kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-06 18:35:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

sync

Browse Source
This commit is contained in:
Alex Dadgar
2017-09-19 09:47:10 -05:00
parent 7b01e43b7c
commit ddc2efa4ac
379 changed files with 20988 additions and 626 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
website/source/docs/agent/configuration/index.html.md
View File

@@ -194,6 +194,8 @@ testing.
with potentially multiple zones, which map to [datacenters](#datacenter) such
as `us-west` and `us-east`.
- `sentinel` <code>([Sentinel][sentinel]: nil)</code> - Specifies configuration for Sentinel policies.
- `server` <code>([Server][server]: nil)</code> - Specifies configuration which is specific to the Nomad server.
- `syslog_facility` `(string: "LOCAL0")` - Specifies the syslog facility to write to. This has no effect unless `enable_syslog` is true.
@@ -231,5 +233,6 @@ http_api_response_headers {
[vault]: /docs/agent/configuration/vault.html "Nomad Agent vault Configuration"
[tls]: /docs/agent/configuration/tls.html "Nomad Agent tls Configuration"
[client]: /docs/agent/configuration/client.html "Nomad Agent client Configuration"
[sentinel]: /docs/agent/configuration/sentinel.html "Nomad Agent sentinel Configuration"
[server]: /docs/agent/configuration/server.html "Nomad Agent server Configuration"
[acl]: /docs/agent/configuration/acl.html "Nomad Agent ACL Configuration"

42
website/source/docs/agent/configuration/sentinel.html.md Normal file
View File

@@ -0,0 +1,42 @@
---
layout: "docs"
page_title: "sentinel Stanza - Agent Configuration"
sidebar_current: "docs-agent-configuration-sentinel"
description: |-
The "sentinel" stanza configures the Nomad agent for Sentinel policies and tune various parameters.
---
# `sentinel` Stanza
<table class="table table-bordered table-striped">
<tr>
<th width="120">Placement</th>
<td>
<code>**sentinel**</code>
</td>
</tr>
</table>
The `sentinel` stanza configures the Sentinel policy engine and tunes various parameters.
```hcl
sentinel {
import "custom-plugin" {
path = "/usr/bin/sentinel-custom-plugin"
args = ["-verbose", "foo"]
}
}
```
## `sentinel` Parameters
- `import` <code>([Import](#import-parameters): nil)</code> -
Specifies a plugin that should be made available for importing by Sentinel policies.
The name of the import matches the name that can be imported.
### `import` Parameters
- `path` `(string: "")` - Specifies the path to the import plugin. Must be executable by Nomad.
- `args` `(array<string>: [])` - Specifies arguments to pass to the plugin when starting it.

28
website/source/docs/commands/namespace.html.md.erb Normal file
View File

@@ -0,0 +1,28 @@
---
layout: "docs"
page_title: "Commands: namespace"
sidebar_current: "docs-commands-namespace"
description: >
The namespace command is used to interact with namespaces.
---
# Nomad Namespace
Command: `nomad namespace`
The `namespace` command is used to interact with namespaces.
## Usage
Usage: `nomad namespace <subcommand> [options]`
Run `nomad namespace <subcommand> -h` for help on that subcommand. The following
subcommands are available:
* [`namespace apply`][apply] - Create or update a namespace
* [`namespace delete`][delete] - Delete a namespace
* [`namespace list`][list] - List available namespaces
[apply]: /docs/commands/namespace/apply.html "Create or update a namespace"
[delete]: /docs/commands/namespace/delete.html "Delete a namespace"
[list]: /docs/commands/namespace/list.html "List available namespaces"

40
website/source/docs/commands/namespace/apply.html.md.erb Normal file
View File

@@ -0,0 +1,40 @@
---
layout: "docs"
page_title: "Commands: namespace apply"
sidebar_current: "docs-commands-namespace-apply"
description: >
The namespace apply command is used create or update a namespace.
---
# Command: namespace apply
The `namespace apply` command is used create or update a namespace.
~> Namespace commands are new in Nomad 0.7 and are only available with Nomad
Enterprise.
## Usage
```
nomad namespace apply [options] <namespace>
```
The `namespace apply` command requires the name of the namespace to be created
or updated.
## General Options
<%= partial "docs/commands/_general_options" %>
## Apply Options
* `-description` : An optional human readable description for the namespace.
## Examples
Create a namespace
```
$ nomad namespace apply -description "Prod API servers" api-prod
Successfully applied namespace "api-prod"!
```

