Documentation

Index

Constants

View Source
const (
	ExamplePolicyID1 = "a7c86856-0af5-4ab5-8834-03f4517e5564"
	ExamplePolicyID2 = "ffa1b66c-967d-4468-8775-c687b5cfc16e"
	ExamplePolicyID3 = "f68f0c36-51f8-4343-97dd-f0d4816c915f"
)

Example Consul policies for use in tests.

View Source
const (
	ExampleRoleID1 = "e569a3a8-7dfb-b024-e492-e790fe3c4183"
	ExampleRoleID2 = "88c825f4-d0da-1c2b-0c1c-cc9fe84c4468"
	ExampleRoleID3 = "b19b2058-6205-6dff-d2b0-470f29b8e627"
)

Example Consul roles for use in tests.

View Source
const (
	ExampleOperatorTokenID0 = "de591604-86eb-1e6f-8b44-d4db752921ae"
	ExampleOperatorTokenID1 = "59c219c2-47e4-43f3-bb45-258fd13f59d5"
	ExampleOperatorTokenID2 = "868cc216-e123-4c2b-b362-f4d4c087de8e"
	ExampleOperatorTokenID3 = "6177d1b9-c0f6-4118-b891-d818a3cb80b1"
	ExampleOperatorTokenID4 = "754ae26c-f3cc-e088-d486-9c0d20f5eaea"
)
View Source
const (

	// DefaultQueryWaitDuration is the max duration the Consul Agent will
	// spend waiting for a response from a Consul Query.
	DefaultQueryWaitDuration = 2 * time.Second

	// ServiceTagHTTP is the tag assigned to HTTP services
	ServiceTagHTTP = "http"

	// ServiceTagRPC is the tag assigned to RPC services
	ServiceTagRPC = "rpc"

	// ServiceTagSerf is the tag assigned to Serf services
	ServiceTagSerf = "serf"
)

Variables

View Source
var (
	ExampleOperatorToken0 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID0,
		AccessorID:  "228865c6-3bf6-6683-df03-06dea2779088 ",
		Description: "Operator Token 0",
	}

	ExampleOperatorToken1 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID1,
		AccessorID:  "e341bacd-535e-417c-8f45-f88d7faffcaf",
		Description: "Operator Token 1",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID1,
		}},
	}

	ExampleOperatorToken2 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID2,
		AccessorID:  "615b4d77-5164-4ec6-b616-24c0b24ac9cb",
		Description: "Operator Token 2",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID2,
		}},
	}

	ExampleOperatorToken3 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID3,
		AccessorID:  "6b7de0d7-15f7-45b4-95eb-fb775bfe3fdc",
		Description: "Operator Token 3",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID3,
		}},
	}

	ExampleOperatorToken4 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID4,
		AccessorID:  "7b5fdb1a-71e5-f3d8-2cfe-448d973f327d",
		Description: "Operator Token 4",
		Policies:    nil,
		Roles: []*api.ACLTokenRoleLink{{
			ID:   ExampleRoleID1,
			Name: "example-role-1",
		}},
	}
)

Functions

func MakeAllocServiceID

func MakeAllocServiceID(allocID, taskName string, service *structs.Service) string

MakeAllocServiceID creates a unique ID for identifying an alloc service in Consul.

Example Service ID: _nomad-task-b4e61df9-b095-d64e-f241-23860da1375f-redis-http-http

func MakeCheckID

func MakeCheckID(serviceID string, check *structs.ServiceCheck) string

MakeCheckID creates a unique ID for a check.

