Nick Ethier
965f00b2fc
Builtin Admission Controller Framework ( #6116 )
...
* nomad: add admission controller framework
* nomad: add admission controller framework and Consul Connect hooks
* run admission controllers before checking permissions
* client: add default node meta for connect configurables
* nomad: remove validateJob func since it has been moved to admission controller
* nomad: use new TaskKind type
* client: use consts for connect sidecar image and log level
* Apply suggestions from code review
Co-Authored-By: Michael Schurter <mschurter@hashicorp.com>
* nomad: add job register test with connect sidecar
* Update nomad/job_endpoint_hooks.go
Co-Authored-By: Michael Schurter <mschurter@hashicorp.com>
2019-08-15 11:22:37 -04:00
Mahmood Ali
ea3a98357f
Block rpc handling until state store is caught up
...
Here, we ensure that when leader only responds to RPC calls when state
store is up to date. At leadership transition or launch with restored
state, the server local store might not be caught up with latest raft
logs and may return a stale read.
The solution here is to have an RPC consistency read gate, enabled when
`establishLeadership` completes before we respond to RPC calls.
`establishLeadership` is gated by a `raft.Barrier` which ensures that
all prior raft logs have been applied.
Conversely, the gate is disabled when leadership is lost.
This is very much inspired by https://github.com/hashicorp/consul/pull/3154/files
2019-07-02 16:07:37 +08:00
Preetha Appan
dc0ac81609
Change interval of raft stats collection to 10s
2019-06-19 11:58:46 -05:00
Preetha Appan
104d66f10c
Changed name of metric
2019-06-17 15:51:31 -05:00
Preetha Appan
c54b4a5b17
Emit metrics with raft commit and apply index and statestore latest index
2019-06-14 16:30:27 -05:00
Michael Schurter
9732bc37ff
nomad: refactor waitForIndex into SnapshotAfter
...
Generalize wait for index logic in the state store for reuse elsewhere.
Also begin plumbing in a context to combine handling of timeouts and
shutdown.
2019-05-17 13:30:23 -07:00
Mahmood Ali
919827f2df
Merge pull request #5632 from hashicorp/f-nomad-exec-parts-01-base
...
nomad exec part 1: plumbing and docker driver
2019-05-09 18:09:27 -04:00
Mahmood Ali
3c668732af
server: server forwarding logic for nomad exec endpoint
2019-05-09 16:49:08 -04:00
Mahmood Ali
92c133b905
Update peers info with new raft config details
2019-05-03 16:55:53 -04:00
Hemanth Basappa
3fef02aa93
Add support in nomad for supporting raft 3 protocol peers.json
2019-05-02 09:11:23 -07:00
HashedDan
caad68e799
server: inconsistent receiver notation corrected
...
Signed-off-by: HashedDan <georgedanielmangum@gmail.com>
2019-03-16 17:53:53 -05:00
Mahmood Ali
6efea6d8fc
Populate agent-info with vault
...
Return Vault TTL info to /agent/self API and `nomad agent-info` command.
2018-11-20 17:10:55 -05:00
Alex Dadgar
6d8bb3a7bd
Duplicate blocked evals cancelling improved
...
The old logic for cancelling duplicate blocked evaluations by job id had
the issue where the newer evaluation could have additional node classes
that it is (in)eligible for that we would not capture. This could make
it such that cluster state could change such that the job would make
progress but no evaluation was unblocked.
2018-11-07 10:08:23 -08:00
Alex Dadgar
9971b3393f
yamux
2018-09-17 14:22:40 -07:00
Alex Dadgar
b2f500b48c
Serf/Raft/Memberlist logger
2018-09-17 13:57:52 -07:00
Alex Dadgar
ca28afa3b2
small fixes
2018-09-15 16:42:38 -07:00
Alex Dadgar
3c19d01d7a
server
2018-09-15 16:23:13 -07:00
Chelsea Holland Komlo
de03ce8070
move logic to determine whether to reload tls configuration to tlsutil helper
2018-06-08 14:33:58 -04:00
Chelsea Holland Komlo
38f611a7f2
refactor NewTLSConfiguration to pass in verifyIncoming/verifyOutgoing
...
add missing fields to TLS merge method
2018-05-23 18:35:30 -04:00
Chelsea Komlo
687c26093c
Merge pull request #4269 from hashicorp/f-tls-remove-weak-standards
...
