Commit Graph

308 Commits

Author SHA1 Message Date
Seth Hoenig 1e75f99839 drivers/docker+exec+java: disable net_raw capability by default
The default Linux Capabilities set enabled by the docker, exec, and
java task drivers includes CAP_NET_RAW (for making ping just work),
which has the side affect of opening an ARP DoS/MiTM attack between
tasks using bridge networking on the same host network.

https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

This PR disables CAP_NET_RAW for the docker, exec, and java task
drivers. The previous behavior can be restored for docker using the
allow_caps docker plugin configuration option.

A future version of nomad will enable similar configurability for the
exec and java task drivers.
2021-05-12 13:22:09 -07:00
Mike Nomitch 859fa96308
docs: add detail to 1.1 upgrade guide for licensing 2021-05-10 12:28:05 -04:00
Mike Noordermeer 2445bece66
docs: clarify that a default update strategy is used when update strategy is omitted 2021-05-10 08:27:22 -04:00
Luiz Aoqui 3e4a3ff8eb
docs: restructure autoscaling plugins menu (#10534)
* docs: restructure autoscaling plugins menu

* docs: add autoscaling threshold strategy (#10535)
2021-05-07 14:21:50 -04:00
Chris Baker 263ddd567c
Node Drain Metadata (#10250) 2021-05-07 13:58:40 -04:00
Tim Gross 1fdb4c1511 documentation for `disable_default_tcp_check` 2021-05-07 13:16:39 -04:00
Seth Hoenig 62d76ee63a docs: add agent consul grpc_address docs
We already supported this configuration, but forgot to document it.
2021-05-07 09:25:09 -06:00
Seth Hoenig 20ae274ecb
Merge pull request #10532 from hashicorp/docs-fixup-dc-region-arch-words-10515
docs: fixup wording around datacenters and regions on architecture docs
2021-05-07 09:02:43 -06:00
Mahmood Ali 488cd1e336 annotate 1.1 beta fields 2021-05-07 10:21:16 -04:00
Mike Nomitch e1298e4704 Moving licensing to the top of the upgrade guide and clarifying wording 2021-05-07 08:17:17 -04:00
Mike Nomitch fa7f03f6f5 website: adding trial links 2021-05-07 08:17:17 -04:00
Seth Hoenig 9668c3e429 docs: fixup wording around datacenters and regions on architecture docs
Part of #10515
2021-05-06 16:18:02 -06:00
Buck Doyle 588ab6fb30
docs: Fix missing link to operator debug (#10523) 2021-05-06 11:29:41 -05:00
Mahmood Ali 5ea431a792
expose NOMAD_MEMORY_MAX_LIMIT env var (#10514)
Follow up to memory oversubscription - expose an env-var to indicate when memory oversubscription is enabled and what the limit is.

This will be helpful for setting hints to app for memory management.

Co-authored-by: Seth Hoenig <shoenig@hashicorp.com>
2021-05-05 12:09:56 -04:00
Nick Ethier 42bbe6978d website: reserved cores docs 2021-05-05 08:11:41 -04:00
Drew Bailey a86477021f
remove license put command references (#10501) 2021-05-04 08:39:56 -04:00
Charlie Voiselle 19b35833de Adding environment variables to Command overview page 2021-05-03 08:12:45 -04:00
Andy Assareh 1616f80211 git example - suggest providing real repo
when troubleshooting it is better if this command will actually work (pointing to a real repository)
2021-05-03 08:12:10 -04:00
Mahmood Ali ba49661198
Docs memory oversubscription (#10478)
* update docs

* document memory_oversubscription_enabled scheduler config
2021-04-30 14:07:56 -04:00
Luiz Aoqui 154b2105ac
docs: add FAQ for Docker Desktop for Windows and MacOS (#10390)
* docs: add FAQ for Docker Desktop for Windows and MacOS

* docs: add win

* docs: add docker desktop note to docker driver page
2021-04-29 19:53:12 -04:00
Luiz Aoqui f1b9055d21
Add metrics for blocked eval resources (#10454)
* add metrics for blocked eval resources

