luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
22,481 Commits 1 Branch 0 Tags 311 MiB
Go 82.2%
JavaScript 7.5%
MDX 7.2%
Handlebars 1.4%
HCL 1%
Other 0.6%
Go to file
Michael Schurter 27b8112123 connect: write envoy bootstrap debugging info 
When Consul Connect just works, it's wonderful. When it doesn't work it
can be exceeding difficult to debug: operators have to check task
events, Nomad logs, Consul logs, Consul APIs, and even then critical
information is missing.

Using Consul to generate a bootstrap config for Envoy is notoriously
difficult. Nomad doesn't even log stderr, so operators are left trying
to piece together what went wrong.

This patch attempts to provide *maximal* context which unfortunately
includes secrets. **Secrets are always restricted to the secrets/
directory.** This makes debugging a little harder, but allows operators
to know exactly what operation Nomad was trying to perform.

What's added:

- stderr is sent to alloc/logs/envoy_bootstrap.stderr.0
- the CLI is written to secrets/.envoy_bootstrap.cmd
- the environment is written to secrets/.envoy_bootstrap.env as JSON

Accessing this information is unfortunately awkward:
```
nomad alloc exec -task connect-proxy-count-countdash b36a cat secrets/.envoy_bootstrap.env
nomad alloc exec -task connect-proxy-count-countdash b36a cat secrets/.envoy_bootstrap.cmd
nomad alloc fs b36a alloc/logs/envoy_bootstrap.stderr.0
```

The above assumes an alloc id that starts with `b36a` and a Connect
sidecar proxy for a service named `count-countdash`.

If the alloc is unable to start successfully, the debugging files are
only accessible from the host filesystem.
 		2022-02-18 12:02:36 -08:00
.changelog connect: write envoy bootstrap debugging info 2022-02-18 12:02:36 -08:00
.circleci build: upgrade and speedup circleci configuration 2022-01-24 08:28:14 -06:00
.github ci: add semgrep (#11934) 2022-01-26 16:32:47 -05:00
.semgrep fix mTLS certificate check on agent to agent RPCs (#11998) 2022-02-04 20:35:20 -05:00
.tours Make number of scheduler workers reloadable (#11593) 2022-01-06 11:56:13 -05:00
acl api: prevent excessice CPU load on job parse 2022-02-09 19:51:47 -05:00
api cleanup: prevent leaks from time.After 2022-02-02 14:32:26 -06:00
client connect: write envoy bootstrap debugging info 2022-02-18 12:02:36 -08:00
command csi: volume cli prefix matching should accept exact match (#12051) 2022-02-11 08:53:03 -05:00
contributing Version 1.2.3 2021-12-13 10:12:07 -05:00
demo [demo] Kadalu CSI support for Nomad (#11207) 2021-10-06 15:29:15 -04:00
dev docs: swap master for main in Nomad repo 2021-03-08 14:26:31 -05:00
drivers cleanup: prevent leaks from time.After 2022-02-02 14:32:26 -06:00
e2e e2e: moved missed volume test stop command to util helper. 2022-02-02 08:42:58 +01:00
helper Version 1.2.6 2022-02-10 14:55:34 -05:00
integrations spelling: registrations 2018-03-11 18:40:53 +00:00
internal/testing/apitests Revert "Return SchedulerConfig instead of SchedulerConfigResponse struct (#10799)" (#11433) 2021-11-02 17:42:52 -04:00
jobspec connect: fix bug where sidecar_task.resources was ignored with hcl1 2022-01-25 10:17:54 -06:00
jobspec2 api: prevent excessice CPU load on job parse 2022-02-09 19:51:47 -05:00
lib fix integer bounds checks (#11815) 2022-01-25 11:16:48 -05:00
nomad Version 1.2.6 2022-02-10 14:55:34 -05:00
plugins fix integer bounds checks (#11815) 2022-01-25 11:16:48 -05:00
scheduler reconciler: refactor `computeGroup` (#12033) 2022-02-10 16:24:51 -05:00
scripts golang security update 1.17.5 2021-12-10 13:50:22 -05:00
terraform terraform: update installed version used to 1.0.11. 2021-11-19 09:33:11 +01:00
testutil build: upgrade and speedup circleci configuration 2022-01-24 08:28:14 -06:00
tools build: bump go version to 1.17.3 (#11461) 2021-11-05 15:34:24 -04:00
ui style: fix up very long tag word breaking the allocation service table width (#11995) 2022-02-04 19:40:03 -05:00
version Generate files for 1.2.6 release 2022-02-10 02:47:03 +00:00
website Merge pull request #12053 from marcaurele/fix-typo 2022-02-11 14:27:12 +01:00
.gitattributes
.gitignore ui: ignore cache for eslint, to speed up linting 2022-01-20 09:29:10 -05:00
.golangci.yml chore: fixup inconsistent method receiver names. (#11704) 2021-12-20 11:44:21 +01:00
.semgrepignore build: disable semgrep on structs.go for now 2022-02-01 10:09:49 -06:00
CHANGELOG.md Version 1.2.6 2022-02-10 14:55:34 -05:00
GNUmakefile prepare for next release 2022-02-10 14:56:11 -05:00
LICENSE
README.md README: Align with Consul README (#9681) 2020-12-18 09:38:34 -08:00
Vagrantfile tools: update virtualbox networking configuration (#11561) 2021-11-24 10:45:58 -05:00
build_linux_arm.go gofmt all the files 2021-10-01 10:14:28 -04:00
go.mod Merge pull request #12002 from hashicorp/dependabot/go_modules/github.com/hashicorp/go-version-1.4.0 2022-02-04 08:31:53 -06:00
go.sum Merge pull request #12002 from hashicorp/dependabot/go_modules/github.com/hashicorp/go-version-1.4.0 2022-02-04 08:31:53 -06:00
main.go Raft Debugging Improvements (#11414) 2021-11-04 10:16:12 -04:00
main_test.go