Example Check ID: _nomad-check-434ae42f9a57c5705344974ac38de2aee0ee089d

Types

type ACLsAPI

type ACLsAPI interface {
	// We are looking up by [operator token] SecretID, which implies we need
	// to use this method instead of the normal TokenRead, which can only be
	// used to lookup tokens by their AccessorID.
	TokenReadSelf(q *api.QueryOptions) (*api.ACLToken, *api.QueryMeta, error)
	PolicyRead(policyID string, q *api.QueryOptions) (*api.ACLPolicy, *api.QueryMeta, error)
	RoleRead(roleID string, q *api.QueryOptions) (*api.ACLRole, *api.QueryMeta, error)
	TokenCreate(partial *api.ACLToken, q *api.WriteOptions) (*api.ACLToken, *api.WriteMeta, error)
	TokenDelete(accessorID string, q *api.WriteOptions) (*api.WriteMeta, error)
	TokenList(q *api.QueryOptions) ([]*api.ACLTokenListEntry, *api.QueryMeta, error)
}

ACLsAPI is the consul/api.ACL API subset used by Nomad Server.

ACL requirements - acl:write (server only)

type AgentAPI

type AgentAPI interface {
	Services() (map[string]*api.AgentService, error)
	Checks() (map[string]*api.AgentCheck, error)
	CheckRegister(check *api.AgentCheckRegistration) error
	CheckDeregister(checkID string) error
	Self() (map[string]map[string]interface{}, error)
	ServiceRegister(service *api.AgentServiceRegistration) error
	ServiceDeregister(serviceID string) error
	UpdateTTL(id, output, status string) error
}

AgentAPI is the consul/api.Agent API used by Nomad.

ACL requirements - agent:read - service:write

type AllocRegistration

type AllocRegistration struct {
	// Tasks maps the name of a task to its registered services and checks
	Tasks map[string]*ServiceRegistrations
}

AllocRegistration holds the status of services registered for a particular allocations by task.

func (*AllocRegistration) NumChecks

func (a *AllocRegistration) NumChecks() int

NumChecks returns the number of registered checks

func (*AllocRegistration) NumServices

func (a *AllocRegistration) NumServices() int

NumServices returns the number of registered services

type CatalogAPI

type CatalogAPI interface {
	Datacenters() ([]string, error)
	Service(service, tag string, q *api.QueryOptions) ([]*api.CatalogService, *api.QueryMeta, error)
}

CatalogAPI is the consul/api.Catalog API used by Nomad.

ACL requirements - node:read (listing datacenters) - service:read

type ChecksAPI

type ChecksAPI interface {
	// Checks returns a list of all checks.
	Checks() (map[string]*api.AgentCheck, error)
}

ChecksAPI is the part of the Consul API the checkWatcher requires.

type MockACLsAPI

type MockACLsAPI struct {
	// contains filtered or unexported fields
}

MockACLsAPI is a mock of consul.ACLsAPI

func NewMockACLsAPI

func NewMockACLsAPI(l hclog.Logger) *MockACLsAPI

func (*MockACLsAPI) PolicyRead

func (m *MockACLsAPI) PolicyRead(policyID string, _ *api.QueryOptions) (*api.ACLPolicy, *api.QueryMeta, error)

func (*MockACLsAPI) RoleRead

func (m *MockACLsAPI) RoleRead(roleID string, _ *api.QueryOptions) (*api.ACLRole, *api.QueryMeta, error)

func (*MockACLsAPI) SetError

func (m *MockACLsAPI) SetError(err error)

SetError is a helper method for configuring an error that will be returned on future calls to mocked methods.

func (*MockACLsAPI) TokenCreate

func (m *MockACLsAPI) TokenCreate(token *api.ACLToken, opts *api.WriteOptions) (*api.ACLToken, *api.WriteMeta, error)

TokenCreate is a mock of ACLsAPI.TokenCreate

func (*MockACLsAPI) TokenDelete

func (m *MockACLsAPI) TokenDelete(accessorID string, opts *api.WriteOptions) (*api.WriteMeta, error)