35
website/source/docs/commands/namespace/delete.html.md.erb Normal file
View File

@@ -0,0 +1,35 @@
---
layout: "docs"
page_title: "Commands: namespace delete"
sidebar_current: "docs-commands-namespace-delete"
description: >
The namespace delete command is used to delete a namespace.
---
# Command: namespace delete
The `namespace delete` command is used delete a namespace.
~> Namespace commands are new in Nomad 0.7 and are only available with Nomad
Enterprise.
## Usage
```
nomad namespace delete [options] <namespace>
```
The `namespace delete` command requires the name of the namespace to be deleted.
## General Options
<%= partial "docs/commands/_general_options" %>
## Examples
Delete a namespace
```
$ nomad namespace delete api-prod
Successfully deleted namespace "api-prod"!
```

46
website/source/docs/commands/namespace/list.html.md.erb Normal file
View File

@@ -0,0 +1,46 @@
---
layout: "docs"
page_title: "Commands: namespace list"
sidebar_current: "docs-commands-namespace-list"
description: >
The namespace list command is used to list namespaces.
---
# Command: namespace list
The `namespace list` command is used list available namespaces.
~> Namespace commands are new in Nomad 0.7 and are only available with Nomad
Enterprise.
## Usage
```
nomad namespace list [options]
```
The `namespace list` command requires no arguments.
## General Options
<%= partial "docs/commands/_general_options" %>
## List Options
* `-json` : Output the namespaces in their JSON format.
* `-t` : Format and display the namespaces using a Go template.
## Examples
List all namespaces:
```
$ nomad namespace list
Name Description
default Default shared namespace
api-prod Production instances of backend API servers
api-qa QA instances of backend API servers
web-prod Production instances of webservers
web-qa QA instances of webservers
```

2
website/source/docs/commands/plan.html.md.erb
View File

@@ -60,6 +60,8 @@ Plan will return one of the following exit codes:
* `-diff`: Determines whether the diff between the remote job and planned job is
shown. Defaults to true.
* `-policy-override`: Sets the flag to force override any soft mandatory Sentinel policies.
* `-verbose`: Increase diff verbosity.
## Examples

8
website/source/docs/commands/run.html.md.erb
View File

@@ -60,14 +60,16 @@ precedence, going from highest to lowest: the `-vault-token` flag, the
will be output, which can be used to examine the evaluation using the
[eval-status](/docs/commands/eval-status.html) command
* `-output`: Output the JSON that would be submitted to the HTTP API without
submitting the job.
* `-policy-override`: Sets the flag to force override any soft mandatory Sentinel policies.
* `-vault-token`: If set, the passed Vault token is stored in the job before
sending to the Nomad servers. This allows passing the Vault token without
storing it in the job file. This overrides the token found in $VAULT_TOKEN
environment variable and that found in the job.
* `-output`: Output the JSON that would be submitted to the HTTP API without
submitting the job.
* `-verbose`: Show full information.
## Examples

30
website/source/docs/commands/sentinel.html.md.erb Normal file
View File

@@ -0,0 +1,30 @@
---
layout: "docs"
page_title: "Commands: sentinel"
sidebar_current: "docs-commands-sentinel"
description: >
The sentinel command is used to interact with Sentinel policies.
---
# Nomad Sentinel
Command: `nomad sentinel`
The `sentinel` command is used to interact with Sentinel policies.
## Usage
Usage: `nomad sentinel <subcommand> [options]`
Run `nomad sentinel <subcommand> -h` for help on that subcommand. The following
subcommands are available:
* [`sentinel apply`][apply] - Create a new or update existing Sentinel policies
* [`sentinel delete`][delete] - Delete an existing Sentinel policies
* [`sentinel list`][list] - Display all Sentinel policies
* [`sentinel read`][read] - Inspects an existing Sentinel policies
[delete]: /docs/commands/sentinel/delete.html
[list]: /docs/commands/sentinel/list.html
[read]: /docs/commands/sentinel/read.html
[apply]: /docs/commands/sentinel/apply.html

