Commit graph

70 commits

Author SHA1 Message Date
Drew Bailey 9874e7b21d
Group shutdown delay fixes
Group shutdown delay updates were not properly handled in Update hook.
This commit also ensures that plan output is displayed.
2020-04-06 11:29:12 -04:00
Seth Hoenig 14c7cebdea connect: enable automatic expose paths for individual group service checks
Part of #6120

Building on the support for enabling connect proxy paths in #7323, this change
adds the ability to configure the 'service.check.expose' flag on group-level
service check definitions for services that are connect-enabled. This is a slight
deviation from the "magic" that Consul provides. With Consul, the 'expose' flag
exists on the connect.proxy stanza, which will then auto-generate expose paths
for every HTTP and gRPC service check associated with that connect-enabled
service.

A first attempt at providing similar magic for Nomad's Consul Connect integration
followed that pattern exactly, as seen in #7396. However, on reviewing the PR
we realized having the `expose` flag on the proxy stanza inseperably ties together
the automatic path generation with every HTTP/gRPC defined on the service. This
makes sense in Consul's context, because a service definition is reasonably
associated with a single "task". With Nomad's group level service definitions
however, there is a reasonable expectation that a service definition is more
abstractly representative of multiple services within the task group. In this
case, one would want to define checks of that service which concretely make HTTP
or gRPC requests to different underlying tasks. Such a model is not possible
with the course `proxy.expose` flag.

Instead, we now have the flag made available within the check definitions themselves.
By making the expose feature resolute to each check, it is possible to have
some HTTP/gRPC checks which make use of the envoy exposed paths, as well as
some HTTP/gRPC checks which make use of some orthongonal port-mapping to do
checks on some other task (or even some other bound port of the same task)
within the task group.

Given this example,

group "server-group" {
  network {
    mode = "bridge"
    port "forchecks" {
      to = -1
    }
  }

  service {
    name = "myserver"
    port = 2000

    connect {
      sidecar_service {
      }
    }

    check {
      name     = "mycheck-myserver"
      type     = "http"
      port     = "forchecks"
      interval = "3s"
      timeout  = "2s"
      method   = "GET"
      path     = "/classic/responder/health"
      expose   = true
    }
  }
}

Nomad will automatically inject (via job endpoint mutator) the
extrapolated expose path configuration, i.e.

expose {
  path {
    path            = "/classic/responder/health"
    protocol        = "http"
    local_path_port = 2000
    listener_port   = "forchecks"
  }
}

Documentation is coming in #7440 (needs updating, doing next)

Modifications to the `countdash` examples in https://github.com/hashicorp/demo-consul-101/pull/6
which will make the examples in the documentation actually runnable.

Will add some e2e tests based on the above when it becomes available.
2020-03-31 17:15:50 -06:00
Michael Schurter 2dcc85bed1 jobspec: fixup vault_grace deprecation
Followup to #7170

- Moved canonicalization of VaultGrace back into `api/` package.
- Fixed tests.
- Made docs styling consistent.
2020-03-10 14:58:49 -07:00
Fredrik Hoem Grelland edb3bd0f3f Update consul-template to v0.24.1 and remove deprecated vault_grace (#7170) 2020-02-23 16:24:53 +01:00
Seth Hoenig 0e44094d1a client: enable configuring enable_tag_override for services
Consul provides a feature of Service Definitions where the tags
associated with a service can be modified through the Catalog API,
overriding the value(s) configured in the agent's service configuration.

To enable this feature, the flag enable_tag_override must be configured
in the service definition.

Previously, Nomad did not allow configuring this flag, and thus the default
value of false was used. Now, it is configurable.

Because Nomad itself acts as a state machine around the the service definitions
of the tasks it manages, it's worth describing what happens when this feature
is enabled and why.

Consider the basic case where there is no Nomad, and your service is provided
to consul as a boring JSON file. The ultimate source of truth for the definition
of that service is the file, and is stored in the agent. Later, Consul performs
"anti-entropy" which synchronizes the Catalog (stored only the leaders). Then
with enable_tag_override=true, the tags field is available for "external"
modification through the Catalog API (rather than directly configuring the
service definition file, or using the Agent API). The important observation
is that if the service definition ever changes (i.e. the file is changed &
config reloaded OR the Agent API is used to modify the service), those
"external" tag values are thrown away, and the new service definition is
once again the source of truth.