Configurable TLS cipher suites and versions; disallow weak ciphers
2018-05-11 08:11:46 -04:00
Preetha Appan
ca5758741b
Update serf to pick up graceful leave fix
2018-05-10 11:16:24 -05:00
Chelsea Holland Komlo
620558c107
log error if unable to create TLS configuration
2018-05-10 11:51:54 -04:00
Chelsea Holland Komlo
796bae6f1b
allow configurable cipher suites
...
disallow 3DES and RC4 ciphers
add documentation for tls_cipher_suites
2018-05-09 17:15:31 -04:00
Alex Dadgar
a510774451
Use UpdateAllocDesiredTransistion instead of UpsertEval but no transistions yet
2018-05-07 14:50:01 -05:00
Alex Dadgar
4a23307baf
Track all client connections
2018-04-26 13:22:09 -07:00
Alex Dadgar
7f28cfcdfe
small cleanup
2018-03-30 15:49:56 -07:00
Chelsea Holland Komlo
a77dd08dd9
prevent double close due to error in creating listener
2018-03-30 17:15:56 -04:00
Chelsea Holland Komlo
402a026c88
add further error handling for rpc connection handling
2018-03-30 17:03:36 -04:00
Chelsea Holland Komlo
58ada9bc42
return error when setting checksum; don't reload
2018-03-28 18:15:50 -04:00
Chelsea Holland Komlo
2d5af7ff4d
set TLS checksum when parsing config
...
Refactor checksum comparison, always set checksum if it is empty
2018-03-28 09:56:11 -04:00
Chelsea Holland Komlo
dd5f627feb
set server configuration checksum on reload
2018-03-27 18:03:52 -04:00
Chelsea Komlo
57e2cd04bd
Merge pull request #4025 from hashicorp/reload-http-tls
...
Allow TLS configurations for HTTP and RPC connections to be reloaded …
2018-03-26 18:00:30 -04:00
Michael Schurter
9898edfa90
Switch to drainerv2 impl
2018-03-21 16:51:44 -07:00
Alex Dadgar
e63bcb474d
Drainer
2018-03-21 16:51:44 -07:00
Michael Schurter
8b41e9b2e1
drainer: drainer should shutdown with server
2018-03-21 16:51:44 -07:00
Michael Schurter
0a17076ad2
refactor drainer into a subpkg
2018-03-21 16:51:44 -07:00
Chelsea Holland Komlo
66e44cdb73
Allow TLS configurations for HTTP and RPC connections to be reloaded separately
2018-03-21 17:51:08 -04:00
Alex Dadgar
b8607ad6d6
Heartbeat uses client rpc advertise and server defaults server rpc advertise addr
2018-03-16 16:47:08 -07:00
Alex Dadgar
52b7fb5361
Separate client and server rpc advertise addresses
2018-03-16 16:47:08 -07:00
Alex Dadgar
92cb552ff6
Always add core scheduler and detect invalid schedulers
2018-03-14 10:53:27 -07:00
Alex Dadgar
55e4f5cdc4
Require core scheduler
2018-03-14 10:37:49 -07:00
Josh Soref
173ce63fe9
spelling: transition
2018-03-11 19:06:05 +00:00
Josh Soref
258d76ec13
spelling: registry
2018-03-11 18:41:13 +00:00
Josh Soref
c9b86bbc2f
spelling: controls
2018-03-11 17:50:39 +00:00
Alex Dadgar
a1faab0e58
Server TLS
2018-02-15 15:03:12 -08:00
Alex Dadgar
d7029965ca
Server side impl + touch ups
2018-02-15 13:59:02 -08:00
Alex Dadgar
2f9d33f479
vet
2018-02-15 13:59:02 -08:00
Alex Dadgar
ce3674ea17
