Commit graph

584 commits

Author SHA1 Message Date
Tim Gross 246db87a74
CSI: allow for concurrent plugin allocations (#12078)
The dynamic plugin registry assumes that plugins are singletons, which
matches the behavior of other Nomad plugins. But because dynamic
plugins like CSI are implemented by allocations, we need to handle the
possibility of multiple allocations for a given plugin type + ID, as
well as behaviors around interleaved allocation starts and stops.

Update the data structure for the dynamic registry so that more recent
allocations take over as the instance manager singleton, but we still
preserve the previous running allocations so that restores work
without racing.

Multiple allocations can run on a client for the same plugin, even if
only during updates. Provide each plugin task a unique path for the
control socket so that the tasks don't interfere with each other.
2022-02-23 15:23:07 -05:00
Charlie Voiselle 01f6e57602
Fixed scheduler config examples (#12049) 2022-02-23 12:58:29 -05:00
Mike Nomitch f3d1cf4dbd
Merge pull request #12065 from hashicorp/docs-add-form-link
Adding link to interview form
2022-02-22 11:05:20 -08:00
Luiz Aoqui 02ee075506
docs: update link to mount in Docker task driver (#12101) 2022-02-22 13:39:49 -05:00
Michael Schurter 7494a0c4fd core: remove all traces of unused protocol version
Nomad inherited protocol version numbering configuration from Consul and
Serf, but unlike those projects Nomad has never used it. Nomad's
`protocol_version` has always been `1`.

While the code is effectively unused and therefore poses no runtime
risks to leave, I felt like removing it was best because:

1. Nomad's RPC subsystem has been able to evolve extensively without
   needing to increment the version number.
2. Nomad's HTTP API has evolved extensively without increment
   `API{Major,Minor}Version`. If we want to version the HTTP API in the
   future, I doubt this is the mechanism we would choose.
3. The presence of the `server.protocol_version` configuration
   parameter is confusing since `server.raft_protocol` *is* an important
   parameter for operators to consider. Even more confusing is that
   there is a distinct Serf protocol version which is included in `nomad
   server members` output under the heading `Protocol`. `raft_protocol`
   is the *only* protocol version relevant to Nomad developers and
   operators. The other protocol versions are either deadcode or have
   never changed (Serf).
4. If we were to need to version the RPC, HTTP API, or Serf protocols, I
   don't think these configuration parameters and variables are the best
   choice. If we come to that point we should choose a versioning scheme
   based on the use case and modern best practices -- not this 6+ year
   old dead code.
2022-02-18 16:12:36 -08:00
Adrián López b1565c7bf4
Update autoscaler AWS ASG target docs: AWS keypair can be empty (#11977) 2022-02-18 17:29:19 -05:00
James Rasell f2d73442e8
docs: add autoscaler hcloud target plugin link. (#12087) 2022-02-18 17:28:38 -05:00
Luiz Aoqui 110dbeeb9d
Add go-bexpr filters to evals and deployment list endpoints (#12034) 2022-02-16 11:40:30 -05:00
Tiernan c30b4617aa
interpolate network.dns block on client (#12021) 2022-02-16 08:39:44 -05:00
Seth Hoenig 40c714a681 api: return sorted results in certain list endpoints
These API endpoints now return results in chronological order. They
can return results in reverse chronological order by setting the
query parameter ascending=true.

- Eval.List
- Deployment.List
2022-02-15 13:48:28 -06:00
Mike Nomitch 8377f5cfe3 Adding link to interview form 2022-02-14 12:38:26 -08:00
James Rasell 926458c5b2
Merge pull request #12053 from marcaurele/fix-typo
doc(typo): technical typo in advertised example
2022-02-11 14:27:12 +01:00
Luiz Aoqui d976e4a19b
docs: add upgrade note and ACL requirements for the job submit endpoint (#12046) 2022-02-10 15:35:16 -05:00
Marc-Aurèle Brothier fb80dc57a1
small typo in advertised example 2022-02-10 13:53:05 +01:00
Tim Gross 59c8558969
docs and changelog for nomad config validate (#12031) 2022-02-09 10:20:45 -05:00
Tim Gross 7ad15b2b42
raft: default to protocol v3 (#11572)
Many of Nomad's Autopilot features require raft protocol version
3. Set the default raft protocol to 3, and improve the upgrade
documentation.
2022-02-03 15:03:12 -05:00
René Moser 05db861938
api-docs: add SysBatchSchedulerEnabled docs (#11973) 2022-02-02 16:54:47 -05:00
James Rasell a7f569d0e1
docs: add cores to client reserved config block. 2022-01-26 15:56:16 +01:00
Dan Norris 160682cf2b
docs: Update volume create/register mount options to use []string example (#11912)
The examples for `nomad volume create` and `nomad volume register` are
not setting `mount_flags` using an array of strings.

This fixes the issue by changing the example to be `mount_flags =
["noatime"]`.
2022-01-24 11:34:21 -05:00
Luiz Aoqui 626e633b41
docs: add nomad.plan.node_rejected metric (#11860) 2022-01-18 13:47:20 -05:00
Dave May 330d24a873
cli: Add event stream capture to nomad operator debug (#11865) 2022-01-17 21:35:51 -05:00
Luiz Aoqui ed9f277925
docs: update 1.2.0 upgrade note now that the UI ACL is fixed (#11840) 2022-01-17 11:09:08 -05:00
Luiz Aoqui f981a1ed7e
docs: add HashiBox to the list of community tools (#11861) 2022-01-17 11:08:41 -05:00
James Rasell 82b168bf34
Merge pull request #11403 from hashicorp/f-gh-11059
agent/docs: add better clarification when top-level data dir needs setting
2022-01-13 16:41:35 +01:00
Luiz Aoqui 7e6acf0e68
docs: fix autoscaling Datadog site configuration (#11824) 2022-01-12 21:06:30 -05:00
Derek Strickland 0a8e03f0f7
Expose Consul template configuration parameters (#11606)
This PR exposes the following existing`consul-template` configuration options to Nomad jobspec authors in the `{job.group.task.template}` stanza.

- `wait`

It also exposes the following`consul-template` configuration to Nomad operators in the `{client.template}` stanza.

- `max_stale`
- `block_query_wait`
- `consul_retry`
- `vault_retry` 
- `wait` 

Finally, it adds the following new Nomad-specific configuration to the `{client.template}` stanza that allows Operators to set bounds on what `jobspec` authors configure.

- `wait_bounds`

Co-authored-by: Tim Gross <tgross@hashicorp.com>
Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
2022-01-10 10:19:07 -05:00
Tim Gross fa64822e49
docs: note that clients need to have ACLs enabled (#11799)
Client endpoints such as `alloc exec` are enforced on the client if
the API client or CLI has "line of sight" to the client. This is
already in the Learn guide but having it in the ACL configuration docs
would be helpful.
2022-01-07 16:18:41 -05:00
Tim Gross 32f150d469
docs: new scheduler metrics (#11790)
* Fixed name of `nomad.scheduler.allocs.reschedule` metric
* Added new metrics to metrics reference documentation
* Expanded definitions of "waiting" metrics
* Changelog entry for #10236 and #10237
2022-01-07 09:51:15 -05:00
Charlie Voiselle 98a240cd99
Make number of scheduler workers reloadable (#11593)
## Development Environment Changes
* Added stringer to build deps

## New HTTP APIs
* Added scheduler worker config API
* Added scheduler worker info API

## New Internals
* (Scheduler)Worker API refactor—Start(), Stop(), Pause(), Resume()
* Update shutdown to use context
* Add mutex for contended server data
    - `workerLock` for the `workers` slice
    - `workerConfigLock` for the `Server.Config.NumSchedulers` and
      `Server.Config.EnabledSchedulers` values

## Other
* Adding docs for scheduler worker api
* Add changelog message

Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
2022-01-06 11:56:13 -05:00
James Rasell 1f4e100edc
Merge pull request #11762 from hashicorp/b-gh-11681
docs: add 1.2.0 HCLv2 strict parsing upgrade note.
2022-01-04 09:30:09 +01:00
Tim Gross 6b1b3e7ef8
docs: fix attribute name for java version detection (#11764) 2022-01-03 16:50:25 -05:00
James Rasell 117c79117e
docs: add 1.2.0 HCLv2 strict parsing upgrade note. 2022-01-03 15:41:18 +00:00
Tim Gross 2806dc2bd7
docs/tests for multiple HTTP address config (#11760) 2022-01-03 10:17:13 -05:00
Kevin Schoonover 5d9a506bc0
agent: support multiple http address in addresses.http (#11582) 2022-01-03 09:33:53 -05:00
Tim Gross 395628efe1
api: paginate deployment list and accept wildcard namespace (#11743)
Add `per_page` and `next_token` handling to `Deployment.List` RPC, and
allow the use of a wildcard namespace for namespace filtering.
2022-01-03 08:36:02 -05:00
Shishir 65eab35412
Add support for setting pids_limit in docker plugin config. (#11526) 2021-12-21 13:31:34 -05:00
Tim Gross b0c3b99b03
scheduler: fix quadratic performance with spread blocks (#11712)
When the scheduler picks a node for each evaluation, the
`LimitIterator` provides at most 2 eligible nodes for the
`MaxScoreIterator` to choose from. This keeps scheduling fast while
producing acceptable results because the results are binpacked.

