Commit graph

20488 commits

Author SHA1 Message Date
Seth Hoenig 03d799af60
Merge pull request #9632 from hashicorp/b-mac-make-check
build: set linux build tag on CNI networking
2020-12-14 14:42:40 -06:00
Seth Hoenig 40d36fc0ec agent: revert use of http connlimit
https://github.com/hashicorp/nomad/pull/9608 introduced the use of the
built-in HTTP 429 response handler provided by go-connlimit. There is
concern though around plausible DOS attacks that need to be addressed,
so this PR reverts that functionality.

It keeps a fix in the tests around the use of an HTTPS enabled client
for when the server is listening on HTTPS. Previously, the tests would
fail deterministically with io.EOF because that's how the TLS server
terminates invalid connections.

Now, the result is much less deterministic. The state of the client
connection and the server socket depends on when the connection is
closed and how far along the handshake was.
2020-12-14 14:40:14 -06:00
Dave May 5f50c1d0c1
debug: Fix node count bug from GH-9566 (#9625)
* debug: update test to identify bug in GH-9566
* debug: range tests need fresh cmd each iteration
* debug: fix node count bug in GH-9566
2020-12-14 15:02:48 -05:00
Seth Hoenig e531e90b1b build: set linux build tag on CNI networking
CNI network configuration is currently only supported on Linux.
For now, add the linux build tag so that the deadcode linter does
not trip over unused CNI stuff on macOS.
2020-12-14 12:05:16 -06:00
Seth Hoenig 6bfa3e93ce
Merge pull request #9630 from hashicorp/f-add-depgaurd
Add and enable depgaurd linter
2020-12-14 11:13:03 -06:00
Kris Hicks ad97e1f243
Bump buf check breaking tag to 1.0.0 (#9629) 2020-12-14 09:07:51 -08:00
Seth Hoenig 79e6b5d399
Merge pull request #9624 from hashicorp/b-connect-meta-regression
consul/connect: fix regression where client connect images ignored
2020-12-14 11:03:09 -06:00
Seth Hoenig 288c838843
Merge pull request #9620 from hashicorp/f-remove-consul-flags
command: remove use of flag impls from consul
2020-12-14 10:33:35 -06:00
Seth Hoenig 0b28a6a7c7 build: add depgaurd linter and block consul flags 2020-12-14 10:21:26 -06:00
Seth Hoenig 0091325721 command: give flag-helpers a better name 2020-12-14 10:07:27 -06:00
Seth Hoenig beaa6359d5 consul/connect: fix regression where client connect images ignored
Nomad v1.0.0 introduced a regression where the client configurations
for `connect.sidecar_image` and `connect.gateway_image` would be
ignored despite being set. This PR restores that functionality.

There was a missing layer of interpolation that needs to occur for
these parameters. Since Nomad 1.0 now supports dynamic envoy versioning
through the ${NOMAD_envoy_version} psuedo variable, we basically need
to first interpolate

  ${connect.sidecar_image} => envoyproxy/envoy:v${NOMAD_envoy_version}

then use Consul at runtime to resolve to a real image, e.g.

  envoyproxy/envoy:v${NOMAD_envoy_version} => envoyproxy/envoy:v1.16.0

Of course, if the version of Consul is too old to provide an envoy
version preference, we then need to know to fallback to the old
version of envoy that we used before.

  envoyproxy/envoy:v${NOMAD_envoy_version} => envoyproxy/envoy:v1.11.2@sha256:a7769160c9c1a55bb8d07a3b71ce5d64f72b1f665f10d81aa1581bc3cf850d09

Beyond that, we also need to continue to support jobs that set the
sidecar task themselves, e.g.

  sidecar_task { config { image: "custom/envoy" } }

which itself could include teh pseudo envoy version variable.
2020-12-14 09:47:55 -06:00
Steffen c93e6a00d2
on s390x, only compile compile release for s390x (#9601) 2020-12-14 08:27:19 -05:00
Mahmood Ali 348c814611
Merge pull request #9623 from hashicorp/b-hcl2-envvar
set EnvVar variables in hcl2 parsing
2020-12-11 13:59:37 -05:00
Mahmood Ali 5351764b1b docs: remove envvar option 2020-12-11 13:34:53 -05:00
Mahmood Ali 3d8fa799c7 actually pass env-vars to hcl2 parsing 2020-12-11 13:32:54 -05:00
Drew Bailey 54becaab7d
Events/acl events (#9595)
* fix acl event creation