42
website/source/docs/commands/sentinel/apply.html.md.erb Normal file
View File

@@ -0,0 +1,42 @@
---
layout: "docs"
page_title: "Commands: sentinel apply"
sidebar_current: "docs-commands-sentinel-apply"
description: >
The sentinel apply command is used to write a new, or update an existing, Sentinel policy.
---
# Command: sentinel apply
The `sentinel apply` command is used to write a new, or update an existing, Sentinel policy.
## Usage
```
nomad sentinel apply [options] <Policy Name> <Policy File>
```
The `sentinel apply` command requires two arguments, the policy name and the policy file.
The policy file can be read from stdin by specifying "-" as the file name.
## General Options
<%= partial "docs/commands/_general_options" %>
## Apply Options
* `-description` : Sets a human readable description for the policy
* `-scope` : (default: submit-job) Sets the scope of the policy and when it should be enforced.
* `-level` : (default: advisory) Sets the enforcment level of the policy. Must be one of advisory,
soft-mandatory, hard-mandatory.
## Examples
Write a policy:
```
$ nomad sentinel write -description "My test policy" foo test.sentinel
Successfully wrote "foo" Sentinel policy!
```

32
website/source/docs/commands/sentinel/delete.html.md.erb Normal file
View File

@@ -0,0 +1,32 @@
---
layout: "docs"
page_title: "Commands: sentinel delete"
sidebar_current: "docs-commands-sentinel-delete"
description: >
The sentinel delete command is used to delete a Sentinel policy.
---
# Command: sentinel delete
The `sentinel delete` command is used to delete a Sentinel policy.
## Usage
```
nomad sentinel delete [options] <Policy Name>
```
The `sentinel delete` command requires a single argument, the policy name.
## General Options
<%= partial "docs/commands/_general_options" %>
## Examples
Delete a policy:
```
$ nomad sentinel delete foo
Successfully deleted "foo" Sentinel policy!
```

33
website/source/docs/commands/sentinel/list.html.md.erb Normal file
View File

@@ -0,0 +1,33 @@
---
layout: "docs"
page_title: "Commands: sentinel list"
sidebar_current: "docs-commands-sentinel-list"
description: >
The sentinel list command is used to list all installed Sentinel policies.
---
# Command: sentinel list
The `sentinel list` command is used to display all the installed Sentinel policies.
## Usage
```
nomad sentinel list [options]
```
The `sentinel list` command requires no arguments.
## General Options
<%= partial "docs/commands/_general_options" %>
## Examples
List all policies:
```
$ nomad sentinel list
Name Scope Enforcement Level Description
foo submit-job advisory my test policy
```

43
website/source/docs/commands/sentinel/read.html.md.erb Normal file
View File

@@ -0,0 +1,43 @@
---
layout: "docs"
page_title: "Commands: sentinel read"
sidebar_current: "docs-commands-sentinel-read"
description: >
The sentinel read command is used to inspect a Sentinel policies.
---
# Command: sentinel read
The `sentinel read` command is used to inspect a Sentinel policy.
## Usage
```
nomad sentinel read [options] <Policy Name>
```
The `sentinel read` command requires a single argument, the policy name.
## General Options
<%= partial "docs/commands/_general_options" %>
## Read Options
* `-raw` : Output the raw policy only.
## Examples
Read all policies:
```
$ nomad sentinel read foo
Name = foo
Scope = submit-job
Enforcement Level = advisory
Description = my test policy
Policy:
main = rule { true }
```

20
website/source/docs/enterprise/index.html.md Normal file
View File

@@ -0,0 +1,20 @@
---
layout: "docs"
page_title: "Nomad Enterprise"
sidebar_current: "docs-enterprise"
description: |-
Nomad Enterprise features a number of capabilities beyond the open source
offering that may be beneficial in certain workflows.
---
# Nomad Enterprise
Nomad Enterprise simplifies operations by automating workflows. It adds support
for microservices deployments across complex network topologies. It also
increases both scalability and resilience. Features include:
- [Namespaces](/docs/enterprise/namespaces/index.html)
- [Namespace Quotas](/docs/enterprise/quotas/index.html)
- [Sentinel Policy Enforcement](/docs/enterprise/sentinel/index.html)
These features are part of [Nomad Enterprise](https://www.hashicorp.com/products/nomad/).

