nomad

package
v1.5.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 13, 2023 License: MPL-2.0 Imports: 98 Imported by: 144

Documentation

Index

Constants

View Source
const (
	// AutopilotRZTag is the Serf tag to use for the redundancy zone value
	// when passing the server metadata to Autopilot.
	AutopilotRZTag = "ap_zone"

	// AutopilotRZTag is the Serf tag to use for the custom version value
	// when passing the server metadata to Autopilot.
	AutopilotVersionTag = "ap_version"
)
View Source
const (
	DefaultRegion   = "global"
	DefaultDC       = "dc1"
	DefaultSerfPort = 4648
)
View Source
const (
	// ConsulPolicyWrite is the literal text of the policy field of a Consul Policy
	// Rule that we check when validating an Operator Consul token against the
	// necessary permissions for creating a Service Identity token for a given
	// service.
	//
	// The rule may be:
	//  - service.<exact>
	//  - service."*" (wildcard)
	//  - service_prefix.<matching> (including empty string)
	//
	// e.g.
	//   service "web" { policy = "write" }
	//   service_prefix "" { policy = "write" }
	ConsulPolicyWrite = "write"

	// ConsulPolicyRead is the literal text of the policy field of a Consul Policy
	// Rule that we check when validating a job-submitter Consul token against the
	// necessary permissions for reading the key-value store.
	//
	// The only acceptable rule is
	//  - service_prefix "" { policy = "read|write" }
	ConsulPolicyRead = "read"
)
View Source
const (
	// RegisterEnforceIndexErrPrefix is the prefix to use in errors caused by
	// enforcing the job modify index during registers.
	RegisterEnforceIndexErrPrefix = "Enforcing job modify index"

	// DispatchPayloadSizeLimit is the maximum size of the uncompressed input
	// data payload.
	DispatchPayloadSizeLimit = 16 * 1024
)
View Source
const (

	// NodeDrainEvents are the various drain messages
	NodeDrainEventDrainSet      = "Node drain strategy set"
	NodeDrainEventDrainDisabled = "Node drain disabled"
	NodeDrainEventDrainUpdated  = "Node drain strategy updated"

	// NodeEligibilityEventEligible is used when the nodes eligiblity is marked
	// eligible
	NodeEligibilityEventEligible = "Node marked as eligible for scheduling"

	// NodeEligibilityEventIneligible is used when the nodes eligiblity is marked
	// ineligible
	NodeEligibilityEventIneligible = "Node marked as ineligible for scheduling"

	// NodeHeartbeatEventReregistered is the message used when the node becomes
	// reregistered by the heartbeat.
	NodeHeartbeatEventReregistered = "Node reregistered by heartbeat"
)
View Source
const AllRegions = ""
View Source
const (
	// DefaultDequeueTimeout is used if no dequeue timeout is provided
	DefaultDequeueTimeout = time.Second
)
View Source
const (

	// NodeHeartbeatEventMissed is the event used when the Nodes heartbeat is
	// missed.
	NodeHeartbeatEventMissed = "Node heartbeat missed"
)
View Source
const (
	// StatusReap is used to update the status of a node if we
	// are handling a EventMemberReap
	StatusReap = serf.MemberStatus(-1)
)

Variables

View Source
var (
	// ErrNotOutstanding is returned if an evaluation is not outstanding
	ErrNotOutstanding = errors.New("evaluation is not outstanding")

	// ErrTokenMismatch is the outstanding eval has a different token
	ErrTokenMismatch = errors.New("evaluation token does not match")

	// ErrNackTimeoutReached is returned if an expired evaluation is reset
	ErrNackTimeoutReached = errors.New("evaluation nack timeout reached")
)
View Source
var ErrMultipleNamespaces = errors.New("multiple Vault namespaces requires Nomad Enterprise")

ErrMultipleNamespaces is send when multiple namespaces are used in the OSS setup

View Source
var MinVersionPlanNormalization = version.Must(version.NewVersion("0.9.2"))

MinVersionPlanNormalization is the minimum version to support the normalization of Plan in SubmitPlan, and the denormalization raft log entry committed in ApplyPlanResultsRequest

Functions

func DefaultRPCAddr

func DefaultRPCAddr() *net.TCPAddr

func NewConsulACLsAPI added in v0.10.4

func NewConsulACLsAPI(aclClient consul.ACLsAPI, logger hclog.Logger, purgeFunc PurgeSITokenAccessorFunc) *consulACLsAPI

func NewConsulConfigsAPI added in v0.12.4

func NewConsulConfigsAPI(configsClient consul.ConfigAPI, logger hclog.Logger) *consulConfigsAPI

func NewCoreScheduler

func NewCoreScheduler(srv *Server, snap *state.StateSnapshot) scheduler.Scheduler

NewCoreScheduler is used to return a new system scheduler instance

func NewFSM

func NewFSM(config *FSMConfig) (*nomadFSM, error)

NewFSM is used to construct a new FSM with a blank state.

func NewPeriodicHeap added in v0.3.0

func NewPeriodicHeap() *periodicHeap

func NewVaultClient added in v0.5.0

func NewVaultClient(c *config.VaultConfig, logger log.Logger, purgeFn PurgeVaultAccessorFn, delegate taskClientHandler) (*vaultClient, error)

NewVaultClient returns a Vault client from the given config. If the client couldn't be made an error is returned.

func NodeRpc added in v0.8.0

func NodeRpc(session *yamux.Session, method string, args, reply interface{}) error

NodeRpc is used to make an RPC call to a node. The method takes the Yamux session for the node and the method to be called.

func NodeStreamingRpc added in v0.8.0

func NodeStreamingRpc(session *yamux.Session, method string) (net.Conn, error)

NodeStreamingRpc is used to make a streaming RPC call to a node. The method takes the Yamux session for the node and the method to be called. It conducts the initial handshake and returns a connection to be used or an error. It is the callers responsibility to close the connection if there is no error.

func ServersMeetMinimumVersion added in v0.7.0

func ServersMeetMinimumVersion(members []serf.Member, region string, minVersion *version.Version, checkFailedServers bool) bool

ServersMeetMinimumVersion returns whether the Nomad servers are at least on the given Nomad version. The checkFailedServers parameter specifies whether version for the failed servers should be verified.

func TestJoin added in v0.8.0

func TestJoin(t testing.T, servers ...*Server)

Types

type ACL added in v0.7.0

type ACL struct {
	// contains filtered or unexported fields
}

ACL endpoint is used for manipulating ACL tokens and policies

func NewACLEndpoint added in v1.5.0

func NewACLEndpoint(srv *Server, ctx *RPCContext) *ACL

func (*ACL) Bootstrap added in v0.7.0

Bootstrap is used to bootstrap the initial token

func (*ACL) DeleteAuthMethods added in v1.5.0

func (a *ACL) DeleteAuthMethods(
	args *structs.ACLAuthMethodDeleteRequest,
	reply *structs.ACLAuthMethodDeleteResponse) error

DeleteAuthMethods is used to delete auth methods

func (*ACL) DeleteBindingRules added in v1.5.0

DeleteBindingRules batch deletes ACL binding rules from Nomad state.

func (*ACL) DeletePolicies added in v0.7.0

func (a *ACL) DeletePolicies(args *structs.ACLPolicyDeleteRequest, reply *structs.GenericResponse) error

DeletePolicies is used to delete policies

func (*ACL) DeleteRolesByID added in v1.4.0

func (a *ACL) DeleteRolesByID(
	args *structs.ACLRolesDeleteByIDRequest,
	reply *structs.ACLRolesDeleteByIDResponse) error

DeleteRolesByID is used to batch delete ACL roles using the ID as the deletion key.

func (*ACL) DeleteTokens added in v0.7.0

func (a *ACL) DeleteTokens(args *structs.ACLTokenDeleteRequest, reply *structs.GenericResponse) error

DeleteTokens is used to delete tokens

func (*ACL) ExchangeOneTimeToken added in v1.1.0

func (a *ACL) ExchangeOneTimeToken(args *structs.OneTimeTokenExchangeRequest, reply *structs.OneTimeTokenExchangeResponse) error

ExchangeOneTimeToken provides a one-time token's secret ID to exchange it for the ACL token that created that one-time token

func (*ACL) ExpireOneTimeTokens added in v1.1.0

func (a *ACL) ExpireOneTimeTokens(args *structs.OneTimeTokenExpireRequest, reply *structs.GenericResponse) error

ExpireOneTimeTokens removes all expired tokens from the state store. It is called only by garbage collection

func (*ACL) GetAuthMethod added in v1.5.0

func (a *ACL) GetAuthMethod(
	args *structs.ACLAuthMethodGetRequest,
	reply *structs.ACLAuthMethodGetResponse) error

func (*ACL) GetAuthMethods added in v1.5.0

func (a *ACL) GetAuthMethods(
	args *structs.ACLAuthMethodsGetRequest,
	reply *structs.ACLAuthMethodsGetResponse) error

GetAuthMethods is used to get a set of auth methods

func (*ACL) GetBindingRule added in v1.5.0

func (a *ACL) GetBindingRule(
	args *structs.ACLBindingRuleRequest, reply *structs.ACLBindingRuleResponse) error

GetBindingRule is used to retrieve a single ACL binding rule as defined by its ID.

func (*ACL) GetBindingRules added in v1.5.0

func (a *ACL) GetBindingRules(
	args *structs.ACLBindingRulesRequest, reply *structs.ACLBindingRulesResponse) error

GetBindingRules is used to query for a set of ACL binding rules. This endpoint is used for replication purposes and is not exposed via the HTTP API.

func (*ACL) GetClaimPolicies added in v1.5.0

func (a *ACL) GetClaimPolicies(args *structs.GenericRequest, reply *structs.ACLPolicySetResponse) error

GetClaimPolicies return the ACLPolicy objects for a workload identity. Similar to GetPolicies except an error will *not* be returned if ACLs are disabled.

func (*ACL) GetPolicies added in v0.7.0

func (a *ACL) GetPolicies(args *structs.ACLPolicySetRequest, reply *structs.ACLPolicySetResponse) error

GetPolicies is used to get a set of policies

func (*ACL) GetPolicy added in v0.7.0

GetPolicy is used to get a specific policy

func (*ACL) GetRoleByID added in v1.4.0

func (a *ACL) GetRoleByID(
	args *structs.ACLRoleByIDRequest,
	reply *structs.ACLRoleByIDResponse) error

GetRoleByID is used to look up an individual ACL role using its ID.

func (*ACL) GetRoleByName added in v1.4.0

func (a *ACL) GetRoleByName(
	args *structs.ACLRoleByNameRequest,
	reply *structs.ACLRoleByNameResponse) error

GetRoleByName is used to look up an individual ACL role using its name.

func (*ACL) GetRolesByID added in v1.4.0

func (a *ACL) GetRolesByID(args *structs.ACLRolesByIDRequest, reply *structs.ACLRolesByIDResponse) error

GetRolesByID is used to get a set of ACL Roles as defined by their ID. This endpoint is used by the replication process and Nomad agent client token resolution.

func (*ACL) GetToken added in v0.7.0

GetToken is used to get a specific token

func (*ACL) GetTokens added in v0.7.0

func (a *ACL) GetTokens(args *structs.ACLTokenSetRequest, reply *structs.ACLTokenSetResponse) error

GetTokens is used to get a set of token

func (*ACL) ListAuthMethods added in v1.5.0

func (a *ACL) ListAuthMethods(
	args *structs.ACLAuthMethodListRequest,
	reply *structs.ACLAuthMethodListResponse) error

ListAuthMethods returns a list of ACL auth methods

func (*ACL) ListBindingRules added in v1.5.0

func (a *ACL) ListBindingRules(
	args *structs.ACLBindingRulesListRequest, reply *structs.ACLBindingRulesListResponse) error

ListBindingRules returns a stub list of ACL binding rules.

func (*ACL) ListPolicies added in v0.7.0

func (a *ACL) ListPolicies(args *structs.ACLPolicyListRequest, reply *structs.ACLPolicyListResponse) error

ListPolicies is used to list the policies

func (*ACL) ListRoles added in v1.4.0

func (a *ACL) ListRoles(
	args *structs.ACLRolesListRequest,
	reply *structs.ACLRolesListResponse) error

ListRoles is used to list ACL roles within state. If not prefix is supplied, all ACL roles are listed, otherwise a prefix search is performed on the ACL role name.

func (*ACL) ListTokens added in v0.7.0

func (a *ACL) ListTokens(args *structs.ACLTokenListRequest, reply *structs.ACLTokenListResponse) error

ListTokens is used to list the tokens

func (*ACL) Login added in v1.5.4

func (a *ACL) Login(args *structs.ACLLoginRequest, reply *structs.ACLLoginResponse) error

Login RPC performs non-interactive auth using a given AuthMethod. This method can not be used for OIDC login flow.

func (*ACL) OIDCAuthURL added in v1.5.0

func (a *ACL) OIDCAuthURL(args *structs.ACLOIDCAuthURLRequest, reply *structs.ACLOIDCAuthURLResponse) error

OIDCAuthURL starts the OIDC login workflow. The response URL should be used by the caller to authenticate the user. Once this has been completed, OIDCCompleteAuth can be used for the remainder of the workflow.

func (*ACL) OIDCCompleteAuth added in v1.5.0

func (a *ACL) OIDCCompleteAuth(
	args *structs.ACLOIDCCompleteAuthRequest, reply *structs.ACLLoginResponse) error

OIDCCompleteAuth complete the OIDC login workflow. It will exchange the OIDC provider token for a Nomad ACL token, using the configured ACL role and policy claims to provide authorization.

func (*ACL) ResolveToken deprecated added in v0.7.0

func (a *ACL) ResolveToken(args *structs.ResolveACLTokenRequest, reply *structs.ResolveACLTokenResponse) error

ResolveToken is used to lookup a specific token by a secret ID.

Deprecated: Prior to Nomad 1.5 this RPC was used by clients for authenticating local RPCs. Since Nomad 1.5 added workload identity support, clients now use the more flexible ACL.WhoAmI RPC. The /v1/acl/token/self API is the only remaining caller and should be switched to ACL.WhoAmI.

func (*ACL) UpsertAuthMethods added in v1.5.0

func (a *ACL) UpsertAuthMethods(
	args *structs.ACLAuthMethodUpsertRequest,
	reply *structs.ACLAuthMethodUpsertResponse) error

UpsertAuthMethods is used to create or update a set of auth methods

func (*ACL) UpsertBindingRules added in v1.5.0

UpsertBindingRules creates or updates ACL binding rules held within Nomad.

func (*ACL) UpsertOneTimeToken added in v1.1.0

func (a *ACL) UpsertOneTimeToken(args *structs.OneTimeTokenUpsertRequest, reply *structs.OneTimeTokenUpsertResponse) error

func (*ACL) UpsertPolicies added in v0.7.0

func (a *ACL) UpsertPolicies(args *structs.ACLPolicyUpsertRequest, reply *structs.GenericResponse) error

UpsertPolicies is used to create or update a set of policies

func (*ACL) UpsertRoles added in v1.4.0

func (a *ACL) UpsertRoles(
	args *structs.ACLRolesUpsertRequest,
	reply *structs.ACLRolesUpsertResponse) error

UpsertRoles creates or updates ACL roles held within Nomad.

func (*ACL) UpsertTokens added in v0.7.0

func (a *ACL) UpsertTokens(args *structs.ACLTokenUpsertRequest, reply *structs.ACLTokenUpsertResponse) error

UpsertTokens is used to create or update a set of tokens

func (*ACL) WhoAmI added in v1.5.0

func (a *ACL) WhoAmI(args *structs.GenericRequest, reply *structs.ACLWhoAmIResponse) error

WhoAmI is a RPC for debugging authentication. This endpoint returns the same AuthenticatedIdentity that will be used by RPC handlers, but unlike other endpoints will try to authenticate workload identities even if ACLs are disabled.

