Commit graph

20087 commits

Author SHA1 Message Date
Tim Gross f1ad512986 docs: describe required ACLs for all commands 2020-11-20 13:38:29 -05:00
Tim Gross 6cc5c40cdb docs: clarify default signal for raw_exec on Windows 2020-11-20 13:25:48 -05:00
Michael Schurter d8e3adfad9
Merge pull request #9407 from hashicorp/docs-0129-backports
Add backports to changelog and 0.12.9 to website
2020-11-20 09:09:47 -08:00
Tim Gross 4331e86e8e docs: move telemetry under operations
Create a new "Operating Nomad" section of the docs where we can put reference
material for operators that doesn't quite fit in either configuration file /
command line documentation or a step-by-step Learn Guide. Pre-populate this
with the existing telemetry docs and some links out to the Learn Guide
sections.
2020-11-20 11:05:27 -05:00
Michael Schurter 876144302a docs: avoid the regression in 0.12.[78]
The suggest version, 0.12.7, includes regressions that are best avoided
so steer users to 0.12.9.
2020-11-19 14:32:59 -08:00
Michael Schurter 1fedddd814 docs: update website to 0.12.9 2020-11-19 14:26:06 -08:00
Michael Schurter 85b71e76f7 docs: add 0.12.9, 0.11.8, and 0.10.9 to changelog
upstream fix: #9383

backport PRs: #9391, #9402, and #9405
2020-11-19 14:23:42 -08:00
Tim Gross de6b023af2 command: remove -namespace from help options when not applicable 2020-11-19 16:28:39 -05:00
Michael Schurter 0cd73b44e9 docs: add task_token_ttl default
See
https://github.com/hashicorp/nomad/blob/v0.12.7/nomad/vault.go#L36-L39
2020-11-19 16:14:25 -05:00
Tim Gross 716451b793 docs: template behavior warnings
* vault secrets named with `-` characters cannot be read by `consul-template`
  due to limitations in golang's template rendering engine.
* environment variables are not modified in running tasks if
`change_mode.noop` is set.
2020-11-19 16:06:48 -05:00
Tim Gross c1a3496a55 docs: remove -namespace option from commands when not applicable 2020-11-19 16:06:28 -05:00
Tim Gross d67afa2e21 docs/help: -no-color does not apply to alloc logs content
The `nomad alloc logs` command does not remove terminal escape sequences for
color from the log outputs of a task. Clarify that the standard `-no-color`
flag, which does apply to Nomad's error responses from `nomad alloc logs`,
does not apply to the log output.
2020-11-19 15:29:12 -05:00
Tim Gross 9788a514a0 docs: fix some markdown escaping errors 2020-11-19 14:11:53 -05:00
Tim Gross 47ce5ff471 docs: expand artifact getter options
Adds an example of using HTTP Basic Auth, git options, and using HCL2 syntax
to encode an SSH key from file.
2020-11-19 12:07:02 -05:00
Tim Gross 2139e029ec docs: make dispatch payload size limit unambiguous 2020-11-19 12:06:49 -05:00
Michael Schurter bbfaa5e9ad
Merge pull request #9383 from hashicorp/b-template-escape
client: fix interpolation in template source
2020-11-18 12:21:29 -08:00
Michael Schurter 43b225b19d e2e: test template path interpolation 2020-11-18 10:48:58 -08:00
Michael Schurter 15f2b8fe7c client: skip broken test and fix assertion 2020-11-18 10:01:02 -08:00
Michael Schurter 95979336b7
Merge pull request #9384 from hashicorp/docs-artifact-bug
docs: document artifact bug #6929
2020-11-18 09:20:45 -08:00
Tim Gross c320c1ba57
CSI: fix struct copying errors (#9239)
The CSIVolume struct "denormalizes" allocations when it's first queried from
the state store. The CSIVolumeByID method on the state store copies the volume
before denormalizing so that we don't end up with unexpected changes. The
copying has some subtle bugs that meant that Allocations (as well as
Topologies and MountOptions) were not getting copied when expected.

