The only difference is DefaultTransport sets DisableKeepAlives
This doesn't make much sense to me - every http connection from the
nomad client goes to the same NOMAD_ADDR so it's a great case for keep
alive. Except round robin DNS and anycast perhaps.
Consul does this already
1e47e3c82b/api/api.go (L397)
* planner: expose ServerMeetsMinimumVersion via Planner interface
* filterByTainted: add flag indicating disconnect support
* allocReconciler: accept and pass disconnect support flag
* tests: update dependent tests
* chore: prettify gutter-menu
* chore: add portal packages
* styling: add styles sidebar and portal behavior
* ui: sidebar component
* ui: create and implement statechart for evals
* ui: actor-relationship service and provider component
* ui: d3 hierarchy computation
* chore: add render-modifiers and curved arrows
* ui: create evaluation actor div
* fix related evaluations schema
* ui: register/deregister evaluation divs
* ui: handle resize behavior
* bug: infinite re-render cycle
* fix: conditional logic to prevent infinite render of flex resizing
* ui: related evaluations schema and request param
* ui: fix testing for evaluations
* refact: make related-evals a proper has-many
* chore: don't pauseTest
* temp: debug d3 hierarchy
* ui: move derived state logic into backing component class for detail
* ui: deprecated related evaluations logic in statechart
* ui: update evaluation models
* ui: update logic to paint svg in non-viewable scroll region
* ui: update styling
* ui: testing for eval detail view
* ui: delete detail from template directory
* ui: break detail component down
* ui: static data for /evaluation/:id endpoint
* ui: fix styling of d3 viz
* ui: add query parameter adapter for evals
* ui: last minute design requests
* wip: address browser updating detail view behavior
* refact: handle query-state change in statechart
* conditional class looking for currentEval equality (#12411)
* F UI/evaluation detail sidebar rel evals (#12415)
* ui: remove busy id alias from statechart
* ui: edit related evaluations viz error message
* ui: bug fixes on related evaluations view (#12423)
* ui: remove busy id alias from statechart
* ui: edit related evaluations viz error message
* ui: update error state
* ui: related evaluation outline styling
* Related evaluation stylefile and non-link if it matches the active sidebar (#12428)
* Adds tabbable and keyboard pressable evaluation table rows (#12433)
* ui: fix failing eval list tests (#12437)
* ui: move styling into classes (#12438)
* fix test failures (#12444)
* ui: move styling into classes
* ui: eslint disable
* ui: allocations have evaluations as async relationships
* ui: fix evaluation refresh button (#12447)
* ui: move styling into classes
* ui: eslint disable
* ui: allocations have evaluations as async relationships
* ui: refresh bug
* ui: final touches on sidebar (#12462)
* chore: turn off template linting rules
Temporarily turning off template linting because we dont have a set CSS convention and the release needs to go out ASAP.
* doc: deprecate out of date comments and vars
* ui: edit mirage server fetch logic
* ui: style sidebar relative
* Modification to mocked related evals and manually set 100% height on svg (#12460)
* F UI/evaluation detail sidebar final touches (#12463)
* chore: turn off template linting rules
Temporarily turning off template linting because we dont have a set CSS convention and the release needs to go out ASAP.
* doc: deprecate out of date comments and vars
* ui: edit mirage server fetch logic
* ui: style sidebar relative
* ui: account for new related eval added to chain
Co-authored-by: Michael Klein <michael@firstiwaslike.com>
Co-authored-by: Phil Renaud <phil@riotindustries.com>
Move some common Vault API data struct decoding out of the Vault client
so it can be reused in other situations.
Make Vault job validation its own function so it's easier to expand it.
Rename the `Job.VaultPolicies` method to just `Job.Vault` since it
returns the full Vault block, not just their policies.
Set `ChangeMode` on `Vault.Canonicalize`.
Add some missing tests.
Allows specifying an entity alias that will be used by Nomad when
deriving the task Vault token.
An entity alias assigns an indentity to a token, allowing better control
and management of Vault clients since all tokens with the same indentity
alias will now be considered the same client. This helps track Nomad
activity in Vault's audit logs and better control over Vault billing.
Add support for a new Nomad server configuration to define a default
entity alias to be used when deriving Vault tokens. This default value
will be used if the task doesn't have an entity alias defined.
When we unmount a volume we need to be able to recover from cases
where the plugin has been shutdown before the allocation that needs
it, so in #11892 we blocked shutting down the alloc runner hook. But
this blocks client shutdown if we're in the middle of unmounting. The
client won't be able to communicate with the plugin or send the
unpublish RPC anyways, so we should cancel the context and assume that
we'll resume the unmounting process when the client restarts.
For `-dev` mode we don't send the graceful `Shutdown()` method and
instead destroy all the allocations. In this case, we'll never be able
to communicate with the plugin but also never close the context we
need to prevent the hook from blocking. To fix this, move the retries
into their own goroutine that doesn't block the main `Postrun`.
This PR adds support for the raw_exec driver on systems with only cgroups v2.
The raw exec driver is able to use cgroups to manage processes. This happens
only on Linux, when exec_driver is enabled, and the no_cgroups option is not
set. The driver uses the freezer controller to freeze processes of a task,
issue a sigkill, then unfreeze. Previously the implementation assumed cgroups
v1, and now it also supports cgroups v2.
There is a bit of refactoring in this PR, but the fundamental design remains
the same.
Closes#12351#12348
The volume watcher design was based on deploymentwatcher and drainer,
but has an important difference: we don't want to maintain a goroutine
for the lifetime of the volume. So we stop the volumewatcher goroutine
for a volume when that volume has no more claims to free. But the
shutdown races with updates on the parent goroutine, and it's possible
to drop updates. Fortunately these updates are picked up on the next
core GC job, but we're most likely to hit this race when we're
replacing an allocation and that's the time we least want to wait.
Wait until the volume has "settled" before stopping this goroutine so
that the race between shutdown and the parent goroutine sending on
`<-updateCh` is pushed to after the window we most care about quick
freeing of claims.
* Fixes a resource leak when volumewatchers are no longer needed. The
volume is nil and can't ever be started again, so the volume's
`watcher` should be removed from the top-level `Watcher`.
* De-flakes the GC job test: the test throws an error because the
claimed node doesn't exist and is unreachable. This flaked instead of
failed because we didn't correctly wait for the first pass through the
volumewatcher.
Make the GC job wait for the volumewatcher to reach the quiescent
timeout window state before running the GC eval under test, so that
we're sure the GC job's work isn't being picked up by processing one
of the earlier claims. Update the claims used so that we're sure the
GC pass won't hit a node unpublish error.
* Adds trace logging to unpublish operations
Tear down the volume-consuming job between subtests, rather than after
all the tests are complete. For good measure, use a different ID for
the volume-consuming job as well.
In the same manner as the delete RPC, the list and read service
registration endpoints can be called either by external operators
or Nomad nodes. The latter occurs when a template is being
rendered which includes Nomad API template funcs. In this case,
the auth token is looked up as the node secret ID for auth.