TODO: At some point we might want to give this an equivalent HTTP endpoint once other Workload Identity work is solidified

type Agent added in v0.10.2

type Agent struct {
	// contains filtered or unexported fields
}

func NewAgentEndpoint added in v1.5.0

func NewAgentEndpoint(srv *Server) *Agent

func (*Agent) Host added in v0.12.0

func (a *Agent) Host(args *structs.HostDataRequest, reply *structs.HostDataResponse) error

Host returns data about the agent's host system for the `debug` command.

func (*Agent) Profile added in v0.10.4

func (a *Agent) Profile(args *structs.AgentPprofRequest, reply *structs.AgentPprofResponse) error

type Alloc

type Alloc struct {
	// contains filtered or unexported fields
}

Alloc endpoint is used for manipulating allocations

func NewAllocEndpoint added in v1.5.0

func NewAllocEndpoint(srv *Server, ctx *RPCContext) *Alloc

func (*Alloc) GetAlloc

GetAlloc is used to lookup a particular allocation

func (*Alloc) GetAllocs added in v0.3.0

func (a *Alloc) GetAllocs(args *structs.AllocsGetRequest,
	reply *structs.AllocsGetResponse) error

GetAllocs is used to lookup a set of allocations

func (*Alloc) GetServiceRegistrations added in v1.3.0

GetServiceRegistrations returns a list of service registrations which belong to the passed allocation ID.

func (*Alloc) List

List is used to list the allocations in the system

func (*Alloc) Stop added in v0.9.2

Stop is used to stop an allocation and migrate it to another node.

func (*Alloc) UpdateDesiredTransition added in v0.8.0

func (a *Alloc) UpdateDesiredTransition(args *structs.AllocUpdateDesiredTransitionRequest, reply *structs.GenericResponse) error

UpdateDesiredTransition is used to update the desired transitions of an allocation.

type AllocGetter added in v0.9.6

type AllocGetter interface {
	AllocByID(ws memdb.WatchSet, id string) (*structs.Allocation, error)
}

AllocGetter is an interface for retrieving allocations by ID. It is satisfied by *state.StateStore and *state.StateSnapshot.

type AutopilotDelegate added in v0.8.0

type AutopilotDelegate struct {
	// contains filtered or unexported fields
}

AutopilotDelegate is a Nomad delegate for autopilot operations. It implements the autopilot.ApplicationIntegration interface, and the methods required for that interface have been documented as such below.

func (*AutopilotDelegate) AutopilotConfig added in v0.8.0

func (d *AutopilotDelegate) AutopilotConfig() *autopilot.Config

AutopilotConfig is used to retrieve the latest configuration from the Nomad delegate. This method is required to implement the ApplicationIntegration interface.

func (*AutopilotDelegate) FetchServerStats added in v1.4.0

func (d *AutopilotDelegate) FetchServerStats(ctx context.Context, servers map[raft.ServerID]*autopilot.Server) map[raft.ServerID]*autopilot.ServerStats

FetchServerStats will be called by autopilot to request Nomad fetch the server stats out of band. This method is required to implement the ApplicationIntegration interface

func (*AutopilotDelegate) KnownServers added in v1.4.0

func (d *AutopilotDelegate) KnownServers() map[raft.ServerID]*autopilot.Server

KnownServers will be called by autopilot to request the list of servers known to Nomad. This method is required to implement the ApplicationIntegration interface

func (*AutopilotDelegate) NotifyState added in v1.4.0

func (d *AutopilotDelegate) NotifyState(state *autopilot.State)

NotifyState will be called when the autopilot state is updated. The Nomad leader heartbeats a metric for monitoring based on this information. This method is required to implement the ApplicationIntegration interface

func (*AutopilotDelegate) RemoveFailedServer added in v1.4.0

func (d *AutopilotDelegate) RemoveFailedServer(failedSrv *autopilot.Server)

RemoveFailedServer will be called by autopilot to notify Nomad to remove the server in a failed state. This method is required to implement the ApplicationIntegration interface. (Note this is expected to return immediately so we'll spawn a goroutine for it.)

type BadNodeTracker added in v1.3.2

type BadNodeTracker interface {
	Add(string) bool
	EmitStats(time.Duration, <-chan struct{})
}

type BlockedEvals added in v0.3.0

type BlockedEvals struct {
	// contains filtered or unexported fields
}

BlockedEvals is used to track evaluations that shouldn't be queued until a certain class of nodes becomes available. An evaluation is put into the blocked state when it is run through the scheduler and produced failed allocations. It is unblocked when the capacity of a node that could run the failed allocation becomes available.

func NewBlockedEvals added in v0.3.0

func NewBlockedEvals(evalBroker *EvalBroker, logger hclog.Logger) *BlockedEvals

NewBlockedEvals creates a new blocked eval tracker that will enqueue unblocked evals into the passed broker.

func (*BlockedEvals) Block added in v0.3.0

func (b *BlockedEvals) Block(eval *structs.Evaluation)

Block tracks the passed evaluation and enqueues it into the eval broker when a suitable node calls unblock.

func (*BlockedEvals) EmitStats added in v0.3.0

func (b *BlockedEvals) EmitStats(period time.Duration, stopCh <-chan struct{})

EmitStats is used to export metrics about the blocked eval tracker while enabled

func (*BlockedEvals) Enabled added in v0.3.0

func (b *BlockedEvals) Enabled() bool

Enabled is used to check if the broker is enabled.

func (*BlockedEvals) Flush added in v0.3.0

func (b *BlockedEvals) Flush()

Flush is used to clear the state of blocked evaluations.

func (*BlockedEvals) GetDuplicates added in v0.3.0

func (b *BlockedEvals) GetDuplicates(timeout time.Duration) []*structs.Evaluation

GetDuplicates returns all the duplicate evaluations and blocks until the passed timeout.

func (*BlockedEvals) Reblock added in v0.4.0

func (b *BlockedEvals) Reblock(eval *structs.Evaluation, token string)

Reblock tracks the passed evaluation and enqueues it into the eval broker when a suitable node calls unblock. Reblock should be used over Block when the blocking is occurring by an outstanding evaluation. The token is the evaluation's token.

func (*BlockedEvals) SetEnabled added in v0.3.0

func (b *BlockedEvals) SetEnabled(enabled bool)

SetEnabled is used to control if the blocked eval tracker is enabled. The tracker should only be enabled on the active leader.

func (*BlockedEvals) SetTimetable added in v0.7.0

func (b *BlockedEvals) SetTimetable(timetable *TimeTable)

func (*BlockedEvals) Stats added in v0.3.0

func (b *BlockedEvals) Stats() *BlockedStats

Stats is used to query the state of the blocked eval tracker.

func (*BlockedEvals) Unblock added in v0.3.0

func (b *BlockedEvals) Unblock(computedClass string, index uint64)

Unblock causes any evaluation that could potentially make progress on a capacity change on the passed computed node class to be enqueued into the eval broker.

func (*BlockedEvals) UnblockClassAndQuota added in v0.7.0

func (b *BlockedEvals) UnblockClassAndQuota(class, quota string, index uint64)

UnblockClassAndQuota causes any evaluation that could potentially make progress on a capacity change on the passed computed node class or quota to be enqueued into the eval broker.

func (*BlockedEvals) UnblockFailed added in v0.4.0

func (b *BlockedEvals) UnblockFailed()

UnblockFailed unblocks all blocked evaluation that were due to scheduler failure.

func (*BlockedEvals) UnblockNode added in v0.9.4

func (b *BlockedEvals) UnblockNode(nodeID string, index uint64)

UnblockNode finds any blocked evalution that's node specific (system jobs) and enqueues it on the eval broker

func (*BlockedEvals) UnblockQuota added in v0.7.0

func (b *BlockedEvals) UnblockQuota(quota string, index uint64)

UnblockQuota causes any evaluation that could potentially make progress on a capacity change on the passed quota to be enqueued into the eval broker.

func (*BlockedEvals) Untrack added in v0.5.3

func (b *BlockedEvals) Untrack(jobID, namespace string)

Untrack causes any blocked evaluation for the passed job to be no longer tracked. Untrack is called when there is a successful evaluation for the job and a blocked evaluation is no longer needed.

type BlockedResourcesStats added in v1.1.0

type BlockedResourcesStats struct {
	ByJob       map[structs.NamespacedID]BlockedResourcesSummary
	ByClassInDC map[classInDC]BlockedResourcesSummary
}

BlockedResourcesStats stores resources requested by blocked evaluations, tracked both by job and by node.

func NewBlockedResourcesStats added in v1.1.0

func NewBlockedResourcesStats() *BlockedResourcesStats

NewBlockedResourcesStats returns a new BlockedResourcesStats.

func (*BlockedResourcesStats) Add added in v1.1.0

Add returns a new BlockedResourcesStats with the values set to the current resource values plus the input.

func (*BlockedResourcesStats) Copy added in v1.1.0

Copy returns a deep copy of the blocked resource stats.

func (*BlockedResourcesStats) Subtract added in v1.1.0

Subtract returns a new BlockedResourcesStats with the values set to the current resource values minus the input.

type BlockedResourcesSummary added in v1.1.0

type BlockedResourcesSummary struct {
	Timestamp time.Time
	CPU       int
	MemoryMB  int
}

BlockedResourcesSummary stores resource values for blocked evals.

func (BlockedResourcesSummary) Add added in v1.1.0

Add returns a new BlockedResourcesSummary with each resource set to the current value plus the input.

func (BlockedResourcesSummary) IsZero added in v1.1.0

func (b BlockedResourcesSummary) IsZero() bool

IsZero returns true if all resource values are zero.

func (BlockedResourcesSummary) Subtract added in v1.1.0

Subtract returns a new BlockedResourcesSummary with each resource set to the current value minus the input.

type BlockedStats added in v0.3.0

type BlockedStats struct {
	// TotalEscaped is the total number of blocked evaluations that have escaped
	// computed node classes.
	TotalEscaped int

	// TotalBlocked is the total number of blocked evaluations.
	TotalBlocked int

	// TotalQuotaLimit is the total number of blocked evaluations that are due
	// to the quota limit being reached.
	TotalQuotaLimit int

	// BlockedResources stores the amount of resources requested by blocked
	// evaluations.
	BlockedResources *BlockedResourcesStats
}

BlockedStats returns all the stats about the blocked eval tracker.

func NewBlockedStats added in v1.1.0

func NewBlockedStats() *BlockedStats

NewBlockedStats returns a new BlockedStats.

func (*BlockedStats) Block added in v1.1.0

func (b *BlockedStats) Block(eval *structs.Evaluation)

Block updates the stats for the blocked eval tracker with the details of the evaluation being blocked.

func (*BlockedStats) Unblock added in v1.1.0

func (b *BlockedStats) Unblock(eval *structs.Evaluation)

Unblock updates the stats for the blocked eval tracker with the details of the evaluation being unblocked.

type BrokerStats

type BrokerStats struct {
	TotalReady      int
	TotalUnacked    int
	TotalPending    int
	TotalWaiting    int
	TotalCancelable int
	DelayedEvals    map[string]*structs.Evaluation
	ByScheduler     map[string]*SchedulerStats
}

BrokerStats returns all the stats about the broker

type CSIPlugin added in v0.11.0

type CSIPlugin struct {
	// contains filtered or unexported fields
}

CSIPlugin wraps the structs.CSIPlugin with request data and server context

func NewCSIPluginEndpoint added in v1.5.0

func NewCSIPluginEndpoint(srv *Server, ctx *RPCContext) *CSIPlugin

func (*CSIPlugin) Delete added in v0.11.2

Delete deletes a plugin if it is unused

func (*CSIPlugin) Get added in v0.11.0

Get fetches detailed information about a specific plugin

func (*CSIPlugin) List added in v0.11.0

List replies with CSIPlugins, filtered by ACL access

type CSIVolume added in v0.11.0

type CSIVolume struct {
	// contains filtered or unexported fields
}

CSIVolume wraps the structs.CSIVolume with request data and server context

func NewCSIVolumeEndpoint added in v1.5.0

func NewCSIVolumeEndpoint(srv *Server, ctx *RPCContext) *CSIVolume

func (*CSIVolume) Claim added in v0.11.0

Claim submits a change to a volume claim

func (*CSIVolume) Create added in v1.1.0

func (*CSIVolume) CreateSnapshot added in v1.1.0

func (*CSIVolume) Delete added in v1.1.0

func (*CSIVolume) DeleteSnapshot added in v1.1.0

func (*CSIVolume) Deregister added in v0.11.0

Deregister removes a set of volumes

func (*CSIVolume) Get added in v0.11.0

Get fetches detailed information about a specific volume

func (*CSIVolume) List added in v0.11.0

List replies with CSIVolumes, filtered by ACL access

func (*CSIVolume) ListExternal added in v1.1.0

func (*CSIVolume) ListSnapshots added in v1.1.0

func (*CSIVolume) Register added in v0.11.0

Register registers a new volume or updates an existing volume. Note that most user-defined CSIVolume fields are immutable once the volume has been created.

If the user needs to change fields because they've misconfigured the registration of the external volume, we expect that claims won't work either, and the user can deregister the volume and try again with the right settings. This lets us be as strict with validation here as the CreateVolume CSI RPC is expected to be.

func (*CSIVolume) Unpublish added in v0.12.2

Unpublish synchronously sends the NodeUnpublish, NodeUnstage, and ControllerUnpublish RPCs to the client. It handles errors according to the current claim state.

type CachedBadNodeTracker added in v1.3.2

type CachedBadNodeTracker struct {
	// contains filtered or unexported fields
}

CachedBadNodeTracker keeps a record of nodes marked as bad by the plan applier in a LRU cache.

It takes a time window and a threshold value. Plan rejections for a node will be registered with its timestamp. If the number of rejections within the time window is greater than the threshold the node is reported as bad.

The tracker uses a fixed size cache that evicts old entries based on access frequency and recency.

func NewCachedBadNodeTracker added in v1.3.2

func NewCachedBadNodeTracker(logger hclog.Logger, config CachedBadNodeTrackerConfig) (*CachedBadNodeTracker, error)

NewCachedBadNodeTracker returns a new CachedBadNodeTracker.

func (*CachedBadNodeTracker) Add added in v1.3.2

func (c *CachedBadNodeTracker) Add(nodeID string) bool

Add records a new rejection for a node and returns true if the number of rejections reaches the threshold.