In the Nomad case, Nomad itself is the source of truth over the Agent in
the same way the JSON file was the source of truth in the example above.
That means any time Nomad sets a new service definition, any externally
configured tags are going to be replaced. When does this happen? Only on
major lifecycle events, for example when a task is modified because of an
updated job spec from the 'nomad job run <existing>' command. Otherwise,
Nomad's periodic re-sync's with Consul will now no longer try to restore
the externally modified tag values (as long as enable_tag_override=true).

Fixes #2057
2020-02-10 08:00:55 -06:00
Tim Gross cd9c23617f
client/connect: ConsulProxy LocalServicePort/Address (#6358)
Without a `LocalServicePort`, Connect services will try to use the
mapped port even when delivering traffic locally. A user can override
this behavior by pinning the port value in the `service` stanza but
this prevents us from using the Consul service name to reach the
service.

This commits configures the Consul proxy with its `LocalServicePort`
and `LocalServiceAddress` fields.
2019-09-23 14:30:48 -04:00
Tim Gross 7dc6ee2d27 structs: add taskgroup networks and services to plan diffs
Adds a check for differences in `job.Diff` so that task group networks
and services, including new Consul connect stanzas, show up in the job
plan outputs.
2019-08-20 16:18:30 -04:00
Tim Gross a0e923f46c add optional task field to group service checks 2019-08-20 09:35:31 -04:00
Nick Ethier 6c160df689
fix tests from introducing new struct fields 2019-07-31 01:03:16 -04:00
Lang Martin b5fd735960 add update AutoPromote bool 2019-05-22 12:32:08 -04:00
Alex Dadgar fbe4d67d1b fix iops related tests 2018-12-12 14:32:22 -08:00
Alex Dadgar 1e3c3cb287 Deprecate IOPS
IOPS have been modelled as a resource since Nomad 0.1 but has never
actually been detected and there is no plan in the short term to add
detection. This is because IOPS is a bit simplistic of a unit to define
the performance requirements from the underlying storage system. In its
current state it adds unnecessary confusion and can be removed without
impacting any users. This PR leaves IOPS defined at the jobspec parsing
level and in the api/ resources since these are the two public uses of
the field. These should be considered deprecated and only exist to allow
users to stop using them during the Nomad 0.9.x release. In the future,
there should be no expectation that the field will exist.
2018-12-06 15:09:26 -08:00
Alex Dadgar a2a56a930c Diff 2018-10-08 17:02:58 -07:00
Preetha Appan e85a721cfb
Include affinities in job and task diff, and more test cases 2018-09-04 16:10:11 -05:00
Preetha Appan 9f0caa9c3d
Affinity parsing, api and structs 2018-09-04 16:10:11 -05:00
Nick Ethier a581cc9c01
nomad/structs: fix job diff test 2018-06-11 13:06:49 -04:00
Alex Dadgar f4af30fbb5
Canary tags structs 2018-05-07 14:50:01 -05:00
Alex Dadgar ee50789c22
Initial implementation 2018-05-07 14:50:01 -05:00
Michael Schurter a4caf8208b tests: fix grpc fields in task diff 2018-05-04 11:08:45 -07:00
Preetha Appan 33e170c15d
s/linear/constant/g 2018-03-26 14:45:09 -05:00
Preetha Appan 9a5e6edf1f
Rename DelayCeiling to MaxDelay 2018-03-14 16:10:32 -05:00
Preetha Appan 10c9662222
New delayed rescheduling options, validation function and unit tests 2018-03-14 16:10:32 -05:00
Preetha Appan 8408835af8
Wrap reschedule events in another struct and other review feedback 2018-01-31 09:56:53 -06:00
Michael Schurter af8964e896 Improve port label validation and diff testing 2017-12-08 12:03:43 -08:00
Michael Schurter 0e0ea82916 Test Check.Header add/removes 2017-09-28 17:08:43 -07:00
Michael Schurter f9b66cbb60 Diff CheckRestart objects 2017-09-28 14:06:18 -07:00
Michael Schurter 9a466bcf5e Add diff support for ServiceCheck.Header 2017-08-17 16:49:14 -07:00
Michael Schurter 8fdd58f55e Fix ShutdownDelay diff test 2017-08-17 14:05:51 -07:00
Michael Schurter d529b422b2 Add optional shutdown delay to tasks
Fixes #2441