Jobs with a `spread` block (or node affinity) remove this limit in
order to produce correct spread scoring. This means that every
allocation within a job with a `spread` block is evaluated against
_all_ eligible nodes. Operators of large clusters have reported that
jobs with `spread` blocks that are eligible on a large number of nodes
can take longer than the nack timeout to evaluate (60s). Typical
evaluations are processed in milliseconds.

In practice, it's not necessary to evaluate every eligible node for
every allocation on large clusters, because the `RandomIterator` at
the base of the scheduler stack produces enough variation in each pass
that the likelihood of an uneven spread is negligible. Note that
feasibility is checked before the limit, so this only impacts the
number of _eligible_ nodes available for scoring, not the total number
of nodes.

This changeset sets the iterator limit for "large" `spread` block and
node affinity jobs to be equal to the number of desired
allocations. This brings an example problematic job evaluation down
from ~3min to ~10s. The included tests ensure that we have acceptable
spread results across a variety of large cluster topologies.
2021-12-21 10:10:01 -05:00
Andy Assareh 8ba4e063e2
Mesh Gateway doc enhancements (#11354)
* Mesh Gateway doc enhancements

1. I believe this line should be corrected to add mesh as one of the choices
2. I found that we are not setting this meta, and it is a required element for wan federation. I believe it would be helpful and potentially time saving to note that right here.
2021-12-20 17:10:44 -05:00
Guilherme ae05515b50
Fix 'check calculations' link (#11420) 2021-12-20 17:09:15 -05:00
Tim Gross e046bb31e9
api: respect wildcard in evaluations list API (#11710) 2021-12-20 12:23:50 -05:00
Luiz Aoqui a46d799f2a
docs: add v1.2.0 upgrade guide about Nomad UI ACL change for job details page (#11689) 2021-12-16 14:32:20 -05:00
Luiz Aoqui 4b39494cd1
docs: add more references and examples to the template block (#11691) 2021-12-16 14:14:01 -05:00
Tim Gross f2615992a4
cli: unhide advanced operator raft debugging commands (#11682)
The `nomad operator raft` and `nomad operator snapshot state`
subcommands for inspecting on-disk raft state were hidden and
undocumented. Expose and document these so that advanced operators
have support for these tools.
2021-12-16 10:32:11 -05:00
Tim Gross 536e3c5282
nomad eval list command (#11675)
Use the new filtering and pagination capabilities of the `Eval.List`
RPC to provide filtering and pagination at the command line.

Also includes note that `nomad eval status -json` is deprecated and
will be replaced with a single evaluation view in a future version of
Nomad.
2021-12-15 11:58:38 -05:00
Noel Quiles 235a778a56
website: Copy updates (#11677) 2021-12-14 16:35:21 -05:00
Tim Gross a0cf5db797
provide -no-shutdown-delay flag for job/alloc stop (#11596)
Some operators use very long group/task `shutdown_delay` settings to
safely drain network connections to their workloads after service
deregistration. But during incident response, they may want to cause
that drain to be skipped so they can quickly shed load.

Provide a `-no-shutdown-delay` flag on the `nomad alloc stop` and
`nomad job stop` commands that bypasses the delay. This sets a new
desired transition state on the affected allocations that the
allocation/task runner will identify during pre-kill on the client.

Note (as documented here) that using this flag will almost always
result in failed inbound network connections for workloads as the
tasks will exit before clients receive updated service discovery
information and won't be gracefully drained.
2021-12-13 14:54:53 -05:00
Tim Gross 624ecab901
evaluations list pagination and filtering (#11648)
API queries can request pagination using the `NextToken` and `PerPage`
fields of `QueryOptions`, when supported by the underlying API.

Add a `NextToken` field to the `structs.QueryMeta` so that we have a
common field across RPCs to tell the caller where to resume paging
from on their next API call. Include this field on the `api.QueryMeta`
as well so that it's available for future versions of List HTTP APIs
that wrap the response with `QueryMeta` rather than returning a simple
list of structs. In the meantime callers can get the `X-Nomad-NextToken`.

Add pagination to the `Eval.List` RPC by checking for pagination token
and page size in `QueryOptions`. This will allow resuming from the
last ID seen so long as the query parameters and the state store
itself are unchanged between requests.

Add filtering by job ID or evaluation status over the results we get
out of the state store.

Parse the query parameters of the `Eval.List` API into the arguments
expected for filtering in the RPC call.
2021-12-10 13:43:03 -05:00
Kevin Wang 3e6757f211
feat(website): extract /plugins /tools docs (#11584)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
Co-authored-by: Mike Nomitch <mnomitch@hashicorp.com>
2021-12-09 14:25:18 -05:00
Lukas W 0e5958d671
CLI: Return non-zero exit code when deployment fails in nomad run (#11550)
* Exit non-zero from run command if deployment fails
* Fix typo in deployment monitor introduced in 0edda11
2021-12-09 09:09:28 -05:00
Tim Gross 348f482c94
docs: improve docs for troubleshooting and monitoring scheduler (#11623)
This changeset adds more specific recommendations as to what metrics
to monitor, and what resources should be examined during incident
response.

It also renames the "Telemetry" section to "Monitoring Nomad" to
surface the material better and distinguish it from the "Metric
Reference".

Co-authored-by: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
2021-12-07 15:52:13 -05:00
James Rasell d44e5620dd
docs: add license expiry metric to metrics website doc. 2021-12-07 10:31:51 +00:00
Shantanu Gadgil 0838678609
mention sysbatch in addition to batch (#11587) 2021-12-06 19:12:03 -05:00
Tim Gross 03e697a69d
scheduler: config option to reject job registration (#11610)
During incident response, operators may find that automated processes
elsewhere in the organization can be generating new workloads on Nomad
clusters that are unable to handle the workload. This changeset adds a
field to the `SchedulerConfiguration` API that causes all job
registration calls to be rejected unless the request has a management
ACL token.
2021-12-06 15:20:34 -05:00
Tim Gross 39acac33a0
ui: change Consul/Vault base URL field name (#11589)
Give ourselves some room for extension in the UI configuration block
by naming the field `ui_url`, which will let us have an `api_url`.
Fix the template path to ensure we're getting the right value from the
API.
2021-11-30 13:20:29 -05:00
James Rasell e34bb8ab1d
Merge pull request #11577 from hashicorp/b-gh-11576
docs: add deprecation note to old style network task env vars.
2021-11-30 12:15:31 +01:00
Tim Gross ba038a1ebc
docs: mount_flags takes a slice of strings (#11583)
The `mount_flags` option takes a slice of strings, not a
comma-separated string like the flags passed to `mount(8)`.
2021-11-29 10:07:34 -05:00
James Rasell 0260cc6306
docs: add deprecation note to old style network task env vars. 2021-11-25 12:58:32 +01:00
Luiz Aoqui 0b82d62bc6
docs: document new Prometheus configuration for the Autoscaler APM plugin (#11562) 2021-11-24 17:37:35 -05:00
Luiz Aoqui 0859eac724
docs: add CLI and config docs for the Autoscaler policy source config (#11559) 2021-11-24 16:17:37 -05:00
Luiz Aoqui fa23106612
docs: add upgrade guide notes for Nomad 1.2.2 (#11567) 2021-11-24 14:24:20 -05:00
Tim Gross fcb96de9a7
config: UI configuration block with Vault/Consul links (#11555)
Add `ui` block to agent configuration to enable/disable the web UI and
provide the web UI with links to Vault/Consul.
2021-11-24 11:20:02 -05:00
James Rasell 6dddf9a1fb
Merge pull request #11535 from hashicorp/docs-vault-token
docs: clarify vault.token only required on servers
2021-11-23 09:26:06 +01:00
James Rasell 751c8217d1
core: allow setting and propagation of eval priority on job de/registration (#11532)
This change modifies the Nomad job register and deregister RPCs to
accept an updated option set which includes eval priority. This
param is optional and override the use of the job priority to set
the eval priority.