If it's the first time the node is added it will be included in the internal cache. If the cache is full the least recently updated or accessed node is evicted.

func (*CachedBadNodeTracker) EmitStats added in v1.3.2

func (c *CachedBadNodeTracker) EmitStats(period time.Duration, stopCh <-chan struct{})

EmitStats generates metrics for the bad nodes being currently tracked. Must be called in a goroutine.

type CachedBadNodeTrackerConfig added in v1.3.2

type CachedBadNodeTrackerConfig struct {
	CacheSize int
	RateLimit float64
	BurstSize int
	Window    time.Duration
	Threshold int
}

func DefaultCachedBadNodeTrackerConfig added in v1.3.2

func DefaultCachedBadNodeTrackerConfig() CachedBadNodeTrackerConfig

type ClientAllocations added in v0.8.0

type ClientAllocations struct {
	// contains filtered or unexported fields
}

ClientAllocations is used to forward RPC requests to the targeted Nomad client's Allocation endpoint.

func NewClientAllocationsEndpoint added in v1.5.0

func NewClientAllocationsEndpoint(srv *Server) *ClientAllocations

func (*ClientAllocations) Checks added in v1.4.0

Checks is the server implementation of the allocation checks RPC. The ultimate response is provided by the node running the allocation. This RPC is needed to handle queries which hit the server agent API directly, or via another node which is not running the allocation.

func (*ClientAllocations) GarbageCollect added in v0.8.0

GarbageCollect is used to garbage collect an allocation on a client.

func (*ClientAllocations) GarbageCollectAll added in v0.8.0

func (a *ClientAllocations) GarbageCollectAll(args *structs.NodeSpecificRequest, reply *structs.GenericResponse) error

GarbageCollectAll is used to garbage collect all allocations on a client.

func (*ClientAllocations) Restart added in v0.9.2

Restart is used to trigger a restart of an allocation or a subtask on a client.

func (*ClientAllocations) Signal added in v0.9.2

Signal is used to send a signal to an allocation on a client.

func (*ClientAllocations) Stats added in v0.8.0

Stats is used to collect allocation statistics

type ClientCSI added in v0.11.0

type ClientCSI struct {
	// contains filtered or unexported fields
}

ClientCSI is used to forward RPC requests to the targed Nomad client's CSIController endpoint.

func NewClientCSIEndpoint added in v1.5.0

func NewClientCSIEndpoint(srv *Server, ctx *RPCContext) *ClientCSI

func (*ClientCSI) ControllerAttachVolume added in v0.11.0

func (*ClientCSI) ControllerCreateSnapshot added in v1.1.0

func (*ClientCSI) ControllerCreateVolume added in v1.1.0

func (*ClientCSI) ControllerDeleteSnapshot added in v1.1.0

func (*ClientCSI) ControllerDeleteVolume added in v1.1.0

func (*ClientCSI) ControllerDetachVolume added in v0.11.0

func (*ClientCSI) ControllerListSnapshots added in v1.1.0

func (*ClientCSI) ControllerListVolumes added in v1.1.0

func (*ClientCSI) ControllerValidateVolume added in v0.11.0

func (*ClientCSI) NodeDetachVolume added in v0.11.0

type ClientStats added in v0.8.0

type ClientStats struct {
	// contains filtered or unexported fields
}

ClientStats is used to forward RPC requests to the targed Nomad client's ClientStats endpoint.

func NewClientStatsEndpoint added in v1.5.0

func NewClientStatsEndpoint(srv *Server) *ClientStats

func (*ClientStats) Stats added in v0.8.0

type Config

type Config struct {
	// BootstrapExpect mode is used to automatically bring up a
	// collection of Nomad servers. This can be used to automatically
	// bring up a collection of nodes.
	//
	// The BootstrapExpect can be of any of the following values:
	//  1: Server will form a single node cluster and become a leader immediately
	//  N, larger than 1: Server will wait until it's connected to N servers
	//      before attempting leadership and forming the cluster.  No Raft Log operation
	//      will succeed until then.
	//  0: Server will wait to get a Raft configuration from another node and may not
	//      attempt to form a cluster or establish leadership on its own.
	BootstrapExpect int

	// DataDir is the directory to store our state in
	DataDir string

	// DevMode is used for development purposes only and limits the
	// use of persistence or state.
	DevMode bool

	// EnableDebug is used to enable debugging RPC endpoints
	// in the absence of ACLs
	EnableDebug bool

	// EnableEventBroker is used to enable or disable state store
	// event publishing
	EnableEventBroker bool

	// EventBufferSize is the amount of events to hold in memory.
	EventBufferSize int64

	// LogOutput is the location to write logs to. If this is not set,
	// logs will go to stderr.
	LogOutput io.Writer

	// Logger is the logger used by the server.
	Logger log.InterceptLogger

	// RPCAddr is the RPC address used by Nomad. This should be reachable
	// by the other servers and clients
	RPCAddr *net.TCPAddr

	// ClientRPCAdvertise is the address that is advertised to client nodes for
	// the RPC endpoint. This can differ from the RPC address, if for example
	// the RPCAddr is unspecified "0.0.0.0:4646", but this address must be
	// reachable
	ClientRPCAdvertise *net.TCPAddr

	// ServerRPCAdvertise is the address that is advertised to other servers for
	// the RPC endpoint. This can differ from the RPC address, if for example
	// the RPCAddr is unspecified "0.0.0.0:4646", but this address must be
	// reachable
	ServerRPCAdvertise *net.TCPAddr

	// RaftConfig is the configuration used for Raft in the local DC
	RaftConfig *raft.Config

	// RaftTimeout is applied to any network traffic for raft. Defaults to 10s.
	RaftTimeout time.Duration

	// (Enterprise-only) NonVoter is used to prevent this server from being added
	// as a voting member of the Raft cluster.
	NonVoter bool

	// (Enterprise-only) RedundancyZone is the redundancy zone to use for this server.
	RedundancyZone string

	// (Enterprise-only) UpgradeVersion is the custom upgrade version to use when
	// performing upgrade migrations.
	UpgradeVersion string

	// SerfConfig is the configuration for the serf cluster
	SerfConfig *serf.Config

	// Node name is the name we use to advertise. Defaults to hostname.
	NodeName string

	// NodeID is the uuid of this server.
	NodeID string

	// Region is the region this Nomad server belongs to.
	Region string

	// AuthoritativeRegion is the region which is treated as the authoritative source
	// for ACLs and Policies. This provides a single source of truth to resolve conflicts.
	AuthoritativeRegion string

	// Datacenter is the datacenter this Nomad server belongs to.
	Datacenter string

	// Build is a string that is gossiped around, and can be used to help
	// operators track which versions are actively deployed
	Build string

	// BuildDate is the time of the git commit used to build the program.
	BuildDate time.Time

	// Revision is a string that carries the version.GitCommit of Nomad that
	// was compiled.
	Revision string

	// NumSchedulers is the number of scheduler thread that are run.
	// This can be as many as one per core, or zero to disable this server
	// from doing any scheduling work.
	NumSchedulers int

	// EnabledSchedulers controls the set of sub-schedulers that are
	// enabled for this server to handle. This will restrict the evaluations
	// that the workers dequeue for processing.
	EnabledSchedulers []string

	// ReconcileInterval controls how often we reconcile the strongly
	// consistent store with the Serf info. This is used to handle nodes
	// that are force removed, as well as intermittent unavailability during
	// leader election.
	ReconcileInterval time.Duration

	// EvalGCInterval is how often we dispatch a job to GC evaluations
	EvalGCInterval time.Duration

	// EvalGCThreshold is how "old" an evaluation must be to be eligible
	// for GC. This gives users some time to debug a failed evaluation.
	//
	// Please note that the rules for GC of evaluations which belong to a batch
	// job are separate and controlled by `BatchEvalGCThreshold`
	EvalGCThreshold time.Duration

	// BatchEvalGCThreshold is how "old" an evaluation must be to be eligible
	// for GC if the eval belongs to a batch job.
	BatchEvalGCThreshold time.Duration

	// JobGCInterval is how often we dispatch a job to GC jobs that are
	// available for garbage collection.
	JobGCInterval time.Duration

	// JobGCThreshold is how old a job must be before it eligible for GC. This gives
	// the user time to inspect the job.
	JobGCThreshold time.Duration

	// NodeGCInterval is how often we dispatch a job to GC failed nodes.
	NodeGCInterval time.Duration

	// NodeGCThreshold is how "old" a node must be to be eligible
	// for GC. This gives users some time to view and debug a failed nodes.
	NodeGCThreshold time.Duration

	// DeploymentGCInterval is how often we dispatch a job to GC terminal
	// deployments.
	DeploymentGCInterval time.Duration

	// DeploymentGCThreshold is how "old" a deployment must be to be eligible
	// for GC. This gives users some time to view terminal deployments.
	DeploymentGCThreshold time.Duration

	// CSIPluginGCInterval is how often we dispatch a job to GC unused plugins.
	CSIPluginGCInterval time.Duration

	// CSIPluginGCThreshold is how "old" a plugin must be to be eligible
	// for GC. This gives users some time to debug plugins.
	CSIPluginGCThreshold time.Duration

	// CSIVolumeClaimGCInterval is how often we dispatch a job to GC
	// volume claims.
	CSIVolumeClaimGCInterval time.Duration

	// CSIVolumeClaimGCThreshold is how "old" a volume must be to be
	// eligible for GC. This gives users some time to debug volumes.
	CSIVolumeClaimGCThreshold time.Duration

	// OneTimeTokenGCInterval is how often we dispatch a job to GC
	// one-time tokens.
	OneTimeTokenGCInterval time.Duration

	// ACLTokenExpirationGCInterval is how often we dispatch a job to GC
	// expired ACL tokens.
	ACLTokenExpirationGCInterval time.Duration

	// ACLTokenExpirationGCThreshold controls how "old" an expired ACL token
	// must be to be collected by GC.
	ACLTokenExpirationGCThreshold time.Duration

	// RootKeyGCInterval is how often we dispatch a job to GC
	// encryption key metadata
	RootKeyGCInterval time.Duration

	// RootKeyGCThreshold is how "old" encryption key metadata must be
	// to be eligible for GC.
	RootKeyGCThreshold time.Duration

	// RootKeyRotationThreshold is how "old" an active key can be
	// before it's rotated
	RootKeyRotationThreshold time.Duration

	// VariablesRekeyInterval is how often we dispatch a job to
	// rekey any variables associated with a key in the Rekeying state
	VariablesRekeyInterval time.Duration

	// EvalNackTimeout controls how long we allow a sub-scheduler to
	// work on an evaluation before we consider it failed and Nack it.
	// This allows that evaluation to be handed to another sub-scheduler
	// to work on. Defaults to 60 seconds. This should be long enough that
	// no evaluation hits it unless the sub-scheduler has failed.
	EvalNackTimeout time.Duration

	// EvalDeliveryLimit is the limit of attempts we make to deliver and
	// process an evaluation. This is used so that an eval that will never
	// complete eventually fails out of the system.
	EvalDeliveryLimit int

	// EvalNackInitialReenqueueDelay is the delay applied before reenqueuing a
	// Nacked evaluation for the first time. This value should be small as the
	// initial Nack can be due to a down machine and the eval should be retried
	// quickly for liveliness.
	EvalNackInitialReenqueueDelay time.Duration

	// EvalNackSubsequentReenqueueDelay is the delay applied before reenqueuing
	// an evaluation that has been Nacked more than once. This delay is
	// compounding after the first Nack. This value should be significantly
	// longer than the initial delay as the purpose it severs is to apply
	// back-pressure as evaluations are being Nacked either due to scheduler
	// failures or because they are hitting their Nack timeout, both of which
	// are signs of high server resource usage.
	EvalNackSubsequentReenqueueDelay time.Duration

	// EvalFailedFollowupBaselineDelay is the minimum time waited before
	// retrying a failed evaluation.
	EvalFailedFollowupBaselineDelay time.Duration

	// EvalReapCancelableInterval is the interval for the periodic reaping of
	// cancelable evaluations. Cancelable evaluations are canceled whenever any
	// eval is ack'd but this sweeps up on quiescent clusters. This config value
	// exists only for testing.
	EvalReapCancelableInterval time.Duration

	// EvalFailedFollowupDelayRange defines the range of additional time from
	// the baseline in which to wait before retrying a failed evaluation. The
	// additional delay is selected from this range randomly.
	EvalFailedFollowupDelayRange time.Duration

	// NodePlanRejectionEnabled controls if node rejection tracker is enabled.
	NodePlanRejectionEnabled bool

	// NodePlanRejectionThreshold is the number of times a node must have a
	// plan rejection before it is set as ineligible.
	NodePlanRejectionThreshold int

	// NodePlanRejectionWindow is the time window used to track plan
	// rejections for nodes.
	NodePlanRejectionWindow time.Duration

	// MinHeartbeatTTL is the minimum time between heartbeats.
	// This is used as a floor to prevent excessive updates.
	MinHeartbeatTTL time.Duration

	// MaxHeartbeatsPerSecond is the maximum target rate of heartbeats
	// being processed per second. This allows the TTL to be increased
	// to meet the target rate.
	MaxHeartbeatsPerSecond float64

	// HeartbeatGrace is the additional time given as a grace period
	// beyond the TTL to account for network and processing delays
	// as well as clock skew.
	HeartbeatGrace time.Duration

	// FailoverHeartbeatTTL is the TTL applied to heartbeats after
	// a new leader is elected, since we no longer know the status
	// of all the heartbeats.
	FailoverHeartbeatTTL time.Duration

	// ConsulConfig is this Agent's Consul configuration
	ConsulConfig *config.ConsulConfig

	// VaultConfig is this Agent's Vault configuration
	VaultConfig *config.VaultConfig

	// RPCHoldTimeout is how long an RPC can be "held" before it is errored.
	// This is used to paper over a loss of leadership by instead holding RPCs,
	// so that the caller experiences a slow response rather than an error.
	// This period is meant to be long enough for a leader election to take
	// place, and a small jitter is applied to avoid a thundering herd.
	RPCHoldTimeout time.Duration

	// TLSConfig holds various TLS related configurations
	TLSConfig *config.TLSConfig

	// ACLEnabled controls if ACL enforcement and management is enabled.
	ACLEnabled bool

	// ReplicationBackoff is how much we backoff when replication errors.
	// This is a tunable knob for testing primarily.
	ReplicationBackoff time.Duration

	// ReplicationToken is the ACL Token Secret ID used to fetch from
	// the Authoritative Region.
	ReplicationToken string

	// TokenMinExpirationTTL is used to enforce the lowest acceptable value for
	// ACL token expiration.
	ACLTokenMinExpirationTTL time.Duration

	// TokenMaxExpirationTTL is used to enforce the highest acceptable value
	// for ACL token expiration.
	ACLTokenMaxExpirationTTL time.Duration

	// SentinelGCInterval is the interval that we GC unused policies.
	SentinelGCInterval time.Duration

	// SentinelConfig is this Agent's Sentinel configuration
	SentinelConfig *config.SentinelConfig

	// StatsCollectionInterval is the interval at which the Nomad server
	// publishes metrics which are periodic in nature like updating gauges
	StatsCollectionInterval time.Duration

	// DisableDispatchedJobSummaryMetrics allows for ignore dispatched jobs when
	// publishing Job summary metrics
	DisableDispatchedJobSummaryMetrics bool

	// DisableRPCRateMetricsLabels drops the label for the identity of the
	// requester when publishing metrics on RPC rate on the server. This may be
	// useful to control metrics collection costs in environments where request
	// rate is well-controlled but cardinality of requesters is high.
	DisableRPCRateMetricsLabels bool

	// AutopilotConfig is used to apply the initial autopilot config when
	// bootstrapping.
	AutopilotConfig *structs.AutopilotConfig

	// ServerHealthInterval is the frequency with which the health of the
	// servers in the cluster will be updated.
	ServerHealthInterval time.Duration

	// AutopilotInterval is the frequency with which the leader will perform
	// autopilot tasks, such as promoting eligible non-voters and removing
	// dead servers.
	AutopilotInterval time.Duration

	// DefaultSchedulerConfig configures the initial scheduler config to be persisted in Raft.
	// Once the cluster is bootstrapped, and Raft persists the config (from here or through API)
	// and this value is ignored.
	DefaultSchedulerConfig structs.SchedulerConfiguration `hcl:"default_scheduler_config"`

