nomad

package
v0.0.0-...-ae3a0a2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 14, 2022 License: MPL-2.0 Imports: 97 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// AutopilotRZTag is the Serf tag to use for the redundancy zone value
	// when passing the server metadata to Autopilot.
	AutopilotRZTag = "ap_zone"

	// AutopilotRZTag is the Serf tag to use for the custom version value
	// when passing the server metadata to Autopilot.
	AutopilotVersionTag = "ap_version"
)
View Source 
const (
	DefaultRegion   = "global"
	DefaultDC       = "dc1"
	DefaultSerfPort = 4648
)
View Source 
const (
	// ConsulPolicyWrite is the literal text of the policy field of a Consul Policy
	// Rule that we check when validating an Operator Consul token against the
	// necessary permissions for creating a Service Identity token for a given
	// service.
	//
	// The rule may be:
	//  - service.<exact>
	//  - service."*" (wildcard)
	//  - service_prefix.<matching> (including empty string)
	//
	// e.g.
	//   service "web" { policy = "write" }
	//   service_prefix "" { policy = "write" }
	ConsulPolicyWrite = "write"

	// ConsulPolicyRead is the literal text of the policy field of a Consul Policy
	// Rule that we check when validating a job-submitter Consul token against the
	// necessary permissions for reading the key-value store.
	//
	// The only acceptable rule is
	//  - service_prefix "" { policy = "read|write" }
	ConsulPolicyRead = "read"
)
View Source 
const (
	// RegisterEnforceIndexErrPrefix is the prefix to use in errors caused by
	// enforcing the job modify index during registers.
	RegisterEnforceIndexErrPrefix = "Enforcing job modify index"

	// DispatchPayloadSizeLimit is the maximum size of the uncompressed input
	// data payload.
	DispatchPayloadSizeLimit = 16 * 1024
)
View Source 
const (

	// NodeDrainEvents are the various drain messages
	NodeDrainEventDrainSet      = "Node drain strategy set"
	NodeDrainEventDrainDisabled = "Node drain disabled"
	NodeDrainEventDrainUpdated  = "Node drain strategy updated"

	// NodeEligibilityEventEligible is used when the nodes eligiblity is marked
	// eligible
	NodeEligibilityEventEligible = "Node marked as eligible for scheduling"

	// NodeEligibilityEventIneligible is used when the nodes eligiblity is marked
	// ineligible
	NodeEligibilityEventIneligible = "Node marked as ineligible for scheduling"

	// NodeHeartbeatEventReregistered is the message used when the node becomes
	// reregistered by the heartbeat.
	NodeHeartbeatEventReregistered = "Node reregistered by heartbeat"
)
View Source 
const AllRegions = ""
View Source 
const (
	// DefaultDequeueTimeout is used if no dequeue timeout is provided
	DefaultDequeueTimeout = time.Second
)
View Source 
const (

	// NodeHeartbeatEventMissed is the event used when the Nodes heartbeat is
	// missed.
	NodeHeartbeatEventMissed = "Node heartbeat missed"
)
View Source 
const (
	// StatusReap is used to update the status of a node if we
	// are handling a EventMemberReap
	StatusReap = serf.MemberStatus(-1)
)

Variables

View Source 
var (
	// ErrNotOutstanding is returned if an evaluation is not outstanding
	ErrNotOutstanding = errors.New("evaluation is not outstanding")

	// ErrTokenMismatch is the outstanding eval has a different token
	ErrTokenMismatch = errors.New("evaluation token does not match")

	// ErrNackTimeoutReached is returned if an expired evaluation is reset
	ErrNackTimeoutReached = errors.New("evaluation nack timeout reached")
)
View Source 
var ErrMultipleNamespaces = errors.New("multiple Vault namespaces requires Nomad Enterprise")

ErrMultipleNamespaces is send when multiple namespaces are used in the OSS setup

View Source 
var MinVersionPlanNormalization = version.Must(version.NewVersion("0.9.2"))

MinVersionPlanNormalization is the minimum version to support the normalization of Plan in SubmitPlan, and the denormalization raft log entry committed in ApplyPlanResultsRequest

Functions

func DefaultRPCAddr 

func DefaultRPCAddr() *net.TCPAddr

func NewConsulACLsAPI 

func NewConsulACLsAPI(aclClient consul.ACLsAPI, logger hclog.Logger, purgeFunc PurgeSITokenAccessorFunc) *consulACLsAPI

func NewConsulConfigsAPI 

func NewConsulConfigsAPI(configsClient consul.ConfigAPI, logger hclog.Logger) *consulConfigsAPI

func NewCoreScheduler 

func NewCoreScheduler(srv *Server, snap *state.StateSnapshot) scheduler.Scheduler

NewCoreScheduler is used to return a new system scheduler instance

func NewFSM 

func NewFSM(config *FSMConfig) (*nomadFSM, error)

NewFSM is used to construct a new FSM with a blank state.

func NewPeriodicHeap 

func NewPeriodicHeap() *periodicHeap

func NewVaultClient 

func NewVaultClient(c *config.VaultConfig, logger log.Logger, purgeFn PurgeVaultAccessorFn, delegate taskClientHandler) (*vaultClient, error)

NewVaultClient returns a Vault client from the given config. If the client couldn't be made an error is returned.

func NodeRpc 

func NodeRpc(session *yamux.Session, method string, args, reply interface{}) error

NodeRpc is used to make an RPC call to a node. The method takes the Yamux session for the node and the method to be called.

func NodeStreamingRpc 

func NodeStreamingRpc(session *yamux.Session, method string) (net.Conn, error)

NodeStreamingRpc is used to make a streaming RPC call to a node. The method takes the Yamux session for the node and the method to be called. It conducts the initial handshake and returns a connection to be used or an error. It is the callers responsibility to close the connection if there is no error.

func ServersMeetMinimumVersion 

func ServersMeetMinimumVersion(members []serf.Member, region string, minVersion *version.Version, checkFailedServers bool) bool

ServersMeetMinimumVersion returns whether the Nomad servers are at least on the given Nomad version. The checkFailedServers parameter specifies whether version for the failed servers should be verified.

func TestJoin 

func TestJoin(t *testing.T, servers ...*Server)

Types

type ACL 

type ACL struct {
	// contains filtered or unexported fields
}

ACL endpoint is used for manipulating ACL tokens and policies

func NewACLEndpoint 

func NewACLEndpoint(srv *Server, ctx *RPCContext) *ACL

func (*ACL) Bootstrap 

func (a *ACL) Bootstrap(args *structs.ACLTokenBootstrapRequest, reply *structs.ACLTokenUpsertResponse) error

Bootstrap is used to bootstrap the initial token

func (*ACL) DeleteAuthMethods 

func (a *ACL) DeleteAuthMethods(
	args *structs.ACLAuthMethodDeleteRequest,
	reply *structs.ACLAuthMethodDeleteResponse) error

DeleteAuthMethods is used to delete auth methods

func (*ACL) DeletePolicies 

func (a *ACL) DeletePolicies(args *structs.ACLPolicyDeleteRequest, reply *structs.GenericResponse) error

DeletePolicies is used to delete policies

func (*ACL) DeleteRolesByID 

func (a *ACL) DeleteRolesByID(
	args *structs.ACLRolesDeleteByIDRequest,
	reply *structs.ACLRolesDeleteByIDResponse) error

DeleteRolesByID is used to batch delete ACL roles using the ID as the deletion key.

func (*ACL) DeleteTokens 

func (a *ACL) DeleteTokens(args *structs.ACLTokenDeleteRequest, reply *structs.GenericResponse) error

DeleteTokens is used to delete tokens

func (*ACL) ExchangeOneTimeToken 

func (a *ACL) ExchangeOneTimeToken(args *structs.OneTimeTokenExchangeRequest, reply *structs.OneTimeTokenExchangeResponse) error

ExchangeOneTimeToken provides a one-time token's secret ID to exchange it for the ACL token that created that one-time token

func (*ACL) ExpireOneTimeTokens 

func (a *ACL) ExpireOneTimeTokens(args *structs.OneTimeTokenExpireRequest, reply *structs.GenericResponse) error

ExpireOneTimeTokens removes all expired tokens from the state store. It is called only by garbage collection

func (*ACL) GetAuthMethod 

func (a *ACL) GetAuthMethod(
	args *structs.ACLAuthMethodGetRequest,
	reply *structs.ACLAuthMethodGetResponse) error

func (*ACL) GetAuthMethods 

func (a *ACL) GetAuthMethods(
	args *structs.ACLAuthMethodsGetRequest,
	reply *structs.ACLAuthMethodsGetResponse) error

GetAuthMethods is used to get a set of auth methods

func (*ACL) GetPolicies 

func (a *ACL) GetPolicies(args *structs.ACLPolicySetRequest, reply *structs.ACLPolicySetResponse) error

GetPolicies is used to get a set of policies

func (*ACL) GetPolicy 

func (a *ACL) GetPolicy(args *structs.ACLPolicySpecificRequest, reply *structs.SingleACLPolicyResponse) error

GetPolicy is used to get a specific policy

func (*ACL) GetRoleByID 

func (a *ACL) GetRoleByID(
	args *structs.ACLRoleByIDRequest,
	reply *structs.ACLRoleByIDResponse) error

GetRoleByID is used to look up an individual ACL role using its ID.

func (*ACL) GetRoleByName 

func (a *ACL) GetRoleByName(
	args *structs.ACLRoleByNameRequest,
	reply *structs.ACLRoleByNameResponse) error

GetRoleByName is used to look up an individual ACL role using its name.

func (*ACL) GetRolesByID 

func (a *ACL) GetRolesByID(args *structs.ACLRolesByIDRequest, reply *structs.ACLRolesByIDResponse) error

GetRolesByID is used to get a set of ACL Roles as defined by their ID. This endpoint is used by the replication process and Nomad agent client token resolution.

func (*ACL) GetToken 

func (a *ACL) GetToken(args *structs.ACLTokenSpecificRequest, reply *structs.SingleACLTokenResponse) error

GetToken is used to get a specific token

func (*ACL) GetTokens 

func (a *ACL) GetTokens(args *structs.ACLTokenSetRequest, reply *structs.ACLTokenSetResponse) error

GetTokens is used to get a set of token

func (*ACL) ListAuthMethods 

func (a *ACL) ListAuthMethods(
	args *structs.ACLAuthMethodListRequest,
	reply *structs.ACLAuthMethodListResponse) error

ListAuthMethods returns a list of ACL auth methods

func (*ACL) ListPolicies 

func (a *ACL) ListPolicies(args *structs.ACLPolicyListRequest, reply *structs.ACLPolicyListResponse) error

ListPolicies is used to list the policies

func (*ACL) ListRoles 

func (a *ACL) ListRoles(
	args *structs.ACLRolesListRequest,
	reply *structs.ACLRolesListResponse) error

ListRoles is used to list ACL roles within state. If not prefix is supplied, all ACL roles are listed, otherwise a prefix search is performed on the ACL role name.

func (*ACL) ListTokens 

func (a *ACL) ListTokens(args *structs.ACLTokenListRequest, reply *structs.ACLTokenListResponse) error

ListTokens is used to list the tokens

func (*ACL) ResolveToken 

func (a *ACL) ResolveToken(args *structs.ResolveACLTokenRequest, reply *structs.ResolveACLTokenResponse) error

ResolveToken is used to lookup a specific token by a secret ID. This is used for enforcing ACLs by clients.

func (*ACL) UpsertAuthMethods 

func (a *ACL) UpsertAuthMethods(
	args *structs.ACLAuthMethodUpsertRequest,
	reply *structs.ACLAuthMethodUpsertResponse) error

UpsertAuthMethods is used to create or update a set of auth methods

func (*ACL) UpsertOneTimeToken 

func (a *ACL) UpsertOneTimeToken(args *structs.OneTimeTokenUpsertRequest, reply *structs.OneTimeTokenUpsertResponse) error

func (*ACL) UpsertPolicies 

func (a *ACL) UpsertPolicies(args *structs.ACLPolicyUpsertRequest, reply *structs.GenericResponse) error

UpsertPolicies is used to create or update a set of policies

func (*ACL) UpsertRoles 

func (a *ACL) UpsertRoles(
	args *structs.ACLRolesUpsertRequest,
	reply *structs.ACLRolesUpsertResponse) error

UpsertRoles creates or updates ACL roles held within Nomad.

func (*ACL) UpsertTokens 

func (a *ACL) UpsertTokens(args *structs.ACLTokenUpsertRequest, reply *structs.ACLTokenUpsertResponse) error

UpsertTokens is used to create or update a set of tokens

func (*ACL) WhoAmI 

func (a *ACL) WhoAmI(args *structs.GenericRequest, reply *structs.ACLWhoAmIResponse) error

WhoAmI is a RPC for debugging authentication. This endpoint returns the same AuthenticatedIdentity that will be used by RPC handlers.

TODO: At some point we might want to give this an equivalent HTTP endpoint once other Workload Identity work is solidified

type Agent 

type Agent struct {
	// contains filtered or unexported fields
}

func NewAgentEndpoint 

func NewAgentEndpoint(srv *Server) *Agent

func (*Agent) Host 

func (a *Agent) Host(args *structs.HostDataRequest, reply *structs.HostDataResponse) error

Host returns data about the agent's host system for the `debug` command.

func (*Agent) Profile 

func (a *Agent) Profile(args *structs.AgentPprofRequest, reply *structs.AgentPprofResponse) error

type Alloc 

type Alloc struct {
	// contains filtered or unexported fields
}

Alloc endpoint is used for manipulating allocations

func NewAllocEndpoint 

func NewAllocEndpoint(srv *Server, ctx *RPCContext) *Alloc

func (*Alloc) GetAlloc 

func (a *Alloc) GetAlloc(args *structs.AllocSpecificRequest,
	reply *structs.SingleAllocResponse) error

GetAlloc is used to lookup a particular allocation

func (*Alloc) GetAllocs 

func (a *Alloc) GetAllocs(args *structs.AllocsGetRequest,
	reply *structs.AllocsGetResponse) error

GetAllocs is used to lookup a set of allocations

func (*Alloc) GetServiceRegistrations 

func (a *Alloc) GetServiceRegistrations(
	args *structs.AllocServiceRegistrationsRequest,
	reply *structs.AllocServiceRegistrationsResponse) error

GetServiceRegistrations returns a list of service registrations which belong to the passed allocation ID.

func (*Alloc) List 

func (a *Alloc) List(args *structs.AllocListRequest, reply *structs.AllocListResponse) error

List is used to list the allocations in the system

func (*Alloc) Stop 

func (a *Alloc) Stop(args *structs.AllocStopRequest, reply *structs.AllocStopResponse) error

Stop is used to stop an allocation and migrate it to another node.

func (*Alloc) UpdateDesiredTransition 

func (a *Alloc) UpdateDesiredTransition(args *structs.AllocUpdateDesiredTransitionRequest, reply *structs.GenericResponse) error

UpdateDesiredTransition is used to update the desired transitions of an allocation.

type AllocGetter 

type AllocGetter interface {
	AllocByID(ws memdb.WatchSet, id string) (*structs.Allocation, error)
}

AllocGetter is an interface for retrieving allocations by ID. It is satisfied by *state.StateStore and *state.StateSnapshot.

type AutopilotDelegate 

type AutopilotDelegate struct {
	// contains filtered or unexported fields
}

AutopilotDelegate is a Nomad delegate for autopilot operations. It implements the autopilot.ApplicationIntegration interface, and the methods required for that interface have been documented as such below.