Server stat/list impl
2018-02-15 13:59:02 -08:00
Alex Dadgar
ddd67f5f11
Server streaming
2018-02-15 13:59:01 -08:00
Alex Dadgar
2c0ad26374
New RPC Modes and basic setup for streaming RPC handlers
2018-02-15 13:59:01 -08:00
Alex Dadgar
46770d57e5
Forwarding
2018-02-15 13:59:01 -08:00
Alex Dadgar
cfe9afc567
Store connection time
2018-02-15 13:59:01 -08:00
Alex Dadgar
6dd1c9f49d
Refactor
2018-02-15 13:59:00 -08:00
Alex Dadgar
ad7bc0c6bd
Server can forward ClientStats.Stats
2018-02-15 13:59:00 -08:00
Alex Dadgar
940a2df8a1
Pull inmem codec to helper
2018-02-15 13:59:00 -08:00
Alex Dadgar
13bbf3fbbb
Track client connections
2018-02-15 13:59:00 -08:00
Alex Dadgar
ba5ecb8c1a
Dynamic RPC servers with context
2018-02-15 13:59:00 -08:00
Alex Dadgar
288b3c0e05
Helper to populate RPC server endpoints
2018-02-15 13:59:00 -08:00
Kyle Havlovitz
709b693d39
Clean up some leftover autopilot differences from Consul
2018-02-08 10:27:26 -08:00
Kyle Havlovitz
2ccf565bf6
Refactor redundancy_zone/upgrade_version out of client meta
2018-01-29 20:03:38 -08:00
Kyle Havlovitz
a162b9ce14
Move server health loop into autopilot leader actions
2018-01-23 12:57:02 -08:00
Chelsea Komlo
d09cc2a69f
Merge pull request #3492 from hashicorp/f-client-tls-reload
...
Client/Server TLS dynamic reload
2018-01-23 05:51:32 -05:00
Chelsea Holland Komlo
7d3c240871
swap raft layer tls wrapper
2018-01-19 17:00:15 -05:00
Chelsea Holland Komlo
a8f655fbb3
allow for similar error messages for closed connections
2018-01-17 12:02:40 -05:00
Chelsea Holland Komlo
35466a331a
fixing up raft reload tests
...
close second goroutine in raft-net
2018-01-17 10:29:15 -05:00
Kyle Havlovitz
7b980c42d8
Add raft remove by id endpoint/command
2018-01-16 13:35:32 -08:00
Chelsea Holland Komlo
5f52e8e103
feedback from code review
2018-01-16 11:55:11 -05:00
Chelsea Holland Komlo
649f86f094
refactor creating a new tls configuration
2018-01-16 08:02:39 -05:00
Chelsea Holland Komlo
214d128eb9
reload raft transport layer
...
fix up linting
2018-01-08 14:52:28 -05:00
Chelsea Holland Komlo
0708d34135
call reload on agent, client, and server separately
2018-01-08 09:56:31 -05:00
Chelsea Holland Komlo
909bb0af07
refactor rpc listener methods, wait for proper shutdown
2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo
6a2432659a
code review fixups
2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo
9741097406
reloading tls config should be atomic for clients/servers
2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo
e7bd156ef2
check error on generating tls context
2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo
9b0a7a7f7c
remove code duplication
2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo
4e0dbd23cf
prevent races when reloading, fully shut down raft
2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo
ae7fc4695e
fixups from code review
...