	// RPCHandshakeTimeout is the deadline by which RPC handshakes must
	// complete. The RPC handshake includes the first byte read as well as
	// the TLS handshake and subsequent byte read if TLS is enabled.
	//
	// The deadline is reset after the first byte is read so when TLS is
	// enabled RPC connections may take (timeout * 2) to complete.
	//
	// 0 means no timeout.
	RPCHandshakeTimeout time.Duration

	// RPCMaxConnsPerClient is the maximum number of concurrent RPC
	// connections from a single IP address. nil/0 means no limit.
	RPCMaxConnsPerClient int

	// LicenseConfig is a tunable knob for enterprise license testing.
	LicenseConfig *LicenseConfig
	LicenseEnv    string
	LicensePath   string

	// SearchConfig provides knobs for Search API.
	SearchConfig *structs.SearchConfig

	// RaftBoltNoFreelistSync configures whether freelist syncing is enabled.
	RaftBoltNoFreelistSync bool

	// AgentShutdown is used to call agent.Shutdown from the context of a Server
	// It is used primarily for licensing
	AgentShutdown func() error

	// DeploymentQueryRateLimit is in queries per second and is used by the
	// DeploymentWatcher to throttle the amount of simultaneously deployments
	DeploymentQueryRateLimit float64

	// JobDefaultPriority is the default Job priority if not specified.
	JobDefaultPriority int

	// JobMaxPriority is an upper bound on the Job priority.
	JobMaxPriority int
}

Config is used to parameterize the server

func DefaultConfig

func DefaultConfig() *Config

DefaultConfig returns the default configuration. Only used as the basis for merging agent or test parameters.

func (*Config) Copy added in v1.2.13

func (c *Config) Copy() *Config

type ConsulACLsAPI added in v0.10.4

type ConsulACLsAPI interface {
	// CheckPermissions checks that the given Consul token has the necessary ACL
	// permissions for each way that Consul is used as indicated by usage,
	// returning an error if not.
	CheckPermissions(ctx context.Context, namespace string, usage *structs.ConsulUsage, secretID string) error

	// Create instructs Consul to create a Service Identity token.
	CreateToken(context.Context, ServiceIdentityRequest) (*structs.SIToken, error)

	// RevokeTokens instructs Consul to revoke the given token accessors.
	RevokeTokens(context.Context, []*structs.SITokenAccessor, bool) bool

	// MarkForRevocation marks the tokens for background revocation
	MarkForRevocation([]*structs.SITokenAccessor)

	// Stop is used to stop background token revocations. Intended to be used
	// on Nomad Server shutdown.
	Stop()
}

ConsulACLsAPI is an abstraction over the consul/api.ACL API used by Nomad Server.

ACL requirements - acl:write (transitive through ACLsAPI)

type ConsulConfigsAPI added in v0.12.4

type ConsulConfigsAPI interface {
	// SetIngressCE adds the given ConfigEntry to Consul, overwriting
	// the previous entry if set.
	SetIngressCE(ctx context.Context, namespace, service string, entry *structs.ConsulIngressConfigEntry) error

	// SetTerminatingCE adds the given ConfigEntry to Consul, overwriting
	// the previous entry if set.
	SetTerminatingCE(ctx context.Context, namespace, service string, entry *structs.ConsulTerminatingConfigEntry) error

	// Stop is used to stop additional creations of Configuration Entries. Intended to
	// be used on Nomad Server shutdown.
	Stop()
}

ConsulConfigsAPI is an abstraction over the consul/api.ConfigEntries API used by Nomad Server.

Nomad will only perform write operations on Consul Ingress/Terminating Gateway Configuration Entries. Removing the entries is not yet safe, given that multiple Nomad clusters may be writing to the same config entries, which are global in the Consul scope. There was a Meta field introduced which Nomad can leverage in the future, when Consul no longer supports versions that do not contain the field. The Meta field would be used to track which Nomad "owns" the CE. https://github.com/hashicorp/nomad/issues/8971

type ConsulKeyRule added in v1.1.0

type ConsulKeyRule struct {
	Name   string `hcl:",key"`
	Policy string
}

ConsulKeyRule represents a policy for the keystore.

type ConsulPolicy added in v0.10.4

type ConsulPolicy struct {
	Services          []*ConsulServiceRule     `hcl:"service,expand"`
	ServicePrefixes   []*ConsulServiceRule     `hcl:"service_prefix,expand"`
	KeyPrefixes       []*ConsulKeyRule         `hcl:"key_prefix,expand"`
	Namespaces        map[string]*ConsulPolicy `hcl:"namespace,expand"`
	NamespacePrefixes map[string]*ConsulPolicy `hcl:"namespace_prefix,expand"`
}

ConsulPolicy represents the parts of a ConsulServiceRule Policy that are relevant to Service Identity authorizations.

type ConsulServiceRule added in v0.10.4

type ConsulServiceRule struct {
	Name   string `hcl:",key"`
	Policy string
}

ConsulServiceRule represents a policy for a service.

type CoreScheduler

type CoreScheduler struct {
	// contains filtered or unexported fields
}

CoreScheduler is a special "scheduler" that is registered as "_core". It is used to run various administrative work across the cluster.

func (*CoreScheduler) Process

func (c *CoreScheduler) Process(eval *structs.Evaluation) error

Process is used to implement the scheduler.Scheduler interface

type Deployment added in v0.6.0

type Deployment struct {
	// contains filtered or unexported fields
}

Deployment endpoint is used for manipulating deployments

func NewDeploymentEndpoint added in v1.5.0

func NewDeploymentEndpoint(srv *Server, ctx *RPCContext) *Deployment

func (*Deployment) Allocations added in v0.6.0

Allocations returns the list of allocations that are a part of the deployment

func (*Deployment) Cancel added in v0.12.0

Cancel is used to cancel a deployment

func (*Deployment) Fail added in v0.6.0

Fail is used to force fail a deployment

func (*Deployment) GetDeployment added in v0.6.0

GetDeployment is used to request information about a specific deployment

func (*Deployment) List added in v0.6.0

List returns the list of deployments in the system

func (*Deployment) Pause added in v0.6.0

Pause is used to pause a deployment

func (*Deployment) Promote added in v0.6.0

Promote is used to promote canaries in a deployment

func (*Deployment) Reap added in v0.6.0

Reap is used to cleanup terminal deployments

func (*Deployment) Run added in v0.12.0

Run is used to start a pending deployment

func (*Deployment) SetAllocHealth added in v0.6.0

SetAllocHealth is used to set the health of allocations that are part of the deployment.

func (*Deployment) Unblock added in v0.12.0

Unblock is used to unblock a deployment

type Encrypter added in v1.4.0

type Encrypter struct {
	// contains filtered or unexported fields
}

Encrypter is the keyring for encrypting variables and signing workload identities.

func NewEncrypter added in v1.4.0

func NewEncrypter(srv *Server, keystorePath string) (*Encrypter, error)

NewEncrypter loads or creates a new local keystore and returns an encryption keyring with the keys it finds.

func (*Encrypter) AddKey added in v1.4.0

func (e *Encrypter) AddKey(rootKey *structs.RootKey) error

AddKey stores the key in the keystore and creates a new cipher for it.

func (*Encrypter) Decrypt added in v1.4.0

func (e *Encrypter) Decrypt(ciphertext []byte, keyID string) ([]byte, error)

Decrypt takes an encrypted buffer and then root key ID. It extracts the nonce, decrypts the content, and returns the cleartext data.

func (*Encrypter) Encrypt added in v1.4.0

func (e *Encrypter) Encrypt(cleartext []byte) ([]byte, string, error)

Encrypt encrypts the clear data with the cipher for the current root key, and returns the cipher text (including the nonce), and the key ID used to encrypt it

func (*Encrypter) GetKey added in v1.4.0

func (e *Encrypter) GetKey(keyID string) ([]byte, error)

GetKey retrieves the key material by ID from the keyring

func (*Encrypter) RemoveKey added in v1.4.0

func (e *Encrypter) RemoveKey(keyID string) error

RemoveKey removes a key by ID from the keyring

func (*Encrypter) SignClaims added in v1.4.0

func (e *Encrypter) SignClaims(claim *structs.IdentityClaims) (string, string, error)

SignClaims signs the identity claim for the task and returns an encoded JWT (including both the claim and its signature), the key ID of the key used to sign it, and any error.

func (*Encrypter) VerifyClaim added in v1.4.0

func (e *Encrypter) VerifyClaim(tokenString string) (*structs.IdentityClaims, error)

VerifyClaim accepts a previously-signed encoded claim and validates it before returning the claim

type EnterpriseEndpoints added in v0.7.0

type EnterpriseEndpoints struct{}

EnterpriseEndpoints holds the set of enterprise only endpoints to register

func NewEnterpriseEndpoints added in v0.7.0

func NewEnterpriseEndpoints(s *Server, ctx *RPCContext) *EnterpriseEndpoints

NewEnterpriseEndpoints returns a stub of the enterprise endpoints since there are none in oss

func (*EnterpriseEndpoints) Register added in v0.7.0

func (e *EnterpriseEndpoints) Register(s *rpc.Server)

Register is a no-op in oss.

type EnterpriseState added in v0.7.0

type EnterpriseState struct{}

func (*EnterpriseState) Features added in v0.12.0

func (es *EnterpriseState) Features() uint64

func (*EnterpriseState) ReloadLicense added in v1.1.0

func (es *EnterpriseState) ReloadLicense(_ *Config) error

type ErrMinIndexDeadlineExceeded added in v1.5.0

type ErrMinIndexDeadlineExceeded struct {
	// contains filtered or unexported fields
}

func (ErrMinIndexDeadlineExceeded) Error added in v1.5.0

func (ErrMinIndexDeadlineExceeded) Unwrap added in v1.5.0

Unwrapping an ErrMinIndexDeadlineExceeded always return context.DeadlineExceeded

type Eval

type Eval struct {
	// contains filtered or unexported fields
}

Eval endpoint is used for eval interactions

func NewEvalEndpoint added in v1.5.0

func NewEvalEndpoint(srv *Server, ctx *RPCContext) *Eval

func (*Eval) Ack

func (e *Eval) Ack(args *structs.EvalAckRequest,
	reply *structs.GenericResponse) error

Ack is used to acknowledge completion of a dequeued evaluation

func (*Eval) Allocations

func (e *Eval) Allocations(args *structs.EvalSpecificRequest,
	reply *structs.EvalAllocationsResponse) error

Allocations is used to list the allocations for an evaluation

func (*Eval) Count added in v1.4.3

func (e *Eval) Count(args *structs.EvalCountRequest, reply *structs.EvalCountResponse) error

Count is used to get a list of the evaluations in the system

func (*Eval) Create

func (e *Eval) Create(args *structs.EvalUpdateRequest,
	reply *structs.GenericResponse) error

Create is used to make a new evaluation

func (*Eval) Delete added in v1.3.2

func (e *Eval) Delete(
	args *structs.EvalDeleteRequest,
	reply *structs.EvalDeleteResponse) error

Delete is used by operators to delete evaluations during severe outages. It differs from Reap while duplicating some behavior to ensure we have the correct controls for user initiated deletions.

func (*Eval) Dequeue

func (e *Eval) Dequeue(args *structs.EvalDequeueRequest,
	reply *structs.EvalDequeueResponse) error

Dequeue is used to dequeue a pending evaluation

func (*Eval) GetEval

func (e *Eval) GetEval(args *structs.EvalSpecificRequest,
	reply *structs.SingleEvalResponse) error

GetEval is used to request information about a specific evaluation

func (*Eval) List

func (e *Eval) List(args *structs.EvalListRequest, reply *structs.EvalListResponse) error

List is used to get a list of the evaluations in the system

func (*Eval) Nack

func (e *Eval) Nack(args *structs.EvalAckRequest,
	reply *structs.GenericResponse) error

Nack is used to negative acknowledge completion of a dequeued evaluation.

func (*Eval) Reap

func (e *Eval) Reap(args *structs.EvalReapRequest,
	reply *structs.GenericResponse) error

Reap is used to cleanup dead evaluations and allocations

func (*Eval) Reblock added in v0.4.0

func (e *Eval) Reblock(args *structs.EvalUpdateRequest, reply *structs.GenericResponse) error

Reblock is used to reinsert an existing blocked evaluation into the blocked evaluation tracker.

func (*Eval) Update

func (e *Eval) Update(args *structs.EvalUpdateRequest,
	reply *structs.GenericResponse) error

Update is used to perform an update of an Eval if it is outstanding.

type EvalBroker

type EvalBroker struct {
	// contains filtered or unexported fields
}

EvalBroker is used to manage brokering of evaluations. When an evaluation is created, due to a change in a job specification or a node, we put it into the broker. The broker sorts by evaluations by priority and scheduler type. This allows us to dequeue the highest priority work first, while also allowing sub-schedulers to only dequeue work they know how to handle. The broker is designed to be entirely in-memory and is managed by the leader node.

The broker must provide at-least-once delivery semantics. It relies on explicit Ack/Nack messages to handle this. If a delivery is not Ack'd in a sufficient time span, it will be assumed Nack'd.

func NewEvalBroker

func NewEvalBroker(timeout, initialNackDelay, subsequentNackDelay time.Duration, deliveryLimit int) (*EvalBroker, error)

NewEvalBroker creates a new evaluation broker. This is parameterized with the timeout used for messages that are not acknowledged before we assume a Nack and attempt to redeliver as well as the deliveryLimit which prevents a failing eval from being endlessly delivered. The initialNackDelay is the delay before making a Nacked evaluation available again for the first Nack and subsequentNackDelay is the compounding delay after the first Nack.

func (*EvalBroker) Ack

func (b *EvalBroker) Ack(evalID, token string) error

Ack is used to positively acknowledge handling an evaluation

func (*EvalBroker) Cancelable added in v1.4.3

func (b *EvalBroker) Cancelable(batchSize int) []*structs.Evaluation

Cancelable retrieves a batch of previously-pending evaluations that are now stale and ready to mark for canceling. The eval RPC will call this with a batch size set to avoid sending overly large raft messages.

func (*EvalBroker) Dequeue

func (b *EvalBroker) Dequeue(schedulers []string, timeout time.Duration) (*structs.Evaluation, string, error)

Dequeue is used to perform a blocking dequeue. The next available evalution is returned as well as a unique token identifier for this dequeue. The token changes on leadership election to ensure a Dequeue prior to a leadership election cannot conflict with a Dequeue of the same evaluation after a leadership election.

func (*EvalBroker) EmitStats

func (b *EvalBroker) EmitStats(period time.Duration, stopCh <-chan struct{})

EmitStats is used to export metrics about the broker while enabled

func (*EvalBroker) Enabled

func (b *EvalBroker) Enabled() bool

Enabled is used to check if the broker is enabled.

func (*EvalBroker) Enqueue

func (b *EvalBroker) Enqueue(eval *structs.Evaluation)

Enqueue is used to enqueue a new evaluation

func (*EvalBroker) EnqueueAll added in v0.3.0

func (b *EvalBroker) EnqueueAll(evals map[*structs.Evaluation]string)

EnqueueAll is used to enqueue many evaluations. The map allows evaluations that are being re-enqueued to include their token.