* allow way to access secretID without exposing it to stream

test that values are omitted

test event creation

test acl events

payloads are pointers

fix failing tests, do all security steps inside constructor

* increase time

* ignore empty tokens

* uncomment line

* changelog
2020-12-11 10:40:50 -05:00
Seth Hoenig 9ec1af5310 command: remove use of flag impls from consul
In a few places Nomad was using flag implementations directly
from Consul, lending to Nomad's need to import consul. Replace
those uses with helpers already in Nomad, and copy over the bare
minimum needed to make the autopilot flags behave as they have.
2020-12-11 07:58:20 -06:00
Michael Lange f265c7ba6d
Merge pull request #9599 from hashicorp/changli0617-patch-1
Highlight "alternative to Kubernetes"
2020-12-10 14:29:32 -08:00
Michael Lange a658295135
Merge pull request #9600 from hashicorp/changli0617-patch-2
Update index.jsx
2020-12-10 14:28:55 -08:00
Michael Lange ffc45ae5c5 Add a line break before the "learn why" cta on our home page 2020-12-10 12:26:53 -08:00
Michael Lange 70dc6ea14e Change the features-list component to support arbitrary markup in the content field 2020-12-10 12:05:17 -08:00
Michael Lange 0b0921ba6c Fix mismatched quotes in JSX strings 2020-12-10 12:04:11 -08:00
Seth Hoenig fcd95fab19
Merge pull request #9611 from hashicorp/b-gateway-concurrency
consul/connect: set default Envoy worker threads for gateways
2020-12-10 12:44:28 -06:00
dependabot[bot] 2a8f88b883
build(deps): bump ini from 1.3.5 to 1.3.7 in /ui
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7)

Signed-off-by: dependabot[bot] <support@github.com>
2020-12-10 17:52:23 +00:00
Buck Doyle 7e4c746c82
Move breadcrumbs objects into shared layout object (#9576)
Various page objects had breadcrumbs and breadcrumbFor within them, this
moves those to the existing Layout page object that contains shared page objects.
2020-12-10 11:51:22 -06:00
Mahmood Ali eb2aa655df
Merge pull request #9612 from hashicorp/docs-hcl2-tweaks
docs: Moe unquoting of HCL block attributes
2020-12-10 12:21:12 -05:00
Mahmood Ali 94016a2118
Apply suggestions from code review
Co-authored-by: Seth Hoenig <shoenig@hashicorp.com>
2020-12-10 12:21:01 -05:00
Seth Hoenig d3f1c3adcf
Merge pull request #9608 from hashicorp/f-go-connlimit
Use go-connlimit to ratelimit with 429 responses
2020-12-10 11:05:07 -06:00
Seth Hoenig a28cd45988 client: fix plumbing of testing object into helper 2020-12-10 11:04:38 -06:00
Mahmood Ali c7ad5d2b15 note environment variables needing to be valid unicode identifier 2020-12-10 12:03:19 -05:00
Mahmood Ali cbe742f1d8 docs: deactivate var-file section
--var-files has a bug where we don't honor it properly.  Let's remove it
from docs, to be enabled for 1.0.1.
2020-12-10 12:03:19 -05:00
Mahmood Ali 129dbd36ea docs: ensure meta keys are not quoted 2020-12-10 12:03:19 -05:00
Seth Hoenig 52c9dbbb91 consul/connect: set default Envoy worker threads for gateways
Applying the default --concurrency for gateways was missed before.
Set the default Envoy concurrency to 1 for connect gateways. The
same override value meta.connect.proxy_concurrency applies.
2020-12-10 10:36:29 -06:00
Mahmood Ali ef30655268 unquote env attributes 2020-12-10 11:30:01 -05:00
Buck Doyle 8348576473
Fix job recommendation test flakiness (#9591)
Instead of creating recommendations for all the jobs used
across these tests, this creates a specific job with
a higher group count, which reduces the likelihood
of having no recommendations to 0.0001%.

