Commit graph

16121 commits

Author SHA1 Message Date
Michael Schurter dd7b9adcf8 docs: drop raft from 0.10.0 upgrade guide
Unforutunately we are not changing the default for 0.10.0 and the 0.8
upgrade docs are more detailed when it comes to manually updating your
version.
2019-10-10 10:22:36 -07:00
Emamul Andalib fcd70b91ac Update consul.html.md (#6456)
"you may have have" to "you may have".
2019-10-09 12:35:16 -04:00
Omar Khawaja 9f8cc217e6
update Nomad and Consul versions along with Ubuntu vagrant box version (#6451) 2019-10-09 12:30:23 -04:00
Luiz Aoqui 3be8364636
Merge pull request #6444 from hashicorp/docs-add-prefix-param-to-acl-endpoints
docs: improve documentation for `prefix` param on API endpoints
2019-10-08 19:08:27 -04:00
Luiz Aoqui 521c0ad2a5
docs: clarify prefix API param requirements 2019-10-08 18:11:56 -04:00
Preetha e0b4ebe0b4
Merge pull request #6439 from hashicorp/f-docs-clarify-job-gc-interval
clarify version for new gc config in server stanza
2019-10-08 16:43:03 -05:00
Chris Baker cb11b77724
Merge pull request #6428 from Norbinsh/master
Docs: remove small duplication
2019-10-08 16:40:04 -05:00
Seth Hoenig fd75d8a487
Merge pull request #6447 from hashicorp/contributing-doc-tweaks
contributing: fix typo & append RPC checklist
2019-10-08 14:54:56 -05:00
Seth Hoenig e2b34550d6 contributing: fix typo & append RPC checklist 2019-10-08 19:28:35 +00:00
Michael Schurter 5f1ab36638
Merge pull request #6443 from hashicorp/docs-jobspec-checklist
docs: add sidebar to jobspec checklist
2019-10-08 12:27:28 -07:00
Buck Doyle 9a3a6c3f62
UI: Update to Ember 3.8 LTS (#5968) 2019-10-08 13:44:19 -05:00
Michael Schurter c0cfb1f9f0
Merge pull request #6446 from hashicorp/revert-6445-revert-6395-b-missing-vault-sercret
Revert "Revert "Use joint context to cancel prestart hooks""
2019-10-08 11:35:34 -07:00
Michael Schurter f54f1cb321
Revert "Revert "Use joint context to cancel prestart hooks"" 2019-10-08 11:34:09 -07:00
Michael Schurter fb835b19be
Merge pull request #6445 from hashicorp/revert-6395-b-missing-vault-sercret
Revert "Use joint context to cancel prestart hooks"
2019-10-08 11:28:18 -07:00
Michael Schurter 81a30ae106
Revert "Use joint context to cancel prestart hooks" 2019-10-08 11:27:08 -07:00
Luiz Aoqui b9ef978641
docs: add missing prefix param to the ACL API endpoints 2019-10-08 14:13:36 -04:00
Michael Schurter 3d3a445ee7 docs: add sidebar to jobspec checklist 2019-10-08 10:55:53 -07:00
Mahmood Ali e8942312bb
Merge pull request #6442 from hashicorp/b-alloc-namespace-check
acl: check ACL against object namespace
2019-10-08 13:26:38 -04:00
Mahmood Ali 4b2ba62e35 acl: check ACL against object namespace
Fix a bug where a millicious user can access or manipulate an alloc in a
namespace they don't have access to.  The allocation endpoints perform
ACL checks against the request namespace, not the allocation namespace,
and performs the allocation lookup independently from namespaces.

Here, we check that the requested can access the alloc namespace
regardless of the declared request namespace.

Ideally, we'd enforce that the declared request namespace matches
the actual allocation namespace.  Unfortunately, we haven't documented
alloc endpoints as namespaced functions; we suspect starting to enforce
this will be very disruptive and inappropriate for a nomad point
release.  As such, we maintain current behavior that doesn't require
passing the proper namespace in request.  A future major release may
start enforcing checking declared namespace.
2019-10-08 12:59:22 -04:00
Mahmood Ali b89712432b
Merge pull request #6440 from hashicorp/docs-release-096
Update website and changelog with 0.9.6
2019-10-08 12:56:27 -04:00
Mahmood Ali 3c0d8c7611
Merge pull request #6441 from hashicorp/b-agent-token
Redact replication tokens in /agent/self
2019-10-08 12:55:45 -04:00
Mahmood Ali 0f105215d9 update CHANGELOG with 0.9.6 changes 2019-10-08 12:50:53 -04:00
Mahmood Ali 1563c64bae website: Publish release 0.9.6 2019-10-08 12:48:05 -04:00
Preetha Appan 350e7f6952 clarify version for new gc config in server stanza 2019-10-08 10:08:27 -05:00
Charlie Voiselle 1276b84301
Merge pull request #6435 from hashicorp/doc-host-volume-update
Docs: Updated Host Volumes guide
2019-10-08 09:13:09 -04:00
Charlie Voiselle 9e8d9c2c8c Updated Host Volumes guide
Added read_only to highlight them
Style updates
2019-10-07 14:17:30 -04:00
Omar Khawaja 01f2ca6941
Upgrade Nomad terraform directory for TF 0.12+ (#6424)
* update