* docs: add new blocked_evals metrics

* fix to call `pruneStats` instead of `stats.prune` directly
2021-04-29 15:03:45 -04:00
Tim Gross 9e1d4981f0
docs: Enterprise licensing updates 2021-04-28 14:46:06 -04:00
catinthetap b84cd7d61d
docs: update filesystem.mdx to fix typo 2021-04-28 08:11:05 -04:00
James Rasell 4e18e9ea8b
docs: add detail on launching autoscaler external plugins. 2021-04-26 11:19:15 +02:00
kphunter 59209f4165
Fix path tip 2021-04-23 22:03:53 -07:00
Luiz Aoqui 29171be859
docs: reorganize autoscaling agent config (#10383) 2021-04-23 09:53:58 -04:00
changli0617 5c820bae59
Small typo fixes (#10427)
Co-authored-by: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
2021-04-22 12:16:21 -07:00
changli0617 b74cb407bd
Merge pull request #10384 from hashicorp/mw.partnership-page
website: add partnerships page
2021-04-22 11:38:05 -07:00
changli0617 d80d7229d5
Update partnerships.mdx 2021-04-21 15:20:04 -07:00
Buck Doyle 2a72920af1
docs: Fix minor fuzzy search things (#10423) 2021-04-21 14:55:17 -05:00
James Rasell 02ee9f605e
Merge pull request #10409 from hashicorp/f-docs-gh-10406
docs: update autoscaler target plugins to include datacenter field.
2021-04-21 10:15:45 +02:00
Charlie Voiselle ef8ca60693
Enable go-sockaddr templating for `network-interface` (#10404)
Add templating to `network-interface` option.
This PR also adds a fast-fail to in the case where an invalid interface is set or produced by the template

* add tests and check for valid interface
* Add documentation
* Incorporate suggestions from code review

Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2021-04-20 13:55:10 -04:00
Seth Hoenig 4e6dbaaec1
Merge pull request #10184 from hashicorp/f-fuzzy-search
api: implement fuzzy search API
2021-04-20 09:06:40 -06:00
James Rasell d55ae5d194
docs: update autoscaler target plugins to include datacenter field. 2021-04-20 14:01:19 +02:00
Johan Siebens 8f358838e2
website: added digitalocean droplets plugin to community plugins index 2021-04-20 10:25:21 +02:00
Seth Hoenig 1ee8d5ffc5 api: implement fuzzy search API
This PR introduces the /v1/search/fuzzy API endpoint, used for fuzzy
searching objects in Nomad. The fuzzy search endpoint routes requests
to the Nomad Server leader, which implements the Search.FuzzySearch RPC
method.

Requests to the fuzzy search API are based on the api.FuzzySearchRequest
object, e.g.

{
  "Text": "ed",
  "Context": "all"
}

Responses from the fuzzy search API are based on the api.FuzzySearchResponse
object, e.g.

{
  "Index": 27,
  "KnownLeader": true,
  "LastContact": 0,
  "Matches": {
    "tasks": [
      {
        "ID": "redis",
        "Scope": [
          "default",
          "example",
          "cache"
        ]
      }
    ],
    "evals": [],
    "deployment": [],
    "volumes": [],
    "scaling_policy": [],
    "images": [
      {
        "ID": "redis:3.2",
        "Scope": [
          "default",
          "example",
          "cache",
          "redis"
        ]
      }
    ]
  },
  "Truncations": {
    "volumes": false,
    "scaling_policy": false,
    "evals": false,
    "deployment": false
  }
}

The API is tunable using the new server.search stanza, e.g.

server {
  search {
    fuzzy_enabled   = true
    limit_query     = 200
    limit_results   = 1000
    min_term_length = 5
  }
}