func (*AutopilotDelegate) AutopilotConfig 

func (d *AutopilotDelegate) AutopilotConfig() *autopilot.Config

AutopilotConfig is used to retrieve the latest configuration from the Nomad delegate. This method is required to implement the ApplicationIntegration interface.

func (*AutopilotDelegate) FetchServerStats 

func (d *AutopilotDelegate) FetchServerStats(ctx context.Context, servers map[raft.ServerID]*autopilot.Server) map[raft.ServerID]*autopilot.ServerStats

FetchServerStats will be called by autopilot to request Nomad fetch the server stats out of band. This method is required to implement the ApplicationIntegration interface

func (*AutopilotDelegate) KnownServers 

func (d *AutopilotDelegate) KnownServers() map[raft.ServerID]*autopilot.Server

KnownServers will be called by autopilot to request the list of servers known to Nomad. This method is required to implement the ApplicationIntegration interface

func (*AutopilotDelegate) NotifyState 

func (d *AutopilotDelegate) NotifyState(state *autopilot.State)

NotifyState will be called when the autopilot state is updated. The Nomad leader heartbeats a metric for monitoring based on this information. This method is required to implement the ApplicationIntegration interface

func (*AutopilotDelegate) RemoveFailedServer 

func (d *AutopilotDelegate) RemoveFailedServer(failedSrv *autopilot.Server)

RemoveFailedServer will be called by autopilot to notify Nomad to remove the server in a failed state. This method is required to implement the ApplicationIntegration interface. (Note this is expected to return immediately so we'll spawn a goroutine for it.)

type BadNodeTracker 

type BadNodeTracker interface {
	Add(string) bool
	EmitStats(time.Duration, <-chan struct{})
}

type BlockedEvals 

type BlockedEvals struct {
	// contains filtered or unexported fields
}

BlockedEvals is used to track evaluations that shouldn't be queued until a certain class of nodes becomes available. An evaluation is put into the blocked state when it is run through the scheduler and produced failed allocations. It is unblocked when the capacity of a node that could run the failed allocation becomes available.

func NewBlockedEvals 

func NewBlockedEvals(evalBroker *EvalBroker, logger hclog.Logger) *BlockedEvals

NewBlockedEvals creates a new blocked eval tracker that will enqueue unblocked evals into the passed broker.

func (*BlockedEvals) Block 

func (b *BlockedEvals) Block(eval *structs.Evaluation)

Block tracks the passed evaluation and enqueues it into the eval broker when a suitable node calls unblock.

func (*BlockedEvals) EmitStats 

func (b *BlockedEvals) EmitStats(period time.Duration, stopCh <-chan struct{})

EmitStats is used to export metrics about the blocked eval tracker while enabled

func (*BlockedEvals) Enabled 

func (b *BlockedEvals) Enabled() bool

Enabled is used to check if the broker is enabled.

func (*BlockedEvals) Flush 

func (b *BlockedEvals) Flush()

Flush is used to clear the state of blocked evaluations.

func (*BlockedEvals) GetDuplicates 

func (b *BlockedEvals) GetDuplicates(timeout time.Duration) []*structs.Evaluation

GetDuplicates returns all the duplicate evaluations and blocks until the passed timeout.

func (*BlockedEvals) Reblock 

func (b *BlockedEvals) Reblock(eval *structs.Evaluation, token string)

Reblock tracks the passed evaluation and enqueues it into the eval broker when a suitable node calls unblock. Reblock should be used over Block when the blocking is occurring by an outstanding evaluation. The token is the evaluation's token.

func (*BlockedEvals) SetEnabled 

func (b *BlockedEvals) SetEnabled(enabled bool)

SetEnabled is used to control if the blocked eval tracker is enabled. The tracker should only be enabled on the active leader.

func (*BlockedEvals) SetTimetable 

func (b *BlockedEvals) SetTimetable(timetable *TimeTable)

func (*BlockedEvals) Stats 

func (b *BlockedEvals) Stats() *BlockedStats

Stats is used to query the state of the blocked eval tracker.

func (*BlockedEvals) Unblock 

func (b *BlockedEvals) Unblock(computedClass string, index uint64)

Unblock causes any evaluation that could potentially make progress on a capacity change on the passed computed node class to be enqueued into the eval broker.

func (*BlockedEvals) UnblockClassAndQuota 

func (b *BlockedEvals) UnblockClassAndQuota(class, quota string, index uint64)

UnblockClassAndQuota causes any evaluation that could potentially make progress on a capacity change on the passed computed node class or quota to be enqueued into the eval broker.

func (*BlockedEvals) UnblockFailed 

func (b *BlockedEvals) UnblockFailed()

UnblockFailed unblocks all blocked evaluation that were due to scheduler failure.

func (*BlockedEvals) UnblockNode 

func (b *BlockedEvals) UnblockNode(nodeID string, index uint64)

UnblockNode finds any blocked evalution that's node specific (system jobs) and enqueues it on the eval broker

func (*BlockedEvals) UnblockQuota 

func (b *BlockedEvals) UnblockQuota(quota string, index uint64)

UnblockQuota causes any evaluation that could potentially make progress on a capacity change on the passed quota to be enqueued into the eval broker.

func (*BlockedEvals) Untrack 

func (b *BlockedEvals) Untrack(jobID, namespace string)

Untrack causes any blocked evaluation for the passed job to be no longer tracked. Untrack is called when there is a successful evaluation for the job and a blocked evaluation is no longer needed.

type BlockedEvaluations 

type BlockedEvaluations []*structs.Evaluation

BlockedEvaluations is a list of blocked evaluations for a given job. We implement the container/heap interface so that this is a priority queue.

func (BlockedEvaluations) Len 

func (p BlockedEvaluations) Len() int

Len is for the sorting interface

func (BlockedEvaluations) Less 

func (p BlockedEvaluations) Less(i, j int) bool

Less is for the sorting interface. We flip the check so that the "min" in the min-heap is the element with the highest priority or highest modify index

func (*BlockedEvaluations) MarkForCancel 

func (p *BlockedEvaluations) MarkForCancel() []*structs.Evaluation

MarkForCancel is used to clear the blocked list of all but the one with the highest modify index and highest priority. It returns a slice of cancelable evals so that Eval.Ack RPCs can write batched raft entries to cancel them. This must be called inside the broker's lock.

func (*BlockedEvaluations) Pop 

func (p *BlockedEvaluations) Pop() interface{}

Pop implements the heap interface and is used to remove an evaluation from the slice

func (*BlockedEvaluations) Push 

func (p *BlockedEvaluations) Push(e interface{})

Push implements the heap interface and is used to add a new evaluation to the slice

func (BlockedEvaluations) Swap 

func (p BlockedEvaluations) Swap(i, j int)

Swap is for the sorting interface

type BlockedResourcesStats 

type BlockedResourcesStats struct {
	ByJob       map[structs.NamespacedID]BlockedResourcesSummary
	ByClassInDC map[classInDC]BlockedResourcesSummary
}

BlockedResourcesStats stores resources requested by blocked evaluations, tracked both by job and by node.

func NewBlockedResourcesStats 

func NewBlockedResourcesStats() *BlockedResourcesStats

NewBlockedResourcesStats returns a new BlockedResourcesStats.

func (*BlockedResourcesStats) Add 

func (b *BlockedResourcesStats) Add(a *BlockedResourcesStats) *BlockedResourcesStats

Add returns a new BlockedResourcesStats with the values set to the current resource values plus the input.

func (*BlockedResourcesStats) Copy 

func (b *BlockedResourcesStats) Copy() *BlockedResourcesStats

Copy returns a deep copy of the blocked resource stats.

func (*BlockedResourcesStats) Subtract 

func (b *BlockedResourcesStats) Subtract(a *BlockedResourcesStats) *BlockedResourcesStats

Subtract returns a new BlockedResourcesStats with the values set to the current resource values minus the input.

type BlockedResourcesSummary 

type BlockedResourcesSummary struct {
	Timestamp time.Time
	CPU       int
	MemoryMB  int
}

BlockedResourcesSummary stores resource values for blocked evals.

func (BlockedResourcesSummary) Add 

func (b BlockedResourcesSummary) Add(a BlockedResourcesSummary) BlockedResourcesSummary

Add returns a new BlockedResourcesSummary with each resource set to the current value plus the input.

func (BlockedResourcesSummary) IsZero 

func (b BlockedResourcesSummary) IsZero() bool

IsZero returns true if all resource values are zero.

func (BlockedResourcesSummary) Subtract 

func (b BlockedResourcesSummary) Subtract(a BlockedResourcesSummary) BlockedResourcesSummary

Subtract returns a new BlockedResourcesSummary with each resource set to the current value minus the input.

type BlockedStats 

type BlockedStats struct {
	// TotalEscaped is the total number of blocked evaluations that have escaped
	// computed node classes.
	TotalEscaped int

	// TotalBlocked is the total number of blocked evaluations.
	TotalBlocked int

	// TotalQuotaLimit is the total number of blocked evaluations that are due
	// to the quota limit being reached.
	TotalQuotaLimit int

	// BlockedResources stores the amount of resources requested by blocked
	// evaluations.
	BlockedResources *BlockedResourcesStats
}

BlockedStats returns all the stats about the blocked eval tracker.

func NewBlockedStats 

func NewBlockedStats() *BlockedStats

NewBlockedStats returns a new BlockedStats.

func (*BlockedStats) Block 

func (b *BlockedStats) Block(eval *structs.Evaluation)

Block updates the stats for the blocked eval tracker with the details of the evaluation being blocked.

func (*BlockedStats) Unblock 

func (b *BlockedStats) Unblock(eval *structs.Evaluation)

Unblock updates the stats for the blocked eval tracker with the details of the evaluation being unblocked.

type BrokerStats 

type BrokerStats struct {
	TotalReady      int
	TotalUnacked    int
	TotalBlocked    int
	TotalWaiting    int
	TotalCancelable int
	DelayedEvals    map[string]*structs.Evaluation
	ByScheduler     map[string]*SchedulerStats
}

BrokerStats returns all the stats about the broker

type CSIPlugin 

type CSIPlugin struct {
	// contains filtered or unexported fields
}

CSIPlugin wraps the structs.CSIPlugin with request data and server context

func NewCSIPluginEndpoint 

func NewCSIPluginEndpoint(srv *Server, ctx *RPCContext) *CSIPlugin

func (*CSIPlugin) Delete 

func (v *CSIPlugin) Delete(args *structs.CSIPluginDeleteRequest, reply *structs.CSIPluginDeleteResponse) error

Delete deletes a plugin if it is unused

func (*CSIPlugin) Get 

func (v *CSIPlugin) Get(args *structs.CSIPluginGetRequest, reply *structs.CSIPluginGetResponse) error

Get fetches detailed information about a specific plugin

func (*CSIPlugin) List 

func (v *CSIPlugin) List(args *structs.CSIPluginListRequest, reply *structs.CSIPluginListResponse) error

List replies with CSIPlugins, filtered by ACL access

type CSIVolume 

type CSIVolume struct {
	// contains filtered or unexported fields
}

CSIVolume wraps the structs.CSIVolume with request data and server context

func NewCSIVolumeEndpoint 

func NewCSIVolumeEndpoint(srv *Server, ctx *RPCContext) *CSIVolume

func (*CSIVolume) Claim 

func (v *CSIVolume) Claim(args *structs.CSIVolumeClaimRequest, reply *structs.CSIVolumeClaimResponse) error

Claim submits a change to a volume claim

func (*CSIVolume) Create 

func (v *CSIVolume) Create(args *structs.CSIVolumeCreateRequest, reply *structs.CSIVolumeCreateResponse) error

func (*CSIVolume) CreateSnapshot 

func (v *CSIVolume) CreateSnapshot(args *structs.CSISnapshotCreateRequest, reply *structs.CSISnapshotCreateResponse) error

func (*CSIVolume) Delete 

func (v *CSIVolume) Delete(args *structs.CSIVolumeDeleteRequest, reply *structs.CSIVolumeDeleteResponse) error

func (*CSIVolume) DeleteSnapshot 

func (v *CSIVolume) DeleteSnapshot(args *structs.CSISnapshotDeleteRequest, reply *structs.CSISnapshotDeleteResponse) error

func (*CSIVolume) Deregister 

func (v *CSIVolume) Deregister(args *structs.CSIVolumeDeregisterRequest, reply *structs.CSIVolumeDeregisterResponse) error

Deregister removes a set of volumes

func (*CSIVolume) Get 

func (v *CSIVolume) Get(args *structs.CSIVolumeGetRequest, reply *structs.CSIVolumeGetResponse) error

Get fetches detailed information about a specific volume

func (*CSIVolume) List 

func (v *CSIVolume) List(args *structs.CSIVolumeListRequest, reply *structs.CSIVolumeListResponse) error

List replies with CSIVolumes, filtered by ACL access

func (*CSIVolume) ListExternal 

func (v *CSIVolume) ListExternal(args *structs.CSIVolumeExternalListRequest, reply *structs.CSIVolumeExternalListResponse) error

func (*CSIVolume) ListSnapshots 

func (v *CSIVolume) ListSnapshots(args *structs.CSISnapshotListRequest, reply *structs.CSISnapshotListResponse) error

func (*CSIVolume) Register 

func (v *CSIVolume) Register(args *structs.CSIVolumeRegisterRequest, reply *structs.CSIVolumeRegisterResponse) error

Register registers a new volume or updates an existing volume. Note that most user-defined CSIVolume fields are immutable once the volume has been created.

If the user needs to change fields because they've misconfigured the registration of the external volume, we expect that claims won't work either, and the user can deregister the volume and try again with the right settings. This lets us be as strict with validation here as the CreateVolume CSI RPC is expected to be.

func (*CSIVolume) Unpublish 

func (v *CSIVolume) Unpublish(args *structs.CSIVolumeUnpublishRequest, reply *structs.CSIVolumeUnpublishResponse) error

Unpublish synchronously sends the NodeUnpublish, NodeUnstage, and ControllerUnpublish RPCs to the client. It handles errors according to the current claim state.

type CachedBadNodeTracker 

type CachedBadNodeTracker struct {
	// contains filtered or unexported fields
}

CachedBadNodeTracker keeps a record of nodes marked as bad by the plan applier in a LRU cache.

It takes a time window and a threshold value. Plan rejections for a node will be registered with its timestamp. If the number of rejections within the time window is greater than the threshold the node is reported as bad.

The tracker uses a fixed size cache that evicts old entries based on access frequency and recency.

func NewCachedBadNodeTracker 

func NewCachedBadNodeTracker(logger hclog.Logger, config CachedBadNodeTrackerConfig) (*CachedBadNodeTracker, error)

NewCachedBadNodeTracker returns a new CachedBadNodeTracker.

func (*CachedBadNodeTracker) Add 

func (c *CachedBadNodeTracker) Add(nodeID string) bool

Add records a new rejection for a node and returns true if the number of rejections reaches the threshold.