In order to ensure all evaluations as a result of the request use
the same eval priority, the priority is shared to the
allocReconciler and deploymentWatcher. This creates a new
distinction between eval priority and job priority.

The Nomad agent HTTP API has been modified to allow setting the
eval priority on job update and delete. To keep consistency with
the current v1 API, job update accepts this as a payload param;
job delete accepts this as a query param.

Any user supplied value is validated within the agent HTTP handler
removing the need to pass invalid requests to the server.

The register and deregister opts functions now all for setting
the eval priority on requests.

The change includes a small change to the DeregisterOpts function
which handles nil opts. This brings the function inline with the
RegisterOpts.
2021-11-23 09:23:31 +01:00
Luiz Aoqui d3c1a03edd Version 1.2.1
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJhl94SAAoJELC0QQl2hbZ2pqoP/R7HyOxvealo5MBJcG4mGiWT
 Hsu9VXpYKDWn0GSXd3JmqYWH7tIwFMXispZ7pMlDLieypW3UpMYIbIquaePxOaRL
 yhlc0CLT7JDsFPx8Puv1fgKXaS3EfFyJlYx437bhCQ+K0k2+1n3EOhrzU/DQ4j8V
 D5qxlkZh6IK6brIJ54NivGzTxtzGGvIGXCrDPolX3cwoBtyO/pbecfEkRlN2xwxl
 P68l52+Jit3lK2Cljh4Kr1qFj8voHPjYUTXGas8ZkIVrx9l4fb6CHib2y3hy4bRR
 qwXT4keWc8bxtLQ7vtetGBAXp4UKJigziE4imhHAttBN9th2/Oy0qSQCNX3xELJC
 Jwgc+N+ON63QI2sP/8FWvmeUrJpASRITYl/Gr8uOR6n1PacrBhFT9OV4VMkte1ua
 jS/WF/7k21NZYqZca+thvN12wmw/gSEAEeCHH5kR3vPLeV6FdanhKLjufMNuMShc
 UKJCEZw1/Lyux1XkLqMPoZ4DCak8/HskupQoLNsekF1Uki8ObU4as7GERedxqkj6
 i2+1QIQMqvviskOwT0QOWm4RFXjRQsIK8uUfXzHHWDMzDhvnGjB0eWVMLAj4/rTe
 46yUP4kdarFkxwkDmLEyoogdD35wC4Xc8Y8IynzUTN77pOWID5QEyFZVaaBB4NR3
 wNowUJGrNkxEYXwGSkjh
 =Zuw2
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEElFaq1Z5DKdB91i+lKfRZwNnLtXMFAmGbu3sACgkQKfRZwNnL
 tXMx4BAAksQ07tSoOku8zDwx2JpoiNApoYhMLlfJ4S3Mw+RYtbayAMRyA08GG56I
 U85XJB/Z2CzliYL/Nya1e3z6Gyn92V0iD9u7N1xEAPt8PdyiXqIBZn1rWoiCcnMO
 C3f2aRGhLZMVOZG0v7fgbh1PkhJt4MLcRQE9nn5ojPvFzW9bL0Iz7lc9IxHQtaU0
 rANDcXdj3IhiOdEgjtO++Qhdeu3t2SBhT2xFnlJ3gXC2q/aY1a2C7BYdlSxtw0JU
 nKpxvBTsB7rINGcYxhXZlckui5YLL4BX11XqsYhUTMC+33vxE5HNty1ANc1+SNyO
 0iHp0yc5J6MCLuiZ/2sBek2tC+KHCufb+qEIqPmBpcWPJRT8HjginLxj/HyL2TQc
 pLF9XxhYKvv0sm3Zr3Ima5kqWgayph3XhQ73hKs9f7SLfErr6qr4XaI8egZA4OTG
 0QGmY/61UlAdsz5tUvIGRWYD5rqXyXIYnUprldPSQdeZ0o2GjX7T0GZ934O5uHfE
 Ne73GafGn8JaGxH9+AEHMJAVpkrzWR1wrExL3kGJ8NF40HlsYofIuhTkZqMKX3EH
 7KfefSJW1NQAGeAEwjtvzhmUiM0cVoCWGd4COxX1G3oJ0o8gZ3RklDEA4Pa9C0rO
 pBW/KIckPpGieGvPaA3mqmXDjx6oOaxPi9wd5TniBHh43pgrASo=
 =KVce
 -----END PGP SIGNATURE-----

Merge tag 'v1.2.1' into merge-release-1.2.1-branch

Version 1.2.1
2021-11-22 10:47:04 -05:00
Tim Gross fc1d4814d9
qemu: add args_allowlist to sandbox VM command line inputs
The QEMU driver allows arbitrary command line options, but many of
these options give access to host resources that operators may not
want to expose such as devices. Add an optional allowlist to the
plugin configuration so that operators can limit the resources for
QEMU.
2021-11-19 11:11:52 -05:00
James Rasell 88cc158ae1
docs: add global query param to API job deregister endpoint. 2021-11-19 13:45:24 +01:00
Michael Schurter cfe4922213 docs: clarify vault.token only required on servers
While it *is* clarified toward the bottom of this page, I've seen people
go to great lengths to configure tokens for clients anyway, so I think
it's worth noting on the parameter's docs as well.
2021-11-18 16:34:59 -08:00
Luiz Aoqui 12feb598af
docs: add note about the Nomad APM autoscaling plugin and scaling cluster to zero (#11494) 2021-11-16 11:58:26 -05:00
Luiz Aoqui 9a09fe160c
docs: remove mutual-exclusion between node class and datacenter in scaling policies (#11499) 2021-11-16 11:58:14 -05:00
kfenech1 26a0158ead
docs: nomad.client.unallocated.memory is in Megabytes not bytes (#11468) 2021-11-08 11:05:11 -05:00
Alessandro De Blasis 07c670fdc0
cli: show host_network in nomad status (#11432)
Enhance the CLI in order to return the host network in two flavors 
(default, verbose) of the `node status` command.