Revert "close raft long-lived connections"
This reverts commit 3ffda28206fcb3d63ad117fd1d27ae6f832b6625.
reload raft connections on changing tls
2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo
dfb6a3d9a8
close raft long-lived connections
2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo
acd3d1b162
fix up downgrading client to plaintext
...
add locks around changing server configuration
2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo
c0ad9a4627
add ability to upgrade/downgrade nomad agents tls configurations via sighup
2018-01-08 09:21:06 -05:00
Preetha Appan
fcded9ba61
Add a TODO comment around handling peer address for remove peer correctly for raft protocol 3
2018-01-05 14:22:45 -06:00
Kyle Havlovitz
1c07066064
Add autopilot functionality based on Consul's autopilot
2017-12-18 14:29:41 -08:00
Kyle Havlovitz
b775fc7b33
Added support for v2 raft APIs and -raft-protocol option
2017-12-12 10:17:16 -06:00
Chelsea Komlo
2dfda33703
Nomad agent reload TLS configuration on SIGHUP ( #3479 )
...
* Allow server TLS configuration to be reloaded via SIGHUP
* dynamic tls reloading for nomad agents
* code cleanup and refactoring
* ensure keyloader is initialized, add comments
* allow downgrading from TLS
* initalize keyloader if necessary
* integration test for tls reload
* fix up test to assert success on reloaded TLS configuration
* failure in loading a new TLS config should remain at current
Reload only the config if agent is already using TLS
* reload agent configuration before specific server/client
lock keyloader before loading/caching a new certificate
* introduce a get-or-set method for keyloader
* fixups from code review
* fix up linting errors
* fixups from code review
* add lock for config updates; improve copy of tls config
* GetCertificate only reloads certificates dynamically for the server
* config updates/copies should be on agent
* improve http integration test
* simplify agent reloading storing a local copy of config
* reuse the same keyloader when reloading
* Test that server and client get reloaded but keep keyloader
* Keyloader exposes GetClientCertificate as well for outgoing connections
* Fix spelling
* correct changelog style
2017-11-14 17:53:23 -08:00
Alex Dadgar
5c34af1ee1
leader acl token
2017-10-23 14:10:14 -07:00
Alex Dadgar
c1cc51dbee
sync
2017-10-13 14:36:02 -07:00
Alex Dadgar
4173834231
Enable more linters
2017-09-26 15:26:33 -07:00
Alex Dadgar
e5ec915ac3
sync
2017-09-19 10:08:23 -05:00
Alex Dadgar
84d06f6abe
Sync namespace changes
2017-09-07 17:04:21 -07:00
Armon Dadgar
3e46094cee
Passthrough replication token for token/policy replication
2017-09-04 13:05:53 -07:00
Armon Dadgar
dc1904b57a
nomad: adding ACL token resolution logic
2017-09-04 13:04:45 -07:00
Armon Dadgar
e4f5f305ea
nomad: adding Get/List endpoints for ACL policies
2017-09-04 13:03:15 -07:00
Alex Dadgar
62c14c21a5
Merge pull request #3142 from hashicorp/f-deployment-watcher
...
Deployment watcher takes state store
2017-08-31 10:45:17 -07:00
Jeremy Olexa
f94f237597
Update peers.info message for operators
2017-08-31 08:51:04 -05:00
Alex Dadgar
590ff91bf3
Deployment watcher takes state store
2017-08-30 18:51:59 -07:00
Chelsea Holland Komlo
465c4d7082
change endpoint to /v1/search
2017-08-14 17:38:10 +00:00
Chelsea Holland Komlo
5ee58a391b
rename to cluster search
...
comment updates
2017-08-14 17:36:14 +00:00
Luke Farnell
f0ced87b95
fixed all spelling mistakes for goreport
2017-08-07 17:13:05 -04:00
Chelsea Holland Komlo
4dd6b46198
Retrieve job information for resources endpoint
...
requires further refactoring and logic for more contexts
2017-08-04 14:34:25 +00:00
Alex Dadgar
dad9e69822
more comment fixes
2017-07-07 12:03:11 -07:00