. This changeset adds an internals document
that describes in more detail exactly what does into the allocation working
directory, how this interacts with the filesystem isolation provided by task
drivers, and how this interacts with features like `artifact` and `template`.

Co-authored-by: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
2020-11-04 09:59:19 -05:00
Mahmood Ali 895fa1e3fa
First draft of HCLv2 docs (#9218)
This is a first draft of HCLv2 docs - I added the details under hcl2 doc with some minimal info highlighting the hcl2 introductions.

As a longer term strategy, we'll want to mimic the Packer HCL docs structure that details all the blocks and allowed expressions/functions in greater details. However, given that the exact functions and templating syntax is still somewhat influx, I opt to push that to another time.
2020-11-02 12:27:53 -05:00
Tim Gross 6c2df5d64c
docs: remove outdated reference to template.allow_host_source (#9237)
The `template.allow_host_source` configuration was not operable, leading to
the recent security patch in 0.12.6. We forgot to update this piece of the
documentation referring to the correct configuration value.
2020-10-30 15:56:37 -04:00
Michael Schurter 2c78d6cb5d docs: namespaces are oss in Nomad 1.0 2020-10-22 15:26:32 -07:00
Tim Gross fbf98543f2 clarify raw_exec doesn't have filesystem isolation 2020-10-16 11:38:23 -04:00
Tim Gross a3561a3d96 fix anchor links 2020-10-16 11:02:49 -04:00
Tim Gross 5c4fdd006c docs: clarify task working directories
The terms task directory and allocation directory are used throughout the
documentation but these directories are not the same as the `NOMAD_TASK_DIR`
and `NOMAD_ALLOC_DIR` locations. This is confusing when trying to use the
`template` and `artifact` stanzas, especially when trying to use a destination
outside the Nomad-mounted directories for Docker and similar drivers.

This changeset introduces "allocation working directory" to mean the location
on disk where the various directories and artifacts are staged, and "task
working directory" for the task. Clarify how specific task drivers interact
with the task working directory.
2020-10-16 11:02:49 -04:00
Nick Ethier 4903e5b114
Consul with CNI and host_network addresses (#9095)
* consul: advertise cni and multi host interface addresses

* structs: add service/check address_mode validation

* ar/groupservices: fetch networkstatus at hook runtime

* ar/groupservice: nil check network status getter before calling

* consul: comment network status can be nil
2020-10-15 15:32:21 -04:00
Seth Hoenig ed13e5723f consul/connect: dynamically select envoy sidecar at runtime
As newer versions of Consul are released, the minimum version of Envoy
it supports as a sidecar proxy also gets bumped. Starting with the upcoming
Consul v1.9.X series, Envoy v1.11.X will no longer be supported. Current
versions of Nomad hardcode a version of Envoy v1.11.2 to be used as the
default implementation of Connect sidecar proxy.

This PR introduces a change such that each Nomad Client will query its
local Consul for a list of Envoy proxies that it supports (https://github.com/hashicorp/consul/pull/8545)
and then launch the Connect sidecar proxy task using the latest supported version
of Envoy. If the `SupportedProxies` API component is not available from
Consul, Nomad will fallback to the old version of Envoy supported by old
versions of Consul.

Setting the meta configuration option `meta.connect.sidecar_image` or
setting the `connect.sidecar_task` stanza will take precedence as is
the current behavior for sidecar proxies.

Setting the meta configuration option `meta.connect.gateway_image`
will take precedence as is the current behavior for connect gateways.

`meta.connect.sidecar_image` and `meta.connect.gateway_image` may make
use of the special `${NOMAD_envoy_version}` variable interpolation, which
resolves to the newest version of Envoy supported by the Consul agent.

Addresses #8585 #7665
2020-10-13 09:14:12 -05:00
Tim Gross 98a70d789e
docs: inclusive language configuration changes (#9069) 2020-10-13 08:02:29 -04:00
Tim Gross 67817068e0
docs: show distinct_hosts constraint for CSI plugins (#9052)
CSI plugins with the same plugin ID and type (controller, node, monolith) will
collide on a host, both in the communication socket and in the dynamic plugin
registry. Until this can be fixed, leave notice to operators in the
documentation.
2020-10-08 16:55:55 -04:00
Tim Gross 29a5454894
csi: loosen ValidateVolumeCapability requirements (#9049)
The CSI specification for `ValidateVolumeCapability` says that we shall
"reconcile successful capability-validation responses by comparing the
validated capabilities with those that it had originally requested" but leaves
the details of that reconcilation unspecified. This API is not implemented in
Kubernetes, so controller plugins don't have a real-world implementation to
verify their behavior against.