Also, ensure we never write allocations attached to volumes to the state store
during claims.
2020-11-18 10:59:25 -05:00
Chris Baker 6a4cdc3bb1
Merge pull request #9387 from hashicorp/docs-9386-alloc-job-api
document `api.Allocation.Job` field
2020-11-18 09:57:28 -06:00
Chris Baker c8364656e6 document api.Allocation.Job field, to address issue from #9386 2020-11-18 15:00:52 +00:00
Michael Schurter ff91bba70e client: fix interpolation in template source
While Nomad v0.12.8 fixed `NOMAD_{ALLOC,TASK,SECRETS}_DIR` use in
`template.destination`, interpolating these variables in
`template.source` caused a path escape error.

**Why not apply the destination fix to source?**

The destination fix forces destination to always be relative to the task
directory. This makes sense for the destination as a destination outside
the task directory would be unreachable by the task. There's no reason
to ever render a template outside the task directory. (Using `..` does
allow destinations to escape the task directory if
`template.disable_file_sandbox = true`. That's just awkward and unsafe
enough I hope no one uses it.)

There is a reason to source a template outside a task
directory. At least if there weren't then I can't think of why we
implemented `template.disable_file_sandbox`. So v0.12.8 left the
behavior of `template.source` the more straightforward "Interpolate and
validate."

However, since outside of `raw_exec` every other driver uses absolute
paths for `NOMAD_*_DIR` interpolation, this means those variables are
unusable unless `disable_file_sandbox` is set.

**The Fix**

The variables are now interpolated as relative paths *only for the
purpose of rendering templates.* This is an unfortunate special case,
but reflects the fact that the templates view of the filesystem is
completely different (unconstrainted) vs the task's view (chrooted).
Arguably the values of these variables *should be context-specific.*
I think it's more reasonable to think of the "hack" as templating
running uncontainerized than that giving templates different paths is a
hack.

**TODO**

- [ ] E2E tests
- [ ] Job validation may still be broken and prevent my fix from
      working?

**raw_exec**

`raw_exec` is actually broken _a different way_ as exercised by tests in
this commit. I think we should probably remove these tests and fix that
in a followup PR/release, but I wanted to leave them in for the initial
review and discussion. Since non-containerized source paths are broken
anyway, perhaps there's another solution to this entire problem I'm
overlooking?
2020-11-17 22:03:04 -08:00
Michael Schurter cb9f9800bf docs: document artifact bug #6929 2020-11-17 22:00:21 -08:00
Kris Hicks bb82e45363
doc: Simplify "Contributing" section of README (#9378)
This is mostly switching paragraphs to bullets to make following
instructions easier. In doing so, this also adds instructions to install
things that were previously assumed to be installed, like Vagrant,
Virtualbox, and Consul.

It also removes the expectation that Nomad is cloned to $GOPATH, as that
is not necessary.
2020-11-17 11:20:38 -08:00
Nick Ethier b84273fd93
Merge pull request #9363 from 42wim/fixcni
cni: use correct interface for netStatus
2020-11-17 12:03:39 -05:00
Kris Hicks 511c2e9db2
proto: Switch to using buf (#9308)
This replaces all usage of `protoc` with `buf`. See `tools/buf/README.md` for more.
2020-11-17 07:01:48 -08:00
Chris Baker afe6fa82c2
Merge pull request #9368 from hashicorp/b-9367-duped-ports
fix duplication of ports in `AllocatedResources`
2020-11-16 11:41:34 -06:00
Chris Baker a207050f01 changelog for #9368 2020-11-16 16:52:40 +00:00
Tim Gross a1532d7cf8
vendor: sync api/tasks for poststop hook 2020-11-16 11:28:02 -05:00
Seth Hoenig 6eda03fd62
Merge pull request #9356 from hashicorp/b-bridgefp-upgrade-path
scheduler: enable upgrade path for bridge network finger print
2020-11-16 09:29:03 -06:00
James Rasell 5811052344
Merge pull request #9372 from hashicorp/f-docs-move-ruby-sdk-unsupported
docs: move Ruby SDK to unsupported listing.
2020-11-16 15:58:35 +01:00
Tim Gross a788557579
csi: alloc status -verbose should query volume request 'source' (#9354)
The `nomad alloc status -verbose` command returns a 404 from CSI volumes
because the volume mount block in the task points back to the
`job.group.volume` block. So using the `Name` field to query is the "name" as
seen in the jobspec, and not the name of the volume that we need for querying.