Fixes: #11223.
Signed-off-by: Alessandro De Blasis <alex@deblasis.net>
2021-11-05 09:02:46 -04:00
James Rasell 503f201415
Merge pull request #11444 from hashicorp/b-update-apidocs-alloclist-sample-resp
docs: update API alloc list sample response to be current.
2021-11-05 08:09:23 +01:00
Florian Apolloner ef88795af3
Added a -hcl2-strict flag to allow for lenient hcl variable parsing. (#11284)
Co-authored-by: James Rasell <jrasell@hashicorp.com>
2021-11-04 16:33:09 +01:00
James Rasell 992abe6597
Merge pull request #11333 from hashicorp/assareh-patch-1
exactly one of ingress, terminating, or mesh must be configured
2021-11-04 11:13:04 +01:00
James Rasell 01ecb5b9ce
docs: update API alloc list same response to be current. 2021-11-04 10:22:21 +01:00
Michael Schurter ef3fc79225
Merge pull request #11334 from hashicorp/f-chroot-skip-allocdir
client: never embed alloc_dir in chroot
2021-11-03 16:48:09 -07:00
Luiz Aoqui 4fb5b8b6e7
docs: update podman driver documentation (#11300) 2021-11-03 11:07:44 -04:00
Luiz Aoqui 5d204c8ced
Revert "Return SchedulerConfig instead of SchedulerConfigResponse struct (#10799)" (#11433) 2021-11-02 17:42:52 -04:00
James Rasell 163f2eadd0
Merge pull request #11425 from hashicorp/b-add-timeout-consul-docs
docs: document Consul timeout config parameter.
2021-11-02 15:28:34 +01:00
James Rasell c071efbd6b
Merge pull request #11411 from hashicorp/f-gh-11406
cli: add json and template flag opts to acl bootstrap command.
2021-11-02 09:48:25 +01:00
James Rasell 9d0fe24e25
docs: document Consul timeout config parameter. 2021-11-02 08:28:45 +01:00
James Rasell 46564ac579
docs: update acl bootstrap command to show json and template opts. 2021-10-29 09:01:58 +02:00
Pavel Alimpiev 068066cb0e
Fix typo in documentation 2021-10-29 03:31:53 +03:00
James Rasell d6388db576
docs: clarify server data_dir config needs top-level data_dir cfg. 2021-10-28 13:07:37 +02:00
Dave May 509c74ce19
debug: update default node-id and docs (#11398)
* debug: default node-id to all
* debug: align cli help and website documentation
2021-10-27 13:43:56 -04:00
Mike Nomitch 569a55675b
Replaces accidental use of Vault with Nomad (#11355) 2021-10-27 08:35:31 -07:00
Luiz Aoqui ecc7a288ec
docs: add note and example of storing nomad job plan index to disk (#11377) 2021-10-26 20:25:22 -04:00
Charlie Voiselle 7d02c8b605
DOCS: Update Consul Connect to Consul service mesh (#11362)
* Update Consul Connect to Consul service mesh
* Apply suggestions from code review
2021-10-26 15:10:21 -04:00
Luiz Aoqui 3c22fc79a5
add dispatch idempotency token support in the CLI (#10930) 2021-10-22 12:39:05 -04:00
Luiz Aoqui 6853bf9632
cli: allow setting namespace and region in the nomad ui command (#11364) 2021-10-21 16:24:39 -04:00
James Rasell 6011411111
Merge pull request #11339 from hashicorp/b-website-fixup-interpolation-formatting
website: fixup link formatting within interpolation doc.
2021-10-21 09:15:36 +02:00
Michael Schurter 10c3bad652 client: never embed alloc_dir in chroot
Fixes #2522

Skip embedding client.alloc_dir when building chroot. If a user
configures a Nomad client agent so that the chroot_env will embed the
client.alloc_dir, Nomad will happily infinitely recurse while building
the chroot until something horrible happens. The best case scenario is
the filesystem's path length limit is hit. The worst case scenario is
disk space is exhausted.

A bad agent configuration will look something like this:

```hcl
data_dir = "/tmp/nomad-badagent"

client {
  enabled = true

  chroot_env {
    # Note that the source matches the data_dir
    "/tmp/nomad-badagent" = "/ohno"
    # ...
  }
}
```

Note that `/ohno/client` (the state_dir) will still be created but not
`/ohno/alloc` (the alloc_dir).
While I cannot think of a good reason why someone would want to embed
Nomad's client (and possibly server) directories in chroots, there
should be no cause for harm. chroots are only built when Nomad runs as
root, and Nomad disables running exec jobs as root by default. Therefore
even if client state is copied into chroots, it will be inaccessible to
tasks.

Skipping the `data_dir` and `{client,server}.state_dir` is possible, but
this PR attempts to implement the minimum viable solution to reduce risk
of unintended side effects or bugs.

When running tests as root in a vm without the fix, the following error
occurs:

```
=== RUN   TestAllocDir_SkipAllocDir
    alloc_dir_test.go:520:
                Error Trace:    alloc_dir_test.go:520
                Error:          Received unexpected error:
                                Couldn't create destination file /tmp/TestAllocDir_SkipAllocDir1457747331/001/nomad/test/testtask/nomad/test/testtask/.../nomad/test/testtask/secrets/.nomad-mount: open /tmp/TestAllocDir_SkipAllocDir1457747331/001/nomad/test/.../testtask/secrets/.nomad-mount: file name too long
                Test:           TestAllocDir_SkipAllocDir
--- FAIL: TestAllocDir_SkipAllocDir (22.76s)
```

Also removed unused Copy methods on AllocDir and TaskDir structs.

Thanks to @eveld for not letting me forget about this!
2021-10-18 09:22:01 -07:00
James Rasell 2f5f6e0fdd
website: fixup link formatting within interpolation doc. 2021-10-18 12:21:05 +02:00
Andy Assareh 8c638217ac
exactly one of ingress, terminating, or mesh must be configured
i believe mesh should be included in this statement was omitted.
2021-10-15 14:15:02 -07:00
Shishir Mahajan d4daef7ebf Add support for --init to docker driver.
Signed-off-by: Shishir Mahajan <smahajan@roblox.com>
2021-10-15 12:53:25 -07:00
Luiz Aoqui f1fb0987ab
docs: update Nvidia device plugin as external (#11313) 2021-10-14 12:22:31 -04:00
Charlie Voiselle cb8e52b5df
Return SchedulerConfig instead of SchedulerConfigResponse struct (#10799) 2021-10-13 21:23:13 -04:00
Michael Schurter 59fda1894e
Merge pull request #11167 from a-zagaevskiy/master
Support configurable dynamic port range
2021-10-13 16:47:38 -07:00
Jorge Marey 2af0422bca
Add os-nova nomad autoscaler repo link (#11277) 2021-10-12 17:04:58 -04:00
Dave May 76b05f3cd2
cli: Add nomad job allocs command (#11242) 2021-10-12 16:30:36 -04:00
Matt Mukerjee b56432e645
Add FailoverHeartbeatTTL to config (#11127)
FailoverHeartbeatTTL is the amount of time to wait after a server leader failure
before considering reallocating client tasks. This TTL should be fairly long as
the new server leader needs to rebuild the entire heartbeat map for the
cluster. In deployments with a small number of machines, the default TTL (5m)
may be unnecessary long. Let's allow operators to configure this value in their
config files.
2021-10-06 18:48:12 -04:00
Amit Shuster 188be1b5df
Lightrun Integration - External task driver (#11203) 2021-10-06 15:34:34 -04:00
Florian Apolloner 0fa60dae9d
Added support for -force-color to the CLI. (#10975) 2021-10-06 10:02:42 -04:00
Yan 6ff0b6debc
add -show-url option for ui command (#11213) 2021-10-05 20:08:42 -04:00
Luiz Aoqui 63d1ac8939
docs: document that network mode is only supported on Linux (#11192)
Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
2021-10-01 23:17:20 -04:00
Michael Schurter 5530392256 docs: add new client.{min,max}_dynamic_port params 2021-09-30 17:10:28 -07:00
Tim Gross 6800485dcb devices: externalize nvidia device driver 2021-09-29 13:43:37 -07:00
Luiz Aoqui a7872f0ba5
docs: add Nomad version requirement note for sysbatch (#11231) 2021-09-29 15:14:51 -04:00
jmwilkinson d88b224248
Update filesystem.mdx (#11182)
* Update filesystem.mdx

Update summary of alloc directory to include information on access differences between task drivers and filesystem isolation modes.

Co-authored-by: Tim Gross <tim@0x74696d.com>
2021-09-27 16:36:04 -07:00
James Rasell 8e4cc1b88b
Merge pull request #11224 from hashicorp/b-docs-node-eval-apidocs
docs: fix API docs node evaluate example call.
2021-09-24 15:18:49 +02:00
James Rasell 10f0fc3cc5
docs: fix API docs node evaluate example call. 2021-09-24 10:28:22 +01:00
Charlie Voiselle e707012136
Clarify that reservation example
The current wording can lead someone to believe that you can use percentage values.
2021-09-22 18:30:39 -04:00
Michael Schurter 0745fdbcf6
Merge pull request #11215 from hashicorp/b-license-env-deny
client: add NOMAD_LICENSE to default env deny list
2021-09-21 16:53:26 -07:00
Luiz Aoqui 8d19831247
docs: add some extra documentation around client host environment variables (#11208)
Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
2021-09-21 17:23:30 -04:00
Michael Schurter 4ad0c258b9 client: add NOMAD_LICENSE to default env deny list
By default we should not expose the NOMAD_LICENSE environment variable
to tasks.