These values can be increased or decreased, so as to provide more
search results or to reduce load on the Nomad Server. The fuzzy search
API can be disabled entirely by setting `fuzzy_enabled` to `false`.
2021-04-16 16:36:07 -06:00
Shishir Mahajan 86e2a2be4f Update containerd task driver options.
- image_pull_timeout
- pids_limit
- sysctl
2021-04-16 13:18:33 -04:00
Tim Gross 0518552e4d docs: changelog and upgrade note for iptables improvement 2021-04-15 10:19:37 -04:00
changli0617 5723e194c1
Update partnerships.mdx
Need help to resize the ecosystem diagram.
2021-04-14 22:22:35 -07:00
Mike Wickett e1c511645f website: stub in partnerships page 2021-04-14 19:55:45 -04:00
Nick Spain 04e3132b4b Document usage of 'body' field 2021-04-13 09:15:35 -04:00
Tim Gross fd3d443863 docs: clean up explanation of volume per_alloc 2021-04-09 11:32:00 -04:00
Tim Gross 0892d34ff9 CSI: capability block is required for volume registration 2021-04-08 13:02:24 -04:00
Luiz Aoqui b32bf2cd85
docs: add missing `nomad job run` CLI flags (#10277) 2021-04-07 12:07:33 -04:00
Tim Gross 70f5363a89 docs: update CSI create/register fields
Add new `access_mode`/`attachment_mode` fields. Make it more clear which set
of fields belong to create vs register. Update the example spec that's
generated by `volume init`.
2021-04-07 11:24:09 -04:00
Luiz Aoqui baef056f0c
docs: add `empty_ignore_system` node selector strategy for autoscaling (#10306) 2021-04-06 13:02:56 -04:00
Michael Lange d0d5431bf9
Fix the broken link in the bootstrapping custom scheduler warning 2021-04-05 14:27:22 -07:00
Drew Bailey b867784e9c
allow setting stale flag from cli to retrieve individual server license (#10300) 2021-04-05 15:35:14 -04:00
Seth Hoenig 9eacb1c27b docs: apply suggestions from code review
Co-authored-by: Tim Gross <tgross@hashicorp.com>
2021-04-05 10:03:19 -06:00
Seth Hoenig f17ba33f61 consul: plubming for specifying consul namespace in job/group
This PR adds the common OSS changes for adding support for Consul Namespaces,
which is going to be a Nomad Enterprise feature. There is no new functionality
provided by this changeset and hopefully no new bugs.
2021-04-05 10:03:19 -06:00
James Rasell 138adfdc68
docs: add fixed-value and pass-through autoscaler plugin docs. (#10278)
docs: add fixed-value and pass-through autoscaler plugin docs.
2021-04-01 16:11:37 -04:00
Luiz Aoqui 6bbbc19eb7
Merge pull request #10199 from hashicorp/docs-update-autoscaling-aws-permission
docs: Update AWS permission requirements for the Autoscaler
2021-04-01 16:10:28 -04:00
Luiz Aoqui f802fe3789
Merge pull request #10183 from hashicorp/docs-autoscaling-policy-eval-cli
docs: add Autoscaler CLI flags for policy eval configuration
2021-04-01 16:10:01 -04:00
Tim Gross 466b620fa4
CSI: volume snapshot 2021-04-01 11:16:52 -04:00
James Rasell d07d799ff1
docs: add autoscaling docs to detail node selector strategy feat. 2021-04-01 08:47:16 +02:00
Tim Gross bdb5b87a48 docs: CLI commands for volume create/delete 2021-03-31 16:37:09 -04:00
Drew Bailey d8d3faef39
Docs/licensing reference docs (#10260)
* add a license docs page

