diff --git a/.changelog/18530.txt b/.changelog/18530.txt new file mode 100644 index 000000000..2a26b16b3 --- /dev/null +++ b/.changelog/18530.txt @@ -0,0 +1,3 @@ +```release-note:breaking-change +agent: Plugins stored within the `plugin_dir` will now only be executed when they have a corresponding `plugin` configuration block. Any plugin found without a corresponding configuration block will be skipped. +``` diff --git a/helper/pluginutils/loader/init.go b/helper/pluginutils/loader/init.go index 7d3003627..9bcbc6081 100644 --- a/helper/pluginutils/loader/init.go +++ b/helper/pluginutils/loader/init.go @@ -264,10 +264,15 @@ func (l *PluginLoader) fingerprintPlugins(plugins []os.FileInfo, configs map[str fingerprinted := make(map[PluginID]*pluginInfo, len(plugins)) for _, p := range plugins { name := cleanPluginExecutable(p.Name()) + + // Use the cleaned plugin name to check whether it is configured by the + // operator for use. If it is not, skip loading it and log a message, so + // operators can easily see this. c, ok := configs[name] if !ok { - // COMPAT(1.7): Skip executing unconfigured plugins in 1.8 or later. - l.logger.Warn("plugin not referenced in the agent configuration file, future versions of Nomad will not load this plugin until the agent configuration is updated", "plugin", name) + l.logger.Warn("plugin not referenced in the agent configuration file, loading skipped", + "plugin", name) + continue } info, err := l.fingerprintPlugin(p, c) if err != nil { diff --git a/helper/pluginutils/loader/loader_test.go b/helper/pluginutils/loader/loader_test.go index 939ee7b71..5b0f4ce01 100644 --- a/helper/pluginutils/loader/loader_test.go +++ b/helper/pluginutils/loader/loader_test.go @@ -102,8 +102,9 @@ func TestPluginLoader_External(t *testing.T) { ci.Parallel(t) require := require.New(t) - // Create two plugins - plugins := []string{"mock-device", "mock-device-2"} + // Create three plugins. Only two will be referenced within the agent config + // meaning the third should not be loaded. + plugins := []string{"mock-device", "mock-device-2", "mock-device-3"} pluginVersions := []string{"v0.0.1", "v0.0.2"} h := newHarness(t, plugins) @@ -133,6 +134,8 @@ func TestPluginLoader_External(t *testing.T) { require.NoError(err) // Get the catalog and assert we have the two plugins + // + // Note: mock-device-3 is ignored because it does not have a related config. c := l.Catalog() require.Len(c, 1) require.Contains(c, base.PluginTypeDevice) diff --git a/website/content/docs/upgrade/upgrade-specific.mdx b/website/content/docs/upgrade/upgrade-specific.mdx index b21a72abe..7eb21db5e 100644 --- a/website/content/docs/upgrade/upgrade-specific.mdx +++ b/website/content/docs/upgrade/upgrade-specific.mdx @@ -36,6 +36,13 @@ Drivers with the `RemoteTasks` capability will no longer be detached in the even the allocation is lost, nor will remote tasks be detached when a node is drained. Workloads running as remote tasks should be migrated prior to upgrading. +#### Loading Binaries from `plugin_dir` Without Configuration + +Plugins stored within the [`plugin_dir`](/nomad/docs/configuration#plugin_dir) +will now only be loaded when they have a corresponding +[`plugin`](/nomad/docs/configuration/plugin) block in the agent configuration +file. + ## Nomad 1.9.5 #### CNI plugins