kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity
26,908 Commits 1 Branch 0 Tags
aca0ff438a3e20f54f1abe426a54b6038527c156
Commit Graph

26908 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Denis Rodin
aca0ff438a raw_exec windows: add support for setting the task user (#25496) 2025-04-03 11:21:13 -04:00
Tim Gross
e4d2fc93cd upgrade testing: temporarily disable CSI workload (#25589) 
The CSI workload we're using for upgrade testing seems to be flaky to come
up. The plugin jobs don't launch in a timely fashion despite several
attempts. In order to not block running the rest of the upgrade testing, let's
disable this workload temporarily. We'll fix this in NET-12430.

Ref: https://hashicorp.atlassian.net/browse/NET-12430
 2025-04-03 08:53:20 -04:00
tehut
27b1d470a8 modify rawexec TaskConfig and Config to accept envvar denylist (#25511) 
* modify rawexec TaskConfig and Config to accept envvar denylist
* update rawexec driver docs to include deniedEnvars options
Co-authored-by: Daniel Bennett <dbennett@hashicorp.com>

---------

Co-authored-by: Daniel Bennett <dbennett@hashicorp.com>
 2025-04-02 12:25:28 -07:00
Tim Gross
78cc7ec1eb dynamic host volumes: enforce that namespace exists (#25590) 
Testing found that if you create or register a dynamic host volume in a
non-existing namespace, the volume gets created on the client but then we can't
write it to state. Add a check for this in the initial validation.
 2025-04-02 15:18:55 -04:00
Nikita Eliseev
76fb3eb9a1 rpc: added configuration for yamux session (#25466) 
Fixes: https://github.com/hashicorp/nomad/issues/25380
 2025-04-02 10:58:23 -04:00
Tim Gross
1a1ccec8b2 CNI: add warning log for CNI check command failures (#25581) 
In #24658 we fixed a bug around client restarts where we would not assert
network namespaces existed and were properly configured when restoring
allocations. We introduced a call to the CNI `Check` method so that the plugins
could report correct config. But when we get an error from this call, we don't
log it unless the error is fatal. This makes it challenging to debug the case
where the initial check fails but we tear down the network and try again (as
described in #25510). Add a noisy log line here.

Ref: https://github.com/hashicorp/nomad/pull/24658
Ref: https://github.com/hashicorp/nomad/issues/25510
 2025-04-02 10:43:05 -04:00
Phil Renaud
afa9e65afa Update playwright to 1.51.0 for e2e ui tests (#25585) 2025-04-02 15:12:00 +01:00
Michael Smithhisler
c8cc519f54 e2e: disable cli hints for command parsing (#25584) 2025-04-02 09:12:36 -04:00
Michael Smithhisler
95c9029df0 e2e: update consul task policy and add empty consul block to task groups (#25580) 2025-04-01 16:29:47 -04:00
Deniz Onur Duzgun
80da9cb211 bump: go-discovery to latest commit SHA (#25566) 
* bump: go-discovery to latest commit SHA

* go mod tidy
 2025-04-01 11:12:06 -04:00
James Rasell
1a60464ca5 volumes: Version gate create/delete host volume RPCs. (#25571) 
All Nomad servers should be running v1.10.0 before the DHV feature
can be used. Without this, it is possible for a write to succeed
and cause immediate loss and subsequent failure to establish
leadership.
 2025-04-01 15:53:37 +01:00
Aimee Ukasick
9778fa4912 Docs: Fix broken links in main for 1.10 release (#25540) 
* Docs: Fix broken links in main for 1.10 release

* Implement Tim's suggestions

* Remove link to Portworx from ecosystem page

* remove "Portworx" since Portworx 3.2 no longer supports Nomad
 2025-04-01 09:09:44 -05:00
James Rasell
3ffe6e5f53 test: Move client server manager tests to use must library. (#25569) 2025-04-01 14:23:08 +01:00
Tim Gross
cdd40cf81b docs: document requirements for Consul tokens in admin partitions (#25529) 
When using Nomad with Consul, each Nomad agent is expected to have a Consul
agent running alongside. When using Nomad Enterprise and Consul Enterprise
together, the Consul agent may be in a Consul admin partition. In order for
Nomad's "anti-entropy" sync to work with Consul, the Consul ACL token and ACL
policy for the Nomad client must be in the same admin partition as the Consul
agent. Otherwise, we can register services (via WI) but then won't be able to
deregister them unless they're the default namespace.

