Commit graph

20297 commits

Author SHA1 Message Date
Drew Bailey f37acc71ba
remove prerelease bug fix from GA changelog (#9524) 2020-12-04 10:15:21 -05:00
James Rasell 58f8afed50
CHANGELOG: amend consul-template dep update to ref correct version. 2020-12-04 14:43:18 +01:00
James Rasell fd53963afb
core: fix typo msg used when job ID/name contains a null char. 2020-12-04 09:49:31 +01:00
Michael Schurter b0ac0a1b8e
Merge pull request #9519 from hashicorp/docs-100rc1
docs: publish v1.0.0-rc1
2020-12-03 14:08:03 -08:00
Michael Schurter 39fdc47914 docs: publish v1.0.0-rc1 2020-12-03 14:03:57 -08:00
Michael Schurter f000351082
Merge pull request #9516 from hashicorp/docs-consul19
docs: clarify connect upgrade procedure
2020-12-03 14:02:57 -08:00
Michael Schurter eb56a75bdd docs: may->will after confirming with Consul
Consul 1.9 switched to agentless intentions which no longer require
synchronous communication from Envoy to Consul.
2020-12-03 13:48:06 -08:00
Michael Schurter e948e0a012 docs: clarify connect upgrade procedure
During testing we discovered old versions of Nomad and Consul seemed to
prevent Envoy from accepting new connections while the Nomad agent was
being upgraded.
2020-12-03 13:36:13 -08:00
Seth Hoenig f7fc0cd7fb
Merge pull request #9513 from hashicorp/f-e2e-upgrade-consul-more
e2e: upgrade terraform consul to 1.9.0
2020-12-03 13:09:25 -06:00
Seth Hoenig ad5918f754 e2e: upgrade terraform consul to 1.9.0 2020-12-03 13:01:14 -06:00
Drew Bailey ce85288f2f
ensure node secret ID is not included in event stream (#9510) 2020-12-03 12:27:14 -05:00
Drew Bailey 17de8ebcb1
API: Event stream use full name instead of Eval/Alloc (#9509)
* use full name for events

use evaluation and allocation instead of short name

* update api event stream package and shortnames

* update docs

* make sync; fix typo

* backwards compat not from 1.0.0-beta event stream api changes

* use api types instead of string

* rm backwards compat note that only changed between prereleases

* remove backwards incompat that only existed in prereleases
2020-12-03 11:48:18 -05:00
Seth Hoenig b167db10c3
Merge pull request #9508 from hashicorp/docs-docker-windows-issues
docs: fix link to windows docker issues
2020-12-03 09:28:18 -06:00
Seth Hoenig 4398511c04 docs: fix link to windows docker issues 2020-12-03 09:19:22 -06:00
Charlie Voiselle 7d37cd3f53
Small website updates (#9504)
* systemd should be downcased
* containerd should be downcased
* spellchecking, adjust list item spacing
* QEMU should be upcased
* spelling, it's->its
* Fewer exclamation points; drive-by list spacing
* Update website/pages/docs/internals/security.mdx
* Namespace is not ent only now.
Co-authored-by: Tim Gross <tgross@hashicorp.com>
2020-12-02 19:02:03 -05:00
Chris Baker f794d40ad3
Merge pull request #9501 from hashicorp/docs-hcl-note
added some discussion of HCL parsing context
2020-12-02 17:00:24 -06:00
Chris Baker 4b31759ef0 formatting fix from github-based commit 2020-12-02 22:25:36 +00:00
Chris Baker a9c151be2c
Update website/pages/docs/job-specification/hcl2/index.mdx
Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
2020-12-02 16:12:07 -06:00
Tim Gross f47b6bb147
docker: kill signal API should include timeout context (#9502)
When the Docker driver kills as task, we send a request via the Docker API for
dockerd to fire the signal. We send that signal and then block for the
`kill_timeout` waiting for the container to exit. But if the Docker API
blocks, we will block indefinitely because we haven't configured the API call
with the same timeout.