When requeuing an evaluation that potentially may be already enqueued. The evaluation is handled in one of the following ways: * Evaluation not outstanding: Process as a normal Enqueue * Evaluation outstanding: Do not allow the evaluation to be dequeued til:

  • Ack received: Unblock the evaluation allowing it to be dequeued
  • Nack received: Drop the evaluation as it was created as a result of a scheduler run that was Nack'd

func (*EvalBroker) Nack

func (b *EvalBroker) Nack(evalID, token string) error

Nack is used to negatively acknowledge handling an evaluation

func (*EvalBroker) Outstanding

func (b *EvalBroker) Outstanding(evalID string) (string, bool)

Outstanding checks if an EvalID has been delivered but not acknowledged and returns the associated token for the evaluation.

func (*EvalBroker) OutstandingReset added in v0.2.0

func (b *EvalBroker) OutstandingReset(evalID, token string) error

OutstandingReset resets the Nack timer for the EvalID if the token matches and the eval is outstanding

func (*EvalBroker) PauseNackTimeout added in v0.3.1

func (b *EvalBroker) PauseNackTimeout(evalID, token string) error

PauseNackTimeout is used to pause the Nack timeout for an eval that is making progress but is in a potentially unbounded operation such as the plan queue.

func (*EvalBroker) ResumeNackTimeout added in v0.3.1

func (b *EvalBroker) ResumeNackTimeout(evalID, token string) error

ResumeNackTimeout is used to resume the Nack timeout for an eval that was paused. It should be resumed after leaving an unbounded operation.

func (*EvalBroker) SetEnabled

func (b *EvalBroker) SetEnabled(enabled bool)

SetEnabled is used to control if the broker is enabled. The broker should only be enabled on the active leader.

func (*EvalBroker) Stats

func (b *EvalBroker) Stats() *BrokerStats

Stats is used to query the state of the broker

type EvaluatePool added in v0.3.0

type EvaluatePool struct {
	// contains filtered or unexported fields
}

EvaluatePool is used to have a pool of workers that are evaluating if a plan is valid. It can be used to parallelize the evaluation of a plan.

func NewEvaluatePool added in v0.3.0

func NewEvaluatePool(workers, bufSize int) *EvaluatePool

NewEvaluatePool returns a pool of the given size.

func (*EvaluatePool) RequestCh added in v0.3.0

func (p *EvaluatePool) RequestCh() chan<- evaluateRequest

RequestCh is used to push requests

func (*EvaluatePool) ResultCh added in v0.3.0

func (p *EvaluatePool) ResultCh() <-chan evaluateResult

ResultCh is used to read the results as they are ready

func (*EvaluatePool) SetSize added in v0.3.0

func (p *EvaluatePool) SetSize(size int)

SetSize is used to resize the worker pool

func (*EvaluatePool) Shutdown added in v0.3.0

func (p *EvaluatePool) Shutdown()

Shutdown is used to shutdown the pool

func (*EvaluatePool) Size added in v0.3.0

func (p *EvaluatePool) Size() int

Size returns the current size

type Event added in v1.0.0

type Event struct {
	// contains filtered or unexported fields
}

func NewEventEndpoint added in v1.5.0

func NewEventEndpoint(srv *Server) *Event

type FSMConfig added in v0.7.0

type FSMConfig struct {
	// EvalBroker is the evaluation broker evaluations should be added to
	EvalBroker *EvalBroker

	// Periodic is the periodic job dispatcher that periodic jobs should be
	// added/removed from
	Periodic *PeriodicDispatch

	// BlockedEvals is the blocked eval tracker that blocked evaluations should
	// be added to.
	Blocked *BlockedEvals

	// Logger is the logger used by the FSM
	Logger hclog.Logger

	// Region is the region of the server embedding the FSM
	Region string

	// EnableEventBroker specifies if the FSMs state store should enable
	// it's event publisher.
	EnableEventBroker bool

	// EventBufferSize is the amount of messages to hold in memory
	EventBufferSize int64
}

FSMConfig is used to configure the FSM

type FSMFilter added in v1.3.4

type FSMFilter struct {
	// contains filtered or unexported fields
}

func NewFSMFilter added in v1.3.4

func NewFSMFilter(expr string) (*FSMFilter, error)

func (*FSMFilter) Include added in v1.3.4

func (f *FSMFilter) Include(item interface{}) bool

type FileSystem added in v0.8.0

type FileSystem struct {
	// contains filtered or unexported fields
}

FileSystem endpoint is used for accessing the logs and filesystem of allocations from a Node.

func NewFileSystemEndpoint added in v1.5.0

func NewFileSystemEndpoint(srv *Server) *FileSystem

func (*FileSystem) List added in v0.8.0

List is used to list the contents of an allocation's directory.

func (*FileSystem) Stat added in v0.8.0

Stat is used to stat a file in the allocation's directory.

type Job

type Job struct {
	// contains filtered or unexported fields
}

Job endpoint is used for job interactions

func NewJobEndpoints added in v0.10.0

func NewJobEndpoints(s *Server, ctx *RPCContext) *Job

NewJobEndpoints creates a new job endpoint with builtin admission controllers

func (*Job) Allocations

func (j *Job) Allocations(args *structs.JobSpecificRequest,
	reply *structs.JobAllocationsResponse) error

Allocations is used to list the allocations for a job

func (*Job) BatchDeregister added in v0.8.0

BatchDeregister is used to remove a set of jobs from the cluster.

func (*Job) Deployments added in v0.6.0

func (j *Job) Deployments(args *structs.JobSpecificRequest,
	reply *structs.DeploymentListResponse) error

Deployments is used to list the deployments for a job

func (*Job) Deregister

func (j *Job) Deregister(args *structs.JobDeregisterRequest, reply *structs.JobDeregisterResponse) error

Deregister is used to remove a job the cluster.

func (*Job) Dispatch added in v0.5.3

func (j *Job) Dispatch(args *structs.JobDispatchRequest, reply *structs.JobDispatchResponse) error

Dispatch a parameterized job.

func (*Job) Evaluate

func (j *Job) Evaluate(args *structs.JobEvaluateRequest, reply *structs.JobRegisterResponse) error

Evaluate is used to force a job for re-evaluation

func (*Job) Evaluations

func (j *Job) Evaluations(args *structs.JobSpecificRequest,
	reply *structs.JobEvaluationsResponse) error

Evaluations is used to list the evaluations for a job

func (*Job) GetJob

func (j *Job) GetJob(args *structs.JobSpecificRequest,
	reply *structs.SingleJobResponse) error

GetJob is used to request information about a specific job

func (*Job) GetJobVersions added in v0.6.0

func (j *Job) GetJobVersions(args *structs.JobVersionsRequest,
	reply *structs.JobVersionsResponse) error

GetJobVersions is used to retrieve all tracked versions of a job.

func (*Job) GetServiceRegistrations added in v1.3.0

func (j *Job) GetServiceRegistrations(
	args *structs.JobServiceRegistrationsRequest,
	reply *structs.JobServiceRegistrationsResponse) error

GetServiceRegistrations returns a list of service registrations which belong to the passed job ID.

func (*Job) LatestDeployment added in v0.6.0

func (j *Job) LatestDeployment(args *structs.JobSpecificRequest,
	reply *structs.SingleDeploymentResponse) error

LatestDeployment is used to retrieve the latest deployment for a job

func (*Job) List

func (j *Job) List(args *structs.JobListRequest, reply *structs.JobListResponse) error

List is used to list the jobs registered in the system

func (*Job) Plan added in v0.4.0

func (j *Job) Plan(args *structs.JobPlanRequest, reply *structs.JobPlanResponse) error

Plan is used to cause a dry-run evaluation of the Job and return the results with a potential diff containing annotations.

func (*Job) Register

func (j *Job) Register(args *structs.JobRegisterRequest, reply *structs.JobRegisterResponse) error

Register is used to upsert a job for scheduling

func (*Job) Revert added in v0.6.0

func (j *Job) Revert(args *structs.JobRevertRequest, reply *structs.JobRegisterResponse) error

Revert is used to revert the job to a prior version

func (*Job) Scale added in v0.11.0

func (j *Job) Scale(args *structs.JobScaleRequest, reply *structs.JobRegisterResponse) error

Scale is used to modify one of the scaling targets in the job

func (*Job) ScaleStatus added in v0.11.0

func (j *Job) ScaleStatus(args *structs.JobScaleStatusRequest,
	reply *structs.JobScaleStatusResponse) error

ScaleStatus retrieves the scaling status for a job

func (*Job) Stable added in v0.6.0

Stable is used to mark the job version as stable

func (*Job) Summary added in v0.4.1

func (j *Job) Summary(args *structs.JobSummaryRequest, reply *structs.JobSummaryResponse) error

Summary retrieves the summary of a job.

func (*Job) Validate added in v0.5.5

func (j *Job) Validate(args *structs.JobValidateRequest, reply *structs.JobValidateResponse) error

Validate validates a job.

Must forward to the leader, because only the leader will have a live Vault client with which to validate vault tokens.

type JobEvalDispatcher added in v0.3.0

type JobEvalDispatcher interface {
	// DispatchJob takes a job a new, untracked job and creates an evaluation
	// for it and returns the eval.
	DispatchJob(job *structs.Job) (*structs.Evaluation, error)

	// RunningChildren returns whether the passed job has any running children.
	RunningChildren(job *structs.Job) (bool, error)
}

JobEvalDispatcher is an interface to submit jobs and have evaluations created for them.

type Keyring added in v1.4.0

type Keyring struct {
	// contains filtered or unexported fields
}

Keyring endpoint serves RPCs for root key management

func NewKeyringEndpoint added in v1.5.0

func NewKeyringEndpoint(srv *Server, ctx *RPCContext, enc *Encrypter) *Keyring

func (*Keyring) Delete added in v1.4.0

func (*Keyring) Get added in v1.4.0

Get retrieves an existing key from the keyring, including both the key material and metadata. It is used only for replication.

func (*Keyring) List added in v1.4.0

func (*Keyring) Rotate added in v1.4.0

func (*Keyring) Update added in v1.4.0

Update updates an existing key in the keyring, including both the key material and metadata.

type KeyringReplicator added in v1.4.0

type KeyringReplicator struct {
	// contains filtered or unexported fields
}

func NewKeyringReplicator added in v1.4.0

func NewKeyringReplicator(srv *Server, e *Encrypter) *KeyringReplicator

type LicenseConfig added in v0.12.0

type LicenseConfig struct {
	// BuildDate is the time of the git commit used to build the program.
	BuildDate time.Time

	// LicenseEnvBytes is the license bytes to use for the server's license
	LicenseEnvBytes string

	// LicensePath is the path to use for the server's license
	LicensePath string

	// AdditionalPubKeys is a set of public keys to
	AdditionalPubKeys []string

	Logger hclog.InterceptLogger
}

LicenseConfig allows for tunable licensing config primarily used for enterprise testing

func (*LicenseConfig) Copy added in v1.2.13

func (c *LicenseConfig) Copy() *LicenseConfig

type LogApplier added in v0.7.0

type LogApplier func(buf []byte, index uint64) interface{}

LogApplier is the definition of a function that can apply a Raft log

type LogAppliers added in v0.7.0

type LogAppliers map[structs.MessageType]LogApplier

LogAppliers is a mapping of the Raft MessageType to the appropriate log applier

type Namespace added in v1.0.0

type Namespace struct {
	// contains filtered or unexported fields
}

Namespace endpoint is used for manipulating namespaces

func NewNamespaceEndpoint added in v1.5.0

func NewNamespaceEndpoint(srv *Server, ctx *RPCContext) *Namespace

func (*Namespace) DeleteNamespaces added in v1.0.0

func (n *Namespace) DeleteNamespaces(args *structs.NamespaceDeleteRequest, reply *structs.GenericResponse) error

DeleteNamespaces is used to delete a namespace

func (*Namespace) GetNamespace added in v1.0.0

GetNamespace is used to get a specific namespace

func (*Namespace) GetNamespaces added in v1.0.0

func (n *Namespace) GetNamespaces(args *structs.NamespaceSetRequest, reply *structs.NamespaceSetResponse) error

GetNamespaces is used to get a set of namespaces

func (*Namespace) ListNamespaces added in v1.0.0

func (n *Namespace) ListNamespaces(args *structs.NamespaceListRequest, reply *structs.NamespaceListResponse) error

ListNamespaces is used to list the namespaces

func (*Namespace) UpsertNamespaces added in v1.0.0

func (n *Namespace) UpsertNamespaces(args *structs.NamespaceUpsertRequest,
	reply *structs.GenericResponse) error

UpsertNamespaces is used to upsert a set of namespaces

type Node

type Node struct {
	// contains filtered or unexported fields
}

Node endpoint is used for client interactions

func NewNodeEndpoint added in v1.5.0

func NewNodeEndpoint(srv *Server, ctx *RPCContext) *Node

func (*Node) BatchDeregister added in v0.9.4

func (n *Node) BatchDeregister(args *structs.NodeBatchDeregisterRequest, reply *structs.NodeUpdateResponse) error

BatchDeregister is used to remove client nodes from the cluster.

func (*Node) Deregister

func (n *Node) Deregister(args *structs.NodeDeregisterRequest, reply *structs.NodeUpdateResponse) error

Deregister is used to remove a client from the cluster. If a client should just be made unavailable for scheduling, a status update is preferred.

func (*Node) DeriveSIToken added in v0.10.4

func (n *Node) DeriveSIToken(args *structs.DeriveSITokenRequest, reply *structs.DeriveSITokenResponse) error

func (*Node) DeriveVaultToken added in v0.5.0

func (n *Node) DeriveVaultToken(args *structs.DeriveVaultTokenRequest, reply *structs.DeriveVaultTokenResponse) error

DeriveVaultToken is used by the clients to request wrapped Vault tokens for tasks

func (*Node) EmitEvents added in v0.8.0

func (*Node) Evaluate

func (n *Node) Evaluate(args *structs.NodeEvaluateRequest, reply *structs.NodeUpdateResponse) error

Evaluate is used to force a re-evaluation of the node

func (*Node) GetAllocs

func (n *Node) GetAllocs(args *structs.NodeSpecificRequest,
	reply *structs.NodeAllocsResponse) error

GetAllocs is used to request allocations for a specific node

func (*Node) GetClientAllocs added in v0.3.0

func (n *Node) GetClientAllocs(args *structs.NodeSpecificRequest,
	reply *structs.NodeClientAllocsResponse) error

GetClientAllocs is used to request a lightweight list of alloc modify indexes per allocation.

func (*Node) GetNode

func (n *Node) GetNode(args *structs.NodeSpecificRequest,
	reply *structs.SingleNodeResponse) error

GetNode is used to request information about a specific node

func (*Node) List

func (n *Node) List(args *structs.NodeListRequest,
	reply *structs.NodeListResponse) error

List is used to list the available nodes

func (*Node) Register

func (n *Node) Register(args *structs.NodeRegisterRequest, reply *structs.NodeUpdateResponse) error

Register is used to upsert a client that is available for scheduling

func (*Node) UpdateAlloc

func (n *Node) UpdateAlloc(args *structs.AllocUpdateRequest, reply *structs.GenericResponse) error

UpdateAlloc is used to update the client status of an allocation. It should only be called by clients.

Calling this method returns an error when:

  • The node is not registered in the server yet. Clients must first call the Register method.
  • The node status is down or disconnected. Clients must call the UpdateStatus method to update its status in the server.

func (*Node) UpdateDrain

UpdateDrain is used to update the drain mode of a client node

func (*Node) UpdateEligibility added in v0.8.0

UpdateEligibility is used to update the scheduling eligibility of a node

func (*Node) UpdateStatus

func (n *Node) UpdateStatus(args *structs.NodeUpdateStatusRequest, reply *structs.NodeUpdateResponse) error

UpdateStatus is used to update the status of a client node.

Clients with non-terminal allocations must first call UpdateAlloc to be able to transition from the initializing status to ready.