* license reference docs

* update wording

* use new docs-nav

* rm file held over from rebase, fix path
2021-03-31 10:24:27 -04:00
Bryce Kalow a6ca40fa4e
feat(website): migrates to new nav data format (#10264) 2021-03-31 08:43:17 -05:00
Seth Hoenig 03ed2a8035
Merge pull request #10243 from apollo13/issue10239
Automatically populate `CONSUL_HTTP_ADDR` for connect native tasks in host networking mode.
2021-03-30 09:00:17 -05:00
Florian Apolloner b9b71e7ac5 Automatically populate `CONSUL_HTTP_ADDR` for connect native tasks in host networking mode. Fixes #10239 2021-03-28 14:34:31 +02:00
Chris Baker cda1cb039e
Merge pull request #10125 from hashicorp/docs-autoscaler-409-plugins
autoscaler plugin docs
2021-03-28 07:07:24 -05:00
Luiz Aoqui f728c9303b
docs: minor updates on autoscaling plugin guides 2021-03-26 16:55:24 -04:00
Tim Gross e6a7c71694
docs: note that Connect requires a hard-coded port
Co-authored-by: Kris Hicks <khicks@hashicorp.com>
2021-03-26 14:43:29 -04:00
Shishir 205e579d46
Update containerd task driver docs. (#10244) 2021-03-26 14:42:27 -04:00
Taylor Dolezal 0714e8951c Change enable to enabled 2021-03-25 14:10:54 -04:00
Drew Bailey 74836b95b2
configuration and oss components for licensing (#10216)
* configuration and oss components for licensing

* vendor sync
2021-03-23 09:08:14 -04:00
Chris Baker bebc3e5bdb website: added senlin plugin to community plugins index 2021-03-22 19:01:49 +00:00
Chris Baker 16eb8186c5 website: documentation for autoscaler plugins 2021-03-19 15:38:28 +00:00
Luiz Aoqui 2aa9170fa5
docs: update Autoscaler AWS permissions 2021-03-18 20:41:53 -04:00
Tim Gross fa25e048b2
CSI: unique volume per allocation
Add a `PerAlloc` field to volume requests that directs the scheduler to test
feasibility for volumes with a source ID that includes the allocation index
suffix (ex. `[0]`), rather than the exact source ID.

Read the `PerAlloc` field when making the volume claim at the client to
determine if the allocation index suffix (ex. `[0]`) should be added to the
volume source ID.
2021-03-18 15:35:11 -04:00
Tim Gross 8cc938c9d4 csi: volume init command
Create a convenience command for generating example CSI volume specifications,
similar to the existing `nomad job init` or `nomad quota init` commands.
2021-03-18 14:24:40 -04:00
Dave May a00b967efa
docs: add missing dashes to operator debug Usage (#10192) 2021-03-17 15:13:04 -04:00
Luiz Aoqui ad15055911
docs: add Autoscaler CLI flags for policy eval configuration 2021-03-15 18:04:35 -04:00
Tim Gross 0b467a1e44 docs: clarify HCL is parsed in CLI 2021-03-15 15:41:43 -04:00
Florian Apolloner a0873d5da4
docker: support configuring default log driver in plugin options 2021-03-12 16:04:33 -05:00
Luiz Aoqui 944887a684
docs: add ports to jobspec overview example 2021-03-12 13:36:39 -05:00
Michael Schurter 57ffa58301 docs: describe k8s in terms of "Linux containers"
The terminology here is a bit tricky. Technically Kuberbetes deprecated
their Docker *runtime* support but can still run Docker images. Sadly in
a lot of people's minds "Docker" and "containers" are nearly synonymous.

I think "Linux containers" is a more accurate characterization of
Kubernetes focus than "Docker" at this point.