It was incorrect to assume that each task group would always
have recommendations, since there’s a 1% chance that a task
won’t have a recommendation. (10% chance for CPU and memory.)
This uses the number of groups with recommendations instead.
2020-12-10 10:10:25 -06:00
Kris Hicks 0cf9cae656
Apply some suggested fixes from staticcheck (#9598) 2020-12-10 07:29:18 -08:00
Kris Hicks 54a8b49c5e
pluginmanager: WaitForFirstFingerprint times out (#9597)
As pointed out by @tgross[1], prior to this change we would have been blocking
until all managers waited for first fingerprint rather than timing out as
intended.

1: https://github.com/hashicorp/nomad/pull/9590#discussion_r539534906
2020-12-10 07:27:15 -08:00
Seth Hoenig 2cc5787f97 client: fix https test cases in client rate limits 2020-12-10 09:20:28 -06:00
André Peters 29adb132e2 Update index.mdx
"Invalid argument name; Argument names must not be quoted."
2020-12-10 08:21:47 -05:00
changli0617 7210556b03
Update index.jsx
Replace a value card to show case "2 million container challenge"
2020-12-09 18:32:17 -08:00
Ben Buzbee a8e4aa76c6 Use new go-connlimit with HTTP 429 response
This is essentially a port of Consul's similar fix
Changes are:
go get -u github.com/hashicorp/go-connlimit
go mod vendor
Use new HTTP429 handler

20d1ea7d2d
2020-12-09 17:57:16 -06:00
Mahmood Ali fd420eadec
Tweak early return website workflow (#9593)
* ci: only spin up a docker engine if necessary

Halt the website-docker-image job early if no changes are detected. We
halt early before spinning up the remote docker engine, as the remote
docker engine step can add some delay (seconds to minutes) and is more
likely to suffer circleci instability.

* ci: Only run website workflow in OSS repo

Add a CircleCI conditional to avoid running website worklows on forks.
2020-12-09 17:54:36 -05:00
Seth Hoenig b3d744fea3
Merge pull request #9586 from hashicorp/f-connect-interp
consul/connect: interpolate connect block
2020-12-09 13:21:50 -06:00
Mahmood Ali 9a3da14a57
actually honor var files (#9592)
Apparently, we missed passing VarFile argument, so var files were
ignored.

Fixes #9588
2020-12-09 14:12:48 -05:00
Kris Hicks 0a3a748053
Add gosimple linter (#9590) 2020-12-09 11:05:18 -08:00
Kris Hicks c4ae5aab9a
circleci: Allow expanding Makefile in enterpise (#9587)
OSS no longer needs the multi-file config Makefile content, so it was
removed. However, enterprise does benefit from having that around. We
can allow enterprise to expand on OSS' CircleCI Makefile by adding an
include directive in OSS. This will allow the Makefile to be the same on
both OSS and Enterprise, so merge conflicts cannot occur.
2020-12-09 09:53:26 -08:00
Seth Hoenig cc70ce64ce consul/connect: avoid extra copy of connect stanza while interpolating 2020-12-09 11:44:07 -06:00
Seth Hoenig ead89d3a2b
docs: fixup changelog
Co-authored-by: Tim Gross <tgross@hashicorp.com>
2020-12-09 11:27:12 -06:00
Seth Hoenig 526130ba12
Merge pull request #9589 from hashicorp/f-aws-graviton
client/fingerprint/cpu: use fallback total compute value if cpu not detected
2020-12-09 11:19:44 -06:00
Seth Hoenig eb7cdce52b client/fingerprint/cpu: use fallback total compute value if cpu not detected
Previously, Nomad would fail to startup if the CPU fingerprinter could
not detect the cpu total compute (i.e. cores * mhz). This is common on
some EC2 instance types (graviton class), where the env_aws fingerprinter
will override the detected CPU performance with a more accurate value
anyway.

Instead of crashing on startup, have Nomad use a low default for available
cpu performance of 1000 ticks (e.g. 1 core * 1 GHz). This enables Nomad
to get past the useless cpu fingerprinting on those EC2 instances. The
crashing error message is now a log statement suggesting the setting of
cpu_total_compute in client config.

Fixes #7989
2020-12-09 10:35:58 -06:00