                ┌────────────────────────────────────── No ───┐
                │                                             │
             ┌──▼───┐          ┌─────────────┐       ┌────────┴────────┐
── Register ─► init ├─ ready ──► Has allocs? ├─ Yes ─► Allocs updated? │
             └──▲───┘          └─────┬───────┘       └────────┬────────┘
                │                    │                        │
              ready                  └─ No ─┐  ┌─────── Yes ──┘
                │                           │  │
         ┌──────┴───────┐                ┌──▼──▼─┐         ┌──────┐
         │ disconnected ◄─ disconnected ─┤ ready ├─ down ──► down │
         └──────────────┘                └───▲───┘         └──┬───┘
                                             │                │
                                             └──── ready ─────┘

type NodeMeta added in v1.5.0

type NodeMeta struct {
	// contains filtered or unexported fields
}

func (*NodeMeta) Apply added in v1.5.0

func (*NodeMeta) Read added in v1.5.0

type NoopBadNodeTracker added in v1.3.2

type NoopBadNodeTracker struct{}

NoopBadNodeTracker is a no-op implementation of bad node tracker that is used when tracking is disabled.

func (*NoopBadNodeTracker) Add added in v1.3.2

func (n *NoopBadNodeTracker) Add(string) bool

func (*NoopBadNodeTracker) EmitStats added in v1.3.2

func (n *NoopBadNodeTracker) EmitStats(time.Duration, <-chan struct{})

type Operator added in v0.5.5

type Operator struct {
	// contains filtered or unexported fields
}

Operator endpoint is used to perform low-level operator tasks for Nomad.

func NewOperatorEndpoint added in v1.5.0

func NewOperatorEndpoint(srv *Server, ctx *RPCContext) *Operator

func (*Operator) AutopilotGetConfiguration added in v0.8.0

func (op *Operator) AutopilotGetConfiguration(args *structs.GenericRequest, reply *structs.AutopilotConfig) error

AutopilotGetConfiguration is used to retrieve the current Autopilot configuration.

func (*Operator) AutopilotSetConfiguration added in v0.8.0

func (op *Operator) AutopilotSetConfiguration(args *structs.AutopilotSetConfigRequest, reply *bool) error

AutopilotSetConfiguration is used to set the current Autopilot configuration.

func (*Operator) RaftGetConfiguration added in v0.5.5

func (op *Operator) RaftGetConfiguration(args *structs.GenericRequest, reply *structs.RaftConfigurationResponse) error

RaftGetConfiguration is used to retrieve the current Raft configuration.

func (*Operator) RaftRemovePeerByAddress added in v0.5.5

func (op *Operator) RaftRemovePeerByAddress(args *structs.RaftPeerByAddressRequest, reply *struct{}) error

RaftRemovePeerByAddress is used to kick a stale peer (one that it in the Raft quorum but no longer known to Serf or the catalog) by address in the form of "IP:port". The reply argument is not used, but it required to fulfill the RPC interface.

func (*Operator) RaftRemovePeerByID added in v0.8.0

func (op *Operator) RaftRemovePeerByID(args *structs.RaftPeerByIDRequest, reply *struct{}) error

RaftRemovePeerByID is used to kick a stale peer (one that is in the Raft quorum but no longer known to Serf or the catalog) by address in the form of "IP:port". The reply argument is not used, but is required to fulfill the RPC interface.

func (*Operator) SchedulerGetConfiguration added in v0.9.0

func (op *Operator) SchedulerGetConfiguration(args *structs.GenericRequest, reply *structs.SchedulerConfigurationResponse) error

SchedulerGetConfiguration is used to retrieve the current Scheduler configuration.

func (*Operator) SchedulerSetConfiguration added in v0.9.0

func (op *Operator) SchedulerSetConfiguration(args *structs.SchedulerSetConfigRequest, reply *structs.SchedulerSetConfigurationResponse) error

SchedulerSetConfiguration is used to set the current Scheduler configuration.

func (*Operator) ServerHealth added in v0.8.0

func (op *Operator) ServerHealth(args *structs.GenericRequest, reply *structs.OperatorHealthReply) error

ServerHealth is used to get the current health of the servers.

type PendingEvaluations

type PendingEvaluations []*structs.Evaluation

PendingEvaluations is a list of pending evaluations for a given job. We implement the container/heap interface so that this is a priority queue.

func (PendingEvaluations) Len

func (p PendingEvaluations) Len() int

Len is for the sorting interface

func (PendingEvaluations) Less

func (p PendingEvaluations) Less(i, j int) bool

Less is for the sorting interface. We flip the check so that the "min" in the min-heap is the element with the highest priority or highest modify index

func (*PendingEvaluations) MarkForCancel added in v1.5.0

func (p *PendingEvaluations) MarkForCancel() []*structs.Evaluation

MarkForCancel is used to clear the pending list of all but the one with the highest modify index and highest priority. It returns a slice of cancelable evals so that Eval.Ack RPCs can write batched raft entries to cancel them. This must be called inside the broker's lock.

func (*PendingEvaluations) Pop

func (p *PendingEvaluations) Pop() interface{}

Pop implements the heap interface and is used to remove an evaluation from the slice

func (*PendingEvaluations) Push

func (p *PendingEvaluations) Push(e interface{})

Push implements the heap interface and is used to add a new evaluation to the slice

func (PendingEvaluations) Swap

func (p PendingEvaluations) Swap(i, j int)

Swap is for the sorting interface

type PendingPlans

type PendingPlans []*pendingPlan

PendingPlans is a list of waiting plans. We implement the container/heap interface so that this is a priority queue

func (PendingPlans) Len

func (p PendingPlans) Len() int

Len is for the sorting interface

func (PendingPlans) Less

func (p PendingPlans) Less(i, j int) bool

Less is for the sorting interface. We flip the check so that the "min" in the min-heap is the element with the highest priority. For the same priority, we use the enqueue time of the evaluation to give a FIFO ordering.

func (PendingPlans) Peek

func (p PendingPlans) Peek() *pendingPlan

Peek is used to peek at the next element that would be popped

func (*PendingPlans) Pop

func (p *PendingPlans) Pop() interface{}

Pop is used to remove an evaluation from the slice

func (*PendingPlans) Push

func (p *PendingPlans) Push(e interface{})

Push is used to add a new evaluation to the slice

func (PendingPlans) Swap

func (p PendingPlans) Swap(i, j int)

Swap is for the sorting interface

type Periodic added in v0.3.0

type Periodic struct {
	// contains filtered or unexported fields
}

Periodic endpoint is used for periodic job interactions

func NewPeriodicEndpoint added in v1.5.0

func NewPeriodicEndpoint(srv *Server, ctx *RPCContext) *Periodic

func (*Periodic) Force added in v0.3.0

Force is used to force a new instance of a periodic job

type PeriodicDispatch added in v0.3.0

type PeriodicDispatch struct {
	// contains filtered or unexported fields
}

PeriodicDispatch is used to track and launch periodic jobs. It maintains the set of periodic jobs and creates derived jobs and evaluations per instantiation which is determined by the periodic spec.

func NewPeriodicDispatch added in v0.3.0

func NewPeriodicDispatch(logger log.Logger, dispatcher JobEvalDispatcher) *PeriodicDispatch

NewPeriodicDispatch returns a periodic dispatcher that is used to track and launch periodic jobs.

func (*PeriodicDispatch) Add added in v0.3.0

func (p *PeriodicDispatch) Add(job *structs.Job) error

Add begins tracking of a periodic job. If it is already tracked, it acts as an update to the jobs periodic spec. The method returns whether the job was added and any error that may have occurred.

func (*PeriodicDispatch) ForceEval added in v1.3.14

func (p *PeriodicDispatch) ForceEval(namespace, jobID string) (*structs.Evaluation, error)

ForceEval causes the periodic job to be evaluated immediately and returns the subsequent eval.

func (*PeriodicDispatch) LaunchTime added in v0.3.0

func (p *PeriodicDispatch) LaunchTime(jobID string) (time.Time, error)

LaunchTime returns the launch time of the job. This is only valid for jobs created by PeriodicDispatch and will otherwise return an error.

func (*PeriodicDispatch) Remove added in v0.3.0

func (p *PeriodicDispatch) Remove(namespace, jobID string) error

Remove stops tracking the passed job. If the job is not tracked, it is a no-op.

func (*PeriodicDispatch) SetEnabled added in v0.3.0

func (p *PeriodicDispatch) SetEnabled(enabled bool)

SetEnabled is used to control if the periodic dispatcher is enabled. It should only be enabled on the active leader. Disabling an active dispatcher will stop any launched go routine and flush the dispatcher.

func (*PeriodicDispatch) Tracked added in v0.3.0

func (p *PeriodicDispatch) Tracked() []*structs.Job

Tracked returns the set of tracked job IDs.

type Plan

type Plan struct {
	// contains filtered or unexported fields
}

Plan endpoint is used for plan interactions

func NewPlanEndpoint added in v1.5.0

func NewPlanEndpoint(srv *Server, ctx *RPCContext) *Plan

func (*Plan) Submit

func (p *Plan) Submit(args *structs.PlanRequest, reply *structs.PlanResponse) error

Submit is used to submit a plan to the leader

type PlanFuture

type PlanFuture interface {
	Wait() (*structs.PlanResult, error)
}

PlanFuture is used to return a future for an enqueue

type PlanQueue

type PlanQueue struct {
	// contains filtered or unexported fields
}

PlanQueue is used to submit commit plans for task allocations to the current leader. The leader verifies that resources are not over-committed and commits to Raft. This allows sub-schedulers to be optimistically concurrent. In the case of an overcommit, the plan may be partially applied if allowed, or completely rejected (gang commit).

func NewPlanQueue

func NewPlanQueue() (*PlanQueue, error)

NewPlanQueue is used to construct and return a new plan queue

func (*PlanQueue) Dequeue

func (q *PlanQueue) Dequeue(timeout time.Duration) (*pendingPlan, error)

Dequeue is used to perform a blocking dequeue

func (*PlanQueue) EmitStats

func (q *PlanQueue) EmitStats(period time.Duration, stopCh <-chan struct{})

EmitStats is used to export metrics about the broker while enabled

func (*PlanQueue) Enabled

func (q *PlanQueue) Enabled() bool

Enabled is used to check if the queue is enabled.

func (*PlanQueue) Enqueue

func (q *PlanQueue) Enqueue(plan *structs.Plan) (PlanFuture, error)

Enqueue is used to enqueue a plan

func (*PlanQueue) Flush

func (q *PlanQueue) Flush()

Flush is used to reset the state of the plan queue

func (*PlanQueue) SetEnabled

func (q *PlanQueue) SetEnabled(enabled bool)

SetEnabled is used to control if the queue is enabled. The queue should only be enabled on the active leader.

func (*PlanQueue) Stats

func (q *PlanQueue) Stats() *QueueStats

Stats is used to query the state of the queue

type PurgeSITokenAccessorFunc added in v0.10.4

type PurgeSITokenAccessorFunc func([]*structs.SITokenAccessor) error

PurgeSITokenAccessorFunc is called to remove SI Token accessors from the system (i.e. raft). If the function returns an error, the token will still be tracked and revocation attempts will retry in the background until there is a success.

type PurgeVaultAccessorFn added in v0.5.0

type PurgeVaultAccessorFn func(accessors []*structs.VaultAccessor) error

PurgeVaultAccessorFn is called to remove VaultAccessors from the system. If the function returns an error, the token will still be tracked and revocation will retry till there is a success

type QueueStats

type QueueStats struct {
	Depth int
}

QueueStats returns all the stats about the plan queue

type RPCContext added in v0.8.0

type RPCContext struct {
	// Conn exposes the raw connection.
	Conn net.Conn

	// Session exposes the multiplexed connection session.
	Session *yamux.Session

	// TLS marks whether the RPC is over a TLS based connection
	TLS bool

	// VerifiedChains is is the Verified certificates presented by the incoming
	// connection.
	VerifiedChains [][]*x509.Certificate

	// NodeID marks the NodeID that initiated the connection.
	NodeID string
}

RPCContext provides metadata about the RPC connection.

func (*RPCContext) Certificate added in v1.1.13

func (ctx *RPCContext) Certificate() *x509.Certificate

Certificate returns the first certificate available in the chain.

func (*RPCContext) ValidateCertificateForName added in v1.1.13

func (ctx *RPCContext) ValidateCertificateForName(name string) error

ValidateCertificateForName returns true if the RPC context certificate is valid for the given domain name.

type RaftLayer

type RaftLayer struct {
	// contains filtered or unexported fields
}

RaftLayer implements the raft.StreamLayer interface, so that we can use a single RPC layer for Raft and Nomad

func NewRaftLayer

func NewRaftLayer(addr net.Addr, tlsWrap tlsutil.Wrapper) *RaftLayer

NewRaftLayer is used to initialize a new RaftLayer which can be used as a StreamLayer for Raft. If a tlsConfig is provided, then the connection will use TLS.

func (*RaftLayer) Accept

func (l *RaftLayer) Accept() (net.Conn, error)

Accept is used to return connection which are dialed to be used with the Raft layer

func (*RaftLayer) Addr

func (l *RaftLayer) Addr() net.Addr

Addr is used to return the address of the listener

func (*RaftLayer) Close

func (l *RaftLayer) Close() error

Close is used to stop listening for Raft connections

func (*RaftLayer) Dial

func (l *RaftLayer) Dial(address raft.ServerAddress, timeout time.Duration) (net.Conn, error)

Dial is used to create a new outgoing connection

func (*RaftLayer) Handoff

func (l *RaftLayer) Handoff(ctx context.Context, c net.Conn) error

Handoff is used to hand off a connection to the RaftLayer. This allows it to be Accept()'ed

func (*RaftLayer) ReloadTLS added in v0.8.0

func (l *RaftLayer) ReloadTLS(tlsWrap tlsutil.Wrapper)

ReloadTLS swaps the TLS wrapper. This is useful when upgrading or downgrading TLS connections.

type ReadyEvaluations added in v1.5.0

type ReadyEvaluations []*structs.Evaluation

ReadyEvaluations is a list of ready evaluations across multiple jobs. We implement the container/heap interface so that this is a priority queue.

func (ReadyEvaluations) Len added in v1.5.0

func (r ReadyEvaluations) Len() int

Len is for the sorting interface

func (ReadyEvaluations) Less added in v1.5.0

func (r ReadyEvaluations) Less(i, j int) bool

Less is for the sorting interface. We flip the check so that the "min" in the min-heap is the element with the highest priority

func (ReadyEvaluations) Peek added in v1.5.0

Peek is used to peek at the next element that would be popped

func (*ReadyEvaluations) Pop added in v1.5.0

func (r *ReadyEvaluations) Pop() interface{}

Pop is used to remove an evaluation from the slice

func (*ReadyEvaluations) Push added in v1.5.0

func (r *ReadyEvaluations) Push(e interface{})

Push is used to add a new evaluation to the slice

func (ReadyEvaluations) Swap added in v1.5.0

func (r ReadyEvaluations) Swap(i, j int)

Swap is for the sorting interface

type Region added in v0.2.1

type Region struct {
	// contains filtered or unexported fields
}

Region is used to query and list the known regions

func NewRegionEndpoint added in v1.5.0

func NewRegionEndpoint(srv *Server, ctx *RPCContext) *Region

func (*Region) List added in v0.2.1

func (r *Region) List(args *structs.GenericRequest, reply *[]string) error

List is used to list all of the known regions. No leader forwarding is required for this endpoint because memberlist is used to populate the peers list we read from.