If it's the first time the node is added it will be included in the internal cache. If the cache is full the least recently updated or accessed node is evicted.

func (*CachedBadNodeTracker) EmitStats 

func (c *CachedBadNodeTracker) EmitStats(period time.Duration, stopCh <-chan struct{})

EmitStats generates metrics for the bad nodes being currently tracked. Must be called in a goroutine.

type CachedBadNodeTrackerConfig 

type CachedBadNodeTrackerConfig struct {
	CacheSize int
	RateLimit float64
	BurstSize int
	Window    time.Duration
	Threshold int
}

func DefaultCachedBadNodeTrackerConfig 

func DefaultCachedBadNodeTrackerConfig() CachedBadNodeTrackerConfig

type ClientAllocations 

type ClientAllocations struct {
	// contains filtered or unexported fields
}

ClientAllocations is used to forward RPC requests to the targeted Nomad client's Allocation endpoint.

func NewClientAllocationsEndpoint 

func NewClientAllocationsEndpoint(srv *Server) *ClientAllocations

func (*ClientAllocations) Checks 

func (a *ClientAllocations) Checks(args *cstructs.AllocChecksRequest, reply *cstructs.AllocChecksResponse) error

Checks is the server implementation of the allocation checks RPC. The ultimate response is provided by the node running the allocation. This RPC is needed to handle queries which hit the server agent API directly, or via another node which is not running the allocation.

func (*ClientAllocations) GarbageCollect 

func (a *ClientAllocations) GarbageCollect(args *structs.AllocSpecificRequest, reply *structs.GenericResponse) error

GarbageCollect is used to garbage collect an allocation on a client.

func (*ClientAllocations) GarbageCollectAll 

func (a *ClientAllocations) GarbageCollectAll(args *structs.NodeSpecificRequest, reply *structs.GenericResponse) error

GarbageCollectAll is used to garbage collect all allocations on a client.

func (*ClientAllocations) Restart 

func (a *ClientAllocations) Restart(args *structs.AllocRestartRequest, reply *structs.GenericResponse) error

Restart is used to trigger a restart of an allocation or a subtask on a client.

func (*ClientAllocations) Signal 

func (a *ClientAllocations) Signal(args *structs.AllocSignalRequest, reply *structs.GenericResponse) error

Signal is used to send a signal to an allocation on a client.

func (*ClientAllocations) Stats 

func (a *ClientAllocations) Stats(args *cstructs.AllocStatsRequest, reply *cstructs.AllocStatsResponse) error

Stats is used to collect allocation statistics

type ClientCSI 

type ClientCSI struct {
	// contains filtered or unexported fields
}

ClientCSI is used to forward RPC requests to the targed Nomad client's CSIController endpoint.

func NewClientCSIEndpoint 

func NewClientCSIEndpoint(srv *Server) *ClientCSI

func (*ClientCSI) ControllerAttachVolume 

func (a *ClientCSI) ControllerAttachVolume(args *cstructs.ClientCSIControllerAttachVolumeRequest, reply *cstructs.ClientCSIControllerAttachVolumeResponse) error

func (*ClientCSI) ControllerCreateSnapshot 

func (a *ClientCSI) ControllerCreateSnapshot(args *cstructs.ClientCSIControllerCreateSnapshotRequest, reply *cstructs.ClientCSIControllerCreateSnapshotResponse) error

func (*ClientCSI) ControllerCreateVolume 

func (a *ClientCSI) ControllerCreateVolume(args *cstructs.ClientCSIControllerCreateVolumeRequest, reply *cstructs.ClientCSIControllerCreateVolumeResponse) error

func (*ClientCSI) ControllerDeleteSnapshot 

func (a *ClientCSI) ControllerDeleteSnapshot(args *cstructs.ClientCSIControllerDeleteSnapshotRequest, reply *cstructs.ClientCSIControllerDeleteSnapshotResponse) error

func (*ClientCSI) ControllerDeleteVolume 

func (a *ClientCSI) ControllerDeleteVolume(args *cstructs.ClientCSIControllerDeleteVolumeRequest, reply *cstructs.ClientCSIControllerDeleteVolumeResponse) error

func (*ClientCSI) ControllerDetachVolume 

func (a *ClientCSI) ControllerDetachVolume(args *cstructs.ClientCSIControllerDetachVolumeRequest, reply *cstructs.ClientCSIControllerDetachVolumeResponse) error

func (*ClientCSI) ControllerListSnapshots 

func (a *ClientCSI) ControllerListSnapshots(args *cstructs.ClientCSIControllerListSnapshotsRequest, reply *cstructs.ClientCSIControllerListSnapshotsResponse) error

func (*ClientCSI) ControllerListVolumes 

func (a *ClientCSI) ControllerListVolumes(args *cstructs.ClientCSIControllerListVolumesRequest, reply *cstructs.ClientCSIControllerListVolumesResponse) error

func (*ClientCSI) ControllerValidateVolume 

func (a *ClientCSI) ControllerValidateVolume(args *cstructs.ClientCSIControllerValidateVolumeRequest, reply *cstructs.ClientCSIControllerValidateVolumeResponse) error

func (*ClientCSI) NodeDetachVolume 

func (a *ClientCSI) NodeDetachVolume(args *cstructs.ClientCSINodeDetachVolumeRequest, reply *cstructs.ClientCSINodeDetachVolumeResponse) error

type ClientStats 

type ClientStats struct {
	// contains filtered or unexported fields
}

ClientStats is used to forward RPC requests to the targed Nomad client's ClientStats endpoint.

func NewClientStatsEndpoint 

func NewClientStatsEndpoint(srv *Server) *ClientStats

func (*ClientStats) Stats 

func (s *ClientStats) Stats(args *nstructs.NodeSpecificRequest, reply *structs.ClientStatsResponse) error

type Config 

type Config struct {
	// BootstrapExpect mode is used to automatically bring up a
	// collection of Nomad servers. This can be used to automatically
	// bring up a collection of nodes.
	//
	// The BootstrapExpect can be of any of the following values:
	//  1: Server will form a single node cluster and become a leader immediately
	//  N, larger than 1: Server will wait until it's connected to N servers
	//      before attempting leadership and forming the cluster.  No Raft Log operation
	//      will succeed until then.
	//  0: Server will wait to get a Raft configuration from another node and may not
	//      attempt to form a cluster or establish leadership on its own.
	BootstrapExpect int

	// DataDir is the directory to store our state in
	DataDir string

	// DevMode is used for development purposes only and limits the
	// use of persistence or state.
	DevMode bool

	// EnableDebug is used to enable debugging RPC endpoints
	// in the absence of ACLs
	EnableDebug bool

	// EnableEventBroker is used to enable or disable state store
	// event publishing
	EnableEventBroker bool

	// EventBufferSize is the amount of events to hold in memory.
	EventBufferSize int64

	// LogOutput is the location to write logs to. If this is not set,
	// logs will go to stderr.
	LogOutput io.Writer

	// Logger is the logger used by the server.
	Logger log.InterceptLogger

	// RPCAddr is the RPC address used by Nomad. This should be reachable
	// by the other servers and clients
	RPCAddr *net.TCPAddr

	// ClientRPCAdvertise is the address that is advertised to client nodes for
	// the RPC endpoint. This can differ from the RPC address, if for example
	// the RPCAddr is unspecified "0.0.0.0:4646", but this address must be
	// reachable
	ClientRPCAdvertise *net.TCPAddr

	// ServerRPCAdvertise is the address that is advertised to other servers for
	// the RPC endpoint. This can differ from the RPC address, if for example
	// the RPCAddr is unspecified "0.0.0.0:4646", but this address must be
	// reachable
	ServerRPCAdvertise *net.TCPAddr

	// RaftConfig is the configuration used for Raft in the local DC
	RaftConfig *raft.Config

	// RaftTimeout is applied to any network traffic for raft. Defaults to 10s.
	RaftTimeout time.Duration

	// (Enterprise-only) NonVoter is used to prevent this server from being added
	// as a voting member of the Raft cluster.
	NonVoter bool

	// (Enterprise-only) RedundancyZone is the redundancy zone to use for this server.
	RedundancyZone string

	// (Enterprise-only) UpgradeVersion is the custom upgrade version to use when
	// performing upgrade migrations.
	UpgradeVersion string

	// SerfConfig is the configuration for the serf cluster
	SerfConfig *serf.Config

	// Node name is the name we use to advertise. Defaults to hostname.
	NodeName string

	// NodeID is the uuid of this server.
	NodeID string

	// Region is the region this Nomad server belongs to.
	Region string

	// AuthoritativeRegion is the region which is treated as the authoritative source
	// for ACLs and Policies. This provides a single source of truth to resolve conflicts.
	AuthoritativeRegion string

	// Datacenter is the datacenter this Nomad server belongs to.
	Datacenter string

	// Build is a string that is gossiped around, and can be used to help
	// operators track which versions are actively deployed
	Build string

	// Revision is a string that carries the version.GitCommit of Nomad that
	// was compiled.
	Revision string

	// NumSchedulers is the number of scheduler thread that are run.
	// This can be as many as one per core, or zero to disable this server
	// from doing any scheduling work.
	NumSchedulers int

	// EnabledSchedulers controls the set of sub-schedulers that are
	// enabled for this server to handle. This will restrict the evaluations
	// that the workers dequeue for processing.
	EnabledSchedulers []string

	// ReconcileInterval controls how often we reconcile the strongly
	// consistent store with the Serf info. This is used to handle nodes
	// that are force removed, as well as intermittent unavailability during
	// leader election.
	ReconcileInterval time.Duration

	// EvalGCInterval is how often we dispatch a job to GC evaluations
	EvalGCInterval time.Duration

	// EvalGCThreshold is how "old" an evaluation must be to be eligible
	// for GC. This gives users some time to debug a failed evaluation.
	EvalGCThreshold time.Duration

	// JobGCInterval is how often we dispatch a job to GC jobs that are
	// available for garbage collection.
	JobGCInterval time.Duration

	// JobGCThreshold is how old a job must be before it eligible for GC. This gives
	// the user time to inspect the job.
	JobGCThreshold time.Duration

	// NodeGCInterval is how often we dispatch a job to GC failed nodes.
	NodeGCInterval time.Duration

	// NodeGCThreshold is how "old" a node must be to be eligible
	// for GC. This gives users some time to view and debug a failed nodes.
	NodeGCThreshold time.Duration

	// DeploymentGCInterval is how often we dispatch a job to GC terminal
	// deployments.
	DeploymentGCInterval time.Duration

	// DeploymentGCThreshold is how "old" a deployment must be to be eligible
	// for GC. This gives users some time to view terminal deployments.
	DeploymentGCThreshold time.Duration

	// CSIPluginGCInterval is how often we dispatch a job to GC unused plugins.
	CSIPluginGCInterval time.Duration

	// CSIPluginGCThreshold is how "old" a plugin must be to be eligible
	// for GC. This gives users some time to debug plugins.
	CSIPluginGCThreshold time.Duration

	// CSIVolumeClaimGCInterval is how often we dispatch a job to GC
	// volume claims.
	CSIVolumeClaimGCInterval time.Duration

	// CSIVolumeClaimGCThreshold is how "old" a volume must be to be
	// eligible for GC. This gives users some time to debug volumes.
	CSIVolumeClaimGCThreshold time.Duration

	// OneTimeTokenGCInterval is how often we dispatch a job to GC
	// one-time tokens.
	OneTimeTokenGCInterval time.Duration

	// ACLTokenExpirationGCInterval is how often we dispatch a job to GC
	// expired ACL tokens.
	ACLTokenExpirationGCInterval time.Duration

	// ACLTokenExpirationGCThreshold controls how "old" an expired ACL token
	// must be to be collected by GC.
	ACLTokenExpirationGCThreshold time.Duration

	// RootKeyGCInterval is how often we dispatch a job to GC
	// encryption key metadata
	RootKeyGCInterval time.Duration

	// RootKeyGCThreshold is how "old" encryption key metadata must be
	// to be eligible for GC.
	RootKeyGCThreshold time.Duration

	// RootKeyRotationThreshold is how "old" an active key can be
	// before it's rotated
	RootKeyRotationThreshold time.Duration

	// VariablesRekeyInterval is how often we dispatch a job to
	// rekey any variables associated with a key in the Rekeying state
	VariablesRekeyInterval time.Duration

	// EvalNackTimeout controls how long we allow a sub-scheduler to
	// work on an evaluation before we consider it failed and Nack it.
	// This allows that evaluation to be handed to another sub-scheduler
	// to work on. Defaults to 60 seconds. This should be long enough that
	// no evaluation hits it unless the sub-scheduler has failed.
	EvalNackTimeout time.Duration

	// EvalDeliveryLimit is the limit of attempts we make to deliver and
	// process an evaluation. This is used so that an eval that will never
	// complete eventually fails out of the system.
	EvalDeliveryLimit int

	// EvalNackInitialReenqueueDelay is the delay applied before reenqueuing a
	// Nacked evaluation for the first time. This value should be small as the
	// initial Nack can be due to a down machine and the eval should be retried
	// quickly for liveliness.
	EvalNackInitialReenqueueDelay time.Duration

	// EvalNackSubsequentReenqueueDelay is the delay applied before reenqueuing
	// an evaluation that has been Nacked more than once. This delay is
	// compounding after the first Nack. This value should be significantly
	// longer than the initial delay as the purpose it severs is to apply
	// back-pressure as evaluations are being Nacked either due to scheduler
	// failures or because they are hitting their Nack timeout, both of which
	// are signs of high server resource usage.
	EvalNackSubsequentReenqueueDelay time.Duration

	// EvalFailedFollowupBaselineDelay is the minimum time waited before
	// retrying a failed evaluation.
	EvalFailedFollowupBaselineDelay time.Duration

	// EvalReapCancelableInterval is the interval for the periodic reaping of
	// cancelable evaluations. Cancelable evaluations are canceled whenever any
	// eval is ack'd but this sweeps up on quiescent clusters. This config value
	// exists only for testing.
	EvalReapCancelableInterval time.Duration

	// EvalFailedFollowupDelayRange defines the range of additional time from
	// the baseline in which to wait before retrying a failed evaluation. The
	// additional delay is selected from this range randomly.
	EvalFailedFollowupDelayRange time.Duration

	// NodePlanRejectionEnabled controls if node rejection tracker is enabled.
	NodePlanRejectionEnabled bool

	// NodePlanRejectionThreshold is the number of times a node must have a
	// plan rejection before it is set as ineligible.
	NodePlanRejectionThreshold int

	// NodePlanRejectionWindow is the time window used to track plan
	// rejections for nodes.
	NodePlanRejectionWindow time.Duration

	// MinHeartbeatTTL is the minimum time between heartbeats.
	// This is used as a floor to prevent excessive updates.
	MinHeartbeatTTL time.Duration

	// MaxHeartbeatsPerSecond is the maximum target rate of heartbeats
	// being processed per second. This allows the TTL to be increased
	// to meet the target rate.
	MaxHeartbeatsPerSecond float64

	// HeartbeatGrace is the additional time given as a grace period
	// beyond the TTL to account for network and processing delays
	// as well as clock skew.
	HeartbeatGrace time.Duration

	// FailoverHeartbeatTTL is the TTL applied to heartbeats after
	// a new leader is elected, since we no longer know the status
	// of all the heartbeats.
	FailoverHeartbeatTTL time.Duration

	// ConsulConfig is this Agent's Consul configuration
	ConsulConfig *config.ConsulConfig

	// VaultConfig is this Agent's Vault configuration
	VaultConfig *config.VaultConfig

	// RPCHoldTimeout is how long an RPC can be "held" before it is errored.
	// This is used to paper over a loss of leadership by instead holding RPCs,
	// so that the caller experiences a slow response rather than an error.
	// This period is meant to be long enough for a leader election to take
	// place, and a small jitter is applied to avoid a thundering herd.
	RPCHoldTimeout time.Duration