This changeset is a minimal intervention to add the timeout to the Docker API
call _only_ when we have the `kill_timeout` set. Future work should examine
whether we should be threading contexts through other `go-dockerclient` API
calls.
2020-12-02 16:53:17 -05:00
Tim Gross d286d941dc docker: kill signal API should include timeout context
When the Docker driver kills as task, we send a request via the Docker API for
dockerd to fire the signal. We send that signal and then block for the
`kill_timeout` waiting for the container to exit. But if the Docker API
blocks, we will block indefinitely because we haven't configured the API call
with the same timeout.

This changeset is a minimal intervention to add the timeout to the Docker API
call _only_ when we have the `kill_timeout` set. Future work should examine
whether we should be threading contexts through other `go-dockerclient` API
calls.
2020-12-02 16:51:57 -05:00
Chris Baker e1010c9227 added some discussion of HCL parsing context 2020-12-02 20:41:53 +00:00
Seth Hoenig 1e8cab2eec
Merge pull request #9498 from hashicorp/f-update-e2e-cpu
env_aws: run ec2info to update ec2 info
2020-12-02 09:47:27 -06:00
Seth Hoenig 1ca5ea3240 env_aws: run ec2info to update ec2 info
Use `tools/ec2info` to update the generated table of instance types.
`$ go run .`
2020-12-02 09:35:03 -06:00
Tim Gross 74b8375fc9
docs: using interpolation for volumes (#9449)
Expand `volume` and `volume_mount` sections to describe how to use HCL2
dynamic blocks and interpolation to have finer-grained control over how
allocations get volumes.
2020-12-02 08:57:47 -05:00
James Rasell 68e04e9605
Merge pull request #9494 from hashicorp/e2e-poststop-sigterm
lifecycle: update e2e test for service job with new docker signal #8932
2020-12-02 09:06:14 +01:00
Jasmine Dahilig 6ea00284f1 lifecycle: update e2e test for service job with new docker signal #8932 2020-12-01 23:41:32 -08:00
Seth Hoenig 3b2b083cbf
Merge pull request #9487 from hashicorp/f-connect-sidecar-concurrency
consul/connect: default envoy concurrency to 1
2020-12-01 15:51:41 -06:00
Drew Bailey f9f5fe8236
Events switch on memdb change table instead of type to prevent duplicates (#9486)
* prevent duplicate job events

when a job is updated, the job_version table is updated with a structs.Job, this caused there to be multiple job events since we are switching off the change type and not the table

* test length

* add table value to tests
2020-12-01 15:14:05 -05:00
Michael Schurter 8ed8d9f786
Merge pull request #9485 from hashicorp/docs-check-restart
docs: check_restart is broken for group networks
2020-12-01 11:39:45 -08:00
Seth Hoenig bf857684d1 consul/connect: default envoy concurrency to 1
Previously, every Envoy Connect sidecar would spawn as many worker
threads as logical CPU cores. That is Envoy's default behavior when
`--concurrency` is not explicitly set. Nomad now sets the concurrency
flag to 1, which is sensible for the default cpu = 250 Mhz resources
allocated for sidecar proxies. The concurrency value can be configured
in Client configuration by setting `meta.connect.proxy_concurrency`.

Closes #9341
2020-12-01 13:12:45 -06:00
Drew Bailey 1f8e1aa631
pass in msgType for UpsertJob (#9475) 2020-12-01 14:00:52 -05:00
Dave May e045bd3a5e
nomad operator debug - add pprof duration / csi details (#9346)
* debug: add pprof duration CLI argument
* debug: add CSI plugin details
* update help text with ACL requirements
* debug: provide ACL hints upon permission failures
* debug: only write file when pprof retrieve is successful
* debug: add helper function to clean bad characters from dynamic filenames
* debug: ensure files are unable to escape the capture directory
2020-12-01 12:36:05 -05:00
Tim Gross 180d6c7ef5
docs: move agent lifecycle doc under Operations heading (#9411) 2020-12-01 11:55:08 -05:00
Michael Schurter c087a1d46f docs: check_restart is broken for group networks
Add a warning about check_restart being limited to task networks and
link to the relevant issue: #9176.
2020-12-01 08:52:00 -08:00
Michael Schurter ea0e1789f4
Merge pull request #9435 from hashicorp/f-allocupdate-timer
client: always wait 200ms before sending updates
2020-12-01 08:45:17 -08:00
Drew Bailey 9adca240f8
Event Stream: Track ACL changes, unsubscribe on invalidating changes (#9447)
* upsertaclpolicies