Fixes #10120
2021-03-11 17:49:13 -08:00
James Rasell e9d81ace7b
Merge pull request #10140 from hashicorp/b-gh-10070
agent: return req error if prometheus metrics are disabled.
2021-03-10 17:11:39 +01:00
James Rasell 2ec9e59122
correctly format variable name within upgrade doc
Co-authored-by: Tim Gross <tgross@hashicorp.com>
2021-03-10 15:08:17 +01:00
Tim Gross bd4d888375 CLI 'nomad ui -authenticate' flag for one-time token exchange
Includes swapping the previously documented `-login` flag for `-authenticate`
to align better with Waypoint.
2021-03-10 08:17:56 -05:00
Tim Gross 0676d74e5a docs: 'nomad ui -login' command 2021-03-10 08:17:56 -05:00
Tim Gross ee1be60c85 docs: update website links from master to main 2021-03-09 14:42:24 -05:00
James Rasell b7f60ba122
docs: add upgrade guide for change to metrics API. 2021-03-09 15:40:08 +01:00
Tim Gross 4c4ea23e6f docs/artifact: clarify git:: prefix usage for private repos 2021-03-08 10:55:32 -05:00
Tim Gross 648977e233 docs: clarify mount source path in filesystem docs 2021-03-08 10:20:30 -05:00
Tim Gross 38a017e06e docs: required capabilities on Linux 2021-03-08 10:20:18 -05:00
Adrian Todorov 47e1cb11df
driver/docker: add extra labels ( job name, task and task group name) 2021-03-08 08:59:52 -05:00
Luiz Aoqui 899237eeca
Merge pull request #10119 from hashicorp/docs-autoscaler-drain-timeout
docs: hightlight different default node drain deadline when using the Autoscaler
2021-03-05 14:27:56 -05:00
Luiz Aoqui 352725fe8a
docs: hightlight different default node drain deadline when using the Autoscaler 2021-03-04 16:51:07 -05:00
Michael Schurter 281abd1ac0
Merge pull request #10118 from hashicorp/docs-secmodel
docs: remove stray mention that namespaces are ent
2021-03-04 11:50:22 -08:00
Michael Schurter c660ea5dd1 docs: remove stray mention that namespaces are ent
namespaces are oss
2021-03-04 10:57:10 -08:00
Drew Bailey c06ed22be1
remove v1-v2 varlink references (#10110)
* remove v1-v2 varlink references

* Update website/content/docs/drivers/podman.mdx

Co-authored-by: Tim Gross <tgross@hashicorp.com>

* fix code snippet

Co-authored-by: Tim Gross <tgross@hashicorp.com>
2021-03-03 13:59:32 -05:00
Huan Wang f133f4c7fe
update policy.mdx -- fixing strategy name 2021-02-26 21:32:00 -07:00
Luiz Aoqui f7abdf2ba1
Merge pull request #9908 from hashicorp/docs-autoscaler-node-drain-ignore-system-jobs
document Autoscaler `node_drain_ignore_system_jobs` configuration
2021-02-26 18:41:56 -05:00
Luiz Aoqui fd20ebbd11
Merge pull request #10062 from hashicorp/docs-autoscaler-sighup
docs: expand Autoscaler SIGHUP documentation
2021-02-26 18:31:24 -05:00
Luiz Aoqui 1bf3d2feb4
docs: add node_drain_ignore_system_jobs to Autoscaler GCP plugin 2021-02-26 18:30:45 -05:00
Luiz Aoqui 38c23e9577
docs: document Autoscaler node_drain_ignore_system_jobs configuration 2021-02-26 18:29:41 -05:00
James Rasell c3058b8b08
docs: add Nomad Autoscaler GPC MIG target plugin detail. (#10090)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2021-02-26 17:21:09 +01:00
Andre Ilhicas f45fc6c899
consul/connect: enable setting local_bind_address in upstream 2021-02-26 11:37:31 +00:00
Drew Bailey 86d9e1ff90
Merge pull request #9955 from hashicorp/on-update-services
Service and Check on_update configuration option (readiness checks)
2021-02-24 10:11:05 -05:00
Luiz Aoqui 15b9a57c0d
docs: update link to the Nomad Autoscaler demos 2021-02-23 15:24:37 -05:00
Tim Gross b764f52ab9
deploymentwatcher: reset progress deadline on promotion (#10042)
In a deployment with two groups (ex. A and B), if group A's canary becomes
healthy before group B's, the deadline for the overall deployment will be set
to that of group A. When the deployment is promoted, if group A is done it
will not contribute to the next deadline cutoff. Group B's old deadline will
be used instead, which will be in the past and immediately trigger a
deployment progress failure. Reset the progress deadline when the job is
promotion to avoid this bug, and to better conform with implicit user
expectations around how the progress deadline should interact with promotions.
2021-02-22 16:44:03 -05:00
Luiz Aoqui 85c67ff666
Update website/content/docs/autoscaling/agent.mdx
Co-authored-by: Chris Baker <1675087+cgbaker@users.noreply.github.com>
2021-02-22 16:37:03 -05:00
Chris Baker 9d93293ab4
Update website/content/docs/autoscaling/agent.mdx 2021-02-22 15:20:58 -06:00
Luiz Aoqui 84ad11df93
docs: expand Autoscaler SIGHUP documentation 2021-02-22 15:38:26 -05:00
Cathy Chang e117fc4f2b
docs: clarify log_rotate_max_files 2021-02-19 09:37:55 -05:00
Tim Gross a90586f3e5 docs: clarify type constraints for collections in locals
HCL2 locals don't have type constraints, and the map syntax is interpreted as
an object. So users may need to explictly convert to map for some functions.