Defaults to 0 (no delay) for backward compat and because this feature
should be opt-in.
2017-08-16 17:59:46 -07:00
Alex Dadgar 4a88c4133d Fix broken Template Diff Test 2017-08-08 11:09:27 -07:00
Michael Schurter 0d3bdf7210 Add support for go-getter modes
Fixes #2678
2017-07-06 10:45:44 -07:00
Michael Schurter 8d440b1675 Skip DRIVER env vars for labels without a port mapping 2017-06-21 17:19:08 -07:00
Michael Schurter 26ee0e6051 Fix diff test 2017-05-26 17:05:14 -07:00
Alex Dadgar 10b040aea3 New update block; still need to handle the upgrade path 2017-05-08 17:44:26 -07:00
Michael Schurter 5c621980da Fix diff test + bonus upgrade to subtests 2017-04-19 12:42:48 -07:00
Alex Dadgar e7b128271f Diff code fixes 2017-04-16 16:54:40 -07:00
Alex Dadgar 3b323603b5 Fix diff alignment and remove no change DC
Old Output:
```
+/- Job: "example"
    Datacenters {
  Datacenters: "dc1"
}
+/- Task Group: "cache" (1 create/destroy update)
  +/- RestartPolicy {
    +/- Attempts: "10" => "9"
        Delay:    "25000000000"
        Interval: "300000000000"
        Mode:     "delay"
  }
  +/- EphemeralDisk {
        Migrate: "false"
    +/- SizeMB:  "300" => "301"
        Sticky:  "false"
  }
  +/- Task: "redis" (forces create/destroy update)
    +   Meta[key]: "value"
    +/- Config {
          image:           "redis:3.2"
      +/- port_map[0][db]: "6379" => "6380"
    }
    +/- Resources {
          CPU:      "500"
          DiskMB:   "0"
          IOPS:     "0"
      +/- MemoryMB: "256" => "257"
    }
    +/- Service {
          Name:      "global-redis-check"
          PortLabel: "db"
      +/- Check {
            Command:       ""
            InitialStatus: ""
            Interval:      "10000000000"
            Name:          "alive"
            Path:          ""
            PortLabel:     ""
            Protocol:      ""
        +/- Timeout:       "2000000000" => "3000000000"
            Type:          "tcp"
      }
    }
```