* delete acl policies msgtype

* upsert acl policies msgtype

* delete acl tokens msgtype

* acl bootstrap msgtype

wip unsubscribe on token delete

test that subscriptions are closed after an ACL token has been deleted

Start writing policyupdated test

* update test to use before/after policy

* add SubscribeWithACLCheck to run acl checks on subscribe

* update rpc endpoint to use broker acl check

* Add and use subscriptions.closeSubscriptionFunc

This fixes the issue of not being able to defer unlocking the mutex on
the event broker in the for loop.

handle acl policy updates

* rpc endpoint test for terminating acl change

* add comments

Co-authored-by: Kris Hicks <khicks@hashicorp.com>
2020-12-01 11:11:34 -05:00
Drew Bailey 70ae7ec621
return potential errors from txn.Commit (#9483) 2020-12-01 10:05:37 -05:00
Tim Gross 154e62fd3b
docs: warn about Docker auth_soft_fail behavior
If Docker auth helpers are used but aith fails or the image isn't found, we
hard fail the task. Users may set `auth_soft_fail` to fallback to the public
Docker Hub on a per-job basis. But users that mix public and private images
have to set `auth_soft_fail=true` for every job using a public image if Docker
auth helpers are used.
2020-12-01 09:05:35 -05:00
Mark Lewis ec8361fab9 Update proxy.mdx 2020-12-01 08:26:32 -05:00
Mark Lewis 894851a756 Update reschedule.mdx 2020-12-01 08:26:12 -05:00
Mark Lewis 523dad369b Update restart.mdx 2020-12-01 08:22:13 -05:00
Luiz Aoqui 5f4a385070
Merge pull request #9476 from hashicorp/website-update-general-help
website: update general help guidance
2020-11-30 19:29:52 -05:00
Luiz Aoqui 63d6d3b0d1
website: update general help guidance 2020-11-30 19:12:43 -05:00
Benjamin Buzbee e0acbbfcc6
Fix RPC retry logic in nomad client's rpc.go for blocking queries (#9266) 2020-11-30 15:11:10 -05:00
Drew Bailey a0b7f05a7b
Remove Managed Sinks from Nomad (#9470)
* Remove Managed Sinks from Nomad

Managed Sinks were a beta feature in Nomad 1.0-beta2. During the beta
period it was determined that this was not a scalable approach to
support community and third party sinks.

* update comment

* changelog
2020-11-30 14:00:31 -05:00
Seth Hoenig fa6789a087
Merge pull request #9472 from hashicorp/f-connect-upstream-datacenter
consul/connect: enable setting datacenter in upstream
2020-11-30 12:29:05 -06:00
Seth Hoenig d38cd5268a docs: better clarify connect upstream datacenter 2020-11-30 12:28:08 -06:00
Michael Schurter b7c4d16a78 docs: add #9435 to changelog 2020-11-30 10:27:13 -08:00
Seth Hoenig e81e9223ef consul/connect: enable setting datacenter in connect upstream
Before, upstreams could only be defined using the default datacenter.
Now, the `datacenter` field can be set in a connect upstream definition,
informing consul of the desire for an instance of the upstream service
in the specified datacenter. The field is optional and continues to
default to the local datacenter.

Closes #8964
2020-11-30 10:38:30 -06:00
Chris Piwarski 955bf23e8e command: Fix node help error 2020-11-30 11:12:06 -05:00