Show both the job-specific name and the volume ID in the resulting output,
which clarifies the difference between the two fields and is more consistent
with the web UI.
2020-11-16 08:28:52 -05:00
James Rasell 4b34e705f6
docs: Add new Autoscaling Azure VMSS target plugin detail. (#9186)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2020-11-16 11:40:22 +01:00
James Rasell f9480ca147
docs: move Ruby SDK to unsupported listing. 2020-11-16 11:38:27 +01:00
Chris Baker 7c6071e6c4 updated alloc_endpoint to mutate a copy of the returned allocation, instead of the instance in the state store 2020-11-15 17:52:50 +00:00
Chris Baker b244d5e949 documenting test for #9367 2020-11-15 17:47:50 +00:00
Chris Baker 7390298783
Merge pull request #9365 from hashicorp/website-to-beta3
website: update downloads page to beta3
2020-11-15 09:22:18 -06:00
Chris Baker e529e95594 website: update downloads page to beta3 2020-11-15 13:53:05 +00:00
Wim 4e37897dd9 Use correct interface for netStatus
CNI plugins can return multiple interfaces, eg the bridge plugin.
We need the interface with the sandbox.
2020-11-14 22:29:30 +01:00
Tim Gross 8df5f28dc3
ui/csi: fix links to volume IDs (#9355) 2020-11-13 15:44:34 -05:00
Seth Hoenig 6b89527505 scheduler: enable upgrade path for bridge network finger print
This PR enables users of Nomad < 0.12 to upgrade to Nomad 0.12
and beyond. Nomad 0.12 introduced a network fingerprinter for
bridge networks, which is a contstraint checked for if bridge
network is being used. If users upgrade servers first as is
recommended, suddenly no clients running older versions of Nomad
will satisfy the bridge network resource constraint. Instead,
this change only enforces the constraint if the Nomad client
version is also >= 0.12.

Closes #8423
2020-11-13 14:17:01 -06:00
Seth Hoenig 4cc3c01d5b
Merge pull request #9352 from hashicorp/f-artifact-headers
jobspec: add support for headers in artifact stanza
2020-11-13 14:04:27 -06:00
Tim Gross 14215c80c6
hclfmt digitalocean demo to pass linting (#9353) 2020-11-13 14:16:15 -05:00
Seth Hoenig bb8a5816a0 jobspec: add support for headers in artifact stanza
This PR adds the ability to set HTTP headers when downloading
an artifact from an `http` or `https` resource.

The implementation in `go-getter` is such that a new `HTTPGetter`
must be created for each artifact that sets headers (as opposed
to conveniently setting headers per-request). This PR maintains
the memoization of the default Getter objects, creating new ones
only for artifacts where headers are set.

Closes #9306
2020-11-13 12:03:54 -06:00
Tim Gross bc03133479
demo: CSI example for DigitalOcean block storage (#9351) 2020-11-13 12:26:04 -05:00
Mahmood Ali 1d3fa2afaa
release: infer node version (#9336)
Avoids setting the node version in the release Dockerfile, by using
an alias.  This allows us to update the node version in one file only.

Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
2020-11-13 11:33:07 -05:00
Tim Gross 7e4fd79eee
e2e: CSI test should detect un-deregisterable volumes (#9343)
Assert that deregistering a volume works without errors following a volume
reap. Use CLI helpers where feasible to exercise CSI command line. Dump plugin
allocation logs on deregistration failures for debugging purposes.
2020-11-13 09:31:21 -05:00
Lars Lehtonen 60936f554c
nomad/structs: fix noop breaks (#9348) 2020-11-13 08:28:11 -05:00
Michael Schurter d38f3e6e04
Merge pull request #9345 from hashicorp/go-1.15.5
build: upgrade from Go 1.15.4 to 1.15.5
2020-11-12 14:41:10 -08:00