README.md

Nomad Build Status Discuss

HashiCorp Nomad logo

Nomad is a simple and flexible workload orchestrator to deploy and manage containers (docker, podman), non-containerized applications (executable, Java), and virtual machines (qemu) across on-prem and clouds at scale.

Nomad is supported on Linux, Windows, and macOS. A commercial version of Nomad, Nomad Enterprise, is also available.

Nomad provides several key features:

  • Deploy Containers and Legacy Applications: Nomads flexibility as an orchestrator enables an organization to run containers, legacy, and batch applications together on the same infrastructure. Nomad brings core orchestration benefits to legacy applications without needing to containerize via pluggable task drivers.

  • Simple & Reliable: Nomad runs as a single binary and is entirely self contained - combining resource management and scheduling into a single system. Nomad does not require any external services for storage or coordination. Nomad automatically handles application, node, and driver failures. Nomad is distributed and resilient, using leader election and state replication to provide high availability in the event of failures.

  • Device Plugins & GPU Support: Nomad offers built-in support for GPU workloads such as machine learning (ML) and artificial intelligence (AI). Nomad uses device plugins to automatically detect and utilize resources from hardware devices such as GPU, FPGAs, and TPUs.

  • Federation for Multi-Region, Multi-Cloud: Nomad was designed to support infrastructure at a global scale. Nomad supports federation out-of-the-box and can deploy applications across multiple regions and clouds.

  • Proven Scalability: Nomad is optimistically concurrent, which increases throughput and reduces latency for workloads. Nomad has been proven to scale to clusters of 10K+ nodes in real-world production environments.

  • HashiCorp Ecosystem: Nomad integrates seamlessly with Terraform, Consul, Vault for provisioning, service discovery, and secrets management.

Quick Start

Testing

See Learn: Getting Started for instructions on setting up a local Nomad cluster for non-production use.

Optionally, find Terraform manifests for bringing up a development Nomad cluster on a public cloud in the terraform directory.

Production

See Learn: Nomad Reference Architecture for recommended practices and a reference architecture for production deployments.

Documentation

Full, comprehensive documentation is available on the Nomad website: https://www.nomadproject.io/docs

Guides are available on HashiCorp Learn.

Contributing

See the contributing directory for more developer documentation.