	// TLSConfig holds various TLS related configurations
	TLSConfig *config.TLSConfig

	// ACLEnabled controls if ACL enforcement and management is enabled.
	ACLEnabled bool

	// ReplicationBackoff is how much we backoff when replication errors.
	// This is a tunable knob for testing primarily.
	ReplicationBackoff time.Duration

	// ReplicationToken is the ACL Token Secret ID used to fetch from
	// the Authoritative Region.
	ReplicationToken string

	// TokenMinExpirationTTL is used to enforce the lowest acceptable value for
	// ACL token expiration.
	ACLTokenMinExpirationTTL time.Duration

	// TokenMaxExpirationTTL is used to enforce the highest acceptable value
	// for ACL token expiration.
	ACLTokenMaxExpirationTTL time.Duration

	// SentinelGCInterval is the interval that we GC unused policies.
	SentinelGCInterval time.Duration

	// SentinelConfig is this Agent's Sentinel configuration
	SentinelConfig *config.SentinelConfig

	// StatsCollectionInterval is the interval at which the Nomad server
	// publishes metrics which are periodic in nature like updating gauges
	StatsCollectionInterval time.Duration

	// DisableDispatchedJobSummaryMetrics allows for ignore dispatched jobs when
	// publishing Job summary metrics
	DisableDispatchedJobSummaryMetrics bool

	// AutopilotConfig is used to apply the initial autopilot config when
	// bootstrapping.
	AutopilotConfig *structs.AutopilotConfig

	// ServerHealthInterval is the frequency with which the health of the
	// servers in the cluster will be updated.
	ServerHealthInterval time.Duration

	// AutopilotInterval is the frequency with which the leader will perform
	// autopilot tasks, such as promoting eligible non-voters and removing
	// dead servers.
	AutopilotInterval time.Duration

	// DefaultSchedulerConfig configures the initial scheduler config to be persisted in Raft.
	// Once the cluster is bootstrapped, and Raft persists the config (from here or through API)
	// and this value is ignored.
	DefaultSchedulerConfig structs.SchedulerConfiguration `hcl:"default_scheduler_config"`

	// PluginLoader is used to load plugins.
	PluginLoader loader.PluginCatalog

	// PluginSingletonLoader is a plugin loader that will returns singleton
	// instances of the plugins.
	PluginSingletonLoader loader.PluginCatalog

	// RPCHandshakeTimeout is the deadline by which RPC handshakes must
	// complete. The RPC handshake includes the first byte read as well as
	// the TLS handshake and subsequent byte read if TLS is enabled.
	//
	// The deadline is reset after the first byte is read so when TLS is
	// enabled RPC connections may take (timeout * 2) to complete.
	//
	// 0 means no timeout.
	RPCHandshakeTimeout time.Duration

	// RPCMaxConnsPerClient is the maximum number of concurrent RPC
	// connections from a single IP address. nil/0 means no limit.
	RPCMaxConnsPerClient int

	// LicenseConfig is a tunable knob for enterprise license testing.
	LicenseConfig *LicenseConfig
	LicenseEnv    string
	LicensePath   string

	// SearchConfig provides knobs for Search API.
	SearchConfig *structs.SearchConfig

	// RaftBoltNoFreelistSync configures whether freelist syncing is enabled.
	RaftBoltNoFreelistSync bool

	// AgentShutdown is used to call agent.Shutdown from the context of a Server
	// It is used primarily for licensing
	AgentShutdown func() error

	// DeploymentQueryRateLimit is in queries per second and is used by the
	// DeploymentWatcher to throttle the amount of simultaneously deployments
	DeploymentQueryRateLimit float64
}

Config is used to parameterize the server

func DefaultConfig 

func DefaultConfig() *Config

DefaultConfig returns the default configuration. Only used as the basis for merging agent or test parameters.

func (*Config) Copy 

func (c *Config) Copy() *Config

type ConsulACLsAPI 

type ConsulACLsAPI interface {
	// CheckPermissions checks that the given Consul token has the necessary ACL
	// permissions for each way that Consul is used as indicated by usage,
	// returning an error if not.
	CheckPermissions(ctx context.Context, namespace string, usage *structs.ConsulUsage, secretID string) error

	// Create instructs Consul to create a Service Identity token.
	CreateToken(context.Context, ServiceIdentityRequest) (*structs.SIToken, error)

	// RevokeTokens instructs Consul to revoke the given token accessors.
	RevokeTokens(context.Context, []*structs.SITokenAccessor, bool) bool

	// MarkForRevocation marks the tokens for background revocation
	MarkForRevocation([]*structs.SITokenAccessor)

	// Stop is used to stop background token revocations. Intended to be used
	// on Nomad Server shutdown.
	Stop()
}

ConsulACLsAPI is an abstraction over the consul/api.ACL API used by Nomad Server.

ACL requirements - acl:write (transitive through ACLsAPI)

type ConsulConfigsAPI 

type ConsulConfigsAPI interface {
	// SetIngressCE adds the given ConfigEntry to Consul, overwriting
	// the previous entry if set.
	SetIngressCE(ctx context.Context, namespace, service string, entry *structs.ConsulIngressConfigEntry) error

	// SetTerminatingCE adds the given ConfigEntry to Consul, overwriting
	// the previous entry if set.
	SetTerminatingCE(ctx context.Context, namespace, service string, entry *structs.ConsulTerminatingConfigEntry) error

	// Stop is used to stop additional creations of Configuration Entries. Intended to
	// be used on Nomad Server shutdown.
	Stop()
}

ConsulConfigsAPI is an abstraction over the consul/api.ConfigEntries API used by Nomad Server.

Nomad will only perform write operations on Consul Ingress/Terminating Gateway Configuration Entries. Removing the entries is not yet safe, given that multiple Nomad clusters may be writing to the same config entries, which are global in the Consul scope. There was a Meta field introduced which Nomad can leverage in the future, when Consul no longer supports versions that do not contain the field. The Meta field would be used to track which Nomad "owns" the CE. https://github.com/hashicorp/nomad/issues/8971

type ConsulKeyRule 

type ConsulKeyRule struct {
	Name   string `hcl:",key"`
	Policy string
}

ConsulKeyRule represents a policy for the keystore.

type ConsulPolicy 

type ConsulPolicy struct {
	Services          []*ConsulServiceRule     `hcl:"service,expand"`
	ServicePrefixes   []*ConsulServiceRule     `hcl:"service_prefix,expand"`
	KeyPrefixes       []*ConsulKeyRule         `hcl:"key_prefix,expand"`
	Namespaces        map[string]*ConsulPolicy `hcl:"namespace,expand"`
	NamespacePrefixes map[string]*ConsulPolicy `hcl:"namespace_prefix,expand"`
}

ConsulPolicy represents the parts of a ConsulServiceRule Policy that are relevant to Service Identity authorizations.

type ConsulServiceRule 

type ConsulServiceRule struct {
	Name   string `hcl:",key"`
	Policy string
}

ConsulServiceRule represents a policy for a service.

type CoreScheduler 

type CoreScheduler struct {
	// contains filtered or unexported fields
}

CoreScheduler is a special "scheduler" that is registered as "_core". It is used to run various administrative work across the cluster.

func (*CoreScheduler) Process 

func (c *CoreScheduler) Process(eval *structs.Evaluation) error

Process is used to implement the scheduler.Scheduler interface

type Deployment 

type Deployment struct {
	// contains filtered or unexported fields
}

Deployment endpoint is used for manipulating deployments

func NewDeploymentEndpoint 

func NewDeploymentEndpoint(srv *Server, ctx *RPCContext) *Deployment

func (*Deployment) Allocations 

func (d *Deployment) Allocations(args *structs.DeploymentSpecificRequest, reply *structs.AllocListResponse) error

Allocations returns the list of allocations that are a part of the deployment

func (*Deployment) Cancel 

func (d *Deployment) Cancel(args *structs.DeploymentCancelRequest, reply *structs.DeploymentUpdateResponse) error

Cancel is used to cancel a deployment

func (*Deployment) Fail 

func (d *Deployment) Fail(args *structs.DeploymentFailRequest, reply *structs.DeploymentUpdateResponse) error

Fail is used to force fail a deployment

func (*Deployment) GetDeployment 

func (d *Deployment) GetDeployment(args *structs.DeploymentSpecificRequest,
	reply *structs.SingleDeploymentResponse) error

GetDeployment is used to request information about a specific deployment

func (*Deployment) List 

func (d *Deployment) List(args *structs.DeploymentListRequest, reply *structs.DeploymentListResponse) error

List returns the list of deployments in the system

func (*Deployment) Pause 

func (d *Deployment) Pause(args *structs.DeploymentPauseRequest, reply *structs.DeploymentUpdateResponse) error

Pause is used to pause a deployment

func (*Deployment) Promote 

func (d *Deployment) Promote(args *structs.DeploymentPromoteRequest, reply *structs.DeploymentUpdateResponse) error

Promote is used to promote canaries in a deployment

func (*Deployment) Reap 

func (d *Deployment) Reap(args *structs.DeploymentDeleteRequest,
	reply *structs.GenericResponse) error

Reap is used to cleanup terminal deployments

func (*Deployment) Run 

func (d *Deployment) Run(args *structs.DeploymentRunRequest, reply *structs.DeploymentUpdateResponse) error

Run is used to start a pending deployment

func (*Deployment) SetAllocHealth 

func (d *Deployment) SetAllocHealth(args *structs.DeploymentAllocHealthRequest, reply *structs.DeploymentUpdateResponse) error

SetAllocHealth is used to set the health of allocations that are part of the deployment.

func (*Deployment) Unblock 

func (d *Deployment) Unblock(args *structs.DeploymentUnblockRequest, reply *structs.DeploymentUpdateResponse) error

Unblock is used to unblock a deployment

type Encrypter 

type Encrypter struct {
	// contains filtered or unexported fields
}

Encrypter is the keyring for encrypting variables and signing workload identities.

func NewEncrypter 

func NewEncrypter(srv *Server, keystorePath string) (*Encrypter, error)

NewEncrypter loads or creates a new local keystore and returns an encryption keyring with the keys it finds.

func (*Encrypter) AddKey 

func (e *Encrypter) AddKey(rootKey *structs.RootKey) error

AddKey stores the key in the keystore and creates a new cipher for it.

func (*Encrypter) Decrypt 

func (e *Encrypter) Decrypt(ciphertext []byte, keyID string) ([]byte, error)

Decrypt takes an encrypted buffer and then root key ID. It extracts the nonce, decrypts the content, and returns the cleartext data.

func (*Encrypter) Encrypt 

func (e *Encrypter) Encrypt(cleartext []byte) ([]byte, string, error)

Encrypt encrypts the clear data with the cipher for the current root key, and returns the cipher text (including the nonce), and the key ID used to encrypt it

func (*Encrypter) GetKey 

func (e *Encrypter) GetKey(keyID string) ([]byte, error)

GetKey retrieves the key material by ID from the keyring

func (*Encrypter) RemoveKey 

func (e *Encrypter) RemoveKey(keyID string) error

RemoveKey removes a key by ID from the keyring

func (*Encrypter) SignClaims 

func (e *Encrypter) SignClaims(claim *structs.IdentityClaims) (string, string, error)

SignClaims signs the identity claim for the task and returns an encoded JWT (including both the claim and its signature), the key ID of the key used to sign it, and any error.

func (*Encrypter) VerifyClaim 

func (e *Encrypter) VerifyClaim(tokenString string) (*structs.IdentityClaims, error)

VerifyClaim accepts a previously-signed encoded claim and validates it before returning the claim

type EnterpriseEndpoints 

type EnterpriseEndpoints struct{}

EnterpriseEndpoints holds the set of enterprise only endpoints to register

func NewEnterpriseEndpoints 

func NewEnterpriseEndpoints(s *Server, ctx *RPCContext) *EnterpriseEndpoints

NewEnterpriseEndpoints returns a stub of the enterprise endpoints since there are none in oss

func (*EnterpriseEndpoints) Register 

func (e *EnterpriseEndpoints) Register(s *rpc.Server)

Register is a no-op in oss.

type EnterpriseState 

type EnterpriseState struct{}

func (*EnterpriseState) Features 

func (es *EnterpriseState) Features() uint64

func (*EnterpriseState) ReloadLicense 

func (es *EnterpriseState) ReloadLicense(_ *Config) error

type Eval 

type Eval struct {
	// contains filtered or unexported fields
}

Eval endpoint is used for eval interactions

func NewEvalEndpoint 

func NewEvalEndpoint(srv *Server, ctx *RPCContext) *Eval

func (*Eval) Ack 

func (e *Eval) Ack(args *structs.EvalAckRequest,
	reply *structs.GenericResponse) error

Ack is used to acknowledge completion of a dequeued evaluation

func (*Eval) Allocations 

func (e *Eval) Allocations(args *structs.EvalSpecificRequest,
	reply *structs.EvalAllocationsResponse) error

Allocations is used to list the allocations for an evaluation

func (*Eval) Count 

func (e *Eval) Count(args *structs.EvalCountRequest, reply *structs.EvalCountResponse) error

Count is used to get a list of the evaluations in the system

func (*Eval) Create 

func (e *Eval) Create(args *structs.EvalUpdateRequest,
	reply *structs.GenericResponse) error

Create is used to make a new evaluation

func (*Eval) Delete 

func (e *Eval) Delete(
	args *structs.EvalDeleteRequest,
	reply *structs.EvalDeleteResponse) error

Delete is used by operators to delete evaluations during severe outages. It differs from Reap while duplicating some behavior to ensure we have the correct controls for user initiated deletions.

func (*Eval) Dequeue 

func (e *Eval) Dequeue(args *structs.EvalDequeueRequest,
	reply *structs.EvalDequeueResponse) error

Dequeue is used to dequeue a pending evaluation

func (*Eval) GetEval 

func (e *Eval) GetEval(args *structs.EvalSpecificRequest,
	reply *structs.SingleEvalResponse) error

GetEval is used to request information about a specific evaluation

func (*Eval) List 

func (e *Eval) List(args *structs.EvalListRequest, reply *structs.EvalListResponse) error

List is used to get a list of the evaluations in the system

func (*Eval) Nack 

func (e *Eval) Nack(args *structs.EvalAckRequest,
	reply *structs.GenericResponse) error

Nack is used to negative acknowledge completion of a dequeued evaluation.

func (*Eval) Reap 

func (e *Eval) Reap(args *structs.EvalReapRequest,
	reply *structs.GenericResponse) error

Reap is used to cleanup dead evaluations and allocations

func (*Eval) Reblock 

func (e *Eval) Reblock(args *structs.EvalUpdateRequest, reply *structs.GenericResponse) error

Reblock is used to reinsert an existing blocked evaluation into the blocked evaluation tracker.

func (*Eval) Update 

func (e *Eval) Update(args *structs.EvalUpdateRequest,
	reply *structs.GenericResponse) error

Update is used to perform an update of an Eval if it is outstanding.

type EvalBroker 

type EvalBroker struct {
	// contains filtered or unexported fields
}

EvalBroker is used to manage brokering of evaluations. When an evaluation is created, due to a change in a job specification or a node, we put it into the broker. The broker sorts by evaluations by priority and scheduler type. This allows us to dequeue the highest priority work first, while also allowing sub-schedulers to only dequeue work they know how to handle. The broker is designed to be entirely in-memory and is managed by the leader node.