type SITokenStats added in v0.10.4

type SITokenStats struct {
	TrackedForRevoke int
}

type Scaling added in v0.11.0

type Scaling struct {
	// contains filtered or unexported fields
}

Scaling endpoint is used for listing and retrieving scaling policies

func NewScalingEndpoint added in v1.5.0

func NewScalingEndpoint(srv *Server, ctx *RPCContext) *Scaling

func (*Scaling) GetPolicy added in v0.11.0

GetPolicy is used to get a specific policy

func (*Scaling) ListPolicies added in v0.11.0

ListPolicies is used to list the policies

type SchedulerStats

type SchedulerStats struct {
	Ready   int
	Unacked int
}

SchedulerStats returns the stats per scheduler

type SchedulerWorkerPoolArgs added in v1.2.4

type SchedulerWorkerPoolArgs struct {
	NumSchedulers     int
	EnabledSchedulers []string
}

SchedulerWorkerPoolArgs are the two key configuration options for a Nomad server's scheduler worker pool. Before using, you should always verify that they are rational using IsValid() or IsInvalid()

func (SchedulerWorkerPoolArgs) Copy added in v1.2.4

Copy returns a clone of a SchedulerWorkerPoolArgs struct. Concurrent access concerns should be managed by the caller.

func (SchedulerWorkerPoolArgs) IsInvalid added in v1.2.4

func (swpa SchedulerWorkerPoolArgs) IsInvalid() bool

IsInvalid returns true when the SchedulerWorkerPoolArgs.IsValid is false

func (SchedulerWorkerPoolArgs) IsValid added in v1.2.4

func (swpa SchedulerWorkerPoolArgs) IsValid() bool

IsValid verifies that the pool arguments are valid. That is, they have a non-negative numSchedulers value and the enabledSchedulers list has _core and only refers to known schedulers.

type SchedulerWorkerStatus added in v1.2.4

type SchedulerWorkerStatus int
const (
	WorkloadUnknownStatus SchedulerWorkerStatus = iota
	WorkloadRunning
	WorkloadWaitingToDequeue
	WorkloadWaitingForRaft
	WorkloadScheduling
	WorkloadSubmitting
	WorkloadBackoff
	WorkloadStopped
	WorkloadPaused
)

func (SchedulerWorkerStatus) String added in v1.2.4

func (i SchedulerWorkerStatus) String() string
type Search struct {
	// contains filtered or unexported fields
}

Search endpoint is used to look up matches for a given prefix and context

func NewSearchEndpoint added in v1.5.0

func NewSearchEndpoint(srv *Server, ctx *RPCContext) *Search

func (*Search) FuzzySearch added in v1.1.0

func (s *Search) FuzzySearch(args *structs.FuzzySearchRequest, reply *structs.FuzzySearchResponse) error

FuzzySearch is used to list fuzzy or prefix matches for a given text argument and Context. If the Context is "all", all searchable contexts are searched. If ACLs are enabled, results are limited to policies of the provided ACL token.

These types are limited to prefix UUID searching:

Evals, Deployments, ScalingPolicies, Volumes

These types are available for fuzzy searching:

Nodes, Namespaces, Jobs, Allocs, Plugins, Variables

Jobs are a special case that expand into multiple types, and whose return values include Scope which is a descending list of IDs of parent objects, starting with the Namespace. The subtypes of jobs are fuzzy searchable.

The Jobs type expands into these sub types:

Jobs, Groups, Services, Tasks, Images, Commands, Classes

The results are in descending order starting with strongest match, per Context type.

func (*Search) PrefixSearch added in v0.6.1

func (s *Search) PrefixSearch(args *structs.SearchRequest, reply *structs.SearchResponse) error

PrefixSearch is used to list matches for a given prefix, and returns matching jobs, evaluations, allocations, and/or nodes.

type Server

type Server struct {

	// EnterpriseState is used to fill in state for Pro/Ent builds
	EnterpriseState
	// contains filtered or unexported fields
}

Server is Nomad server which manages the job queues, schedulers, and notification bus for agents.

func NewServer

func NewServer(config *Config, consulCatalog consul.CatalogAPI, consulConfigEntries consul.ConfigAPI, consulACLs consul.ACLsAPI) (*Server, error)

NewServer is used to construct a new Nomad server from the configuration, potentially returning an error

func TestACLServer added in v0.8.0

func TestACLServer(t testing.T, cb func(*Config)) (*Server, *structs.ACLToken, func())

func TestServer added in v0.8.0

func TestServer(t testing.T, cb func(*Config)) (*Server, func())

func TestServerErr added in v1.3.0

func TestServerErr(t testing.T, cb func(*Config)) (*Server, func(), error)

func (*Server) Authenticate added in v1.5.0

func (s *Server) Authenticate(ctx *RPCContext, args structs.RequestWithIdentity) error

Authenticate extracts an AuthenticatedIdentity from the request context or provided token and sets the identity on the request. The caller can extract an acl.ACL, WorkloadIdentity, or other identifying tokens to use for authorization. Keeping these fields independent rather than merging them into an ephemeral ACLToken makes the original of the credential clear to RPC handlers, who may have different behavior for internal vs external origins.

Note: when called on the follower we'll be making stale queries, so it's possible if the follower is behind that the leader will get a different value if an ACL token or allocation's WI has just been created.

This method returns errors that are used for testing diagnostics. RPC callers should always return ErrPermissionDenied after checking forwarding when one of these errors is received.

func (*Server) ClusterID added in v0.10.4

func (s *Server) ClusterID() (string, error)

ClusterID returns the unique ID for this cluster.

Any Nomad server agent may call this method to get at the ID. If we are the leader and the ID has not yet been created, it will be created now. Otherwise an error is returned.

The ID will not be created until all participating servers have reached a minimum version (0.10.4).

func (*Server) Datacenter added in v0.5.0

func (s *Server) Datacenter() string

Datacenter returns the data center of the server

func (*Server) DispatchJob added in v0.3.0

func (s *Server) DispatchJob(job *structs.Job) (*structs.Evaluation, error)

DispatchJob creates an evaluation for the passed job and commits both the evaluation and the job to the raft log. It returns the eval.

func (*Server) EmitRaftStats added in v0.9.4

func (s *Server) EmitRaftStats(period time.Duration, stopCh <-chan struct{})

EmitRaftStats is used to export metrics about raft indexes and state store snapshot index

func (*Server) Encrypted

func (s *Server) Encrypted() bool

Encrypted determines if gossip is encrypted

func (*Server) GetClusterHealth added in v1.4.0

func (s *Server) GetClusterHealth() *structs.OperatorHealthReply

GetClusterHealth is used to get the current health of the servers, as known by the leader.

func (*Server) GetConfig added in v0.5.0

func (s *Server) GetConfig() *Config

GetConfig returns the config of the server for testing purposes only

func (*Server) GetSchedulerWorkerConfig added in v1.2.4

func (s *Server) GetSchedulerWorkerConfig() SchedulerWorkerPoolArgs

GetSchedulerWorkerConfig returns a clean copy of the server's current scheduler worker config.

func (*Server) GetSchedulerWorkersInfo added in v1.2.4

func (s *Server) GetSchedulerWorkersInfo() []WorkerInfo

GetSchedulerWorkerInfo returns a slice of WorkerInfos from all of the running scheduler workers.

func (*Server) IsLeader

func (s *Server) IsLeader() bool

IsLeader checks if this server is the cluster leader

func (*Server) IsShutdown

func (s *Server) IsShutdown() bool

IsShutdown checks if the server is shutdown

func (*Server) Join

func (s *Server) Join(addrs []string) (int, error)

Join is used to have Nomad join the gossip ring The target address should be another node listening on the Serf address

func (*Server) KeyManager

func (s *Server) KeyManager() *serf.KeyManager

KeyManager returns the Serf keyring manager

func (*Server) Leave

func (s *Server) Leave() error

Leave is used to prepare for a graceful shutdown of the server

func (*Server) LocalMember

func (s *Server) LocalMember() serf.Member

LocalMember is used to return the local node

func (*Server) MeasureRPCRate added in v1.5.0

func (s *Server) MeasureRPCRate(endpoint, op string, args structs.RequestWithIdentity)

MeasureRPCRate increments the appropriate rate metric for this endpoint, with a label from the identity

func (*Server) Members

func (s *Server) Members() []serf.Member

Members is used to return the members of the serf cluster

func (*Server) MinRaftProtocol added in v1.4.0

func (s *Server) MinRaftProtocol() (int, error)

MinRaftProtocol returns the lowest supported Raft protocol among alive servers

func (*Server) RPC

func (s *Server) RPC(method string, args interface{}, reply interface{}) error

RPC is used to make a local RPC call

func (*Server) Region added in v0.5.0

func (s *Server) Region() string

Region returns the region of the server

func (*Server) Regions added in v0.2.1

func (s *Server) Regions() []string

Regions returns the known regions in the cluster.

func (*Server) Reload added in v0.5.5

func (s *Server) Reload(newConfig *Config) error

Reload handles a config reload specific to server-only configuration. Not all config fields can handle a reload.

func (*Server) RemoveFailedNode

func (s *Server) RemoveFailedNode(node string) error

RemoveFailedNode is used to remove a failed node from the cluster

func (*Server) ReplicationToken added in v0.7.0

func (s *Server) ReplicationToken() string

ReplicationToken returns the token used for replication. We use a method to support dynamic reloading of this value later.

func (*Server) ResolveACL added in v1.5.0

func (s *Server) ResolveACL(args structs.RequestWithIdentity) (*acl.ACL, error)

ResolveACL is an authentication wrapper which handles resolving both ACL tokens and Workload Identities. If both are provided the ACL token is preferred, but it is best for the RPC caller to only include the credentials for the identity they intend the operation to be performed with.

func (*Server) ResolveACLForToken added in v1.5.0

func (s *Server) ResolveACLForToken(aclToken *structs.ACLToken) (*acl.ACL, error)

ResolveACLForToken resolves an ACL from a token only. It should be used only by Variables endpoints, which have additional implicit policies for their claims so we can't wrap them up in ResolveACL.

TODO: figure out a way to the Variables endpoint implicit policies baked into their acl.ACL object so that we can avoid using this method.

func (*Server) ResolveClaims added in v1.4.0

func (s *Server) ResolveClaims(claims *structs.IdentityClaims) (*acl.ACL, error)

func (*Server) ResolveClientOrACL added in v1.5.0

func (s *Server) ResolveClientOrACL(args structs.RequestWithIdentity) (*acl.ACL, error)

ResolveClientOrACL resolves an ACL if the identity has a token or claim, and falls back to verifying the client ID if one has been set

func (*Server) ResolveSecretToken added in v0.11.0

func (s *Server) ResolveSecretToken(secretID string) (*structs.ACLToken, error)

ResolveSecretToken is used to translate an ACL Token Secret ID into an ACLToken object, nil if ACLs are disabled, or an error.

func (*Server) ResolveToken added in v0.7.0

func (s *Server) ResolveToken(secretID string) (*acl.ACL, error)

ResolveToken is used to translate an ACL Token Secret ID into an ACL object, nil if ACLs are disabled, or an error.

func (*Server) RunningChildren added in v0.3.0

func (s *Server) RunningChildren(job *structs.Job) (bool, error)

RunningChildren checks whether the passed job has any running children.

func (*Server) SetSchedulerWorkerConfig added in v1.2.4

func (s *Server) SetSchedulerWorkerConfig(newArgs SchedulerWorkerPoolArgs) SchedulerWorkerPoolArgs

func (*Server) Shutdown

func (s *Server) Shutdown() error

Shutdown is used to shutdown the server

func (*Server) State

func (s *Server) State() *state.StateStore

State returns the underlying state store. This should *not* be used to modify state directly.

func (*Server) Stats

func (s *Server) Stats() map[string]map[string]string

Stats is used to return statistics for debugging and insight for various sub-systems

func (*Server) StreamingRpcHandler added in v0.8.0

func (s *Server) StreamingRpcHandler(method string) (structs.StreamingRpcHandler, error)

StreamingRpcHandler is used to make a streaming RPC call.

func (*Server) VerifyClaim added in v1.4.0

func (s *Server) VerifyClaim(token string) (*structs.IdentityClaims, error)

VerifyClaim asserts that the token is valid and that the resulting allocation ID belongs to a non-terminal allocation

type ServiceIdentityRequest added in v0.11.3

type ServiceIdentityRequest struct {
	ConsulNamespace string
	TaskKind        structs.TaskKind
	TaskName        string
	ClusterID       string
	AllocID         string
}

func (ServiceIdentityRequest) Description added in v0.11.3

func (sir ServiceIdentityRequest) Description() string

func (ServiceIdentityRequest) Validate added in v0.11.3

func (sir ServiceIdentityRequest) Validate() error

type ServiceRegistration added in v1.3.0

type ServiceRegistration struct {
	// contains filtered or unexported fields
}

ServiceRegistration encapsulates the service registrations RPC endpoint which is callable via the ServiceRegistration RPCs and externally via the "/v1/service{s}" HTTP API.

func NewServiceRegistrationEndpoint added in v1.5.0

func NewServiceRegistrationEndpoint(srv *Server, ctx *RPCContext) *ServiceRegistration

func (*ServiceRegistration) DeleteByID added in v1.3.0

DeleteByID removes a single service registration, as specified by its ID from Nomad. This is typically called by Nomad nodes, however, in extreme situations can be used via the CLI and API by operators.

func (*ServiceRegistration) GetService added in v1.3.0

GetService is used to get all services registrations corresponding to a single name.

func (*ServiceRegistration) List added in v1.3.0

List is used to list service registration held within state. It supports single and wildcard namespace listings.

func (*ServiceRegistration) Upsert added in v1.3.0

Upsert creates or updates service registrations held within Nomad. This RPC is only callable by Nomad nodes.

type SnapshotRestorer added in v0.7.0

type SnapshotRestorer func(restore *state.StateRestore, dec *codec.Decoder) error

SnapshotRestorer is the definition of a function that can apply a Raft log

type SnapshotRestorers added in v0.7.0

type SnapshotRestorers map[SnapshotType]SnapshotRestorer

SnapshotRestorers is a mapping of the SnapshotType to the appropriate snapshot restorer.

type SnapshotType

type SnapshotType byte

SnapshotType is prefixed to a record in the FSM snapshot so that we can determine the type for restore

const (
	NodeSnapshot                         SnapshotType = 0
	JobSnapshot                          SnapshotType = 1
	IndexSnapshot                        SnapshotType = 2
	EvalSnapshot                         SnapshotType = 3
	AllocSnapshot                        SnapshotType = 4
	TimeTableSnapshot                    SnapshotType = 5
	PeriodicLaunchSnapshot               SnapshotType = 6
	JobSummarySnapshot                   SnapshotType = 7
	VaultAccessorSnapshot                SnapshotType = 8
	JobVersionSnapshot                   SnapshotType = 9
	DeploymentSnapshot                   SnapshotType = 10
	ACLPolicySnapshot                    SnapshotType = 11
	ACLTokenSnapshot                     SnapshotType = 12
	SchedulerConfigSnapshot              SnapshotType = 13
	ClusterMetadataSnapshot              SnapshotType = 14
	ServiceIdentityTokenAccessorSnapshot SnapshotType = 15
	ScalingPolicySnapshot                SnapshotType = 16
	CSIPluginSnapshot                    SnapshotType = 17
	CSIVolumeSnapshot                    SnapshotType = 18
	ScalingEventsSnapshot                SnapshotType = 19
	EventSinkSnapshot                    SnapshotType = 20
	ServiceRegistrationSnapshot          SnapshotType = 21
	VariablesSnapshot                    SnapshotType = 22
	VariablesQuotaSnapshot               SnapshotType = 23
	RootKeyMetaSnapshot                  SnapshotType = 24
	ACLRoleSnapshot                      SnapshotType = 25
	ACLAuthMethodSnapshot                SnapshotType = 26
	ACLBindingRuleSnapshot               SnapshotType = 27