The `convert` function documentation was missing the required type constructor
parameter for collections.
2021-02-17 14:45:05 -05:00
Tim Gross 83088ec781 docs: clarify that block labels can't be interpolated in HCL2
Block labels are not expressions so they can't be interpolated without hacks
like `dynamic` blocks. Clarify this so that we don't confuse users who
shouldn't need to dig into the subtle nuances between expressions and blocks.
2021-02-17 11:53:06 -05:00
Tim Gross 25d5fe61d5 docs: remove artifact destination interpolation warning 2021-02-17 09:52:27 -05:00
Charlie Voiselle d9c31741dc
Merge pull request #10020 from hashicorp/docs-update-install-brew
Updated Homebrew install instructions
2021-02-12 11:52:59 -05:00
Seth Hoenig eb8812dc3d docs: update ingress gateway runnable demo
Using the environment variable stopped working here a while back,
should be using the port label. Also upgrade to uuid-api:v5 which
supports linux/arm64.
2021-02-12 10:10:16 -06:00
Charlie Voiselle 7c6ffb9dcd
Updated Homebrew install instructions 2021-02-11 18:42:18 -05:00
Shantanu Gadgil 3fa71d2c66 The encryption key uses 32 bytes now
The encryption key uses 32 bytes now, not 16 bytes
2021-02-11 08:34:39 -05:00
Mark Lewis 56f1e7a324
Fix typo (#10008) 2021-02-10 14:43:11 -06:00
Karan Sharma 26199289fc fix: docs/job-specification change mounts to mount
Since [mounts](https://www.nomadproject.io/docs/drivers/docker#mounts) is deprecated,
switch to newer `mount` in `task.config` for `docker` driver.
2021-02-10 08:24:58 -05:00
Seth Hoenig 7d6e81e9e4
Merge pull request #9990 from hashicorp/f-nsiso-task
drivers/exec+java: Add task configuration to restore previous PID/IPC isolation behavior
2021-02-09 13:29:14 -06:00
Seth Hoenig 45e0e70a50 consul/connect: enable custom sidecars to use expose checks
This PR enables jobs configured with a custom sidecar_task to make
use of the `service.expose` feature for creating checks on services
in the service mesh. Before we would check that sidecar_task had not
been set (indicating that something other than envoy may be in use,
which would not support envoy's expose feature). However Consul has
not added support for anything other than envoy and probably never
will, so having the restriction in place seems like an unnecessary
hindrance. If Consul ever does support something other than Envoy,
they will likely find a way to provide the expose feature anyway.

Fixes #9854
2021-02-09 10:49:37 -06:00
Seth Hoenig 8ee9835923 drivers/exec+java: Add task configuration to restore previous PID/IPC isolation behavior
This PR adds pid_mode and ipc_mode options to the exec and java task
driver config options. By default these will defer to the default_pid_mode
and default_ipc_mode agent plugin options created in #9969. Setting
these values to "host" mode disables isolation for the task. Doing so
is not recommended, but may be necessary to support legacy job configurations.

Closes #9970
2021-02-08 14:26:35 -06:00
Tim Gross b04a040aed
document that Nomad ENT cannot be downgraded to Nomad OSS 2021-02-08 14:09:45 -05:00
Drew Bailey b5585882e4
address pr comments 2021-02-08 13:43:05 -05:00
Seth Hoenig f5cc4c5d44
docs: clarify PID
Co-authored-by: Chris Baker <1675087+cgbaker@users.noreply.github.com>
2021-02-08 10:52:57 -06:00
Seth Hoenig 419044ed08
docs: shorten IPC
Co-authored-by: Chris Baker <1675087+cgbaker@users.noreply.github.com>
2021-02-08 10:52:42 -06:00
Seth Hoenig a911d4ca17
docs: clarify PID
Co-authored-by: Chris Baker <1675087+cgbaker@users.noreply.github.com>
2021-02-08 10:52:31 -06:00
Seth Hoenig 6c101e601d
docs: shorten IPC
Co-authored-by: Chris Baker <1675087+cgbaker@users.noreply.github.com>
2021-02-08 10:52:19 -06:00
Seth Hoenig 0134d2eab9
docs: capitalize posix
Co-authored-by: Chris Baker <1675087+cgbaker@users.noreply.github.com>
2021-02-08 10:52:08 -06:00
Seth Hoenig cb81d38f2e
docs: capitalize posix
Co-authored-by: Chris Baker <1675087+cgbaker@users.noreply.github.com>
2021-02-08 10:51:55 -06:00
Drew Bailey 8507d54e3b
e2e test for on_update service checks
check_restart not compatible with on_update=ignore

reword caveat
2021-02-08 08:32:40 -05:00
Drew Bailey 82f971f289
OnUpdate configuration for services and checks
Allow for readiness type checks by configuring nomad to ignore warnings
or errors reported by a service check. This allows the deployment to
progress and while Consul handles introducing the sercive into a
resource pool once the check passes.
2021-02-08 08:32:40 -05:00
Seth Hoenig 4bc6e5a215 drivers/exec+java: Add configuration to restore previous PID/IPC namespace behavior.
This PR adds default_pid_mode and default_ipc_mode options to the exec and java
task drivers. By default these will default to "private" mode, enabling PID and
IPC isolation for tasks. Setting them to "host" mode disables isolation. Doing
so is not recommended, but may be necessary to support legacy job configurations.

Closes #9969
2021-02-05 15:52:11 -06:00
Alex Chan 768c02eaff
Correct the spelling of heirarchical/hierarchical (#9980) 2021-02-05 09:23:30 -06:00
Xopherus 76799c9f07 Fix aws secret key name in autoscaler aws target
- aws secret key is named incorrectly in the target docs.
  It needs to match what is in the nomad-autoscaler repo
  (see link below), otherwise the autoscaler will default to AWS sdk
  behavior, which could end up using an IAM instance profile
  or other environment variables instead of what is passed into the
  autoscaler config file.

Ref: e60fb5268d/plugins/builtin/target/aws-asg/plugin/plugin.go (L27)
2021-02-03 16:56:12 -05:00
Tim Gross 9701d292ce docs: remove mbits examples from documentation 2021-02-02 10:10:44 -05:00
Chris Baker 682dd5045e vesion-specific upgrade guide for 1.0.3 and 0.12.10 2021-01-29 19:41:48 +00:00
Tim Gross cf052cfee5 docs: add metrics from raft leadership transitions 2021-01-27 11:50:11 -05:00
James Rasell 9c0c75b226
docs: clarify where variables can be placed with HCLv2. 2021-01-26 12:29:58 +01:00
Seth Hoenig 8b05efcf88 consul/connect: Add support for Connect terminating gateways
This PR implements Nomad built-in support for running Consul Connect
terminating gateways. Such a gateway can be used by services running
inside the service mesh to access "legacy" services running outside
the service mesh while still making use of Consul's service identity
based networking and ACL policies.

https://www.consul.io/docs/connect/gateways/terminating-gateway

These gateways are declared as part of a task group level service
definition within the connect stanza.

service {
  connect {
    gateway {
      proxy {
        // envoy proxy configuration
      }
      terminating {
        // terminating-gateway configuration entry
      }
    }
  }
}

Currently Envoy is the only supported gateway implementation in
Consul. The gateay task can be customized by configuring the
connect.sidecar_task block.

When the gateway.terminating field is set, Nomad will write/update
the Configuration Entry into Consul on job submission. Because CEs
are global in scope and there may be more than one Nomad cluster
communicating with Consul, there is an assumption that any terminating
gateway defined in Nomad for a particular service will be the same
among Nomad clusters.

Gateways require Consul 1.8.0+, checked by a node constraint.

Closes #9445
2021-01-25 10:36:04 -06:00
Steven Collins e9f91c1d56
Adds community USB plugin to documentation site 2021-01-25 10:15:36 -05:00
zzhai 899334f2f0 Update syntax.mdx
"one label"
should be the singular form.
2021-01-25 08:42:59 -05:00
Tim Gross 555d031283 docs: check_restart is now supported for group services 2021-01-22 10:55:40 -05:00
Mahmood Ali f03e67712a
docs: remove timestamp hcl2 function (#9867)
timestamp isn't actually implemented
2021-01-21 10:29:50 -05:00
Marcus Naughton 8fe43cf063 Update server_join.mdx
Fixed Markdown for GCP example.
2021-01-19 16:47:12 -05:00
Shishir Mahajan 661f7df7be Update FSIsolation from none to image. 2021-01-15 08:01:04 -05:00
Drew Bailey 9f56195dc2
bump upgrade guide version (#9822)
* bump upgrade guide version

* drop 1.0.3 until there are upgrade specifics
2021-01-14 16:18:54 -05:00
Luiz Aoqui 6667d4c734
docs: fix broken link 2021-01-13 11:25:48 -05:00
Luiz Aoqui 226e442b32
docs: fix HCL2 doc page code block 2021-01-13 11:10:45 -05:00
Dave May 35d43c19ab
nomad agent-info: Add json/gotemplate formatting (#9788)
* nomad agent-info: Add json/gotemplate formatting
* Add CHANGELOG entry
* update docs
2021-01-13 09:42:46 -05:00
Tim Gross aa58dd6415 docs: podman FSIsolation is image
As of podman 0.2.0, podman correctly advertises its filesystem isolation as
`FSIsolationImage`.
2021-01-13 09:05:19 -05:00
Tim Gross 8848819c50 docs: remove remaining references to network_speed config 2021-01-13 08:52:25 -05:00
Seth Hoenig 43880dadd5
Merge pull request #9765 from hashicorp/f-bump-connect-examples
command: bump connect examples to v3
2021-01-11 10:22:58 -06:00
Seth Hoenig fc5f48d936 cni: bump CNI version to v0.9.0
https://github.com/containernetworking/plugins/releases/tag/v0.9.0

Also make the copy-paste install instructions work with arm64 for
a better OOTB experience (AWS Graviton, Pi 4's).
2021-01-10 18:03:27 -06:00
Seth Hoenig 207fe378ce docs: update countdash examples to v3 2021-01-10 17:19:39 -06:00
Tim Gross 5b9a98d25a docs: clarify default behavior of docker userns_mode 2021-01-08 08:22:39 -05:00
Chulki Lee b7b23e9955 Fix HCL2 link 2021-01-08 08:19:06 -05:00
Nick Ethier 6705f845f2
Merge pull request #9739 from hashicorp/b-alloc-netmode-ports
Use port's to value when building service address under 'alloc' addr_mode
2021-01-07 09:16:27 -05:00
Kdu Bonalume 425ad5892d Fix missing link for Consul integration
Add a link back to configuration/consul in the `service` parameter section of the `group` stanza.
2021-01-07 09:02:43 -05:00
Nick Ethier 7a6aab10bb
Apply suggestions from code review
Co-authored-by: Tim Gross <tgross@hashicorp.com>
2021-01-07 08:53:54 -05:00
Nick Ethier ab01e19df3 command/agent/consul: use port's to value when building service address under 'alloc' addr_mode 2021-01-06 13:52:48 -05:00
Jeff Escalante eaaafd9dd4
implement mdx remote 2021-01-05 19:02:39 -05:00