Commit Graph

939 Commits

Author SHA1 Message Date
hc-github-team-nomad-core 9f804b0b4c
backport of commit 46442f441f8de8d22dbc243af041aa38c58bd6bc (#19158)
Co-authored-by: Jorge Marey <6938602+jorgemarey@users.noreply.github.com>
2023-11-23 10:58:50 -05:00
Charlie Voiselle 78d7c2bbee
backport of commit 659c0945fc35a2a0a999be7ce531beb55cfeeeab (#19004) (#19129)
[core] Honor job's namespace when checking `distinct_hosts` feasibility
Manual backport because of conflicts in upgrade-specific.mdx
2023-11-20 14:06:51 -05:00
hc-github-team-nomad-core ed9786c957
backport of commit 557b4942d0f1959bb8509ff9303fa0baa37c0276 (#19116)
Co-authored-by: codenoid <14269809+codenoid@users.noreply.github.com>
2023-11-17 09:05:59 -05:00
hc-github-team-nomad-core 1a506eba24
backport of commit cf8dde0850a23d4e8b0b48bc5fea2f66388ab711 (#18544)
Co-authored-by: Phil Renaud <phil.renaud@hashicorp.com>
2023-11-14 14:38:26 -05:00
hc-github-team-nomad-core f9dd34d816
backport of commit 533f293fa832c9f7343c952da08c819454b5eb1e (#18675)
Co-authored-by: Phil Renaud <phil.renaud@hashicorp.com>
2023-11-14 14:36:54 -05:00
hc-github-team-nomad-core c160ce99e3
backport of commit ab36cf031c80253d9c2827852f8ecbeae3d6ff5b (#19027)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-11-07 20:15:31 -05:00
hc-github-team-nomad-core 9634ef7bb2
backport of commit cf2f48efd4ecf68f2502d4443a60477d1e3fb0f5 (#19017)
Co-authored-by: Seth Hoenig <shoenig@duck.com>
2023-11-07 14:04:24 -06:00
hc-github-team-nomad-core 3052ddf8f1
acl/client: fix incorrect denied error on calls with dangling policies. (#18972) (#18981)
When a user performs a client API call, the Nomad client will
perform an RPC which looks up the ACL policies which the callers
ACL token is assigned. If the ACL token includes dangling (deleted)
policies, the call would previously fail with a permission denied
error.

This change ensures this error is not returned and that the lookup
will succeed in the event of dangling policies.

Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-11-02 15:47:21 +00:00
hc-github-team-nomad-core 74e03514fc
backport of commit 0748918a3a355ad5616e32c1aad041321a771418 (#18919)
Co-authored-by: Dave May <dmay@hashicorp.com>
2023-10-30 14:00:40 -04:00
hc-github-team-nomad-core 90cb544835
scheduler: ensure dup alloc names are fixed before plan submit. (#18873) (#18891)
This change fixes a bug within the generic scheduler which meant
duplicate alloc indexes (names) could be submitted to the plan
applier and written to state. The bug originates from the
placements calculation notion that names of allocations being
replaced are blindly copied to their replacement. This is not
correct in all cases, particularly when dealing with canaries.

The fix updates the alloc name index tracker to include minor
duplicate tracking. This can be used when computing placements to
ensure duplicate are found, and a new name picked before the plan
is submitted. The name index tracking is now passed from the
reconciler to the generic scheduler via the results, so this does
not have to be regenerated, or another data structure used.

Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-10-27 17:04:04 +01:00
hc-github-team-nomad-core c21331bc21
backport of commit 9ae4b10dc68cdec4a9a8498ddc9fa466e6b04b5a (#18887)
Co-authored-by: Seth Hoenig <shoenig@duck.com>
2023-10-27 07:32:38 -05:00
hc-github-team-nomad-core 497d91f4bc
backport of commit b46b41a2e99ad85d18189b44836f6436a2149a8b (#18855)
Co-authored-by: Daniel Bennett <dbennett@hashicorp.com>
2023-10-24 11:51:04 -05:00
hc-github-team-nomad-core c3546e80a1
backport of commit f64ade2304583ba338c4da3c6c11de722ea4b497 (#18852)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-10-24 17:15:35 +01:00
Tim Gross 2d65dc418c
metrics: prevent negative counter from iowait decrease (#18849)
The iowait metric obtained from `/proc/stat` can under some circumstances
decrease. The relevant condition is when an interrupt arrives on a different
core than the one that gets woken up for the IO, and a particular counter in the
kernel for that core gets interrupted. This is documented in the man page for
the `proc(5)` pseudo-filesystem, and considered an unfortunate behavior that
can't be changed for the sake of ABI compatibility.

In Nomad, we get the current "busy" time (everything except for idle) and
compare it to the previous busy time to get the counter incremeent. If the
iowait counter decreases and the idle counter increases more than the increase
in the total busy time, we can get a negative total. This previously caused a
panic in our metrics collection (see #15861) but that is being prevented by
reporting an error message.

Fix the bug by putting a zero floor on the values we return from the host CPU
stats calculator.

Backport-of: #18835
2023-10-24 10:37:46 -04:00
hc-github-team-nomad-core 63c2013ec1
backport of commit ca9e08e6b5eee00d055b9429df5976a70cdcb2d6 (#18813)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-10-20 08:35:54 +01:00
hc-github-team-nomad-core 657c430e0b
backport of commit 1ffdd576bbcea1f32aa179934b63450808c022c4 (#18772)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-10-16 16:19:58 +01:00
hc-github-team-nomad-core 60747ed93d
Backport of build: bump to go 1.21.3 into release/1.6.x (#18722)
Co-authored-by: Tim Gross <tgross@hashicorp.com>
2023-10-11 08:51:43 -04:00
hc-github-team-nomad-core 441d733046
backport of commit ef6814388c1adae3ee2bbe317719aded15275648 (#18720)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-10-10 17:34:58 -04:00
hc-github-team-nomad-core 451260fa4f
backport of commit c6ce966d9811384557d04329b89ad1b4b8ffc44c (#18688)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-10-06 15:32:17 -04:00
hc-github-team-nomad-core bfc15e5aa0
backport of commit d425c90e0f5acc6947c3d3e32a3e54942d1cd2bf (#18674)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-10-05 12:14:18 -04:00
hc-github-team-nomad-core 88fd96daea
backport of commit ed204e0fd985bbb43da7e19e07cf541ad74284a8 (#18670)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-10-05 11:40:50 -04:00
hc-github-team-nomad-core b0c575ff22
backport of commit aa9ff3a5b306645311dc4687e97561c0dfccbf90 (#18655)
Co-authored-by: Matthew Salsamendi <matthewsalsamendi@gmail.com>
2023-10-04 09:31:59 -05:00
hc-github-team-nomad-core ce6c86a057
backport of commit e7136f80c5c1277ea2dea4eeeda84005224d7835 (#18648)
Co-authored-by: Daniel Bennett <dbennett@hashicorp.com>
2023-10-03 12:27:26 -05:00
hc-github-team-nomad-core 5147682d40
backport of commit df16c96a9fc6bfaf2afd661cb2bebb30a9e5b2d4 (#18640)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-10-03 10:39:12 +01:00
hc-github-team-nomad-core 269111a369
backport of commit 8da40465af3133df150cf0e0d10c7e1b36fd2151 (#18625)
Co-authored-by: Phil Renaud <phil.renaud@hashicorp.com>
2023-09-29 15:21:01 -04:00
Phil Renaud bfba4f5e13
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles

* Models and adapters

* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)

* combinedPolicies as a concept

* Classic decorator on role adapter

* We added a new request for roles, so the test based on a specific order of requests got fickle fast

* Mirage roles cluster scaffolded

* Acceptance test for roles and policies on the login page

* Update mirage mock for nodes fetch to account for role policies / empty token.policies

* Roles-derived policies checks

* [ui] Access Control with Roles and Tokens (#18413)

* top level policies routes moved into access control

* A few more routes and name cleanup

* Delog and test fixes to account for new url prefix and document titles

* Overview page

* Tokens and Roles routes

* Tokens helios table

* Add a role

* Hacky role page and deletion

* New policy keyboard shortcut and roles breadcrumb nav

* If you leave New Role but havent made any changes, remove the newly-created record from store

* Roles index list and general role route crud

* Roles index actually links to roles now

* Helios button styles for new roles and policies

* Handle when you try to create a new role without having any policies

* Token editing generally

* Create Token functionality

* Cant delete self-token but management token editing and deleting is fine

* Upgrading helios caused codemirror to explode, shimmed

* Policies table fix

* without bang-element condition, modifier would refire over and over

* Token TTL or Time setting

* time will take you on

* Mirage hooks for create and list roles

* Ensure policy names only use allow characters in mirage mocks

* Mirage mocked roles and policies in the default cluster

* log and lintfix

* chromedriver to 2.1.2

* unused unit tests removed

* Nice profile dropdown

* With the HDS accordion, rename our internal component scss ref

* design revisions after discussion

* Tooltip on deleted-policy tokens

* Two-step button peripheral isDeleting gcode removed

* Never to null on token save

* copywrite headers added and empty routefiles removed

* acceptance test fixes for policies endpoint

* Route for updating a token

* Policies testfixes

* Ember on-click-outside modifier upgraded with general ember-modifier upgrade

* Test adjustments to account for new profile header dropdown

* Test adjustments for tokens via policy pages

* Removed an unused route

* Access Control index page tests

* a11y tests

* Tokens index acceptance tests generally

* Lintfix

* Token edit page tests

* Token editing tests

* New token expiration tests

* Roles Index tests

* Role editing policies tests

* A complete set of Access Control Roles tests

* Policies test

* Be more specific about which row to check for expiration time

* Nil check on expirationTime equality

* Management tokens shouldnt show No Roles/Policies, give them their own designation

* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save

* Policy unloading on delete and other todos plus autofocus conditionally re-enabled