22
website/source/docs/enterprise/namespaces/index.html.md Normal file
View File

@@ -0,0 +1,22 @@
---
layout: "docs"
page_title: "Nomad Enterprise Namespaces"
sidebar_current: "docs-enterprise-namespaces"
description: |-
Nomad Enterprise provides support for namespaces, which allows jobs and their
associated objects to be segmented from each other and other users of the
cluster.
---
# Nomad Enterprise Namespaces
In [Nomad Enterprise](https://www.hashicorp.com/products/nomad/), a shared
cluster can be partioned into [namespaces](/guides/namespaces.html) which allows
jobs and their associated objects to be isolated from each other and other users
of the cluster.
Namespaces enhance the usability of a shared cluster by isolating teams from the
jobs of others, provide fine grain access control to jobs when coupled with
[ACLs](/guides/acl.html), and can prevent bad actors from negatively impacting
the whole cluster when used in conjunction with
[quotas](/docs/enterprise/quotas/index.html).

19
website/source/docs/enterprise/quotas/index.html.md Normal file
View File

@@ -0,0 +1,19 @@
---
layout: "docs"
page_title: "Nomad Enterprise Namespace Quotas"
sidebar_current: "docs-enterprise-quotas"
description: |-
Nomad Enterprise provides support for applying quotas to namespaces which
restricts the overall resources that jobs within the namespace are allowed to
consume.
---
# Nomad Enterprise Namespace Quotas
In [Nomad Enterprise](https://www.hashicorp.com/products/nomad/), operators can
define quota specifications and apply them to namespaces. When a quota is
attached to a namespace, the jobs within the namespace may not consume more
resources than the quota specification allows.
This allows operators to partition a shared cluster and ensure that no single
actor can consume the whole resources of the cluster.

31
website/source/docs/enterprise/sentinel/index.html.md Normal file
View File

@@ -0,0 +1,31 @@
---
layout: "docs"
page_title: "Nomad Enterprise Sentinel Policy Enforcement"
sidebar_current: "docs-enterprise-sentinel"
description: |-
Nomad Enterprise provides support for policy enforcement using Sentinel.
---
# Nomad Enterprise Sentinel Policy Enforcement
In [Nomad Enterprise](https://www.hashicorp.com/products/nomad/), operators can
create [Sentinel policies](/guides/sentinel-policy.html) for fine grain policy
enforcement. Sentinel policies build on top of the ACL system and allow operators to define
fine grain policies such as disallowing jobs to be submitted to production on
Fridays. These extremely rich policies are defined as code. For example, to
restrict jobs to only using the Docker driver, the operator would define and apply
the following policy:
```
# Only allows Docker based tasks
main = rule { all_drivers_docker }
# all_drivers_docker checks that all the drivers in use are Docker
all_drivers_docker = rule {
all job.task_groups as tg {
all tg.tasks as task {
task.driver is "docker"
}
}
}
```

7
website/source/docs/job-specification/job.html.md
View File

@@ -64,10 +64,6 @@ job "docs" {
## `job` Parameters
- `all_at_once` `(bool: false)` - Controls if the entire set of tasks in the job
must be placed atomically or if they can be scheduled incrementally. This
should only be used for special circumstances.
- `all_at_once` `(bool: false)` - Controls whether the scheduler can make
partial placements if optimistic scheduling resulted in an oversubscribed
node. This does not control whether all allocations for the job, where all
@@ -89,6 +85,9 @@ job "docs" {
- `meta` <code>([Meta][]: nil)</code> - Specifies a key-value map that annotates
with user-defined metadata.
- `namespace` `(string: "default")` - The namespace in which to execute the job.
Values other than default are not allowed in non-Enterprise versions of Nomad.
- `parameterized` <code>([Parameterized][parameterized]: nil)</code> - Specifies
the job as a parameterized job such that it can be dispatched against.