We have found that CSI plugins in the wild may return "successful" but
incomplete `VolumeCapability` responses, so we can't require that all
capabilities we expect have been validated, only that the ones that have been
validated match. This appears to violate the CSI specification but until
that's been resolved in upstream we have to loosen our validation
requirements. The tradeoff is that we're more likely to have runtime errors
during `NodeStageVolume` instead of at the time of volume registration.
2020-10-08 12:53:24 -04:00
Tim Gross 16913bf3a1
docs: CSI mount_options are available only for filesystem vols (#9043)
The CSI specification allows only the `file-system` attachment mode to have
mount options. The `block-device` mode is left "intentionally empty, for now"
in the protocol. We should be validating against this problem, but our
documentation also had it backwards.

Also adds missing mount_options on group volume.
2020-10-08 08:49:43 -04:00
Seth Hoenig e48605809b
Merge pull request #9008 from luhhujbb/doc-portmap
[doc] fix deprecated port_map example
2020-10-05 12:25:53 -05:00
Ryan Oaks 536aab271d Format docs website code and mdx 2020-10-02 13:31:40 -04:00
Jean-Baptiste Besselat ffd085b3d9 [doc] fix deprecated port_map example 2020-10-02 14:39:48 +02:00
Charlie Voiselle 9d85195361
[docs] Update redirects and links for learn.hashicorp.com (#8598)
* Fix links to ACL guides
* Managing Nomad guide links; links in jsx pages
* job updates guide URLS
* node-drain guide URLS
* outage recovery guide links
* fix guide links - sentinel
* fix guide links - namespaces
* fix guide links - quotas
* fix guide links - autopilot
* more guide links.
* more guide links - continued.
* Updating redirects for learn
* Getting Started
* Load Balancing Guides
* update redirects for ui guide
* Consolidate spark redirects to point to GH repo
* operating job update part 1
* finish operating job links; operations guides links.
* finish guide redirects
* coalesce EOL redirects for spark guides.
* one last link
* Checked links and found a few more stray links
* Found more .htmls
* Fixup links for new HC websites
* Post-merge fixups
* linkcheck caught missing ids
2020-09-29 12:48:32 -04:00
Seth Hoenig af9543c997 consul: fix validation of task in group-level script-checks
When defining a script-check in a group-level service, Nomad needs to
know which task is associated with the check so that it can use the
correct task driver to execute the check.

This PR fixes two bugs:
1) validate service.task or service.check.task is configured
2) make service.check.task inherit service.task if it is itself unset

Fixes #8952
2020-09-28 15:02:59 -05:00
Luiz Aoqui f024e6af5f
Merge pull request #8811 from hashicorp/docs/fix-local-service-port
docs: fix type for `local_service_port`
2020-09-17 10:04:36 -04:00
Mahmood Ali 4f3daaaeaa
Merge pull request #8789 from hashicorp/docs-fix-group-link
docs: Fix group link in job spec docs
2020-09-17 08:30:49 -05:00
Mahmood Ali f41cf9c67b Update website with network mbit deprecation 2020-09-16 11:06:35 -04:00
Luiz Aoqui e4073ab8de
docs: add entry for volume_mount in task 2020-09-01 18:59:05 -04:00
Luiz Aoqui 0ecf4183cd
docs: fix type for local_service_port 2020-09-01 18:38:01 -04:00
Mahmood Ali 70403632cf docs: Fix group link in job spec docs 2020-08-31 20:36:57 -04:00
Seth Hoenig 5b072029f2 consul/connect: add initial support for ingress gateways
This PR adds initial support for running Consul Connect Ingress Gateways (CIGs) in Nomad. These gateways are declared as part of a task group level service definition within the connect stanza.

```hcl
service {
  connect {
    gateway {
      proxy {
        // envoy proxy configuration
      }
      ingress {
        // ingress-gateway configuration entry
      }
    }
  }
}
```

A gateway can be run in `bridge` or `host` networking mode, with the caveat that host networking necessitates manually specifying the Envoy admin listener (which cannot be disabled) via the service port value.

Currently Envoy is the only supported gateway implementation in Consul, and Nomad only supports running Envoy as a gateway using the docker driver.