* fix error

* convert server ips in list of string and loop through for output

* drop the for loop in outputs and keep the join command

* switched to TF 0.12 splat expression
2019-10-07 12:43:42 -04:00
Norbinsh 7e97823ed8 Docs: remove small duplication 2019-10-05 13:00:32 +03:00
Buck Doyle 5da134d074
UI: Change Mirage data to be stable in development (#6389)
This sets a default-but-query-configurable Faker seed in development,
via faker-seed. It also changes uses of Math.random to use Faker’s
randomness so auto-generated data remains stable in development.
2019-10-03 09:13:08 -05:00
Daniel Dreier 5d7b06e6ee docs: Add missing double-quote (#6418)
The missing quote broke syntax highlighting.
2019-10-02 19:58:10 -05:00
Omar Khawaja 073fbb2daa
specify token given to consul template as periodic and orphan (#6148) 2019-10-02 12:52:10 -04:00
Nick Ethier 0c19bf6f04
executor: run exec commands in netns if set (#6405)
executor: run exec commands in netns if set
2019-10-01 14:45:43 -04:00
Drew Bailey f4df5592df
Merge pull request #6395 from hashicorp/b-missing-vault-sercret
Use joint context to cancel prestart hooks
2019-10-01 07:07:17 -07:00
Nick Ethier 8b881d83d5
executor: rename wrapNetns to withNetworkIsolation 2019-09-30 21:38:31 -04:00
Drew Bailey 69eebcd241
simplify logic to check for vault read event
defer shutdown to cleanup after failed run

Co-Authored-By: Michael Schurter <mschurter@hashicorp.com>

update comment to include ctx note for shutdown
2019-09-30 11:02:14 -07:00
Drew Bailey 7565b8a8d9
Use joint context to cancel prestart hooks
fixes https://github.com/hashicorp/nomad/issues/6382

The prestart hook for templates blocks while it resolves vault secrets.
If the secret is not found it continues to retry. If a task is shutdown
during this time, the prestart hook currently does not receive
shutdownCtxCancel, causing it to hang.

This PR joins the two contexts so either killCtx or shutdownCtx cancel
and stop the task.
2019-09-30 10:48:01 -07:00
Preetha 0bf4a2ea38
Merge pull request #6404 from hashicorp/docs-nomad-index
clarify index starting value for blocking queries
2019-09-30 11:41:20 -05:00
Nick Ethier 5127caef11
comment wrapNetns 2019-09-30 12:06:52 -04:00
Nick Ethier 67ac161565
executor: removed unused field from exec_utils.go 2019-09-30 11:57:34 -04:00
Nick Ethier 6fd773eb88
executor: run exec commands in netns if set 2019-09-30 11:50:22 -04:00
Nick Ethier ddc9465629
Merge pull request #6397 from shantanugadgil/patch-1
clarify rhel/centos and beta1
2019-09-30 10:54:06 -04:00
Preetha Appan 1ca3fcca35 clarify index starting value for blocking queries 2019-09-30 09:46:42 -05:00
Buck Doyle 75aa2e36ee
UI: Change factories to be more dynamic (#6387)
I noticed while working on #6166 that some of the factory properties
that used Faker’s randomisation features are using their output
rather than a function that would call the randomiser. This means that
the randomisation happens once and the value is used for every model
generated by the factory. This wraps the randomiser calls in functions
so different models can have different values.
2019-09-30 09:44:22 -05:00
Shantanu Gadgil 05573a255c
clarify rhel/centos and beta1
Specify RHEL7, RHEL8, CentOS7, CentOS8
Specify beta1 for 0.10 (beta2 coming soon? 😉 )
2019-09-29 11:40:23 +05:30
Mahmood Ali 4a93081275
Merge pull request #6391 from hashicorp/b-ns-job-register-check
nomad: defensive check for namespaces in job registration call
2019-09-27 14:39:44 -04:00
Mahmood Ali bdccad567c
Merge pull request #6393 from hashicorp/r-ugorji-go-import-path
Fix hashicorp/go-msgpack import for golang 1.13
2019-09-27 12:27:38 -04:00
Mahmood Ali 4c548b9c75 Fix hashicorp/go-msgpack import
Golang 1.13 is pickier with importpaths and aliasing and fails
compilation currently.

Here, for go-msgpack dependency, we use upstream ugorji/go with a single
change
23165f7bc3
.

For consistency and to ease noticing descripency, I made ugorji/go and
hashicorp/go-msgpack reference the same sha.

This is a dependency management update and has no functional change to
product.
2019-09-27 09:08:30 -04:00
Tim Gross 9efca131be driver/java: pass task network isolation to executor
Without passing the network isolation configuration to the executor,
java tasks are not placed in the same network namespace as the other
processes in their task group, which breaks Consul Connect.
2019-09-27 08:26:54 -04:00
Mahmood Ali 674a457865 use RequestNamespace(), the canonical way to get namespace 2019-09-27 07:40:58 -04:00
Mahmood Ali e29ee4c400 nomad: defensive check for namespaces in job registration call
In a job registration request, ensure that the request namespace "header" and job
namespace field match.  This should be the case already in prod, as http
handlers ensures that the values match [1].

This mitigates bugs that exploit bugs where we may check a value but act
on another, resulting into bypassing ACL system.

[1] https://github.com/hashicorp/nomad/blob/v0.9.5/command/agent/job_endpoint.go#L415-L418
2019-09-26 17:02:47 -04:00