Commit graph

2646 commits

Author SHA1 Message Date
Seth Hoenig f030a22c7c command, docs: create and document consul token configuration for connect acls (gh-6716)
This change provides an initial pass at setting up the configuration necessary to
enable use of Connect with Consul ACLs. Operators will be able to pass in a Consul
Token through `-consul-token` or `$CONSUL_TOKEN` in the `job run` and `job revert`
commands (similar to Vault tokens).

These values are not actually used yet in this changeset.
2020-01-31 19:02:53 -06:00
Sebastián Ramírez 830ee3a693
Use secret ID for NOMAD_TOKEN
Use secret ID for NOMAD_TOKEN as the accessor ID doesn't seem to work.

I tried with a local micro cluster following the tutorials, and if I do:

```console
$ export NOMAD_TOKEN=85310d07-9afa-ef53-0933-0c043cd673c7
```

Using the accessor ID as in this example, I get an error:

```
Error querying jobs: Unexpected response code: 403 (ACL token not found)
```

But when using the secret ID in that env var it seems to work correctly.
2020-01-31 18:57:16 +01:00
Mahmood Ali 73200bfa69
Merge pull request #7010 from hashicorp/doc-bulk-20200129
Docs and Changelog catch up
2020-01-31 10:51:07 -05:00
Michael Schurter dd7712795d
Merge branch 'master' into b-tls-validation 2020-01-30 11:05:15 -08:00
Mahmood Ali a9f551542d Merge pull request #160 from hashicorp/b-mtls-hostname
server: validate role and region for RPC w/ mTLS
2020-01-30 12:59:17 -06:00
Michael Schurter 8d18b5d6be docs: document limits
Taken more or less verbatim from Consul.
2020-01-30 10:38:42 -08:00
Mahmood Ali 42907cf259 incorporate review feedback 2020-01-29 21:56:26 -05:00
Mahmood Ali 14c806248e document docker's disable_log_collection flag 2020-01-29 21:44:05 -05:00
Mahmood Ali a7d65049c5 Document default_scheduler_config option 2020-01-29 21:44:05 -05:00
Mahmood Ali 6602427236 docs: tweaks 2020-01-28 08:39:58 -05:00
Mahmood Ali 112625e769
Merge pull request #6997 from hashicorp/docs-bootstrap-reset
docs: reseting bootstrap doesn't invalidate token
2020-01-28 08:37:45 -05:00
Mahmood Ali 9926614df2
Update website/source/guides/security/acl.html.markdown
Co-Authored-By: Tim Gross <tim@0x74696d.com>
2020-01-27 14:17:44 -05:00
Mahmood Ali d2531ccb83 docs: reseting bootstrap doesn't invalidate token 2020-01-27 13:45:52 -05:00
Nick Ethier 6d0556bc30 website: add canary meta to api docs 2020-01-27 09:53:30 -05:00
Nick Ethier 5cbb94e16e consul: add support for canary meta 2020-01-27 09:53:30 -05:00
Michael Schurter 17d402b680
Merge pull request #6953 from TimHiggison/patch-2
Update configuring-tasks.html.md
2020-01-23 12:15:54 -08:00
Michael Schurter ae0baf389b
Merge pull request #6952 from TimHiggison/patch-1
Update ecs.html.md
2020-01-23 12:15:07 -08:00
Charlie Voiselle b0d7b4e1d7
Merge pull request #6780 from hashicorp/km.intro-video
website: add ‘intro to nomad’ video to /intro
2020-01-23 11:32:13 -05:00
Tim Higgison 7a9a33f7a7
Update configuring-tasks.html.md 2020-01-17 11:41:47 +10:00
Tim Higgison 6cdd659f5d
Update ecs.html.md 2020-01-17 08:51:09 +10:00
Charlie Voiselle a4aeea0058
Upgrade -> Update 2020-01-13 17:36:49 -05:00
Danielle 5fd52171aa
cli: add system command and subcmds to interact with system API. (#6924)
cli: add system command and subcmds to interact with system API.
2020-01-13 16:16:08 +01:00
James Rasell 09519bb03f
system CLI documentation fixes based on feedback from @angrycub 2020-01-13 15:45:14 +01:00
James Rasell c452f32414
docs: add documentation for system command. 2020-01-13 11:35:24 +01:00
Drew Bailey ff4bfb8809
Merge pull request #6841 from hashicorp/f-agent-pprof-acl
Remote agent pprof endpoints
2020-01-10 14:52:39 -05:00
Nick Ethier 1f28633954
Merge pull request #6816 from hashicorp/b-multiple-envoy
connect: configure envoy to support multiple sidecars in the same alloc
2020-01-09 23:25:39 -05:00
Drew Bailey 1b8af920f3
address pr feedback 2020-01-09 15:15:09 -05:00
Drew Bailey fc67175141
api docs for agent/pprof 2020-01-09 15:15:06 -05:00
Tim Gross b5bcfb533b
upgrade CNI plugins to 0.8.4 (#6921)
When multiple Connect-enabled task groups start on the same client
node, a race condition in the CNI plugins for creating iptables chains
causes one of the tasks to fail. We upstreamed a patch to CNI plugins
to make iptables chain creation idempotent.