Aims to address #8294 and tangentially #8647
2020-08-21 16:21:54 -05:00
Seth Hoenig e9044c47cd consul: clarify consecutive checks in docs 2020-08-10 14:08:09 -05:00
Seth Hoenig fd4804bf26 consul: able to set pass/fail thresholds on consul service checks
This change adds the ability to set the fields `success_before_passing` and
`failures_before_critical` on Consul service check definitions. This is a
feature added to Consul v1.7.0 and later.
  https://www.consul.io/docs/agent/checks#success-failures-before-passing-critical

Nomad doesn't do much besides pass the fields through to Consul.

Fixes #6913
2020-08-10 14:08:09 -05:00
Tim Gross 3169839653
docs: always use -ignore-system on node drain with CSI (#8606)
Postrun hooks for allocation runners don't currently block the registration of
terminal health with the servers, which is what allows system jobs to be
drained. So draining nodes with jobs that claim CSI volumes requires the
`-ignore-system` job to ensure that the postrun hook for service jobs gets a
chance to execute.
2020-08-07 11:22:28 -04:00
Luiz Aoqui 602d3373ed
docs: fix Consul Connect log_level meta key 2020-08-05 17:01:03 -04:00
Buck Doyle bf056b3011
Change capitalisation
Co-authored-by: Tim Gross <tgross@hashicorp.com>
2020-07-30 10:09:47 -05:00
Buck Doyle 7855adf127 Add documentation for job name parameter 2020-07-30 10:03:50 -05:00
Buck Doyle adada0d5b0
Fix placement invocations (#8558) 2020-07-30 09:56:58 -05:00
Drew Bailey b296558b8e
oss compoments for multi-vault namespaces
adds in oss components to support enterprise multi-vault namespace feature

upgrade specific doc on vault multi-namespaces

vault docs

update test to reflect new error
2020-07-24 10:14:59 -04:00
James Rasell 71d9c23e47
docs: clarify scaling stanza is not supported within system jobs. 2020-07-24 10:05:38 +02:00
Michael Schurter 8340ad4da8 docs: s/hearbeat/heartbeat and fix link
Also fixed the same typo in a test. Fixing the typo fixes the link, but
the link was still broken when running the website locally due to the
trailing slash. It would have worked in prod thanks to redirects, but
using the canonical URL seems ideal.
2020-07-23 11:33:34 -07:00
Nick Ethier 5167bae0d5
website: remove usage of task network stanza (#8498)
* website: remove usage of task network stanza and add documentation for group network and service stanzas

* docs: fix broken link in client config

* Update website/pages/docs/job-specification/group.mdx

Co-authored-by: Seth Hoenig <shoenig@hashicorp.com>

* Update website/pages/docs/job-specification/group.mdx

Co-authored-by: Seth Hoenig <shoenig@hashicorp.com>

Co-authored-by: Seth Hoenig <shoenig@hashicorp.com>
2020-07-23 09:18:59 -04:00
Charlie Voiselle baaab98a0d
[docs] Reschedule does happen during deployments 2020-07-14 16:29:30 -04:00
Michael Schurter 64e81f0549
Merge pull request #7042 from hashicorp/docs-healthy-deadline
docs: clarify healthy/progress_deadline relationship
2020-07-13 08:40:11 -07:00
Seth Hoenig 61b1aa5775
Merge pull request #8417 from hashicorp/docs-docker-kill-signal
docs: clarify kill_signal default for docker
2020-07-10 11:50:21 -05:00
Seth Hoenig 21a74b4bd4 docs: clarify kill_signal default for docker
Before docker, the only default was `SIGINT` for `kill_signal`. The
docker driver however defaults to `SIGTERM`, and we should document
as such.

Fixes #7140
2020-07-10 09:57:49 -05:00
James Rasell d517c2e1d5
docs: fix minor incorrect syntax in autoscaling plugin docs.
This changes fixes a syntax error in the autoscaling apm plugin
docs as well as updates the scaling stanza doc. The stazna wording
implied its use was only for external autoscalers, whereas it also
is used by the UI.
2020-07-10 16:07:29 +02:00
Nick Ethier 119ece09a0
docs: add CNI and host_network docs (#8391)
Co-authored-by: Seth Hoenig <shoenig@hashicorp.com>
2020-07-08 15:45:04 -04:00
Seth Hoenig 1a75da0ce0 consul/connect: infer task name in service if possible
Before, the service definition for a Connect Native service would always
require setting the `service.task` parameter. Now, that parameter is
automatically inferred when there is only one task in the task group.

Fixes #8274
2020-07-08 13:31:44 -05:00