Ref: https://hashicorp.atlassian.net/browse/NET-12361
 2025-04-01 08:45:05 -04:00
Michael Smithhisler
7176cf443a docs: add missing podman task config options (#25465) 
---------

Co-authored-by: Aimee Ukasick <aimee.ukasick@hashicorp.com>
 2025-04-01 08:31:58 -04:00
Juana De La Cuesta
8257465ffa Merge pull request #25548 from hashicorp/dependabot/npm_and_yarn/scripts/screenshots/src/tar-fs-2.1.2 
chore(deps): bump tar-fs from 2.1.0 to 2.1.2 in /scripts/screenshots/src
 2025-04-01 14:08:41 +02:00
Allison Larson
17d191ae24 Add -group flag to alloc exec, alloc logs command (#25568) 
* Add -group flag to `alloc exec`, `alloc logs` command

* fixup! Add -group flag to `alloc exec`, `alloc logs` command

* Add -group option to alloc fs

* Add changelog
 2025-03-31 14:17:45 -07:00
Michael Smithhisler
077c1921ef e2e: disable IMDSv2 in tests (#25564) 
Consul needs to use a newer version of go-discover that can query IMDSv2
in order for our test infrastructure to be enabled with it.
 2025-03-31 12:07:45 -04:00
Sooter Saalu
e93bda31ea Update placement.mdx (#25538) 
* Update placement.mdx

Added explanations on initial and blocked evaluation for placement failures.

fixes #24824

* Update website/content/docs/concepts/scheduling/placement.mdx

Co-authored-by: Aimee Ukasick <aimee.ukasick@hashicorp.com>

* Update website/content/docs/concepts/scheduling/placement.mdx

Co-authored-by: Aimee Ukasick <aimee.ukasick@hashicorp.com>

---------

Co-authored-by: Aimee Ukasick <aimee.ukasick@hashicorp.com>
 2025-03-31 09:08:06 -05:00
dependabot[bot]
d4b40a8e5e chore(deps): bump github.com/hashicorp/consul/sdk from 0.16.1 to 0.16.2 (#25549) 2025-03-31 08:14:42 +00:00
dependabot[bot]
658c8f3c5a chore(deps): bump github.com/hashicorp/go-kms-wrapping/wrappers/awskms/v2 (#25551) 2025-03-31 08:14:05 +00:00
dependabot[bot]
05ae690e6c chore(deps): bump golang.org/x/mod from 0.23.0 to 0.24.0 (#25552) 2025-03-31 08:12:49 +00:00
dependabot[bot]
5e002a750b chore(deps): bump github.com/prometheus/client_golang (#25553) 2025-03-31 08:11:57 +00:00
dependabot[bot]
3fc2451ac2 chore(deps): bump github.com/opencontainers/image-spec (#25550) 2025-03-31 08:10:08 +00:00
dependabot[bot]
0cb2db86a9 chore(deps): bump tar-fs from 2.1.0 to 2.1.2 in /scripts/screenshots/src 
Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.0 to 2.1.2.
- [Commits](https://github.com/mafintosh/tar-fs/compare/v2.1.0...v2.1.2)