New Output:
```
+/- Job: "example"
+/- Task Group: "cache" (1 create/destroy update)
  +/- RestartPolicy {
    +/- Attempts: "10" => "9"
        Delay:    "25000000000"
        Interval: "300000000000"
        Mode:     "delay"
      }
  +/- EphemeralDisk {
        Migrate: "false"
    +/- SizeMB:  "300" => "301"
        Sticky:  "false"
      }
  +/- Task: "redis" (forces create/destroy update)
    +   Meta[key]: "value"
    +/- Config {
          image:           "redis:3.2"
      +/- port_map[0][db]: "6379" => "6380"
        }
    +/- Resources {
          CPU:      "500"
          DiskMB:   "0"
          IOPS:     "0"
      +/- MemoryMB: "256" => "257"
        }
    +/- Service {
          Name:      "global-redis-check"
          PortLabel: "db"
      +/- Check {
            Command:       ""
            InitialStatus: ""
            Interval:      "10000000000"
            Name:          "alive"
            Path:          ""
            PortLabel:     ""
            Protocol:      ""
        +/- Timeout:       "2000000000" => "3000000000"
            Type:          "tcp"
          }
        }
```
2017-03-21 11:42:10 -07:00
Alex Dadgar df9ce2680b Fix output alignment and remove no-change DC
Old Output:

```
+/- Job: "example"
    Datacenters {
  Datacenters: "dc1"
}
+/- Task Group: "cache" (1 create/destroy update)
  +/- RestartPolicy {
    +/- Attempts: "10" => "9"
        Delay:    "25000000000"
        Interval: "300000000000"
        Mode:     "delay"
  }
  +/- EphemeralDisk {
        Migrate: "false"
    +/- SizeMB:  "300" => "301"
        Sticky:  "false"
  }
  +/- Task: "redis" (forces create/destroy update)
    +   Meta[key]: "value"
    +/- Config {
          image:           "redis:3.2"
      +/- port_map[0][db]: "6379" => "6380"
    }
    +/- Resources {
          CPU:      "500"
          DiskMB:   "0"
          IOPS:     "0"
      +/- MemoryMB: "256" => "257"
    }
    +/- Service {
          Name:      "global-redis-check"
          PortLabel: "db"
      +/- Check {
            Command:       ""
            InitialStatus: ""
            Interval:      "10000000000"
            Name:          "alive"
            Path:          ""
            PortLabel:     ""
            Protocol:      ""
        +/- Timeout:       "2000000000" => "3000000000"
            Type:          "tcp"
      }
    }
```

New Output:

```
+/- Job: "example"
+/- Task Group: "cache" (1 create/destroy update)
  +/- RestartPolicy {
    +/- Attempts: "10" => "9"
        Delay:    "25000000000"
        Interval: "300000000000"
        Mode:     "delay"
      }
  +/- EphemeralDisk {
        Migrate: "false"
    +/- SizeMB:  "300" => "301"
        Sticky:  "false"
      }
  +/- Task: "redis" (forces create/destroy update)
    +   Meta[key]: "value"
    +/- Config {
          image:           "redis:3.2"
      +/- port_map[0][db]: "6379" => "6380"
        }
    +/- Resources {
          CPU:      "500"
          DiskMB:   "0"
          IOPS:     "0"
      +/- MemoryMB: "256" => "257"
        }
    +/- Service {
          Name:      "global-redis-check"
          PortLabel: "db"
      +/- Check {
            Command:       ""
            InitialStatus: ""
            Interval:      "10000000000"
            Name:          "alive"
            Path:          ""
            PortLabel:     ""
            Protocol:      ""
        +/- Timeout:       "2000000000" => "3000000000"
            Type:          "tcp"
          }
        }
```
2017-03-21 11:31:06 -07:00
Alex Dadgar 5be806a3df Fix vet script and fix vet problems
This PR fixes our vet script and fixes all the missed vet changes.

It also fixes pointers being printed in `nomad stop <job>` and `nomad
node-status <node>`.
2017-02-27 16:00:19 -08:00
Alex Dadgar 471d63d5ff Fix diff 2017-02-15 15:23:29 -08:00
Alex Dadgar 96c17714cf Fix test 2017-02-13 14:31:22 -08:00
Alex Dadgar 3ba8faeae3 Add leader task to api and server side 2017-02-10 16:57:47 -08:00
Alex Dadgar 6b7efa1ba6 Template destination file permissions.
This PR allows setting the file permissions of the rendered template.
2017-01-31 20:10:01 -08:00
Alex Dadgar 2057acea3e missing tests 2017-01-25 21:27:44 -08:00
Alex Dadgar 8196a58c4c Rename dispatch_input to dispatch_payload 2017-01-25 21:27:44 -08:00
Michael Schurter 3c7e50bc1b Fix tests 2017-01-20 17:04:52 -08:00
Michael Schurter 1f7b5b4b47 Rename Constructor -> Parameterized Job 2017-01-20 12:43:10 -08:00
Alex Dadgar d8de7b59a5 JobDiff 2016-12-15 15:40:18 -08:00
Alex Dadgar d6606ecbe5 tests 2016-10-18 14:54:14 -07:00
Alex Dadgar 68c5fe78f8 Tests 2016-10-06 15:17:34 -07:00