The broker must provide at-least-once delivery semantics. It relies on explicit Ack/Nack messages to handle this. If a delivery is not Ack'd in a sufficient time span, it will be assumed Nack'd.

func NewEvalBroker 

func NewEvalBroker(timeout, initialNackDelay, subsequentNackDelay time.Duration, deliveryLimit int) (*EvalBroker, error)

NewEvalBroker creates a new evaluation broker. This is parameterized with the timeout used for messages that are not acknowledged before we assume a Nack and attempt to redeliver as well as the deliveryLimit which prevents a failing eval from being endlessly delivered. The initialNackDelay is the delay before making a Nacked evaluation available again for the first Nack and subsequentNackDelay is the compounding delay after the first Nack.

func (*EvalBroker) Ack 

func (b *EvalBroker) Ack(evalID, token string) error

Ack is used to positively acknowledge handling an evaluation

func (*EvalBroker) Cancelable 

func (b *EvalBroker) Cancelable(batchSize int) []*structs.Evaluation

Cancelable retrieves a batch of previously-blocked evaluations that are now stale and ready to mark for canceling. The eval RPC will call this with a batch size set to avoid sending overly large raft messages.

func (*EvalBroker) Dequeue 

func (b *EvalBroker) Dequeue(schedulers []string, timeout time.Duration) (*structs.Evaluation, string, error)

Dequeue is used to perform a blocking dequeue. The next available evalution is returned as well as a unique token identifier for this dequeue. The token changes on leadership election to ensure a Dequeue prior to a leadership election cannot conflict with a Dequeue of the same evaluation after a leadership election.

func (*EvalBroker) EmitStats 

func (b *EvalBroker) EmitStats(period time.Duration, stopCh <-chan struct{})

EmitStats is used to export metrics about the broker while enabled

func (*EvalBroker) Enabled 

func (b *EvalBroker) Enabled() bool

Enabled is used to check if the broker is enabled.

func (*EvalBroker) Enqueue 

func (b *EvalBroker) Enqueue(eval *structs.Evaluation)

Enqueue is used to enqueue a new evaluation

func (*EvalBroker) EnqueueAll 

func (b *EvalBroker) EnqueueAll(evals map[*structs.Evaluation]string)

EnqueueAll is used to enqueue many evaluations. The map allows evaluations that are being re-enqueued to include their token.

When requeuing an evaluation that potentially may be already enqueued. The evaluation is handled in one of the following ways: * Evaluation not outstanding: Process as a normal Enqueue * Evaluation outstanding: Do not allow the evaluation to be dequeued til:

  • Ack received: Unblock the evaluation allowing it to be dequeued
  • Nack received: Drop the evaluation as it was created as a result of a scheduler run that was Nack'd

func (*EvalBroker) Nack 

func (b *EvalBroker) Nack(evalID, token string) error

Nack is used to negatively acknowledge handling an evaluation

func (*EvalBroker) Outstanding 

func (b *EvalBroker) Outstanding(evalID string) (string, bool)

Outstanding checks if an EvalID has been delivered but not acknowledged and returns the associated token for the evaluation.

func (*EvalBroker) OutstandingReset 

func (b *EvalBroker) OutstandingReset(evalID, token string) error

OutstandingReset resets the Nack timer for the EvalID if the token matches and the eval is outstanding

func (*EvalBroker) PauseNackTimeout 

func (b *EvalBroker) PauseNackTimeout(evalID, token string) error

PauseNackTimeout is used to pause the Nack timeout for an eval that is making progress but is in a potentially unbounded operation such as the plan queue.

func (*EvalBroker) ResumeNackTimeout 

func (b *EvalBroker) ResumeNackTimeout(evalID, token string) error

ResumeNackTimeout is used to resume the Nack timeout for an eval that was paused. It should be resumed after leaving an unbounded operation.

func (*EvalBroker) SetEnabled 

func (b *EvalBroker) SetEnabled(enabled bool)

SetEnabled is used to control if the broker is enabled. The broker should only be enabled on the active leader.

func (*EvalBroker) Stats 

func (b *EvalBroker) Stats() *BrokerStats

Stats is used to query the state of the broker

type EvaluatePool 

type EvaluatePool struct {
	// contains filtered or unexported fields
}

EvaluatePool is used to have a pool of workers that are evaluating if a plan is valid. It can be used to parallelize the evaluation of a plan.

func NewEvaluatePool 

func NewEvaluatePool(workers, bufSize int) *EvaluatePool

NewEvaluatePool returns a pool of the given size.

func (*EvaluatePool) RequestCh 

func (p *EvaluatePool) RequestCh() chan<- evaluateRequest

RequestCh is used to push requests

func (*EvaluatePool) ResultCh 

func (p *EvaluatePool) ResultCh() <-chan evaluateResult

ResultCh is used to read the results as they are ready

func (*EvaluatePool) SetSize 

func (p *EvaluatePool) SetSize(size int)

SetSize is used to resize the worker pool

func (*EvaluatePool) Shutdown 

func (p *EvaluatePool) Shutdown()

Shutdown is used to shutdown the pool

func (*EvaluatePool) Size 

func (p *EvaluatePool) Size() int

Size returns the current size

type Event 

type Event struct {
	// contains filtered or unexported fields
}

func NewEventEndpoint 

func NewEventEndpoint(srv *Server) *Event

type FSMConfig 

type FSMConfig struct {
	// EvalBroker is the evaluation broker evaluations should be added to
	EvalBroker *EvalBroker

	// Periodic is the periodic job dispatcher that periodic jobs should be
	// added/removed from
	Periodic *PeriodicDispatch

	// BlockedEvals is the blocked eval tracker that blocked evaluations should
	// be added to.
	Blocked *BlockedEvals

	// Logger is the logger used by the FSM
	Logger hclog.Logger

	// Region is the region of the server embedding the FSM
	Region string

	// EnableEventBroker specifies if the FSMs state store should enable
	// it's event publisher.
	EnableEventBroker bool

	// EventBufferSize is the amount of messages to hold in memory
	EventBufferSize int64
}

FSMConfig is used to configure the FSM

type FSMFilter 

type FSMFilter struct {
	// contains filtered or unexported fields
}

func NewFSMFilter 

func NewFSMFilter(expr string) (*FSMFilter, error)

func (*FSMFilter) Include 

func (f *FSMFilter) Include(item interface{}) bool

type FileSystem 

type FileSystem struct {
	// contains filtered or unexported fields
}

FileSystem endpoint is used for accessing the logs and filesystem of allocations from a Node.

func NewFileSystemEndpoint 

func NewFileSystemEndpoint(srv *Server) *FileSystem

func (*FileSystem) List 

func (f *FileSystem) List(args *cstructs.FsListRequest, reply *cstructs.FsListResponse) error

List is used to list the contents of an allocation's directory.

func (*FileSystem) Stat 

func (f *FileSystem) Stat(args *cstructs.FsStatRequest, reply *cstructs.FsStatResponse) error

Stat is used to stat a file in the allocation's directory.

type Job 

type Job struct {
	// contains filtered or unexported fields
}

Job endpoint is used for job interactions

func NewJobEndpoints 

func NewJobEndpoints(s *Server, ctx *RPCContext) *Job

NewJobEndpoints creates a new job endpoint with builtin admission controllers

func (*Job) Allocations 

func (j *Job) Allocations(args *structs.JobSpecificRequest,
	reply *structs.JobAllocationsResponse) error

Allocations is used to list the allocations for a job

func (*Job) BatchDeregister 

func (j *Job) BatchDeregister(args *structs.JobBatchDeregisterRequest, reply *structs.JobBatchDeregisterResponse) error

BatchDeregister is used to remove a set of jobs from the cluster.

func (*Job) Deployments 

func (j *Job) Deployments(args *structs.JobSpecificRequest,
	reply *structs.DeploymentListResponse) error

Deployments is used to list the deployments for a job

func (*Job) Deregister 

func (j *Job) Deregister(args *structs.JobDeregisterRequest, reply *structs.JobDeregisterResponse) error

Deregister is used to remove a job the cluster.

func (*Job) Dispatch 

func (j *Job) Dispatch(args *structs.JobDispatchRequest, reply *structs.JobDispatchResponse) error

Dispatch a parameterized job.

func (*Job) Evaluate 

func (j *Job) Evaluate(args *structs.JobEvaluateRequest, reply *structs.JobRegisterResponse) error

Evaluate is used to force a job for re-evaluation

func (*Job) Evaluations 

func (j *Job) Evaluations(args *structs.JobSpecificRequest,
	reply *structs.JobEvaluationsResponse) error

Evaluations is used to list the evaluations for a job

func (*Job) GetJob 

func (j *Job) GetJob(args *structs.JobSpecificRequest,
	reply *structs.SingleJobResponse) error

GetJob is used to request information about a specific job

func (*Job) GetJobVersions 

func (j *Job) GetJobVersions(args *structs.JobVersionsRequest,
	reply *structs.JobVersionsResponse) error

GetJobVersions is used to retrieve all tracked versions of a job.

func (*Job) GetServiceRegistrations 

func (j *Job) GetServiceRegistrations(
	args *structs.JobServiceRegistrationsRequest,
	reply *structs.JobServiceRegistrationsResponse) error

GetServiceRegistrations returns a list of service registrations which belong to the passed job ID.

func (*Job) LatestDeployment 

func (j *Job) LatestDeployment(args *structs.JobSpecificRequest,
	reply *structs.SingleDeploymentResponse) error

LatestDeployment is used to retrieve the latest deployment for a job

func (*Job) List 

func (j *Job) List(args *structs.JobListRequest, reply *structs.JobListResponse) error

List is used to list the jobs registered in the system

func (*Job) Plan 

func (j *Job) Plan(args *structs.JobPlanRequest, reply *structs.JobPlanResponse) error

Plan is used to cause a dry-run evaluation of the Job and return the results with a potential diff containing annotations.

func (*Job) Register 

func (j *Job) Register(args *structs.JobRegisterRequest, reply *structs.JobRegisterResponse) error

Register is used to upsert a job for scheduling

func (*Job) Revert 

func (j *Job) Revert(args *structs.JobRevertRequest, reply *structs.JobRegisterResponse) error

Revert is used to revert the job to a prior version

func (*Job) Scale 

func (j *Job) Scale(args *structs.JobScaleRequest, reply *structs.JobRegisterResponse) error

Scale is used to modify one of the scaling targets in the job

func (*Job) ScaleStatus 

func (j *Job) ScaleStatus(args *structs.JobScaleStatusRequest,
	reply *structs.JobScaleStatusResponse) error

ScaleStatus retrieves the scaling status for a job

func (*Job) Stable 

func (j *Job) Stable(args *structs.JobStabilityRequest, reply *structs.JobStabilityResponse) error

Stable is used to mark the job version as stable

func (*Job) Summary 

func (j *Job) Summary(args *structs.JobSummaryRequest, reply *structs.JobSummaryResponse) error

Summary retrieves the summary of a job.

func (*Job) Validate 

func (j *Job) Validate(args *structs.JobValidateRequest, reply *structs.JobValidateResponse) error

Validate validates a job.

Must forward to the leader, because only the leader will have a live Vault client with which to validate vault tokens.

type JobEvalDispatcher 

type JobEvalDispatcher interface {
	// DispatchJob takes a job a new, untracked job and creates an evaluation
	// for it and returns the eval.
	DispatchJob(job *structs.Job) (*structs.Evaluation, error)

	// RunningChildren returns whether the passed job has any running children.
	RunningChildren(job *structs.Job) (bool, error)
}

JobEvalDispatcher is an interface to submit jobs and have evaluations created for them.

type Keyring 

type Keyring struct {
	// contains filtered or unexported fields
}

Keyring endpoint serves RPCs for root key management

func NewKeyringEndpoint 

func NewKeyringEndpoint(srv *Server, ctx *RPCContext, enc *Encrypter) *Keyring

func (*Keyring) Delete 

func (k *Keyring) Delete(args *structs.KeyringDeleteRootKeyRequest, reply *structs.KeyringDeleteRootKeyResponse) error

func (*Keyring) Get 

func (k *Keyring) Get(args *structs.KeyringGetRootKeyRequest, reply *structs.KeyringGetRootKeyResponse) error

Get retrieves an existing key from the keyring, including both the key material and metadata. It is used only for replication.

func (*Keyring) List 

func (k *Keyring) List(args *structs.KeyringListRootKeyMetaRequest, reply *structs.KeyringListRootKeyMetaResponse) error

func (*Keyring) Rotate 

func (k *Keyring) Rotate(args *structs.KeyringRotateRootKeyRequest, reply *structs.KeyringRotateRootKeyResponse) error

func (*Keyring) Update 

func (k *Keyring) Update(args *structs.KeyringUpdateRootKeyRequest, reply *structs.KeyringUpdateRootKeyResponse) error

Update updates an existing key in the keyring, including both the key material and metadata.

type KeyringReplicator 

type KeyringReplicator struct {
	// contains filtered or unexported fields
}

func NewKeyringReplicator 

func NewKeyringReplicator(srv *Server, e *Encrypter) *KeyringReplicator

type LicenseConfig 

type LicenseConfig struct {
	// LicenseEnvBytes is the license bytes to use for the server's license
	LicenseEnvBytes string

	// LicensePath is the path to use for the server's license
	LicensePath string

	// AdditionalPubKeys is a set of public keys to
	AdditionalPubKeys []string

	Logger hclog.InterceptLogger
}

LicenseConfig allows for tunable licensing config primarily used for enterprise testing

func (*LicenseConfig) Copy 

func (c *LicenseConfig) Copy() *LicenseConfig

type LogApplier 

type LogApplier func(buf []byte, index uint64) interface{}

LogApplier is the definition of a function that can apply a Raft log

type LogAppliers 

type LogAppliers map[structs.MessageType]LogApplier

LogAppliers is a mapping of the Raft MessageType to the appropriate log applier

type Namespace 

type Namespace struct {
	// contains filtered or unexported fields
}

Namespace endpoint is used for manipulating namespaces

func NewNamespaceEndpoint 

func NewNamespaceEndpoint(srv *Server, ctx *RPCContext) *Namespace

func (*Namespace) DeleteNamespaces 

func (n *Namespace) DeleteNamespaces(args *structs.NamespaceDeleteRequest, reply *structs.GenericResponse) error

DeleteNamespaces is used to delete a namespace

func (*Namespace) GetNamespace 

func (n *Namespace) GetNamespace(args *structs.NamespaceSpecificRequest, reply *structs.SingleNamespaceResponse) error

GetNamespace is used to get a specific namespace

func (*Namespace) GetNamespaces 

func (n *Namespace) GetNamespaces(args *structs.NamespaceSetRequest, reply *structs.NamespaceSetResponse) error

GetNamespaces is used to get a set of namespaces

func (*Namespace) ListNamespaces 

func (n *Namespace) ListNamespaces(args *structs.NamespaceListRequest, reply *structs.NamespaceListResponse) error

ListNamespaces is used to list the namespaces

func (*Namespace) UpsertNamespaces 

func (n *Namespace) UpsertNamespaces(args *structs.NamespaceUpsertRequest,
	reply *structs.GenericResponse) error