This changeset updates end-to-end testing, development tooling, and
documentation to use 0.8.4 which includes our patch.
2020-01-09 10:57:07 -05:00
Charlie Voiselle 52dfb3de79 Change consul agent note to callout
Because this is such a common misconfig, it is probably worth
highlighting
2020-01-08 13:08:54 -05:00
Nick Ethier 105cbf6df9 tr: expose envoy sidecar admin port as environment variable 2020-01-06 21:53:45 -05:00
Michael Schurter 0a3558f27e docs: add podman as an external task driver plugin
Tested using https://github.com/schmichael/nomad-podman-vagrant
2020-01-03 12:58:17 -08:00
Michael Schurter 92e78c59cd docs: fix lxc anchor link 2020-01-03 12:57:48 -08:00
Michael Schurter 6740d055df docs: fix capitalization 2020-01-03 12:57:27 -08:00
Charlie Voiselle 9defc989fb
Fix bad link
Corrected link to Nomad UI track from comments in #6876
2019-12-20 09:33:57 -05:00
Charlie Voiselle 509f53217e
[docs] Migrating Web-UI and Governance Guides to learn (#6876)
* [docs] Migrating Web-UI and Governance Guides to learn

* fix 404s caught in checks
2019-12-19 15:32:23 -05:00
Charlie Voiselle fd3bf5f971
cli: Allow user to specify dest filename for nomad init (#6520)
* Allow user to specify dest filename for nomad init
* Create changelog entry for GH-6520
2019-12-19 14:59:12 -05:00
Drew Bailey 8e59e91991
Merge pull request #6746 from hashicorp/f-shutdown-delay-tg
Group shutdown_delay
2019-12-18 16:01:30 -05:00
John Schlederer 8b35c75206 Making pull activity timeout configurable in Docker
* Making pull activity timeout configurable in Docker plugin config, first pass

* Fixing broken function call

* Fixing broken tests

* Fixing linter suggestion

* Adding documentation on new parameter in Docker plugin config

* Adding unit test

* Setting min value for pull_activity_timeout, making pull activity duration a private var
2019-12-18 12:58:53 +01:00
Drew Bailey d9e41d2880
docs for shutdown delay
update docs, address pr comments

ensure pointer is not nil

use pointer for diff tests, set vs unset
2019-12-16 11:38:35 -05:00
ebarriosjr b953239227 driver/pot: Added extra_hosts and args commands (#6577) 2019-12-12 16:29:45 -05:00
Tim Gross b25713a837
doc: spread is inherited from job to group (#6837) 2019-12-11 09:59:26 -05:00
Chris Arcand deb84a41f6 Make note of Sentinel standard imports
> Sentinel-embedded applications can choose to whitelist or blacklist
certain standard imports. Please reference the documentation for the
Sentinel-enabled application you're using to determine if all standard
imports are available.
2019-12-10 14:44:51 -06:00
Tim Gross 5289c1e0aa
doc: explain ALLOC_INDEX uniqueness guarantees (#6830)
The `ALLOC_INDEX` isn't guaranteed to be unique, and this has caused
some user confusion. The servers make a best-effort attempt to make
this value unique from 0 to count-1 but when you have canaries on the
task group, there are reused indexes because you have multiple job
versions running at the same time. If a user needs a unique number for
interpolating a value in your application, they can get this by
combining the job version and the alloc index.

Co-Authored-By: Michael Schurter <mschurter@hashicorp.com>
2019-12-10 10:30:26 -05:00
abhip c81b3f5cbd Update consensus.html.md (#6813)
The url for raft algorithm pdf is no longer valid. Here is correct url - https://raft.github.io/raft.pdf  and website is https://raft.github.io/
2019-12-06 06:17:30 -08:00
Fredrik Hoem Grelland 3e164b42fe Update network.html.md (#6782)
There is an undocumented way of mapping a dynamically allocated port to the container. This is applicable in bridge networking ( necessary for consul connect enabled services ) to expose the service *directly*. This is needed when using upstream connect services, but you need to expose the service by normal means. By referencing the current documentation you need to use static ports in order to do so. Introduced in #6189 but undocumented
2019-12-06 06:08:56 -08:00
James Rasell 6fcb19890b docs: add jrasell/chemtrail to community resources. (#6798) 2019-12-06 06:07:00 -08:00
Hugo Herter a98e59e0fc docs: port name requires quotes in hcl
When trying to run this example, Nomad v0.10.2 raises the following error:
`Error getting job struct: Error parsing job file from example-ipv6.hcl: error parsing: At 33:22: Unknown token: 27:16 IDENT db`

Adding quotes around the port map `db` fixes the problem and the job works as expected.
2019-12-05 12:37:24 +01:00
Michael Schurter 3ae3d43ec6 docs: release 0.10.2 and 0.9.7 2019-12-04 14:18:17 -08:00
Luiz Aoqui a388b1aa7c
Merge pull request #6803 from hashicorp/docs-driver-skeleton-reference
docs: add reference to the driver plugin skeleton project
2019-12-04 18:49:17 +00:00