this opens up dispatching parameterized jobs by systems
that do not allow modifying what http request body they send
e.g. these two things are equal:
POST '{"Payload": "'"$(base64 <<< "hello")"'"}' /v1/job/my-job/dispatch
POST 'hello' /v1/job/my-job/dispatch/payload
Clusters that have gone through several upgrades have be found to
include keyring material which has an empty RSA block.
In more recent versions of Nomad, an empty RSA block is omitted
from being written to disk. This results in the panic not being
present. Older versions, however, did not have this struct tag
meaning we wrote an empty JSON block which is not accounted for
in the current version.
* Upon sign-in post-expiry/403, redirect to original route
* Tests for token expiry re-routing
* Had made one of the new test tokens a management token, which conflicted with another test but was not necessary
* connect: handle grpc_address as gosockaddr/template string
This PR fixes a bug where the consul.grpc_address could not be set using
a go-sockaddr/template string. This was inconsistent with how we do accept
such strings for consul.address values.
* add changelog
* drivers: move executor process out of v1 task cgroup after process starts
This PR changes the behavior of the raw exec task driver on old cgroups v1
systems such that the executor process is no longer a member of the cgroups
created for the task. Now, the executor process is placed into those
cgroups and starts the task child process (just as before), but now then
exits those cgroups and exists in the nomad parent cgroup. This change
makes the behavior sort of similar to cgroups v2 systems, where we never
have the executor enter the task cgroup to begin with (because we can
directly clone(3) the task process into it).
Fixes#23951
* executor: handle non-linux case
* cgroups: add test case for no executor process in task cgroup (v1)
* add changelog
* drivers: also move executor out of cpuset cgroup
In #10193 we introduced a testing helper that spins up a client RPC server
without the rest of the client operations so that we can make server-side client
RPC tests lighter. But this wasn't actually ever wired up to the intended
target. While working on Dynamic Host Volumes I noticed that this would be
useful for RPC tests.
This changeset fixes some bugs in the helper that arose from client code drift,
and makes it used by the client RPC tests for CSI. This will also get used for
the DHV RPC tests.
Ref: https://github.com/hashicorp/nomad/pull/10193
* escaping newlines is not allowed in go-sockaddr template
* client{} block in client section
* tiny extra clarification that the NOMAD_ADDR is an example
Fixes a bug in the AllocatedResources.Comparable method, which resulted in
reporting less required resources than actually expected. This could result in
overscheduling of allocations on a single node and overlapping cgroup cpusets.
* ui: show region in header gutter when only one region exists
This PR adds a plain text label of the region to the header when there is
only one region present. Before, nothing was showin in this case, and a
dropdown was shown on federated clusters.
The use case here is for operators of multiple non-federated Nomad clusters,
when all the UI's involved otherwise look identical.
* [ui] Signing in with a token explicitly sets the region dropdown activeRegion (#24347)
* Signing in with a token explicitly sets the region dropdown activeREgion
* Test and Select a Region default text
* Account for 403 on mocked agent members req
* Dont show the region if it isnt set in agent config
* Small padding css change
* unit test condition moved to stubbable acceptance test
---------
Co-authored-by: Phil Renaud <phil.renaud@hashicorp.com>
Core scheduler relies on a special table in the state store—the TimeTable—to
figure out which objects can be GC'd. The TimeTable correlates Raft indices
with objects insertion time, a solution we used before most of the objects we
store in the state contained timestamps. This introduced a bit of a memory
overhead and complexity, but most importantly meant that any GC threshold users
set greater than timeTableLimit = 72 * time.Hour was ignored. This PR removes
the TimeTable and relies on object timestamps to determine whether they could
be GCd or not.
* Check for target on click to prevent double-opening cmd+clicked links on var index
* Create cl entry 24316
* Move the dont-open-twice logic into the variable-paths component
* initial content from Daniel's doc
* Add IPv6 support doc to operations section.
* daniel obsessively re-refactors his docs
* Style guide edits
* a few more style nits
---------
Co-authored-by: Daniel Bennett <dbennett@hashicorp.com>
The parsing of the idempotency_token requires snake case, as it is a URL query parameter and not part of the JSON request body.
See also: 2df473c561/command/agent/http.go (L951)