UpsertNamespaces is used to upsert a set of namespaces

type Node 

type Node struct {
	// contains filtered or unexported fields
}

Node endpoint is used for client interactions

func NewNodeEndpoint 

func NewNodeEndpoint(srv *Server, ctx *RPCContext) *Node

func (*Node) BatchDeregister 

func (n *Node) BatchDeregister(args *structs.NodeBatchDeregisterRequest, reply *structs.NodeUpdateResponse) error

BatchDeregister is used to remove client nodes from the cluster.

func (*Node) Deregister 

func (n *Node) Deregister(args *structs.NodeDeregisterRequest, reply *structs.NodeUpdateResponse) error

Deregister is used to remove a client from the cluster. If a client should just be made unavailable for scheduling, a status update is preferred.

func (*Node) DeriveSIToken 

func (n *Node) DeriveSIToken(args *structs.DeriveSITokenRequest, reply *structs.DeriveSITokenResponse) error

func (*Node) DeriveVaultToken 

func (n *Node) DeriveVaultToken(args *structs.DeriveVaultTokenRequest, reply *structs.DeriveVaultTokenResponse) error

DeriveVaultToken is used by the clients to request wrapped Vault tokens for tasks

func (*Node) EmitEvents 

func (n *Node) EmitEvents(args *structs.EmitNodeEventsRequest, reply *structs.EmitNodeEventsResponse) error

func (*Node) Evaluate 

func (n *Node) Evaluate(args *structs.NodeEvaluateRequest, reply *structs.NodeUpdateResponse) error

Evaluate is used to force a re-evaluation of the node

func (*Node) GetAllocs 

func (n *Node) GetAllocs(args *structs.NodeSpecificRequest,
	reply *structs.NodeAllocsResponse) error

GetAllocs is used to request allocations for a specific node

func (*Node) GetClientAllocs 

func (n *Node) GetClientAllocs(args *structs.NodeSpecificRequest,
	reply *structs.NodeClientAllocsResponse) error

GetClientAllocs is used to request a lightweight list of alloc modify indexes per allocation.

func (*Node) GetNode 

func (n *Node) GetNode(args *structs.NodeSpecificRequest,
	reply *structs.SingleNodeResponse) error

GetNode is used to request information about a specific node

func (*Node) List 

func (n *Node) List(args *structs.NodeListRequest,
	reply *structs.NodeListResponse) error

List is used to list the available nodes

func (*Node) Register 

func (n *Node) Register(args *structs.NodeRegisterRequest, reply *structs.NodeUpdateResponse) error

Register is used to upsert a client that is available for scheduling

func (*Node) UpdateAlloc 

func (n *Node) UpdateAlloc(args *structs.AllocUpdateRequest, reply *structs.GenericResponse) error

UpdateAlloc is used to update the client status of an allocation. It should only be called by clients.

Clients must first register and heartbeat successfully before they are able to call this method.

func (*Node) UpdateDrain 

func (n *Node) UpdateDrain(args *structs.NodeUpdateDrainRequest,
	reply *structs.NodeDrainUpdateResponse) error

UpdateDrain is used to update the drain mode of a client node

func (*Node) UpdateEligibility 

func (n *Node) UpdateEligibility(args *structs.NodeUpdateEligibilityRequest,
	reply *structs.NodeEligibilityUpdateResponse) error

UpdateEligibility is used to update the scheduling eligibility of a node

func (*Node) UpdateStatus 

func (n *Node) UpdateStatus(args *structs.NodeUpdateStatusRequest, reply *structs.NodeUpdateResponse) error

UpdateStatus is used to update the status of a client node

type NoopBadNodeTracker 

type NoopBadNodeTracker struct{}

NoopBadNodeTracker is a no-op implementation of bad node tracker that is used when tracking is disabled.

func (*NoopBadNodeTracker) Add 

func (n *NoopBadNodeTracker) Add(string) bool

func (*NoopBadNodeTracker) EmitStats 

func (n *NoopBadNodeTracker) EmitStats(time.Duration, <-chan struct{})

type Operator 

type Operator struct {
	// contains filtered or unexported fields
}

Operator endpoint is used to perform low-level operator tasks for Nomad.

func NewOperatorEndpoint 

func NewOperatorEndpoint(srv *Server, ctx *RPCContext) *Operator

func (*Operator) AutopilotGetConfiguration 

func (op *Operator) AutopilotGetConfiguration(args *structs.GenericRequest, reply *structs.AutopilotConfig) error

AutopilotGetConfiguration is used to retrieve the current Autopilot configuration.

func (*Operator) AutopilotSetConfiguration 

func (op *Operator) AutopilotSetConfiguration(args *structs.AutopilotSetConfigRequest, reply *bool) error

AutopilotSetConfiguration is used to set the current Autopilot configuration.

func (*Operator) RaftGetConfiguration 

func (op *Operator) RaftGetConfiguration(args *structs.GenericRequest, reply *structs.RaftConfigurationResponse) error

RaftGetConfiguration is used to retrieve the current Raft configuration.

func (*Operator) RaftRemovePeerByAddress 

func (op *Operator) RaftRemovePeerByAddress(args *structs.RaftPeerByAddressRequest, reply *struct{}) error

RaftRemovePeerByAddress is used to kick a stale peer (one that it in the Raft quorum but no longer known to Serf or the catalog) by address in the form of "IP:port". The reply argument is not used, but it required to fulfill the RPC interface.

func (*Operator) RaftRemovePeerByID 

func (op *Operator) RaftRemovePeerByID(args *structs.RaftPeerByIDRequest, reply *struct{}) error

RaftRemovePeerByID is used to kick a stale peer (one that is in the Raft quorum but no longer known to Serf or the catalog) by address in the form of "IP:port". The reply argument is not used, but is required to fulfill the RPC interface.

func (*Operator) SchedulerGetConfiguration 

func (op *Operator) SchedulerGetConfiguration(args *structs.GenericRequest, reply *structs.SchedulerConfigurationResponse) error

SchedulerGetConfiguration is used to retrieve the current Scheduler configuration.

func (*Operator) SchedulerSetConfiguration 

func (op *Operator) SchedulerSetConfiguration(args *structs.SchedulerSetConfigRequest, reply *structs.SchedulerSetConfigurationResponse) error

SchedulerSetConfiguration is used to set the current Scheduler configuration.

func (*Operator) ServerHealth 

func (op *Operator) ServerHealth(args *structs.GenericRequest, reply *structs.OperatorHealthReply) error

ServerHealth is used to get the current health of the servers.

type PendingEvaluations 

type PendingEvaluations []*structs.Evaluation

PendingEvaluations is a list of ready evaluations across multiple jobs. We implement the container/heap interface so that this is a priority queue.

func (PendingEvaluations) Len 

func (p PendingEvaluations) Len() int

Len is for the sorting interface

func (PendingEvaluations) Less 

func (p PendingEvaluations) Less(i, j int) bool

Less is for the sorting interface. We flip the check so that the "min" in the min-heap is the element with the highest priority

func (PendingEvaluations) Peek 

func (p PendingEvaluations) Peek() *structs.Evaluation

Peek is used to peek at the next element that would be popped

func (*PendingEvaluations) Pop 

func (p *PendingEvaluations) Pop() interface{}

Pop is used to remove an evaluation from the slice

func (*PendingEvaluations) Push 

func (p *PendingEvaluations) Push(e interface{})

Push is used to add a new evaluation to the slice

func (PendingEvaluations) Swap 

func (p PendingEvaluations) Swap(i, j int)

Swap is for the sorting interface

type PendingPlans 

type PendingPlans []*pendingPlan

PendingPlans is a list of waiting plans. We implement the container/heap interface so that this is a priority queue

func (PendingPlans) Len 

func (p PendingPlans) Len() int

Len is for the sorting interface

func (PendingPlans) Less 

func (p PendingPlans) Less(i, j int) bool

Less is for the sorting interface. We flip the check so that the "min" in the min-heap is the element with the highest priority. For the same priority, we use the enqueue time of the evaluation to give a FIFO ordering.

func (PendingPlans) Peek 

func (p PendingPlans) Peek() *pendingPlan

Peek is used to peek at the next element that would be popped

func (*PendingPlans) Pop 

func (p *PendingPlans) Pop() interface{}

Pop is used to remove an evaluation from the slice

func (*PendingPlans) Push 

func (p *PendingPlans) Push(e interface{})

Push is used to add a new evaluation to the slice

func (PendingPlans) Swap 

func (p PendingPlans) Swap(i, j int)

Swap is for the sorting interface

type Periodic 

type Periodic struct {
	// contains filtered or unexported fields
}

Periodic endpoint is used for periodic job interactions

func NewPeriodicEndpoint 

func NewPeriodicEndpoint(srv *Server, ctx *RPCContext) *Periodic

func (*Periodic) Force 

func (p *Periodic) Force(args *structs.PeriodicForceRequest, reply *structs.PeriodicForceResponse) error

Force is used to force a new instance of a periodic job

type PeriodicDispatch 

type PeriodicDispatch struct {
	// contains filtered or unexported fields
}

PeriodicDispatch is used to track and launch periodic jobs. It maintains the set of periodic jobs and creates derived jobs and evaluations per instantiation which is determined by the periodic spec.

func NewPeriodicDispatch 

func NewPeriodicDispatch(logger log.Logger, dispatcher JobEvalDispatcher) *PeriodicDispatch

NewPeriodicDispatch returns a periodic dispatcher that is used to track and launch periodic jobs.

func (*PeriodicDispatch) Add 

func (p *PeriodicDispatch) Add(job *structs.Job) error

Add begins tracking of a periodic job. If it is already tracked, it acts as an update to the jobs periodic spec. The method returns whether the job was added and any error that may have occurred.

func (*PeriodicDispatch) ForceRun 

func (p *PeriodicDispatch) ForceRun(namespace, jobID string) (*structs.Evaluation, error)

ForceRun causes the periodic job to be evaluated immediately and returns the subsequent eval.

func (*PeriodicDispatch) LaunchTime 

func (p *PeriodicDispatch) LaunchTime(jobID string) (time.Time, error)

LaunchTime returns the launch time of the job. This is only valid for jobs created by PeriodicDispatch and will otherwise return an error.

func (*PeriodicDispatch) Remove 

func (p *PeriodicDispatch) Remove(namespace, jobID string) error

Remove stops tracking the passed job. If the job is not tracked, it is a no-op.

func (*PeriodicDispatch) SetEnabled 

func (p *PeriodicDispatch) SetEnabled(enabled bool)

SetEnabled is used to control if the periodic dispatcher is enabled. It should only be enabled on the active leader. Disabling an active dispatcher will stop any launched go routine and flush the dispatcher.

func (*PeriodicDispatch) Tracked 

func (p *PeriodicDispatch) Tracked() []*structs.Job

Tracked returns the set of tracked job IDs.

type Plan 

type Plan struct {
	// contains filtered or unexported fields
}

Plan endpoint is used for plan interactions

func NewPlanEndpoint 

func NewPlanEndpoint(srv *Server, ctx *RPCContext) *Plan

func (*Plan) Submit 

func (p *Plan) Submit(args *structs.PlanRequest, reply *structs.PlanResponse) error

Submit is used to submit a plan to the leader

type PlanFuture 

type PlanFuture interface {
	Wait() (*structs.PlanResult, error)
}

PlanFuture is used to return a future for an enqueue

type PlanQueue 

type PlanQueue struct {
	// contains filtered or unexported fields
}

PlanQueue is used to submit commit plans for task allocations to the current leader. The leader verifies that resources are not over-committed and commits to Raft. This allows sub-schedulers to be optimistically concurrent. In the case of an overcommit, the plan may be partially applied if allowed, or completely rejected (gang commit).

func NewPlanQueue 

func NewPlanQueue() (*PlanQueue, error)

NewPlanQueue is used to construct and return a new plan queue

func (*PlanQueue) Dequeue 

func (q *PlanQueue) Dequeue(timeout time.Duration) (*pendingPlan, error)

Dequeue is used to perform a blocking dequeue

func (*PlanQueue) EmitStats 

func (q *PlanQueue) EmitStats(period time.Duration, stopCh <-chan struct{})

EmitStats is used to export metrics about the broker while enabled

func (*PlanQueue) Enabled 

func (q *PlanQueue) Enabled() bool

Enabled is used to check if the queue is enabled.

func (*PlanQueue) Enqueue 

func (q *PlanQueue) Enqueue(plan *structs.Plan) (PlanFuture, error)

Enqueue is used to enqueue a plan

func (*PlanQueue) Flush 

func (q *PlanQueue) Flush()

Flush is used to reset the state of the plan queue

func (*PlanQueue) SetEnabled 

func (q *PlanQueue) SetEnabled(enabled bool)

SetEnabled is used to control if the queue is enabled. The queue should only be enabled on the active leader.

func (*PlanQueue) Stats 

func (q *PlanQueue) Stats() *QueueStats

Stats is used to query the state of the queue

type PurgeSITokenAccessorFunc 

type PurgeSITokenAccessorFunc func([]*structs.SITokenAccessor) error

PurgeSITokenAccessorFunc is called to remove SI Token accessors from the system (i.e. raft). If the function returns an error, the token will still be tracked and revocation attempts will retry in the background until there is a success.

type PurgeVaultAccessorFn 

type PurgeVaultAccessorFn func(accessors []*structs.VaultAccessor) error

PurgeVaultAccessorFn is called to remove VaultAccessors from the system. If the function returns an error, the token will still be tracked and revocation will retry till there is a success

type QueueStats 

type QueueStats struct {
	Depth int
}

QueueStats returns all the stats about the plan queue

type RPCContext 

type RPCContext struct {
	// Conn exposes the raw connection.
	Conn net.Conn

	// Session exposes the multiplexed connection session.
	Session *yamux.Session

	// TLS marks whether the RPC is over a TLS based connection
	TLS bool

	// VerifiedChains is is the Verified certificates presented by the incoming
	// connection.
	VerifiedChains [][]*x509.Certificate

	// NodeID marks the NodeID that initiated the connection.
	NodeID string
}

RPCContext provides metadata about the RPC connection.

func (*RPCContext) Certificate 

func (ctx *RPCContext) Certificate() *x509.Certificate

Certificate returns the first certificate available in the chain.

func (*RPCContext) ValidateCertificateForName 

func (ctx *RPCContext) ValidateCertificateForName(name string) error

ValidateCertificateForName returns true if the RPC context certificate is valid for the given domain name.

type RaftLayer 

type RaftLayer struct {
	// contains filtered or unexported fields
}

RaftLayer implements the raft.StreamLayer interface, so that we can use a single RPC layer for Raft and Nomad

func NewRaftLayer 

func NewRaftLayer(addr net.Addr, tlsWrap tlsutil.Wrapper) *RaftLayer

NewRaftLayer is used to initialize a new RaftLayer which can be used as a StreamLayer for Raft. If a tlsConfig is provided, then the connection will use TLS.

func (*RaftLayer) Accept 

func (l *RaftLayer) Accept() (net.Conn, error)

Accept is used to return connection which are dialed to be used with the Raft layer

func (*RaftLayer) Addr 

func (l *RaftLayer) Addr() net.Addr

Addr is used to return the address of the listener

func (*RaftLayer) Close 

func (l *RaftLayer) Close() error

Close is used to stop listening for Raft connections

func (*RaftLayer) Dial 

func (l *RaftLayer) Dial(address raft.ServerAddress, timeout time.Duration) (net.Conn, error)