	// Namespace appliers were moved from enterprise and therefore start at 64
	NamespaceSnapshot SnapshotType = 64
)

type StatsFetcher added in v0.8.0

type StatsFetcher struct {
	// contains filtered or unexported fields
}

StatsFetcher has two functions for autopilot. First, lets us fetch all the stats in parallel so we are taking a sample as close to the same time as possible, since we are comparing time-sensitive info for the health check. Second, it bounds the time so that one slow RPC can't hold up the health check loop; as a side effect of how it implements this, it also limits to a single in-flight RPC to any given server, so goroutines don't accumulate as we run the health check fairly frequently.

func NewStatsFetcher added in v0.8.0

func NewStatsFetcher(logger log.Logger, pool *pool.ConnPool, region string) *StatsFetcher

NewStatsFetcher returns a stats fetcher.

func (*StatsFetcher) Fetch added in v0.8.0

Fetch will attempt to query all the servers in parallel.

type Status

type Status struct {
	// contains filtered or unexported fields
}

Status endpoint is used to check on server status

func NewStatusEndpoint added in v1.5.0

func NewStatusEndpoint(srv *Server, ctx *RPCContext) *Status

func (*Status) HasNodeConn added in v0.8.0

func (s *Status) HasNodeConn(args *structs.NodeSpecificRequest, reply *structs.NodeConnQueryResponse) error

HasNodeConn returns whether the server has a connection to the requested Node.

func (*Status) Leader

func (s *Status) Leader(args *structs.GenericRequest, reply *string) error

Leader is used to get the address of the leader

func (*Status) Members added in v0.5.0

func (s *Status) Members(args *structs.GenericRequest, reply *structs.ServerMembersResponse) error

Members return the list of servers in a cluster that a particular server is aware of

func (*Status) Peers

func (s *Status) Peers(args *structs.GenericRequest, reply *[]string) error

Peers is used to get all the Raft peers

func (*Status) Ping

func (s *Status) Ping(args structs.GenericRequest, reply *struct{}) error

Ping is used to just check for connectivity

func (*Status) RaftStats added in v0.8.0

func (s *Status) RaftStats(args *structs.GenericRequest, reply *structs.RaftStats) error

RaftStats is used by Autopilot to query the raft stats of the local server.

type System added in v0.3.0

type System struct {
	// contains filtered or unexported fields
}

System endpoint is used to call invoke system tasks.

func NewSystemEndpoint added in v1.5.0

func NewSystemEndpoint(srv *Server, ctx *RPCContext) *System

func (*System) GarbageCollect added in v0.3.0

func (s *System) GarbageCollect(args *structs.GenericRequest, reply *structs.GenericResponse) error

GarbageCollect is used to trigger the system to immediately garbage collect nodes, evals and jobs.

func (*System) ReconcileJobSummaries added in v0.4.1

func (s *System) ReconcileJobSummaries(args *structs.GenericRequest, reply *structs.GenericResponse) error

ReconcileJobSummaries reconciles the summaries of all the jobs in the state store

type TestVaultClient added in v0.5.0

type TestVaultClient struct {
	// LookupTokenErrors maps a token to an error that will be returned by the
	// LookupToken call
	LookupTokenErrors map[string]error

	// LookupTokenSecret maps a token to the Vault secret that will be returned
	// by the LookupToken call
	LookupTokenSecret map[string]*vapi.Secret

	// CreateTokenErrors maps a token to an error that will be returned by the
	// CreateToken call
	CreateTokenErrors map[string]map[string]error

	// CreateTokenSecret maps a token to the Vault secret that will be returned
	// by the CreateToken call
	CreateTokenSecret map[string]map[string]*vapi.Secret

	RevokedTokens []*structs.VaultAccessor
}

TestVaultClient is a Vault client appropriate for use during testing. Its behavior is programmable such that endpoints can be tested under various circumstances.

func (*TestVaultClient) CreateToken added in v0.5.0

func (v *TestVaultClient) CreateToken(ctx context.Context, a *structs.Allocation, task string) (*vapi.Secret, error)

func (*TestVaultClient) EmitStats added in v0.5.5

func (v *TestVaultClient) EmitStats(period time.Duration, stopCh <-chan struct{})

func (*TestVaultClient) GetConfig added in v1.1.17

func (v *TestVaultClient) GetConfig() *config.VaultConfig

func (*TestVaultClient) LookupToken added in v0.5.0

func (v *TestVaultClient) LookupToken(ctx context.Context, token string) (*vapi.Secret, error)

func (*TestVaultClient) MarkForRevocation added in v0.11.3

func (v *TestVaultClient) MarkForRevocation(accessors []*structs.VaultAccessor) error

func (*TestVaultClient) RevokeTokens added in v0.5.0

func (v *TestVaultClient) RevokeTokens(ctx context.Context, accessors []*structs.VaultAccessor, committed bool) error

func (*TestVaultClient) Running added in v0.5.5

func (v *TestVaultClient) Running() bool

func (*TestVaultClient) SetActive added in v0.5.0

func (v *TestVaultClient) SetActive(enabled bool)

func (*TestVaultClient) SetConfig added in v0.5.0

func (v *TestVaultClient) SetConfig(config *config.VaultConfig) error

func (*TestVaultClient) SetCreateTokenError added in v0.5.0

func (v *TestVaultClient) SetCreateTokenError(allocID, task string, err error)

SetCreateTokenError sets the error that will be returned by the token creation

func (*TestVaultClient) SetCreateTokenSecret added in v0.5.0

func (v *TestVaultClient) SetCreateTokenSecret(allocID, task string, secret *vapi.Secret)

SetCreateTokenSecret sets the secret that will be returned by the token creation

func (*TestVaultClient) SetLookupTokenAllowedPolicies added in v0.5.0

func (v *TestVaultClient) SetLookupTokenAllowedPolicies(token string, policies []string)

SetLookupTokenAllowedPolicies is a helper that adds a secret that allows the given policies

func (*TestVaultClient) SetLookupTokenError added in v0.5.0

func (v *TestVaultClient) SetLookupTokenError(token string, err error)

SetLookupTokenError sets the error that will be returned by the token lookup

func (*TestVaultClient) SetLookupTokenSecret added in v0.5.0

func (v *TestVaultClient) SetLookupTokenSecret(token string, secret *vapi.Secret)

SetLookupTokenSecret sets the secret that will be returned by the token lookup

func (*TestVaultClient) Stats added in v0.5.5

func (v *TestVaultClient) Stats() map[string]string

func (*TestVaultClient) Stop added in v0.5.0

func (v *TestVaultClient) Stop()

type TimeTable

type TimeTable struct {
	// contains filtered or unexported fields
}

TimeTable is used to associate a Raft index with a timestamp. This is used so that we can quickly go from a timestamp to an index or visa versa.

func NewTimeTable

func NewTimeTable(granularity time.Duration, limit time.Duration) *TimeTable

NewTimeTable creates a new time table which stores entries at a given granularity for a maximum limit. The storage space required is (limit/granularity)

func (*TimeTable) Deserialize

func (t *TimeTable) Deserialize(dec *codec.Decoder) error

Deserialize is used to deserialize the time table and restore the state

func (*TimeTable) NearestIndex

func (t *TimeTable) NearestIndex(when time.Time) uint64

NearestIndex returns the nearest index older than the given time

func (*TimeTable) NearestTime

func (t *TimeTable) NearestTime(index uint64) time.Time

NearestTime returns the nearest time older than the given index

func (*TimeTable) Serialize

func (t *TimeTable) Serialize(enc *codec.Encoder) error

Serialize is used to serialize the time table

func (*TimeTable) Witness

func (t *TimeTable) Witness(index uint64, when time.Time)

Witness is used to witness a new index and time.

type TimeTableEntry

type TimeTableEntry struct {
	Index uint64
	Time  time.Time
}

TimeTableEntry is used to track a time and index

type Variables added in v1.4.0

type Variables struct {
	// contains filtered or unexported fields
}

Variables encapsulates the variables RPC endpoint which is callable via the Variables RPCs and externally via the "/v1/var{s}" HTTP API.

func NewVariablesEndpoint added in v1.5.0

func NewVariablesEndpoint(srv *Server, ctx *RPCContext, enc *Encrypter) *Variables

func (*Variables) Apply added in v1.4.0

Apply is used to apply a SV update request to the data store.

func (*Variables) List added in v1.4.0

List is used to list variables held within state. It supports single and wildcard namespace listings.

func (*Variables) Read added in v1.4.0

Read is used to get a specific variable

type VaultClient added in v0.5.0

type VaultClient interface {
	// SetActive activates or de-activates the Vault client. When active, token
	// creation/lookup/revocation operation are allowed.
	SetActive(active bool)

	// SetConfig updates the config used by the Vault client
	SetConfig(config *config.VaultConfig) error

	// GetConfig returns a copy of the config used by the Vault client, for
	// testing
	GetConfig() *config.VaultConfig

	// CreateToken takes an allocation and task and returns an appropriate Vault
	// Secret
	CreateToken(ctx context.Context, a *structs.Allocation, task string) (*vapi.Secret, error)

	// LookupToken takes a token string and returns its capabilities.
	LookupToken(ctx context.Context, token string) (*vapi.Secret, error)

	// RevokeTokens takes a set of tokens accessor and revokes the tokens
	RevokeTokens(ctx context.Context, accessors []*structs.VaultAccessor, committed bool) error

	// MarkForRevocation revokes the tokens in background
	MarkForRevocation(accessors []*structs.VaultAccessor) error

	// Stop is used to stop token renewal
	Stop()

	// Running returns whether the Vault client is running
	Running() bool

	// Stats returns the Vault clients statistics
	Stats() map[string]string

	// EmitStats emits that clients statistics at the given period until stopCh
	// is called.
	EmitStats(period time.Duration, stopCh <-chan struct{})
}

VaultClient is the Servers interface for interfacing with Vault

type VaultNoopDelegate added in v0.12.2

type VaultNoopDelegate struct{}

VaultVaultNoopDelegate returns the default vault api auth token handler

type VaultStats added in v0.5.5

type VaultStats struct {
	// TrackedForRevoke is the count of tokens that are being tracked to be
	// revoked since they could not be immediately revoked.
	TrackedForRevoke int

	// TokenTTL is the time-to-live duration for the current token
	TokenTTL time.Duration

	// TokenExpiry is the recorded expiry time of the current token
	TokenExpiry time.Time

	// LastRenewalTime is the time since the token was last renewed
	LastRenewalTime     time.Time
	TimeFromLastRenewal time.Duration

	// NextRenewalTime is the time the token will attempt to renew
	NextRenewalTime   time.Time
	TimeToNextRenewal time.Duration
}

VaultStats returns all the stats about Vault tokens created and managed by Nomad.

type Worker

type Worker struct {
	// contains filtered or unexported fields
}

Worker is a single threaded scheduling worker. There may be multiple running per server (leader or follower). They are responsible for dequeuing pending evaluations, invoking schedulers, plan submission and the lifecycle around making task allocations. They bridge the business logic of the scheduler with the plumbing required to make it all work.

func NewWorker

func NewWorker(ctx context.Context, srv *Server, args SchedulerWorkerPoolArgs) (*Worker, error)

NewWorker starts a new scheduler worker associated with the given server

func (*Worker) CreateEval

func (w *Worker) CreateEval(eval *structs.Evaluation) error

CreateEval is used to create a new evaluation. This allows the worker to act as the planner for the scheduler.

func (*Worker) GetStatus added in v1.2.4

func (w *Worker) GetStatus() WorkerStatus

GetStatus returns the status of the Worker

func (*Worker) GetWorkloadStatus added in v1.2.4

func (w *Worker) GetWorkloadStatus() SchedulerWorkerStatus

GetStatus returns the status of the Worker's Workload.

func (*Worker) ID added in v1.2.4

func (w *Worker) ID() string

ID returns a string ID for the worker.

func (*Worker) Info added in v1.2.4

func (w *Worker) Info() WorkerInfo

func (*Worker) IsPaused added in v1.2.4

func (w *Worker) IsPaused() bool

IsPaused returns a boolean indicating if this worker has been paused.

func (*Worker) IsStarted added in v1.2.4

func (w *Worker) IsStarted() bool

IsStarted returns a boolean indicating if this worker has been started.

func (*Worker) IsStopped added in v1.2.4

func (w *Worker) IsStopped() bool

IsStopped returns a boolean indicating if this worker has been stopped.

func (*Worker) Pause added in v1.2.4

func (w *Worker) Pause()

Pause transitions a worker to the pausing state. Check to see if it paused using IsPaused()

func (*Worker) ReblockEval added in v0.4.0

func (w *Worker) ReblockEval(eval *structs.Evaluation) error

ReblockEval is used to reinsert a blocked evaluation into the blocked eval tracker. This allows the worker to act as the planner for the scheduler.

func (*Worker) Resume added in v1.2.4

func (w *Worker) Resume()

Resume transitions a worker to the resuming state. Check to see if the worker restarted by calling IsStarted()

func (*Worker) ServersMeetMinimumVersion added in v1.3.0

func (w *Worker) ServersMeetMinimumVersion(minVersion *version.Version, checkFailedServers bool) bool

ServersMeetMinimumVersion allows implementations of the Scheduler interface in other packages to perform server version checks without direct references to the Nomad server.

func (*Worker) Start added in v1.2.4

func (w *Worker) Start()

Start transitions a worker to the starting state. Check to see if it paused using IsStarted()

func (*Worker) Stop added in v1.2.4

func (w *Worker) Stop()

Resume transitions a worker to the stopping state. Check to see if the worker stopped by calling IsStopped()

func (*Worker) SubmitPlan

func (w *Worker) SubmitPlan(plan *structs.Plan) (*structs.PlanResult, scheduler.State, error)

SubmitPlan is used to submit a plan for consideration. This allows the worker to act as the planner for the scheduler.

func (*Worker) UpdateEval

func (w *Worker) UpdateEval(eval *structs.Evaluation) error

UpdateEval is used to submit an updated evaluation. This allows the worker to act as the planner for the scheduler.

type WorkerInfo added in v1.2.4

type WorkerInfo struct {
	ID                string    `json:"id"`
	EnabledSchedulers []string  `json:"enabled_schedulers"`
	Started           time.Time `json:"started"`
	Status            string    `json:"status"`
	WorkloadStatus    string    `json:"workload_status"`
}

func (WorkerInfo) Copy added in v1.2.4

func (w WorkerInfo) Copy() WorkerInfo

func (WorkerInfo) String added in v1.2.4

func (w WorkerInfo) String() string

type WorkerStatus added in v1.2.4

type WorkerStatus int
const (
	WorkerUnknownStatus WorkerStatus = iota // Unknown
	WorkerStarting
	WorkerStarted
	WorkerPausing
	WorkerPaused
	WorkerResuming
	WorkerStopping
	WorkerStopped
)

func (WorkerStatus) String added in v1.2.4

func (i WorkerStatus) String() string

Directories

Path Synopsis
deploymentwatcher creates and tracks Deployments, which hold meta data describing the process of upgrading a running job to a new set of Allocations.
deploymentwatcher creates and tracks Deployments, which hold meta data describing the process of upgrading a running job to a new set of Allocations.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL