Commit graph

21433 commits

Author SHA1 Message Date
Seth Hoenig 1e75f99839 drivers/docker+exec+java: disable net_raw capability by default
The default Linux Capabilities set enabled by the docker, exec, and
java task drivers includes CAP_NET_RAW (for making ping just work),
which has the side affect of opening an ARP DoS/MiTM attack between
tasks using bridge networking on the same host network.

https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

This PR disables CAP_NET_RAW for the docker, exec, and java task
drivers. The previous behavior can be restored for docker using the
allow_caps docker plugin configuration option.

A future version of nomad will enable similar configurability for the
exec and java task drivers.
2021-05-12 13:22:09 -07:00
Kendall Strautman 4dd26c8aa2
content: swap out diagrams with typos (#10571) 2021-05-12 08:50:20 -07:00
Drew Bailey a805cd8f52
check and return error from parsing var-files (#10569)
* check and return error from parsing var-files

* changelog entry for 1.1.0 and 1.0.5
2021-05-12 09:08:59 -04:00
Kyle MacDonald b2344c829c
website: set up /trial redirection (#10565) 2021-05-11 11:10:34 -05:00
Isabel Suchanek ed9e12cdc7
Clean up docker driver test to make it less flaky (#10559)
Co-authored-by: Mahmood Ali <mahmood@hashicorp.com>
2021-05-10 14:58:19 -07:00
Tim Gross d4465f01ac E2E: remove references to nomad_sha 2021-05-10 16:42:39 -04:00
Mahmood Ali a33ec72dd7
e2e: enable memory oversubscription (#10557)
Enable memory oversubscription for the oversubscription tests.
2021-05-10 14:33:47 -04:00
Mike Nomitch 859fa96308
docs: add detail to 1.1 upgrade guide for licensing 2021-05-10 12:28:05 -04:00
Mike Noordermeer 2445bece66
docs: clarify that a default update strategy is used when update strategy is omitted 2021-05-10 08:27:22 -04:00
Isabel Suchanek b5a2f48c78 Fix test panic in docker driver test 2021-05-07 12:12:33 -07:00
Luiz Aoqui 3e4a3ff8eb
docs: restructure autoscaling plugins menu (#10534)
* docs: restructure autoscaling plugins menu

* docs: add autoscaling threshold strategy (#10535)
2021-05-07 14:21:50 -04:00
Chris Baker 263ddd567c
Node Drain Metadata (#10250) 2021-05-07 13:58:40 -04:00
Tim Gross 1fdb4c1511 documentation for disable_default_tcp_check 2021-05-07 13:16:39 -04:00
Mahmood Ali 102763c979
Support disabling TCP checks for connect sidecar services 2021-05-07 12:10:26 -04:00
Seth Hoenig d8083fa053
Merge pull request #10543 from hashicorp/docs-consul-grpc-addr
docs: add agent consul grpc_address docs
2021-05-07 09:32:04 -06:00
Seth Hoenig 62d76ee63a docs: add agent consul grpc_address docs
We already supported this configuration, but forgot to document it.
2021-05-07 09:25:09 -06:00
Tim Gross 6237224681 update golang to 1.16.4 2021-05-07 11:06:54 -04:00
Seth Hoenig 20ae274ecb
Merge pull request #10532 from hashicorp/docs-fixup-dc-region-arch-words-10515
docs: fixup wording around datacenters and regions on architecture docs
2021-05-07 09:02:43 -06:00
dependabot[bot] 08203e5a34
ui: build(deps): bump underscore from 1.12.0 to 1.13.1 in /ui (#10525)
Bumps [underscore](https://github.com/jashkenas/underscore) from 1.12.0 to 1.13.1.
- [Release notes](https://github.com/jashkenas/underscore/releases)
- [Commits](https://github.com/jashkenas/underscore/compare/1.12.0...1.13.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-07 09:38:16 -05:00
dependabot[bot] fc68752e7d
ui: build(deps): bump url-parse from 1.4.7 to 1.5.1 in /ui (#10528)
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.4.7 to 1.5.1.
- [Release notes](https://github.com/unshiftio/url-parse/releases)
- [Commits](https://github.com/unshiftio/url-parse/compare/1.4.7...1.5.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-07 09:35:07 -05:00
Mahmood Ali 488cd1e336 annotate 1.1 beta fields 2021-05-07 10:21:16 -04:00
Mahmood Ali 931a58991b Remove a stale note about 0.9 scheduler config 2021-05-07 10:21:16 -04:00
Mike Nomitch e1298e4704 Moving licensing to the top of the upgrade guide and clarifying wording 2021-05-07 08:17:17 -04:00
Mike Nomitch fa7f03f6f5 website: adding trial links 2021-05-07 08:17:17 -04:00
Seth Hoenig 9668c3e429 docs: fixup wording around datacenters and regions on architecture docs
Part of #10515
2021-05-06 16:18:02 -06:00
dependabot[bot] c64025ad70
ui: build(deps): bump lodash from 4.17.20 to 4.17.21 in /ui (#10526)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.20 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.20...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-06 15:34:39 -05:00
dependabot[bot] c2fe8902cd
ui: build(deps): bump handlebars from 4.7.6 to 4.7.7 in /ui (#10527)
Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.7.6 to 4.7.7.
- [Release notes](https://github.com/wycats/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md)
- [Commits](https://github.com/wycats/handlebars.js/compare/v4.7.6...v4.7.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-06 13:24:55 -05:00
Zachary Shilton 9f14bb2c67
website: support hidden pages in nav-data (#10510)
* website: bump to docs-page prerelease with hidden page support