---
updated-dependencies:
- dependency-name: tar-fs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-29 00:09:47 +00:00
Michael Smithhisler
8e3625a716 e2e: create consul policies and roles in respective namespaces (#25546) 2025-03-28 13:52:49 -04:00
James Rasell
37af365cf3 deps: Update golang.org/x/net from 0.36.0 to 0.38.0 (#25543) 2025-03-28 15:13:58 +00:00
Daniel Bennett
99c25fc635 dhv: mkdir plugin parameters: uid,guid,mode (#25533) 
also remove Error logs from client rpc and promote plugin Debug logs to Error (since they have more info in them)
 2025-03-28 10:13:13 -05:00
Piotr Kazmierczak
e9ebbed32c drivers: unflake TestExecutor_OOMKilled (#25521) 
Every now and then TestExecutor_OOMKilled would fail with: "unable to start
container process: container init was OOM-killed (memory limit too low?)" which
started happening since we upgraded libcontainer.

This PR removes manual (and arbitrary) resource limits on the test
task, since it should be OOMd with resources inherited from the
testExecutorCommandWithChroot, and it fixes a small possible goroutine leak in
the OOM checker in exec driver.
 2025-03-28 11:35:02 +01:00
Piotr Kazmierczak
a1fd9da705 e2e: require IMDSv2 for ec2 instances (#25541) 
Require Instance Metadata Service v2 to access EC2 instance metadata for all VMs
that run our e2e suite.
 2025-03-28 09:58:51 +01:00
James Rasell
3ab1673552 sec: Suppress GO-2025-3543 for github.com/opencontainers/runc (#25536) 
The vulnerability has been withdrawn but it may be a while until
it is removed from the DB used by scanning. Suppressing this
removes the false result in scanning processes. The change should
be reverted once the DB is updated.
 2025-03-27 12:58:06 +00:00
Martijn Vegter
736103aa54 client: fix JSON formatted logs when failing to reserve cores (#25523) 
Fixed a bug where JSON formatted logs would not show the requested and overlapping 
cores when failing to reserve cores
 2025-03-27 08:52:32 -04:00
James Rasell
601e7ad3ab job: Add migrate block detail when performing task group diff (#25528) 2025-03-27 08:04:58 +00:00
Michael Smithhisler
f0e0215d56 e2e: fix consul e2e enterprise logic in bootstrapping (#25532) 2025-03-26 14:08:20 -04:00
Daniel Bennett
0e121b3c29 sanitize auth method in create/update reply (#25519) 
create/update APIs only work for someone
who has the secret(s) in hand, but that someone
could be a CI system, which might log output.
 2025-03-26 11:36:08 -05:00
Tim Gross
fb93c41ba7 docs: expand info on built-in mkdir dynamic host volume plugin (#25524) 
Describe the built-in `mkdir` plugin in the plugin concepts docs in a little
more detail. Crosslink to there from the `plugin_id` field docs, and clarify
that the `mkdir` plugin doesn't support the capacity request fields.

Update the example plugins to avoid using volume author controlled variables in
favor of Nomad-controlled ones, to reduce the risk of path traversal, and
explain to plugin authors they'll likely want to avoid this in their own
plugins.
 2025-03-26 11:21:43 -04:00
Aimee Ukasick
b8ad371cfb Docs: SEO updates to front matter description intro, install, integrations (#25416) 
* install section

* nomad/intro section

* integrations section

* Feedback from review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
 2025-03-26 09:40:37 -05:00
Juana De La Cuesta
61517fcc57 Merge pull request #25520 from hashicorp/NOJIRA-update-typo 
Fix for wrong function name on verify allocs script
 2025-03-26 10:28:04 +01:00
Juanadelacuesta
332e859da0 Typo: Wrong function name 2025-03-26 10:06:40 +01:00
Crypto89
9c4e4afa79 csi: fix CSI ExpandVolume stagingPath (#25253) 
Fix the checking of the staging path against the mountRoot on the host
rather then checking against the containerMountPoint which (probably)
never exists on the host causing it to default back the the legacy
behaviour.
 2025-03-25 12:36:46 -05:00
dependabot[bot]
d67a74d0f4 chore(deps): bump github.com/gorilla/websocket in /api (#25502) 
Bumps [github.com/gorilla/websocket](https://github.com/gorilla/websocket) from 1.5.0 to 1.5.3.
- [Release notes](https://github.com/gorilla/websocket/releases)
- [Commits](https://github.com/gorilla/websocket/compare/v1.5.0...v1.5.3)