Dial is used to create a new outgoing connection

func (*RaftLayer) Handoff 

func (l *RaftLayer) Handoff(ctx context.Context, c net.Conn) error

Handoff is used to hand off a connection to the RaftLayer. This allows it to be Accept()'ed

func (*RaftLayer) ReloadTLS 

func (l *RaftLayer) ReloadTLS(tlsWrap tlsutil.Wrapper)

ReloadTLS swaps the TLS wrapper. This is useful when upgrading or downgrading TLS connections.

type Region 

type Region struct {
	// contains filtered or unexported fields
}

Region is used to query and list the known regions

func NewRegionEndpoint 

func NewRegionEndpoint(srv *Server, ctx *RPCContext) *Region

func (*Region) List 

func (r *Region) List(args *structs.GenericRequest, reply *[]string) error

List is used to list all of the known regions. No leader forwarding is required for this endpoint because memberlist is used to populate the peers list we read from.

type SITokenStats 

type SITokenStats struct {
	TrackedForRevoke int
}

type Scaling 

type Scaling struct {
	// contains filtered or unexported fields
}

Scaling endpoint is used for listing and retrieving scaling policies

func NewScalingEndpoint 

func NewScalingEndpoint(srv *Server, ctx *RPCContext) *Scaling

func (*Scaling) GetPolicy 

func (p *Scaling) GetPolicy(args *structs.ScalingPolicySpecificRequest,
	reply *structs.SingleScalingPolicyResponse) error

GetPolicy is used to get a specific policy

func (*Scaling) ListPolicies 

func (p *Scaling) ListPolicies(args *structs.ScalingPolicyListRequest, reply *structs.ScalingPolicyListResponse) error

ListPolicies is used to list the policies

type SchedulerStats 

type SchedulerStats struct {
	Ready   int
	Unacked int
}

SchedulerStats returns the stats per scheduler

type SchedulerWorkerPoolArgs 

type SchedulerWorkerPoolArgs struct {
	NumSchedulers     int
	EnabledSchedulers []string
}

SchedulerWorkerPoolArgs are the two key configuration options for a Nomad server's scheduler worker pool. Before using, you should always verify that they are rational using IsValid() or IsInvalid()

func (SchedulerWorkerPoolArgs) Copy 

func (swpa SchedulerWorkerPoolArgs) Copy() SchedulerWorkerPoolArgs

Copy returns a clone of a SchedulerWorkerPoolArgs struct. Concurrent access concerns should be managed by the caller.

func (SchedulerWorkerPoolArgs) IsInvalid 

func (swpa SchedulerWorkerPoolArgs) IsInvalid() bool

IsInvalid returns true when the SchedulerWorkerPoolArgs.IsValid is false

func (SchedulerWorkerPoolArgs) IsValid 

func (swpa SchedulerWorkerPoolArgs) IsValid() bool

IsValid verifies that the pool arguments are valid. That is, they have a non-negative numSchedulers value and the enabledSchedulers list has _core and only refers to known schedulers.

type SchedulerWorkerStatus 

type SchedulerWorkerStatus int
const (
	WorkloadUnknownStatus SchedulerWorkerStatus = iota
	WorkloadRunning
	WorkloadWaitingToDequeue
	WorkloadWaitingForRaft
	WorkloadScheduling
	WorkloadSubmitting
	WorkloadBackoff
	WorkloadStopped
	WorkloadPaused
)

func (SchedulerWorkerStatus) String 

func (i SchedulerWorkerStatus) String() string
type Search struct {
	// contains filtered or unexported fields
}

Search endpoint is used to look up matches for a given prefix and context

func NewSearchEndpoint 

func NewSearchEndpoint(srv *Server, ctx *RPCContext) *Search

func (*Search) FuzzySearch 

func (s *Search) FuzzySearch(args *structs.FuzzySearchRequest, reply *structs.FuzzySearchResponse) error

FuzzySearch is used to list fuzzy or prefix matches for a given text argument and Context. If the Context is "all", all searchable contexts are searched. If ACLs are enabled, results are limited to policies of the provided ACL token.

These types are limited to prefix UUID searching: 

Evals, Deployments, ScalingPolicies, Volumes

These types are available for fuzzy searching: 

Nodes, Namespaces, Jobs, Allocs, Plugins

Jobs are a special case that expand into multiple types, and whose return values include Scope which is a descending list of IDs of parent objects, starting with the Namespace. The subtypes of jobs are fuzzy searchable.

The Jobs type expands into these sub types: 

Jobs, Groups, Services, Tasks, Images, Commands, Classes

The results are in descending order starting with strongest match, per Context type.

func (*Search) PrefixSearch 

func (s *Search) PrefixSearch(args *structs.SearchRequest, reply *structs.SearchResponse) error

PrefixSearch is used to list matches for a given prefix, and returns matching jobs, evaluations, allocations, and/or nodes.

type Server 

type Server struct {

	// EnterpriseState is used to fill in state for Pro/Ent builds
	EnterpriseState
	// contains filtered or unexported fields
}

Server is Nomad server which manages the job queues, schedulers, and notification bus for agents.

func NewServer 

func NewServer(config *Config, consulCatalog consul.CatalogAPI, consulConfigEntries consul.ConfigAPI, consulACLs consul.ACLsAPI) (*Server, error)

NewServer is used to construct a new Nomad server from the configuration, potentially returning an error

func TestACLServer 

func TestACLServer(t *testing.T, cb func(*Config)) (*Server, *structs.ACLToken, func())

func TestServer 

func TestServer(t *testing.T, cb func(*Config)) (*Server, func())

func TestServerErr 

func TestServerErr(t *testing.T, cb func(*Config)) (*Server, func(), error)

func (*Server) Authenticate 

func (s *Server) Authenticate(ctx *RPCContext, secretID string) (*structs.AuthenticatedIdentity, error)

Authenticate extracts an AuthenticatedIdentity from the request context or provided token. The caller can extract an acl.ACL, WorkloadIdentity, or other identifying token to use for authorization.

Note: when called on the follower we'll be making stale queries, so it's possible if the follower is behind that the leader will get a different value if an ACL token or allocation's WI has just been created.

func (*Server) ClusterID 

func (s *Server) ClusterID() (string, error)

ClusterID returns the unique ID for this cluster.

Any Nomad server agent may call this method to get at the ID. If we are the leader and the ID has not yet been created, it will be created now. Otherwise an error is returned.

The ID will not be created until all participating servers have reached a minimum version (0.10.4).

func (*Server) Datacenter 

func (s *Server) Datacenter() string

Datacenter returns the data center of the server

func (*Server) DispatchJob 

func (s *Server) DispatchJob(job *structs.Job) (*structs.Evaluation, error)

DispatchJob creates an evaluation for the passed job and commits both the evaluation and the job to the raft log. It returns the eval.

func (*Server) EmitRaftStats 

func (s *Server) EmitRaftStats(period time.Duration, stopCh <-chan struct{})

EmitRaftStats is used to export metrics about raft indexes and state store snapshot index

func (*Server) Encrypted 

func (s *Server) Encrypted() bool

Encrypted determines if gossip is encrypted

func (*Server) GetClusterHealth 

func (s *Server) GetClusterHealth() *structs.OperatorHealthReply

GetClusterHealth is used to get the current health of the servers, as known by the leader.

func (*Server) GetConfig 

func (s *Server) GetConfig() *Config

GetConfig returns the config of the server for testing purposes only

func (*Server) GetSchedulerWorkerConfig 

func (s *Server) GetSchedulerWorkerConfig() SchedulerWorkerPoolArgs

GetSchedulerWorkerConfig returns a clean copy of the server's current scheduler worker config.

func (*Server) GetSchedulerWorkersInfo 

func (s *Server) GetSchedulerWorkersInfo() []WorkerInfo

GetSchedulerWorkerInfo returns a slice of WorkerInfos from all of the running scheduler workers.

func (*Server) IsLeader 

func (s *Server) IsLeader() bool

IsLeader checks if this server is the cluster leader

func (*Server) IsShutdown 

func (s *Server) IsShutdown() bool

IsShutdown checks if the server is shutdown

func (*Server) Join 

func (s *Server) Join(addrs []string) (int, error)

Join is used to have Nomad join the gossip ring The target address should be another node listening on the Serf address

func (*Server) KeyManager 

func (s *Server) KeyManager() *serf.KeyManager

KeyManager returns the Serf keyring manager

func (*Server) Leave 

func (s *Server) Leave() error

Leave is used to prepare for a graceful shutdown of the server

func (*Server) LocalMember 

func (s *Server) LocalMember() serf.Member

LocalMember is used to return the local node

func (*Server) Members 

func (s *Server) Members() []serf.Member

Members is used to return the members of the serf cluster

func (*Server) MinRaftProtocol 

func (s *Server) MinRaftProtocol() (int, error)

MinRaftProtocol returns the lowest supported Raft protocol among alive servers

func (*Server) QueryACLObj 

func (s *Server) QueryACLObj(args *structs.QueryOptions, allowNodeAccess bool) (*acl.ACL, error)

QueryACLObj looks up the ACL token in the request and returns the acl.ACL object - fallback to node secret ids

func (*Server) RPC 

func (s *Server) RPC(method string, args interface{}, reply interface{}) error

RPC is used to make a local RPC call

func (*Server) Region 

func (s *Server) Region() string

Region returns the region of the server

func (*Server) Regions 

func (s *Server) Regions() []string

Regions returns the known regions in the cluster.

func (*Server) Reload 

func (s *Server) Reload(newConfig *Config) error

Reload handles a config reload specific to server-only configuration. Not all config fields can handle a reload.

func (*Server) RemoveFailedNode 

func (s *Server) RemoveFailedNode(node string) error

RemoveFailedNode is used to remove a failed node from the cluster

func (*Server) ReplicationToken 

func (s *Server) ReplicationToken() string

ReplicationToken returns the token used for replication. We use a method to support dynamic reloading of this value later.

func (*Server) ResolveACL 

func (s *Server) ResolveACL(aclToken *structs.ACLToken) (*acl.ACL, error)

func (*Server) ResolveClaims 

func (s *Server) ResolveClaims(claims *structs.IdentityClaims) (*acl.ACL, error)

func (*Server) ResolveSecretToken 

func (s *Server) ResolveSecretToken(secretID string) (*structs.ACLToken, error)

ResolveSecretToken is used to translate an ACL Token Secret ID into an ACLToken object, nil if ACLs are disabled, or an error.

func (*Server) ResolveToken 

func (s *Server) ResolveToken(secretID string) (*acl.ACL, error)

ResolveToken is used to translate an ACL Token Secret ID into an ACL object, nil if ACLs are disabled, or an error.

func (*Server) RunningChildren 

func (s *Server) RunningChildren(job *structs.Job) (bool, error)

RunningChildren checks whether the passed job has any running children.

func (*Server) SetSchedulerWorkerConfig 

func (s *Server) SetSchedulerWorkerConfig(newArgs SchedulerWorkerPoolArgs) SchedulerWorkerPoolArgs

func (*Server) Shutdown 

func (s *Server) Shutdown() error

Shutdown is used to shutdown the server

func (*Server) State 

func (s *Server) State() *state.StateStore

State returns the underlying state store. This should *not* be used to modify state directly.

func (*Server) Stats 

func (s *Server) Stats() map[string]map[string]string

Stats is used to return statistics for debugging and insight for various sub-systems

func (*Server) StreamingRpcHandler 

func (s *Server) StreamingRpcHandler(method string) (structs.StreamingRpcHandler, error)

StreamingRpcHandler is used to make a streaming RPC call.

func (*Server) VerifyClaim 

func (s *Server) VerifyClaim(token string) (*structs.IdentityClaims, error)

VerifyClaim asserts that the token is valid and that the resulting allocation ID belongs to a non-terminal allocation

func (*Server) WriteACLObj 

func (s *Server) WriteACLObj(args *structs.WriteRequest, allowNodeAccess bool) (*acl.ACL, error)

WriteACLObj calls QueryACLObj for a WriteRequest

type ServiceIdentityRequest 

type ServiceIdentityRequest struct {
	ConsulNamespace string
	TaskKind        structs.TaskKind
	TaskName        string
	ClusterID       string
	AllocID         string
}

func (ServiceIdentityRequest) Description 

func (sir ServiceIdentityRequest) Description() string

func (ServiceIdentityRequest) Validate 

func (sir ServiceIdentityRequest) Validate() error

type ServiceRegistration 

type ServiceRegistration struct {
	// contains filtered or unexported fields
}

ServiceRegistration encapsulates the service registrations RPC endpoint which is callable via the ServiceRegistration RPCs and externally via the "/v1/service{s}" HTTP API.

func NewServiceRegistrationEndpoint 

func NewServiceRegistrationEndpoint(srv *Server, ctx *RPCContext) *ServiceRegistration

func (*ServiceRegistration) DeleteByID 

func (s *ServiceRegistration) DeleteByID(
	args *structs.ServiceRegistrationDeleteByIDRequest,
	reply *structs.ServiceRegistrationDeleteByIDResponse) error

DeleteByID removes a single service registration, as specified by its ID from Nomad. This is typically called by Nomad nodes, however, in extreme situations can be used via the CLI and API by operators.

func (*ServiceRegistration) GetService 

func (s *ServiceRegistration) GetService(
	args *structs.ServiceRegistrationByNameRequest,
	reply *structs.ServiceRegistrationByNameResponse) error

GetService is used to get all services registrations corresponding to a single name.

func (*ServiceRegistration) List 

func (s *ServiceRegistration) List(
	args *structs.ServiceRegistrationListRequest,
	reply *structs.ServiceRegistrationListResponse) error

List is used to list service registration held within state. It supports single and wildcard namespace listings.

func (*ServiceRegistration) Upsert 

func (s *ServiceRegistration) Upsert(
	args *structs.ServiceRegistrationUpsertRequest,
	reply *structs.ServiceRegistrationUpsertResponse) error

Upsert creates or updates service registrations held within Nomad. This RPC is only callable by Nomad nodes.

type SnapshotRestorer 

type SnapshotRestorer func(restore *state.StateRestore, dec *codec.Decoder) error

SnapshotRestorer is the definition of a function that can apply a Raft log

type SnapshotRestorers 

type SnapshotRestorers map[SnapshotType]SnapshotRestorer

SnapshotRestorers is a mapping of the SnapshotType to the appropriate snapshot restorer.

type SnapshotType 

type SnapshotType byte

SnapshotType is prefixed to a record in the FSM snapshot so that we can determine the type for restore 

const (
	NodeSnapshot                         SnapshotType = 0
	JobSnapshot                          SnapshotType = 1
	IndexSnapshot                        SnapshotType = 2
	EvalSnapshot                         SnapshotType = 3
	AllocSnapshot                        SnapshotType = 4
	TimeTableSnapshot                    SnapshotType = 5
	PeriodicLaunchSnapshot               SnapshotType = 6
	JobSummarySnapshot                   SnapshotType = 7
	VaultAccessorSnapshot                SnapshotType = 8
	JobVersionSnapshot                   SnapshotType = 9
	DeploymentSnapshot                   SnapshotType = 10
	ACLPolicySnapshot                    SnapshotType = 11
	ACLTokenSnapshot                     SnapshotType = 12
	SchedulerConfigSnapshot              SnapshotType = 13
	ClusterMetadataSnapshot              SnapshotType = 14
	ServiceIdentityTokenAccessorSnapshot SnapshotType = 15
	ScalingPolicySnapshot                SnapshotType = 16
	CSIPluginSnapshot                    SnapshotType = 17
	CSIVolumeSnapshot                    SnapshotType = 18
	ScalingEventsSnapshot                SnapshotType = 19
	EventSinkSnapshot                    SnapshotType = 20
	ServiceRegistrationSnapshot          SnapshotType = 21
	VariablesSnapshot                    SnapshotType = 22
	VariablesQuotaSnapshot               SnapshotType = 23
	RootKeyMetaSnapshot                  SnapshotType = 24
	ACLRoleSnapshot                      SnapshotType = 25
	ACLAuthMethodSnapshot                SnapshotType = 26
	ACLBindingRuleSnapshot               SnapshotType = 27