Also refactor where the DefaultEnvDenyList lives so we don't have to
maintain 2 copies of it. Since client/config is the most obvious
location, keep a reference there to its unfortunate home buried deep
in command/agent/host. Since the agent uses this list as well for the
/agent/host endpoint the list must be accessible from both command/agent
and client.
2021-09-21 13:51:17 -07:00
Michael Schurter aa241fb87f docs: add upgrade guide entry for audit log naming 2021-09-16 16:19:52 -07:00
James Rasell b5039c96a4
docs: add network.hostname job specification website entry. 2021-09-15 11:43:47 +02:00
Joel Watson 7e100cc682
Merge pull request #11145 from hashicorp/watsonian/gpu-update
docs: Update Nvidia GPU installation instructions
2021-09-09 10:19:18 -05:00
Andy Assareh 40790017fd
typo - capability (#11152) 2021-09-08 14:34:02 -07:00
Joel Watson 4d0fde00f5 docs: Update Nvidia GPU installation instructions 2021-09-07 15:26:32 -05:00
Forest Anderson 3d68bf81d6
Change dashboard port to http (#11129) 2021-09-03 20:34:40 -04:00
Andy Assareh 60df2a2d0f
suggest changing port number to nomad default (#11140)
i found this confusing since 8300 is associated with consul. suggest using more nomad ports
2021-09-03 20:15:32 -04:00
Isabel Suchanek ab51050ce8
events: fix wildcard namespace handling (#10935)
This fixes a bug in the event stream API where it currently interprets
namespace=* as an actual namespace, not a wildcard. When Nomad parses
incoming requests, it sets namespace to default if not specified, which
means the request namespace will never be an empty string, which is what
the event subscription was checking for. This changes the conditional
logic to check for a wildcard namespace instead of an empty one.

It also updates some event tests to include the default namespace in the
subscription to match current behavior.

Fixes #10903
2021-09-02 09:36:55 -07:00
Luiz Aoqui f09d5ebcd6
Document Docker extra_hosts behaviour post v1.1.3 (#11079)
Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
2021-09-01 12:41:06 -04:00
Michael Lange c186628975
Merge pull request #11101 from hashicorp/d/event-stream-ndjson
Mention the ndjson standard format the event stream uses
2021-08-31 11:55:00 -07:00
Derek Strickland a705e84e77
Add firewall statement to requirements (#11106)
This PR adds a sentence about configuring your firewall to allow required Nomad ports. This is being added to help search discoverability.

This closes issue #11076
2021-08-31 10:29:33 -04:00
Michael Lange 1340c82144
Mention the ndjson standard format the event stream uses
Knowing this upfront is important when looking for common libraries to help consume events.
2021-08-30 11:53:38 -07:00
Mahmood Ali 483d30f578
release 1.1.4 (#11088) 2021-08-30 11:43:05 -04:00
James Rasell 4dd5c47a47
Merge pull request #11091 from hashicorp/consolidate-cni-plugins-to-1.0.0
cni: consolidate cni plugins within test install and docs to use v1.0.0
2021-08-30 09:39:39 +02:00
Mahmood Ali 53f11e0080
docs: note env and meta map assignment syntax (#11095) 2021-08-29 14:35:09 -04:00
James Rasell ec221ab792
docs: update website to detail cni plugins v1.0.0 2021-08-27 11:15:25 +02:00
Luiz Aoqui be2389c8ad
Update scaling and policy blocks documentation (#11071)
* website: update `scaling` and `policy` blocks documentation

* website: hclfmt examples in scaling block docs
2021-08-25 09:10:18 -04:00
James Rasell 75be5acb08
Merge pull request #11042 from hashicorp/docs-remove-ingress-host-port-callout
docs: Remove note on ingress gateway hosts field needing a port number
2021-08-25 12:29:59 +02:00
Luiz Aoqui 104d29e808
Don't timestamp active log file (#11070)
* don't timestamp active log file

* website: update log_file default value

* changelog: add entry for #11070

* website: add upgrade instructions for log_file in v1.14 and v1.2.0
2021-08-23 11:27:34 -04:00
Zachary Shilton f87ae568d9
Upgrade global styles (#10936)
* website: upgrade global-styles packages

* website: upgrade community page

* website: hide alert-banner on mobile

* website: upgrade g-container to g-grid-container

* website: update /security to use markdown-page

* website: fix unsupported prop

* website: fix incorrect github link in security page

* website: bump to latest patched dependencies
2021-08-20 11:53:12 -04:00
Mahmood Ali c37339a8c8
Merge pull request #9160 from hashicorp/f-sysbatch
core: implement system batch scheduler
2021-08-16 09:30:24 -04:00
Blake Covarrubias 0778ffab8c docs: Remove note on ingress gateway hosts field needing a port number
Update the ingress gateway documentation to remove the note stating
that a port must be specified for values in the `hosts` field when
the ingress gateway is listening on a non-standard HTTP port.

Specifying a port was required in Consul 1.8.0, but that requirement
was removed in 1.8.1 with hashicorp/consul#8190 which made Consul
include the port number when constructing the Envoy configuration.

Related Consul docs PR: hashicorp/consul#10827
2021-08-11 14:55:05 -07:00
Mahmood Ali 5ae9df80bf
docs: Consul Connect tweaks (#11040)
Tweaks to the commands in Consul Connect page.

For multi-command scripts, having the leading `$` is a bit annoying, as it makes copying the text harder. Also, the `copy` button would only copy the first command and ignore the rest.

Also, the `echo 1 > ...` commands are required to run as root, unlike the rest! I made them use `| sudo tee` pattern to ease copy & paste as well.

Lastly, update the CNI plugin links to 1.0.0. It's fresh off the oven - just got released less than an hour ago: https://github.com/containernetworking/plugins/releases/tag/v1.0.0 .
2021-08-11 17:14:26 -04:00
Tim Gross de957b48ff docs: note CNI requirement for bridge networking
Using `bridge` networking requires that you have CNI plugins installed
on the client, but this isn't in the jobspec `network` docs which are
the first place someone will look when trying to configure task
networking.
2021-08-11 10:18:35 -04:00
Michael Schurter a7aae6fa0c
Merge pull request #10848 from ggriffiths/listsnapshot_secrets
CSI Listsnapshot secrets support
2021-08-10 15:59:33 -07:00
Michael Schurter ec08bd6ac7
Merge pull request #10995 from miao1007/patch-1
docs: Add replication_token link with authoritative_region
2021-08-10 10:48:02 -07:00
Lir (Rookout) f720179ba0
Some Rookout docs tweaks (#10989) 2021-08-09 11:19:36 +02:00
Michael Schurter 6d14c181dd docs: add backward incompat note about #10875
Fixes #11002
2021-08-05 15:08:55 -07:00
Seth Hoenig 3371214431 core: implement system batch scheduler
This PR implements a new "System Batch" scheduler type. Jobs can
make use of this new scheduler by setting their type to 'sysbatch'.

Like the name implies, sysbatch can be thought of as a hybrid between
system and batch jobs - it is for running short lived jobs intended to
run on every compatible node in the cluster.

As with batch jobs, sysbatch jobs can also be periodic and/or parameterized
dispatch jobs. A sysbatch job is considered complete when it has been run
on all compatible nodes until reaching a terminal state (success or failed
on retries).

Feasibility and preemption are governed the same as with system jobs. In
this PR, the update stanza is not yet supported. The update stanza is sill
limited in functionality for the underlying system scheduler, and is
not useful yet for sysbatch jobs. Further work in #4740 will improve
support for the update stanza and deployments.

Closes #2527
2021-08-03 10:30:47 -04:00
みゃお 8d970d97d3
[doc]Add replication_token link with authoritative_region
replication_token always works together with authoritative_region, add a link for better doc.
2021-08-03 18:56:00 +08:00
Derek Strickland 7210f855e8
Merge pull request #10976 from itorres/api-docs-allocation-restart-sample
API docs: Fix allocation restart example
2021-08-02 08:48:45 -04:00
James Rasell 167b6c50ff
docs: order external driver overview alphabetically. 2021-08-02 10:51:37 +02:00
Lir (Rookout) 216d0392a8
Rookout driver docs (#10950)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2021-08-02 10:09:45 +02:00
Ignacio Torres Masdeu 3f784f17f7
Fix allocation restart API docs example 2021-07-30 16:45:21 +02:00
Mike Nomitch 6a8158fd5a
Adds documentation for file mode to sink docs (#10972) 2021-07-29 16:09:18 -04:00
Grant Griffiths fecbbaee22 CSI ListSnapshots secrets implementation
Signed-off-by: Grant Griffiths <ggriffiths@purestorage.com>
2021-07-28 11:30:29 -07:00
HZHgagaga fafaf1e07e
Update client.mdx
Missing "-" symbol, "bridge_ Network name" should be "bridge_ network_name".
2021-07-27 11:24:34 +08:00
James Rasell 556e7373d0
Merge pull request #10921 from hashicorp/b-fix-regions-api-docs
docs: fixup regions API documentation path to include version.
2021-07-21 18:29:09 +02:00
Luiz Aoqui 0adaaa848c
docs: fix ACL enabled parameter description (#10918) 2021-07-21 10:05:18 -04:00
James Rasell 3e8c1a586c
docs: fixup regions API documentation path to include version. 2021-07-21 12:14:19 +02:00
Kent 'picat' Gruber decd59dbd1
Merge pull request #10886 from hashicorp/cli-handle-successful-deployment
Handle successful/canceled/blocked deployments in CLI output
2021-07-16 12:27:22 -04:00
Kent 'picat' Gruber 9f45d3e23e Update deployment status doc example output 2021-07-16 09:58:58 -04:00
Kent 'picat' Gruber 15342d0f6a Handle successful/canceled/blocked deployments in CLI output
Otherwise the spinner would just end, which felt a bit awkward.

I wanted to see a  "✓" to know that everything was ok, and a "!" (maybe something else?) if something went wrong.
2021-07-09 19:27:55 -04:00
Seth Hoenig f80ae067a8 consul/connect: fix bug causing high cpu with multiple connect sidecars in group
This PR fixes a bug where the underlying Envoy process of a Connect gateway
would consume a full core of CPU if there is more than one sidecar or gateway
in a group. The utilization was being caused by Consul injecting an envoy_ready_listener
on 127.0.0.1:8443, of which only one of the Envoys would be able to bind to.
The others would spin in a hot loop trying to bind the listener.

As a workaround, we now specify -address during the Envoy bootstrap config
step, which is how Consul maps this ready listener. Because there is already
the envoy_admin_listener, and we need to continue supporting running gateways
in host networking mode, and in those case we want to use the same port
value coming from the service.port field, we now bind the admin listener to
the 127.0.0.2 loop-back interface, and the ready listener takes 127.0.0.1.

This shouldn't make a difference in the 99.999% use case where envoy is
being run in its official docker container. Advanced users can reference
${NOMAD_ENVOY_ADMIN_ADDR_<service>} (as they 'ought to) if needed,
as well as the new variable ${NOMAD_ENVOY_READY_ADDR_<service>} for the
envoy_ready_listener.
2021-07-09 14:34:44 -05:00
Mike Nomitch 487ffb2c70
[docs] Adds federation caveat to upgrade guide (#10847) 2021-07-09 09:42:17 -04:00
Shishir ea299d5d33
Containerd task driver options. (#10878)
- Auth support via driver config
- pid_mode
- shm_size

Signed-off-by: Shishir Mahajan <smahajan@roblox.com>
2021-07-09 08:17:42 -04:00
Isabel Suchanek 13db600665
cli: add -task flag to alloc signal, restart (#10859)
Alloc exec only works when task is passed as a flag and not an arg.
Alloc logs currently accepts either, but alloc signal and restart only
accept task as an arg. This adds -task as a flag to the other alloc
commands to make the cli UX consistent. If task is passed as a flag and
an arg, it ignores the arg.
2021-07-07 09:58:16 -07:00
Shantanu Gadgil 39671aa4f4
constraint on the Docker driver missing 'attr'
Between this page and https://www.nomadproject.io/docs/runtime/interpolation
I realized that the syntax on the Docker page was missing the word `attr`.
2021-07-06 08:48:04 +05:30
Tim Gross db96e40f3a
docker: move host path for hosts file mount to alloc dir (#10823)
In Nomad 1.1.1 we generate a hosts file based on the Nomad-owned network
namespace, rather than using the default hosts file from the pause
container. This hosts file should be shared between tasks in the same
allocation so that tasks can update the file and have the results propagated
between tasks.
2021-06-30 11:10:04 -04:00
Juan Carlos Alonso ea272d91ce
Fix missing opening quote 2021-06-30 12:33:34 +08:00
Seth Hoenig d1fa7ed88c
Merge pull request #10805 from hashicorp/b-cn-tls-env
consul/connect: automatically set consul tls sni name for connect native tasks
2021-06-29 14:10:21 -05:00
Tim Gross 5e6aca18e4
docs: unset port to field maps to dynamic port (#10828) 2021-06-28 15:55:24 -04:00
Tim Gross 777db36185
docs: add missing backwards compat warning about port_map (#10827)
The `docker` driver's `port_map` field was deprecated in 0.12 and this is
documented in the task driver's docs, but we never explicitly flagged it for
backwards compatibility.
2021-06-28 15:49:41 -04:00
Seth Hoenig 5aa657c6bd consul/connect: automatically set consul tls sni name for connect native tasks
This PR makes it so that Nomad will automatically set the CONSUL_TLS_SERVER_NAME
environment variable for Connect native tasks running in bridge networking mode
where Consul has TLS enabled. Because of the use of a unix domain socket for
communicating with Consul when in bridge networking mode, the server name is
a file name instead of something compatible with the mTLS certificate Consul
will authenticate against. "localhost" is by default a compatible name, so Nomad
will set the environment variable to that.

Fixes #10804
2021-06-28 08:36:53 -05:00
Boris Shomodjvarac 64b1cafa57
docs: update csi_plugin example (#10821)
Current efs driver does not support telling it if its a `node` or a `controller`, and it will not print any error it will just ignore all other parameters then:(
So this will result in endpoint being `/tmp/csi.sock` and not `/csi/csi.sock` which will in turn break nomad/csi integration.

Also I changed the latest image tag to v1.3.2 to make sure anybody copy pasting this example is sure that it will work.

Tested on nomad 1.1.2
2021-06-28 08:28:03 -04:00
Tim Gross ad8eb33cd7
docs: improve CSI deployment recommendations (#10798)
* add some more context to the recommendations
* add recommendations around per-AZ `plugin_id`
2021-06-22 10:23:09 -04:00
Tim Gross 74947d6591
docs: host_network does support Docker task port mapping (#10774) 2021-06-17 09:11:10 -04:00
Tim Gross 7bd61bbf43
docker: generate /etc/hosts file for bridge network mode (#10766)
When `network.mode = "bridge"`, we create a pause container in Docker with no
networking so that we have a process to hold the network namespace we create
in Nomad. The default `/etc/hosts` file of that pause container is then used
for all the Docker tasks that share that network namespace. Some applications
rely on this file being populated.

This changeset generates a `/etc/hosts` file and bind-mounts it to the
container when Nomad owns the network, so that the container's hostname has an
IP in the file as expected. The hosts file will include the entries added by
the Docker driver's `extra_hosts` field.

In this changeset, only the Docker task driver will take advantage of this
option, as the `exec`/`java` drivers currently copy the host's `/etc/hosts`
file and this can't be changed without breaking backwards compatibility. But
the fields are available in the task driver protobuf for community task
drivers to use if they'd like.
2021-06-16 14:55:22 -04:00
Isabel Suchanek e3cde4f4b3
cli: check deployment exists before monitoring (#10757)
System and batch jobs don't create deployments, which means nomad tries
to monitor a non-existent deployment when it runs a job and outputs an
error message. This adds a check to make sure a deployment exists before
monitoring. Also fixes some formatting.

Co-authored-by: Tim Gross <tgross@hashicorp.com>
2021-06-14 16:42:38 -07:00
Isabel Suchanek c6c52bc53e
docs: add deployment monitor to docs, changelog
Updates the deployment status and job run docs
2021-06-10 10:51:33 -07:00
Shishir Mahajan f50f10504f Update containerd task driver options.
- hostname
- auth

Signed-off-by: Shishir Mahajan <smahajan@roblox.com>
2021-06-10 08:03:49 -04:00
Michael Schurter fff95b0697
docs: improve wait_for_index metrics description (#10717)
Old description of `{plan,worker}.wait_for_index` described the metric
in terms of waiting for a snapshot which has two problems:

1. "Snapshot" is an overloaded term in Nomad and operators can't be
   expected to know which use we're referring to here.
2. The most important thing about the metric is what we're waiting *on*
   before taking a snapshot: the raft index of the object to be
   processed (plan or eval).

The new description tries to cram all of that context into the tiny
space provided.

See #5791 for details about the `wait_for_index` mechanism in general.
2021-06-09 08:53:06 -04:00
Tim Gross e44b039ea0 docs: warn not to set network_mode for Connect-enabled Docker task 2021-06-08 10:14:15 -04:00
Seth Hoenig 839c0cc360 consul/connect: fix upstream mesh gateway default mode setting
This PR fixes the API to _not_ set the default mesh gateway mode. Before,
the mode would be set to "none" in Canonicalize, which is incorrect. We
should pass through the empty string so that folks can make use of Consul
service-defaults Config entries to configure the default mode.
2021-06-04 08:53:12 -05:00
Seth Hoenig d026ff1f66 consul/connect: add support for connect mesh gateways
This PR implements first-class support for Nomad running Consul
Connect Mesh Gateways. Mesh gateways enable services in the Connect
mesh to make cross-DC connections via gateways, where each datacenter
may not have full node interconnectivity.

Consul docs with more information:
https://www.consul.io/docs/connect/gateways/mesh-gateway

The following group level service block can be used to establish
a Connect mesh gateway.

service {
  connect {
    gateway {
      mesh {
        // no configuration
      }
    }
  }
}

Services can make use of a mesh gateway by configuring so in their
upstream blocks, e.g.

service {
  connect {
    sidecar_service {
      proxy {
        upstreams {
          destination_name = "<service>"
          local_bind_port  = <port>
          datacenter       = "<datacenter>"
          mesh_gateway {
            mode = "<mode>"
          }
        }
      }
    }
  }
}

Typical use of a mesh gateway is to create a bridge between datacenters.
A mesh gateway should then be configured with a service port that is
mapped from a host_network configured on a WAN interface in Nomad agent
config, e.g.

client {
  host_network "public" {
    interface = "eth1"
  }
}

Create a port mapping in the group.network block for use by the mesh
gateway service from the public host_network, e.g.

network {
  mode = "bridge"
  port "mesh_wan" {
    host_network = "public"
  }
}

Use this port label for the service.port of the mesh gateway, e.g.

service {
  name = "mesh-gateway"
  port = "mesh_wan"
  connect {
    gateway {
      mesh {}
    }
  }
}

Currently Envoy is the only supported gateway implementation in Consul.
By default Nomad client will run the latest official Envoy docker image
supported by the local Consul agent. The Envoy task can be customized
by setting `meta.connect.gateway_image` in agent config or by setting
the `connect.sidecar_task` block.

Gateways require Consul 1.8.0+, enforced by the Nomad scheduler.

Closes #9446
2021-06-04 08:24:49 -05:00
Tim Gross bc6278ca08 docs: fix broken links in nomad csi snapshot commands 2021-06-03 11:25:30 -04:00
Tim Gross 99380aa3f0 docs: clarify default check.initial_status behavior 2021-06-03 10:02:25 -04:00
mrspanishviking b73a848ec3
docs: added license faq 2021-05-27 13:30:17 -04:00
Tim Gross 41d364ad81 docs: improve documentation for CSI create/register mount_options
Adds clarification to `nomad volume create` commands around how the `volume`
block in the jobspec overrides this behavior. Adds missing section to `nomad
volume register` and to example volume spec for both commands.
2021-05-24 11:13:58 -04:00
Florian Apolloner 337cb4156d Removed unsupported options from volume create
Volume creation doesn't support the context (this would only be used for register)
2021-05-24 08:29:42 -04:00
James Rasell 99128e8601
docs: fix jobspec hcl2 locals example. 2021-05-21 15:20:46 +02:00
Grant Griffiths e8712d974a Add new volume commands to overview page 2021-05-21 07:50:57 -04:00
Charlie Voiselle f659197549
(demo) -> [demo] 2021-05-19 16:30:23 -04:00
mrspanishviking a53bc6130d
docs: fixes broken links
Fixed broken links for the remote task driver ECS page
2021-05-19 12:56:08 -07:00
Daniel Durante dc52c8c0e9 docs: fixes typo within volume registration page 2021-05-19 08:36:38 -04:00
Tim Gross 324be52991 docs: ensure definitions have anchors
Move the words being defined in the /docs/internal/architecture page to be
small headers so that they can be linked to with anchors from Learn guides and
other documentation location.
2021-05-18 15:05:11 -04:00
Mike Wickett b7fc7c3d76
patch images (#10607) 2021-05-18 11:14:09 -04:00
mrspanishviking 52c95db9cf
docs: update enterprise license page
Added a link to the enterprise license tutorial and updated the trial link to use the recommended marketing url.
2021-05-18 07:25:54 -07:00
Ahmed 8d41e22405 Update service.mdx 2021-05-17 15:41:50 -04:00
Seth Hoenig 591f0f0219 docs: minor wording tweaks + cl 2021-05-17 12:52:52 -06:00
Seth Hoenig f64baec276 docs: update docs for linux capabilities in exec/java/docker drivers
Update docs for allow_caps, cap_add, cap_drop in exec/java/docker driver
pages. Also update upgrade guide with guidance on new default linux
capabilities for exec and java drivers.
2021-05-17 12:37:40 -06:00
Michael Schurter d775c33479
Merge pull request #10550 from hashicorp/docs-rtd
Remote Task Driver docs
2021-05-14 10:49:35 -07:00
Michael Schurter f560120588
Apply suggestions from code review
Co-authored-by: Seth Hoenig <shoenig@hashicorp.com>
2021-05-14 10:45:12 -07:00
Michael Schurter e9de5e5323 docs: mention #10592 in rtd docs 2021-05-13 15:14:56 -07:00
Michael Schurter 9eedb124ad docs: document remote task drivers & ecs driver 2021-05-13 10:43:46 -07:00
Mahmood Ali abf6418976
add a section about memory oversubscription (#10573)
add a section about memory oversubscription

Co-authored-by: Tim Gross <tgross@hashicorp.com>
2021-05-13 13:35:51 -04:00
Tim Gross d161d79b67 docs: fix fields in 'volume create' example
The `capacity` block was removed during implementation in lieu of the
`capacity_max` and `capacity_min` fields, but it wasn't removed from the
example in the documentation.
2021-05-13 08:48:49 -04:00
Joel May bfaf8cf040 minor: update 'Cloudflare' capitalization 2021-05-12 15:15:54 -07:00
Seth Hoenig 1e75f99839 drivers/docker+exec+java: disable net_raw capability by default
The default Linux Capabilities set enabled by the docker, exec, and
java task drivers includes CAP_NET_RAW (for making ping just work),
which has the side affect of opening an ARP DoS/MiTM attack between
tasks using bridge networking on the same host network.

https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

This PR disables CAP_NET_RAW for the docker, exec, and java task
drivers. The previous behavior can be restored for docker using the
allow_caps docker plugin configuration option.

A future version of nomad will enable similar configurability for the
exec and java task drivers.
2021-05-12 13:22:09 -07:00
Mike Nomitch 859fa96308
docs: add detail to 1.1 upgrade guide for licensing 2021-05-10 12:28:05 -04:00
Mike Noordermeer 2445bece66
docs: clarify that a default update strategy is used when update strategy is omitted 2021-05-10 08:27:22 -04:00
Luiz Aoqui 3e4a3ff8eb
docs: restructure autoscaling plugins menu (#10534)
* docs: restructure autoscaling plugins menu

* docs: add autoscaling threshold strategy (#10535)
2021-05-07 14:21:50 -04:00
Chris Baker 263ddd567c
Node Drain Metadata (#10250) 2021-05-07 13:58:40 -04:00
Tim Gross 1fdb4c1511 documentation for disable_default_tcp_check 2021-05-07 13:16:39 -04:00
Seth Hoenig 62d76ee63a docs: add agent consul grpc_address docs
We already supported this configuration, but forgot to document it.
2021-05-07 09:25:09 -06:00
Seth Hoenig 20ae274ecb
Merge pull request #10532 from hashicorp/docs-fixup-dc-region-arch-words-10515
docs: fixup wording around datacenters and regions on architecture docs
2021-05-07 09:02:43 -06:00
Mahmood Ali 488cd1e336 annotate 1.1 beta fields 2021-05-07 10:21:16 -04:00
Mahmood Ali 931a58991b Remove a stale note about 0.9 scheduler config 2021-05-07 10:21:16 -04:00
Mike Nomitch e1298e4704 Moving licensing to the top of the upgrade guide and clarifying wording 2021-05-07 08:17:17 -04:00
Mike Nomitch fa7f03f6f5 website: adding trial links 2021-05-07 08:17:17 -04:00
Seth Hoenig 9668c3e429 docs: fixup wording around datacenters and regions on architecture docs
Part of #10515
2021-05-06 16:18:02 -06:00
Buck Doyle 588ab6fb30
docs: Fix missing link to operator debug (#10523) 2021-05-06 11:29:41 -05:00
Mahmood Ali 5ea431a792
expose NOMAD_MEMORY_MAX_LIMIT env var (#10514)
Follow up to memory oversubscription - expose an env-var to indicate when memory oversubscription is enabled and what the limit is.

This will be helpful for setting hints to app for memory management.

Co-authored-by: Seth Hoenig <shoenig@hashicorp.com>
2021-05-05 12:09:56 -04:00
Nick Ethier 42bbe6978d website: reserved cores docs 2021-05-05 08:11:41 -04:00
Drew Bailey a86477021f
remove license put command references (#10501) 2021-05-04 08:39:56 -04:00
Charlie Voiselle 19b35833de Adding environment variables to Command overview page 2021-05-03 08:12:45 -04:00
Andy Assareh 1616f80211 git example - suggest providing real repo
when troubleshooting it is better if this command will actually work (pointing to a real repository)
2021-05-03 08:12:10 -04:00
Mahmood Ali ba49661198
Docs memory oversubscription (#10478)
* update docs

* document memory_oversubscription_enabled scheduler config
2021-04-30 14:07:56 -04:00
Tim Gross 81afcdc435 docs: remove API doc for license PUT 2021-04-30 10:39:21 -04:00
Luiz Aoqui 154b2105ac
docs: add FAQ for Docker Desktop for Windows and MacOS (#10390)
* docs: add FAQ for Docker Desktop for Windows and MacOS

* docs: add win

* docs: add docker desktop note to docker driver page
2021-04-29 19:53:12 -04:00
Luiz Aoqui f1b9055d21
Add metrics for blocked eval resources (#10454)
* add metrics for blocked eval resources

* docs: add new blocked_evals metrics

* fix to call `pruneStats` instead of `stats.prune` directly
2021-04-29 15:03:45 -04:00
Tim Gross 9e1d4981f0
docs: Enterprise licensing updates 2021-04-28 14:46:06 -04:00
catinthetap b84cd7d61d
docs: update filesystem.mdx to fix typo 2021-04-28 08:11:05 -04:00
Marcus Naughton 1597c5a164 Update libraries-and-sdks.mdx 2021-04-27 16:34:55 -04:00
James Rasell 4e18e9ea8b
docs: add detail on launching autoscaler external plugins. 2021-04-26 11:19:15 +02:00
kphunter 59209f4165
Fix path tip 2021-04-23 22:03:53 -07:00
Luiz Aoqui 29171be859
docs: reorganize autoscaling agent config (#10383) 2021-04-23 09:53:58 -04:00
changli0617 5c820bae59
Small typo fixes (#10427)
Co-authored-by: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
2021-04-22 12:16:21 -07:00
changli0617 b74cb407bd
Merge pull request #10384 from hashicorp/mw.partnership-page
website: add partnerships page
2021-04-22 11:38:05 -07:00
changli0617 d80d7229d5
Update partnerships.mdx 2021-04-21 15:20:04 -07:00
Buck Doyle 2a72920af1
docs: Fix minor fuzzy search things (#10423) 2021-04-21 14:55:17 -05:00
James Rasell 02ee9f605e
Merge pull request #10409 from hashicorp/f-docs-gh-10406
docs: update autoscaler target plugins to include datacenter field.
2021-04-21 10:15:45 +02:00
Charlie Voiselle ef8ca60693
Enable go-sockaddr templating for network-interface (#10404)
Add templating to `network-interface` option.
This PR also adds a fast-fail to in the case where an invalid interface is set or produced by the template

* add tests and check for valid interface
* Add documentation
* Incorporate suggestions from code review

Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2021-04-20 13:55:10 -04:00
Seth Hoenig 4e6dbaaec1
Merge pull request #10184 from hashicorp/f-fuzzy-search
api: implement fuzzy search API
2021-04-20 09:06:40 -06:00
James Rasell d55ae5d194
docs: update autoscaler target plugins to include datacenter field. 2021-04-20 14:01:19 +02:00
Johan Siebens 8f358838e2
website: added digitalocean droplets plugin to community plugins index 2021-04-20 10:25:21 +02:00
Seth Hoenig c34ef9eb78 api: fuzzy search results include job name with id in scope 2021-04-16 17:03:36 -06:00
Seth Hoenig 1ee8d5ffc5 api: implement fuzzy search API
This PR introduces the /v1/search/fuzzy API endpoint, used for fuzzy
searching objects in Nomad. The fuzzy search endpoint routes requests
to the Nomad Server leader, which implements the Search.FuzzySearch RPC
method.

Requests to the fuzzy search API are based on the api.FuzzySearchRequest
object, e.g.

{
  "Text": "ed",
  "Context": "all"
}

Responses from the fuzzy search API are based on the api.FuzzySearchResponse
object, e.g.

{
  "Index": 27,
  "KnownLeader": true,
  "LastContact": 0,
  "Matches": {
    "tasks": [
      {
        "ID": "redis",
        "Scope": [
          "default",
          "example",
          "cache"
        ]
      }
    ],
    "evals": [],
    "deployment": [],
    "volumes": [],
    "scaling_policy": [],
    "images": [
      {
        "ID": "redis:3.2",
        "Scope": [
          "default",
          "example",
          "cache",
          "redis"
        ]
      }
    ]
  },
  "Truncations": {
    "volumes": false,
    "scaling_policy": false,
    "evals": false,
    "deployment": false
  }
}

The API is tunable using the new server.search stanza, e.g.

server {
  search {
    fuzzy_enabled   = true
    limit_query     = 200
    limit_results   = 1000
    min_term_length = 5
  }
}

These values can be increased or decreased, so as to provide more
search results or to reduce load on the Nomad Server. The fuzzy search
API can be disabled entirely by setting `fuzzy_enabled` to `false`.
2021-04-16 16:36:07 -06:00
Shishir Mahajan 86e2a2be4f Update containerd task driver options.
- image_pull_timeout
- pids_limit
- sysctl
2021-04-16 13:18:33 -04:00
Tim Gross 0518552e4d docs: changelog and upgrade note for iptables improvement 2021-04-15 10:19:37 -04:00
changli0617 5723e194c1
Update partnerships.mdx
Need help to resize the ecosystem diagram.
2021-04-14 22:22:35 -07:00
Mike Wickett e1c511645f website: stub in partnerships page 2021-04-14 19:55:45 -04:00
Nick Spain bc9da294b3 Fix indentation of service check API documentation 2021-04-13 09:15:35 -04:00
Nick Spain 04e3132b4b Document usage of 'body' field 2021-04-13 09:15:35 -04:00
Michael Schurter 5684ae8254
docs: clarify alloc signal behavior
The API docs don't make it immediately clear that the alloc signal API signals *all* tasks in an allocation if the `Task` parameter is omitted. You have to dig all the way down into the alloc runner to discover that behavior: https://github.com/hashicorp/nomad/blob/v1.0.4/client/allocrunner/alloc_runner.go#L1189-L1213
2021-04-09 12:57:19 -07:00