---
updated-dependencies:
- dependency-name: github.com/gorilla/websocket
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-25 10:53:27 -04:00
dependabot[bot]
f16104ab84 chore(deps): bump github.com/shoenig/test from 1.7.1 to 1.12.1 in /api (#25501) 
Bumps [github.com/shoenig/test](https://github.com/shoenig/test) from 1.7.1 to 1.12.1.
- [Release notes](https://github.com/shoenig/test/releases)
- [Commits](https://github.com/shoenig/test/compare/v1.7.1...v1.12.1)

---
updated-dependencies:
- dependency-name: github.com/shoenig/test
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-25 10:52:56 -04:00
dependabot[bot]
de723690f7 chore(deps): bump github.com/felixge/httpsnoop in /api (#25499) 
Bumps [github.com/felixge/httpsnoop](https://github.com/felixge/httpsnoop) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/felixge/httpsnoop/releases)
- [Commits](https://github.com/felixge/httpsnoop/compare/v1.0.3...v1.0.4)

---
updated-dependencies:
- dependency-name: github.com/felixge/httpsnoop
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-25 10:02:00 -04:00
James Rasell
ea25503705 cli: Use meta response index to start monitoring volume create. (#25514) 2025-03-25 14:00:46 +00:00
dependabot[bot]
1ff8d7b3ab chore(deps): bump github.com/hashicorp/go-plugin from 1.6.2 to 1.6.3 (#25507) 
Bumps [github.com/hashicorp/go-plugin](https://github.com/hashicorp/go-plugin) from 1.6.2 to 1.6.3.
- [Release notes](https://github.com/hashicorp/go-plugin/releases)
- [Changelog](https://github.com/hashicorp/go-plugin/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/go-plugin/compare/v1.6.2...v1.6.3)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-25 09:56:59 -04:00
dependabot[bot]
ba35b1d170 chore(deps): bump github.com/shoenig/test from 1.12.0 to 1.12.1 (#25506) 
Bumps [github.com/shoenig/test](https://github.com/shoenig/test) from 1.12.0 to 1.12.1.
- [Release notes](https://github.com/shoenig/test/releases)
- [Commits](https://github.com/shoenig/test/compare/v1.12.0...v1.12.1)

---
updated-dependencies:
- dependency-name: github.com/shoenig/test
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-25 09:56:34 -04:00
dependabot[bot]
809985bbcd chore(deps): bump golang.org/x/time from 0.10.0 to 0.11.0 (#25505) 
Bumps [golang.org/x/time](https://github.com/golang/time) from 0.10.0 to 0.11.0.
- [Commits](https://github.com/golang/time/compare/v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: golang.org/x/time
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-25 09:55:47 -04:00
dependabot[bot]
ebe0fe9914 chore(deps): bump github.com/opencontainers/runc from 1.2.5 to 1.2.6 (#25504) 
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Changelog](https://github.com/opencontainers/runc/blob/v1.2.6/CHANGELOG.md)
- [Commits](https://github.com/opencontainers/runc/compare/v1.2.5...v1.2.6)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-25 09:55:13 -04:00
dependabot[bot]
5485457dcc chore(deps): bump github.com/docker/docker (#25503) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 28.0.1+incompatible to 28.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v28.0.1...v28.0.2)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-25 09:54:11 -04:00
Allison Larson
d1d8945d2e Add docker plugin config option image_pull_timeout value for default timeout (#25489) 
* Add docker plugin config image_pull_timeout value for default timeout

* Add image_pull_timeout docker plugin config to docs

* Add changelog
 2025-03-24 13:03:14 -07:00