	// Namespace appliers were moved from enterprise and therefore start at 64
	NamespaceSnapshot SnapshotType = 64
)

type StatsFetcher 

type StatsFetcher struct {
	// contains filtered or unexported fields
}

StatsFetcher has two functions for autopilot. First, lets us fetch all the stats in parallel so we are taking a sample as close to the same time as possible, since we are comparing time-sensitive info for the health check. Second, it bounds the time so that one slow RPC can't hold up the health check loop; as a side effect of how it implements this, it also limits to a single in-flight RPC to any given server, so goroutines don't accumulate as we run the health check fairly frequently.

func NewStatsFetcher 

func NewStatsFetcher(logger log.Logger, pool *pool.ConnPool, region string) *StatsFetcher

NewStatsFetcher returns a stats fetcher.

func (*StatsFetcher) Fetch 

func (f *StatsFetcher) Fetch(ctx context.Context, servers map[raft.ServerID]*autopilot.Server) map[raft.ServerID]*autopilot.ServerStats

Fetch will attempt to query all the servers in parallel.

type Status 

type Status struct {
	// contains filtered or unexported fields
}

Status endpoint is used to check on server status

func NewStatusEndpoint 

func NewStatusEndpoint(srv *Server, ctx *RPCContext) *Status

func (*Status) HasNodeConn 

func (s *Status) HasNodeConn(args *structs.NodeSpecificRequest, reply *structs.NodeConnQueryResponse) error

HasNodeConn returns whether the server has a connection to the requested Node.

func (*Status) Leader 

func (s *Status) Leader(args *structs.GenericRequest, reply *string) error

Leader is used to get the address of the leader

func (*Status) Members 

func (s *Status) Members(args *structs.GenericRequest, reply *structs.ServerMembersResponse) error

Members return the list of servers in a cluster that a particular server is aware of

func (*Status) Peers 

func (s *Status) Peers(args *structs.GenericRequest, reply *[]string) error

Peers is used to get all the Raft peers

func (*Status) Ping 

func (s *Status) Ping(args struct{}, reply *struct{}) error

Ping is used to just check for connectivity

func (*Status) RaftStats 

func (s *Status) RaftStats(args struct{}, reply *structs.RaftStats) error

RaftStats is used by Autopilot to query the raft stats of the local server.

type System 

type System struct {
	// contains filtered or unexported fields
}

System endpoint is used to call invoke system tasks.

func NewSystemEndpoint 

func NewSystemEndpoint(srv *Server, ctx *RPCContext) *System

func (*System) GarbageCollect 

func (s *System) GarbageCollect(args *structs.GenericRequest, reply *structs.GenericResponse) error

GarbageCollect is used to trigger the system to immediately garbage collect nodes, evals and jobs.

func (*System) ReconcileJobSummaries 

func (s *System) ReconcileJobSummaries(args *structs.GenericRequest, reply *structs.GenericResponse) error

ReconcileJobSummaries reconciles the summaries of all the jobs in the state store

type TestVaultClient 

type TestVaultClient struct {
	// LookupTokenErrors maps a token to an error that will be returned by the
	// LookupToken call
	LookupTokenErrors map[string]error

	// LookupTokenSecret maps a token to the Vault secret that will be returned
	// by the LookupToken call
	LookupTokenSecret map[string]*vapi.Secret

	// CreateTokenErrors maps a token to an error that will be returned by the
	// CreateToken call
	CreateTokenErrors map[string]map[string]error

	// CreateTokenSecret maps a token to the Vault secret that will be returned
	// by the CreateToken call
	CreateTokenSecret map[string]map[string]*vapi.Secret

	RevokedTokens []*structs.VaultAccessor
}

TestVaultClient is a Vault client appropriate for use during testing. Its behavior is programmable such that endpoints can be tested under various circumstances.

func (*TestVaultClient) CreateToken 

func (v *TestVaultClient) CreateToken(ctx context.Context, a *structs.Allocation, task string) (*vapi.Secret, error)

func (*TestVaultClient) EmitStats 

func (v *TestVaultClient) EmitStats(period time.Duration, stopCh <-chan struct{})

func (*TestVaultClient) GetConfig 

func (v *TestVaultClient) GetConfig() *config.VaultConfig

func (*TestVaultClient) LookupToken 

func (v *TestVaultClient) LookupToken(ctx context.Context, token string) (*vapi.Secret, error)

func (*TestVaultClient) MarkForRevocation 

func (v *TestVaultClient) MarkForRevocation(accessors []*structs.VaultAccessor) error

func (*TestVaultClient) RevokeTokens 

func (v *TestVaultClient) RevokeTokens(ctx context.Context, accessors []*structs.VaultAccessor, committed bool) error

func (*TestVaultClient) Running 

func (v *TestVaultClient) Running() bool

func (*TestVaultClient) SetActive 

func (v *TestVaultClient) SetActive(enabled bool)

func (*TestVaultClient) SetConfig 

func (v *TestVaultClient) SetConfig(config *config.VaultConfig) error

func (*TestVaultClient) SetCreateTokenError 

func (v *TestVaultClient) SetCreateTokenError(allocID, task string, err error)

SetCreateTokenError sets the error that will be returned by the token creation

func (*TestVaultClient) SetCreateTokenSecret 

func (v *TestVaultClient) SetCreateTokenSecret(allocID, task string, secret *vapi.Secret)

SetCreateTokenSecret sets the secret that will be returned by the token creation

func (*TestVaultClient) SetLookupTokenAllowedPolicies 

func (v *TestVaultClient) SetLookupTokenAllowedPolicies(token string, policies []string)

SetLookupTokenAllowedPolicies is a helper that adds a secret that allows the given policies

func (*TestVaultClient) SetLookupTokenError 

func (v *TestVaultClient) SetLookupTokenError(token string, err error)

SetLookupTokenError sets the error that will be returned by the token lookup

func (*TestVaultClient) SetLookupTokenSecret 

func (v *TestVaultClient) SetLookupTokenSecret(token string, secret *vapi.Secret)

SetLookupTokenSecret sets the secret that will be returned by the token lookup

func (*TestVaultClient) Stats 

func (v *TestVaultClient) Stats() map[string]string

func (*TestVaultClient) Stop 

func (v *TestVaultClient) Stop()

type TimeTable 

type TimeTable struct {
	// contains filtered or unexported fields
}

TimeTable is used to associate a Raft index with a timestamp. This is used so that we can quickly go from a timestamp to an index or visa versa.

func NewTimeTable 

func NewTimeTable(granularity time.Duration, limit time.Duration) *TimeTable

NewTimeTable creates a new time table which stores entries at a given granularity for a maximum limit. The storage space required is (limit/granularity)

func (*TimeTable) Deserialize 

func (t *TimeTable) Deserialize(dec *codec.Decoder) error

Deserialize is used to deserialize the time table and restore the state

func (*TimeTable) NearestIndex 

func (t *TimeTable) NearestIndex(when time.Time) uint64

NearestIndex returns the nearest index older than the given time

func (*TimeTable) NearestTime 

func (t *TimeTable) NearestTime(index uint64) time.Time

NearestTime returns the nearest time older than the given index

func (*TimeTable) Serialize 

func (t *TimeTable) Serialize(enc *codec.Encoder) error

Serialize is used to serialize the time table

func (*TimeTable) Witness 

func (t *TimeTable) Witness(index uint64, when time.Time)

Witness is used to witness a new index and time.

type TimeTableEntry 

type TimeTableEntry struct {
	Index uint64
	Time  time.Time
}

TimeTableEntry is used to track a time and index

type Variables 

type Variables struct {
	// contains filtered or unexported fields
}

Variables encapsulates the variables RPC endpoint which is callable via the Variables RPCs and externally via the "/v1/var{s}" HTTP API.

func NewVariablesEndpoint 

func NewVariablesEndpoint(srv *Server, ctx *RPCContext, enc *Encrypter) *Variables

func (*Variables) Apply 

func (sv *Variables) Apply(args *structs.VariablesApplyRequest, reply *structs.VariablesApplyResponse) error

Apply is used to apply a SV update request to the data store.

func (*Variables) List 

func (sv *Variables) List(
	args *structs.VariablesListRequest,
	reply *structs.VariablesListResponse) error

List is used to list variables held within state. It supports single and wildcard namespace listings.

func (*Variables) Read 

func (sv *Variables) Read(args *structs.VariablesReadRequest, reply *structs.VariablesReadResponse) error

Read is used to get a specific variable

type VaultClient 

type VaultClient interface {
	// SetActive activates or de-activates the Vault client. When active, token
	// creation/lookup/revocation operation are allowed.
	SetActive(active bool)

	// SetConfig updates the config used by the Vault client
	SetConfig(config *config.VaultConfig) error

	// GetConfig returns a copy of the config used by the Vault client, for
	// testing
	GetConfig() *config.VaultConfig

	// CreateToken takes an allocation and task and returns an appropriate Vault
	// Secret
	CreateToken(ctx context.Context, a *structs.Allocation, task string) (*vapi.Secret, error)

	// LookupToken takes a token string and returns its capabilities.
	LookupToken(ctx context.Context, token string) (*vapi.Secret, error)

	// RevokeTokens takes a set of tokens accessor and revokes the tokens
	RevokeTokens(ctx context.Context, accessors []*structs.VaultAccessor, committed bool) error

	// MarkForRevocation revokes the tokens in background
	MarkForRevocation(accessors []*structs.VaultAccessor) error

	// Stop is used to stop token renewal
	Stop()

	// Running returns whether the Vault client is running
	Running() bool

	// Stats returns the Vault clients statistics
	Stats() map[string]string

	// EmitStats emits that clients statistics at the given period until stopCh
	// is called.
	EmitStats(period time.Duration, stopCh <-chan struct{})
}

VaultClient is the Servers interface for interfacing with Vault

type VaultNoopDelegate 

type VaultNoopDelegate struct{}

VaultVaultNoopDelegate returns the default vault api auth token handler

type VaultStats 

type VaultStats struct {
	// TrackedForRevoke is the count of tokens that are being tracked to be
	// revoked since they could not be immediately revoked.
	TrackedForRevoke int

	// TokenTTL is the time-to-live duration for the current token
	TokenTTL time.Duration

	// TokenExpiry is the recorded expiry time of the current token
	TokenExpiry time.Time

	// LastRenewalTime is the time since the token was last renewed
	LastRenewalTime     time.Time
	TimeFromLastRenewal time.Duration

	// NextRenewalTime is the time the token will attempt to renew
	NextRenewalTime   time.Time
	TimeToNextRenewal time.Duration
}

VaultStats returns all the stats about Vault tokens created and managed by Nomad.

type Worker 

type Worker struct {
	// contains filtered or unexported fields
}

Worker is a single threaded scheduling worker. There may be multiple running per server (leader or follower). They are responsible for dequeuing pending evaluations, invoking schedulers, plan submission and the lifecycle around making task allocations. They bridge the business logic of the scheduler with the plumbing required to make it all work.

func NewWorker 

func NewWorker(ctx context.Context, srv *Server, args SchedulerWorkerPoolArgs) (*Worker, error)

NewWorker starts a new scheduler worker associated with the given server

func (*Worker) CreateEval 

func (w *Worker) CreateEval(eval *structs.Evaluation) error

CreateEval is used to create a new evaluation. This allows the worker to act as the planner for the scheduler.

func (*Worker) GetStatus 

func (w *Worker) GetStatus() WorkerStatus

GetStatus returns the status of the Worker

func (*Worker) GetWorkloadStatus 

func (w *Worker) GetWorkloadStatus() SchedulerWorkerStatus

GetStatus returns the status of the Worker's Workload.

func (*Worker) ID 

func (w *Worker) ID() string

ID returns a string ID for the worker.

func (*Worker) Info 

func (w *Worker) Info() WorkerInfo

func (*Worker) IsPaused 

func (w *Worker) IsPaused() bool

IsPaused returns a boolean indicating if this worker has been paused.

func (*Worker) IsStarted 

func (w *Worker) IsStarted() bool

IsStarted returns a boolean indicating if this worker has been started.

func (*Worker) IsStopped 

func (w *Worker) IsStopped() bool

IsStopped returns a boolean indicating if this worker has been stopped.

func (*Worker) Pause 

func (w *Worker) Pause()

Pause transitions a worker to the pausing state. Check to see if it paused using IsPaused()

func (*Worker) ReblockEval 

func (w *Worker) ReblockEval(eval *structs.Evaluation) error

ReblockEval is used to reinsert a blocked evaluation into the blocked eval tracker. This allows the worker to act as the planner for the scheduler.

func (*Worker) Resume 

func (w *Worker) Resume()

Resume transitions a worker to the resuming state. Check to see if the worker restarted by calling IsStarted()

func (*Worker) ServersMeetMinimumVersion 

func (w *Worker) ServersMeetMinimumVersion(minVersion *version.Version, checkFailedServers bool) bool

ServersMeetMinimumVersion allows implementations of the Scheduler interface in other packages to perform server version checks without direct references to the Nomad server.

func (*Worker) Start 

func (w *Worker) Start()

Start transitions a worker to the starting state. Check to see if it paused using IsStarted()

func (*Worker) Stop 

func (w *Worker) Stop()

Resume transitions a worker to the stopping state. Check to see if the worker stopped by calling IsStopped()

func (*Worker) SubmitPlan 

func (w *Worker) SubmitPlan(plan *structs.Plan) (*structs.PlanResult, scheduler.State, error)

SubmitPlan is used to submit a plan for consideration. This allows the worker to act as the planner for the scheduler.

func (*Worker) UpdateEval 

func (w *Worker) UpdateEval(eval *structs.Evaluation) error

UpdateEval is used to submit an updated evaluation. This allows the worker to act as the planner for the scheduler.

type WorkerInfo 

type WorkerInfo struct {
	ID                string    `json:"id"`
	EnabledSchedulers []string  `json:"enabled_schedulers"`
	Started           time.Time `json:"started"`
	Status            string    `json:"status"`
	WorkloadStatus    string    `json:"workload_status"`
}

func (WorkerInfo) Copy 

func (w WorkerInfo) Copy() WorkerInfo

func (WorkerInfo) String 

func (w WorkerInfo) String() string

type WorkerStatus 

type WorkerStatus int
const (
	WorkerUnknownStatus WorkerStatus = iota // Unknown
	WorkerStarting
	WorkerStarted
	WorkerPausing
	WorkerPaused
	WorkerResuming
	WorkerStopping
	WorkerStopped
)

func (WorkerStatus) String 

func (i WorkerStatus) String() string

Source Files

View all Source files

Directories

Path Synopsis
deploymentwatcher creates and tracks Deployments, which hold meta data describing the process of upgrading a running job to a new set of Allocations.
 deploymentwatcher creates and tracks Deployments, which hold meta data describing the process of upgrading a running job to a new set of Allocations.
indexer
paginator
config

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.