* Invalid policies non-links now a concept for Roles index

* HDS style links to make job.variables.alert links look like links again

* Mirage finding looks weird so making model async in hash even though redundant

* Drop rsvp

* RSVP wasnt the problem, cached lookups were

* remove old todo comments

* de-log
2023-09-27 17:02:48 -04:00
hc-github-team-nomad-core 5a0a54a715
backport of commit 5bd8b89c19c71e19ad0a1abc9b35de9abb4d2cc3 (#18525)
Co-authored-by: Tim Gross <tgross@hashicorp.com>
2023-09-18 09:36:33 -04:00
hc-github-team-nomad-core c7b1966565
backport of commit 1339599185af9dbfcca6f0aa1001c6753b8c682b (#18517)
Co-authored-by: Gerard Nguyen <nguyenvanthao1991@gmail.com>
2023-09-15 09:16:38 -04:00
hc-github-team-nomad-core 46b4847885
backport of commit c6dbba7cde911bb08f1f8da445a44a0125cd2047 (#18505)
Co-authored-by: Daniel Bennett <dbennett@hashicorp.com>
2023-09-14 14:38:05 -05:00
hc-github-team-nomad-core b2f88f10a2
backport of commit bd519dcbf429164c8a81b84247ffe1c776bb4f8d (#18499)
Co-authored-by: stswidwinski <stan.swidwinski@gmail.com>
2023-09-14 14:01:31 +01:00
hc-github-team-nomad-core 2a60303952
backport of commit b9ec271463ab2104fadf7d6175fdded9475f3415 (#18488)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-09-13 13:35:41 -03:00
hc-github-team-nomad-core 71b84cf1fb
backport of commit 391a6af97910c774ce1001f2cef4c83db2d0573a (#18487)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-09-13 13:05:42 -03:00
Pavel Aminov def93200b1 Adding node_pool to job key validation (#18366) 2023-09-13 12:04:47 -03:00
hc-github-team-nomad-core 6ae643a3bf
backport of commit 12580c345a89312542c18878680dd581da3d44eb (#18479)
Co-authored-by: Shantanu Gadgil <shantanugadgil@users.noreply.github.com>
2023-09-13 10:16:07 -04:00
hc-github-team-nomad-core 2ef7a280b0
backport of commit d923fc554d09ceb51b530467a354860b25114fd3 (#18450)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-09-11 16:21:44 +01:00
hc-github-team-nomad-core 156db8d368
backport of commit 668dc5f7a767e85d62379e3e02405d2afa93f1db (#18448)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-09-11 13:22:30 +01:00
hc-github-team-nomad-core 71f8405b2d
backport of commit 30a9b6eda74e515135dbebb600b362da6d637cb1 (#18256)
Co-authored-by: Phil Renaud <phil.renaud@hashicorp.com>
2023-09-06 09:25:51 -04:00
hc-github-team-nomad-core 1b2237d6a8
backport of commit 776a26bce7cf3a320fc7e7f4a6bf9da2b30f3da7 (#18375)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-09-01 10:25:08 +01:00
hc-github-team-nomad-core ef780825d4
backport of commit 05c332221471d39053eaecafe4832ddd6e1b3b89 (#18365)
Co-authored-by: Seth Hoenig <shoenig@duck.com>
2023-08-30 09:05:57 -05:00
hc-github-team-nomad-core 4b59840bb1
backport of commit d0a93f12d1ec1e2b276f9958898c9a6fe4f6b077 (#18351)
Co-authored-by: Matthew Salsamendi <matthewsalsamendi@gmail.com>
2023-08-28 19:44:39 -04:00
hc-github-team-nomad-core b93dc92ec2
backport of commit f187afab9f06b7489f7103c3e3c8eed72f210621 (#18350)
Co-authored-by: Gerard Nguyen <nguyenvanthao1991@gmail.com>
2023-08-28 19:14:45 -04:00
hc-github-team-nomad-core b0bece8a18
backport of commit da830b10463f1cc0a704ec4a4f66e35d4324d728 (#18337)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-08-25 21:36:35 -04:00
hc-github-team-nomad-core d8ff618c40
backport of commit f25480c9e929c27476c8930f05832e8b96167660 (#18341)
Co-authored-by: stswidwinski <stan.swidwinski@gmail.com>
2023-08-25 16:36:35 -07:00
hc-github-team-nomad-core e4c7388608
backport of commit 3e61b3a37df9ff0836b52ba5440106ad0f607dd7 (#18294)
Co-authored-by: Андрей Неустроев <99169437+aneustroev@users.noreply.github.com>
2023-08-22 16:01:24 -04:00
hc-github-team-nomad-core 621bce1da2
backport of commit 14a38bee7bc4386e74157f6a99f3db7382d7e6a5 (#18275)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-08-21 16:34:32 -04:00
hc-github-team-nomad-core 0fb0054e60
backport of commit 13b4d98bce058c59e054f5cce9ad4175bf3c5374 (#18248)
This pull request was automerged via backport-assistant
2023-08-17 09:47:02 -05:00
hc-github-team-nomad-core 5b4eea8b33
Backport of csi: prevent panic on volume delete into release/1.6.x (#18243)
This pull request was automerged via backport-assistant
2023-08-17 08:58:14 -05:00
hc-github-team-nomad-core bd3f52d0e7
Backport of [ui] Preserve HCL2 on stop/start via the web UI into release/1.6.x (#18241)
This pull request was automerged via backport-assistant
2023-08-17 08:33:06 -05:00
Tim Gross 0a19fe3b60 fix multiple overflow errors in exponential backoff (#18200)
We use capped exponential backoff in several places in the code when handling
failures. The code we've copy-and-pasted all over has a check to see if the
backoff is greater than the limit, but this check happens after the bitshift and
we always increment the number of attempts. This causes an overflow with a
fairly small number of failures (ex. at one place I tested it occurs after only
24 iterations), resulting in a negative backoff which then never recovers. The
backoff becomes a tight loop consuming resources and/or DoS'ing a Nomad RPC
handler or an external API such as Vault. Note this doesn't occur in places
where we cap the number of iterations so the loop breaks (usually to return an
error), so long as the number of iterations is reasonable.

Introduce a helper with a check on the cap before the bitshift to avoid overflow in all 
places this can occur.

Fixes: #18199
Co-authored-by: stswidwinski <stan.swidwinski@gmail.com>
2023-08-15 14:39:09 -04:00
Esteban Barrios 9f19d7c373 config: add configurable content security policy (#18085) 2023-08-14 14:25:21 -04:00