* website: remove temp check for hidden pages, covered by docs-page

* website: bump to stable docs-page, w next-mdx-remote bump
2021-05-06 13:20:03 -04:00
Buck Doyle 588ab6fb30
docs: Fix missing link to operator debug (#10523) 2021-05-06 11:29:41 -05:00
Isabel 466a03f35c
Merge pull request #10441 from hashicorp/b-docker-stopsignal
drivers/docker: add support for STOPSIGNAL
2021-05-05 11:24:03 -07:00
Isabel Suchanek cb4fc53353 drivers/docker: add support for STOPSIGNAL
This fixes a bug where Nomad overrides a Dockerfile's STOPSIGNAL with
the default kill_signal (SIGTERM).

This adds a check for kill_signal. If it's not set, it calls
StopContainer instead of Signal, which uses STOPSIGNAL if it's
specified. If both kill_signal and STOPSIGNAL are set, Nomad tries to
stop the container with kill_signal first, before then calling
StopContainer.

Fixes #9989
2021-05-05 10:27:58 -07:00
Mahmood Ali 5ea431a792
expose NOMAD_MEMORY_MAX_LIMIT env var (#10514)
Follow up to memory oversubscription - expose an env-var to indicate when memory oversubscription is enabled and what the limit is.

This will be helpful for setting hints to app for memory management.

Co-authored-by: Seth Hoenig <shoenig@hashicorp.com>
2021-05-05 12:09:56 -04:00
Kendall Strautman 43bce89443
chore(website): update downloads page (#10509)
* style(downloads): adds releaseCandidate style

* refactor(downloads): use mktg-logos asset
2021-05-05 08:15:46 -07:00
Nick Ethier 42bbe6978d website: reserved cores docs 2021-05-05 08:11:41 -04:00
Nick Ethier 2978c430e5 command: show number of reserved cores on alloc status output 2021-05-05 08:11:41 -04:00
Mahmood Ali 067fd86a8c
drivers: Capture exit code when task is killed (#10494)
This commit ensures Nomad captures the task code more reliably even when the task is killed. This issue affect to `raw_exec` driver, as noted in https://github.com/hashicorp/nomad/issues/10430 .

We fix this issue by ensuring that the TaskRunner only calls `driver.WaitTask` once. The TaskRunner monitors the completion of the task by calling `driver.WaitTask` which should return the task exit code on completion. However, it also could return a "context canceled" error if the agent/executor is shutdown.

Previously, when a task is to be stopped, the killTask path makes two WaitTask calls, and the second returns "context canceled" occasionally because of a "race" in task shutting down and depending on driver, and how fast it shuts down after task completes.

By having a single WaitTask call and consistently waiting for the task, we ensure we capture the exit code reliably before the executor is shutdown or the contexts expired.

I opted to change the TaskRunner implementation to avoid changing the driver interface or requiring 3rd party drivers to update.

Additionally, the PR ensures that attempts to kill the task terminate when the task "naturally" dies. Without this change, if the task dies at the right moment, the `killTask` call may retry to kill an already-dead task for up to 5 minutes before giving up.
2021-05-04 10:54:00 -04:00
Drew Bailey a86477021f
remove license put command references (#10501) 2021-05-04 08:39:56 -04:00
Kendall Strautman fe85162128
[Assembly]: Website Branding Refresh (#10188)
* style: update gray brand colors

* style: update brand colors

* chore: upgrade react-components deps

* chore: update text split cta link color

* style(home): update icons

* refactor(home): use learn-callout component

* style(downloads): temporary color override

* style(community): fix link color

* Update website/pages/community/style.css

Co-authored-by: Zachary Shilton <4624598+zchsh@users.noreply.github.com>

* update package-lock

* update deps

* add new downloads page

* remove extra husky script

* chore: upgrades nextjs-scripts dep

* chore: upgrades community page vertical text block list

* chore: test component pre-releases

* chore: upgrade deps

chore: upgrades nextjs-scripts

* chore: update home icon colors

* chore: update home logo grid

* chore(website): upgrade deps

* style: adjust features icons border radius

* style: home hero bg to secondary

* chore: upgrade deps for body copy colors

* chore: upgrades alert banner

* feat: updates favicon

* chore: updates deps

* content(home): updates assets

* content(use-cases:simple container orch): updates content

* content(use-cases:non-containerized-app) updates assets

* content(use-cases:auto networking with consul): updates assets

* style(home): remove use cases icons override

* style(home-hero): remove bg pattern on mobile

* content(use-cases): updates asset

* chore: update assets

* chore: updates product download page to alpha

* chore: updates product download page to stable

Co-authored-by: Zachary Shilton <4624598+zchsh@users.noreply.github.com>
Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
2021-05-03 11:06:55 -07:00
Brandon Romano 4f646bebc1
Merge pull request #10500 from hashicorp/br.11-banner-update
Updates website banner for Nomad 1.1
2021-05-03 10:17:14 -07:00
Brandon Romano c9862eebed Updates banner for Nomad 1.1 2021-05-03 10:11:11 -07:00
Buck Doyle 4e4a83039f
ui: Fix bug where switching topo viz allocation highlights doesn’t update charts (#10490)
This closes #10489. It adds `dependentKeyCompat` to the allocation getter so it works
as expected as a dependent key for the `tracker` computed property, as described here:
https://guides.emberjs.com/release/upgrading/current-edition/tracked-properties/#toc_backwards-compatibility
2021-05-03 10:36:18 -05:00
Seth Hoenig 0fe0b6832f
Merge pull request #10498 from hashicorp/b-hclfmt-ceph
demo: apply hclfmt to ceph files
2021-05-03 09:35:21 -06:00
Tim Gross cf838f49e1 docker: improve error message for auth helper
The error returned from the stdlib's `exec` package is always a message with
the exit code of the exec'd process, not any error message that process might
have given us. This results in opaque failures for the Nomad user. Cast to an
`ExitError` so that we can access the output from stderr.
2021-05-03 11:30:12 -04:00
Seth Hoenig 7b3136c4b2 demo: apply hclfmt to ceph files 2021-05-03 09:27:26 -06:00
Seth Hoenig 9f7c410087
Merge pull request #10492 from hashicorp/b-expose-diff
connect: use deterministic injected dynamic exposed port label
2021-05-03 09:00:34 -06:00
Tim Gross cb9ac29d8a demo: CSI Ceph
This changeset expands on the existing demonstration we had for Ceph by
showing volume creation. It includes a demo setup for Ceph on Vagrant so that
you don't need a whole Ceph cluster to try it out.
2021-05-03 10:49:47 -04:00
Charlie Voiselle 19b35833de Adding environment variables to Command overview page 2021-05-03 08:12:45 -04:00
Andy Assareh 1616f80211 git example - suggest providing real repo
when troubleshooting it is better if this command will actually work (pointing to a real repository)
2021-05-03 08:12:10 -04:00
Michael Schurter fdd7fc4817 docs: add 1.1.0-beta1 download link 2021-05-03 08:12:00 -04:00
Mahmood Ali 4b95f6ef42
api: actually set MemoryOversubscriptionEnabled (#10493) 2021-05-02 22:53:53 -04:00