TokenDelete is a mock of ACLsAPI.TokenDelete

func (*MockACLsAPI) TokenList

TokenList is a mock of ACLsAPI.TokenList

func (*MockACLsAPI) TokenReadSelf

func (m *MockACLsAPI) TokenReadSelf(q *api.QueryOptions) (*api.ACLToken, *api.QueryMeta, error)

type MockAgent

type MockAgent struct {
	// contains filtered or unexported fields
}

MockAgent is a fake in-memory Consul backend for ServiceClient.

func NewMockAgent

func NewMockAgent() *MockAgent

NewMockAgent that returns all checks as passing.

func (*MockAgent) CheckDeregister

func (c *MockAgent) CheckDeregister(checkID string) error

func (*MockAgent) CheckRegister

func (c *MockAgent) CheckRegister(check *api.AgentCheckRegistration) error

func (*MockAgent) CheckRegs

func (c *MockAgent) CheckRegs() []*api.AgentCheckRegistration

CheckRegs returns the raw AgentCheckRegistrations registered with this mock agent.

func (*MockAgent) Checks

func (c *MockAgent) Checks() (map[string]*api.AgentCheck, error)

Checks implements the Agent API Checks method.

func (*MockAgent) Self

func (c *MockAgent) Self() (map[string]map[string]interface{}, error)

func (*MockAgent) ServiceDeregister

func (c *MockAgent) ServiceDeregister(serviceID string) error

func (*MockAgent) ServiceRegister

func (c *MockAgent) ServiceRegister(service *api.AgentServiceRegistration) error

func (*MockAgent) Services

func (c *MockAgent) Services() (map[string]*api.AgentService, error)

func (*MockAgent) SetStatus

func (c *MockAgent) SetStatus(s string) string

SetStatus that Checks() should return. Returns old status value.

func (*MockAgent) UpdateTTL

func (c *MockAgent) UpdateTTL(id string, output string, status string) error

type MockCatalog

type MockCatalog struct {
	// contains filtered or unexported fields
}

MockCatalog can be used for testing where the CatalogAPI is needed.

func NewMockCatalog

func NewMockCatalog(l hclog.Logger) *MockCatalog

func (*MockCatalog) Datacenters

func (m *MockCatalog) Datacenters() ([]string, error)

func (*MockCatalog) Service

func (m *MockCatalog) Service(service, tag string, q *api.QueryOptions) ([]*api.CatalogService, *api.QueryMeta, error)

type ServiceClient

type ServiceClient struct {
	// contains filtered or unexported fields
}

ServiceClient handles task and agent service registration with Consul.

func NewServiceClient

func NewServiceClient(consulClient AgentAPI, logger log.Logger, isNomadClient bool) *ServiceClient

NewServiceClient creates a new Consul ServiceClient from an existing Consul API Client, logger and takes whether the client is being used by a Nomad Client agent. When being used by a Nomad client, this Consul client reconciles all services and checks created by Nomad on behalf of running tasks.

func (*ServiceClient) AllocRegistrations

func (c *ServiceClient) AllocRegistrations(allocID string) (*AllocRegistration, error)

AllocRegistrations returns the registrations for the given allocation. If the allocation has no reservations, the response is a nil object.

func (*ServiceClient) RegisterAgent

func (c *ServiceClient) RegisterAgent(role string, services []*structs.Service) error

RegisterAgent registers Nomad agents (client or server). The Service.PortLabel should be a literal port to be parsed with SplitHostPort. Script checks are not supported and will return an error. Registration is asynchronous.

Agents will be deregistered when Shutdown is called.

func (*ServiceClient) RegisterWorkload

func (c *ServiceClient) RegisterWorkload(workload *WorkloadServices) error

RegisterWorkload with Consul. Adds all service entries and checks to Consul.

If the service IP is set it used as the address in the service registration. Checks will always use the IP from the Task struct (host's IP).

Actual communication with Consul is done asynchronously (see Run).

func (*ServiceClient) RemoveWorkload

func (c *ServiceClient) RemoveWorkload(workload *WorkloadServices)

RemoveWorkload from Consul. Removes all service entries and checks.

Actual communication with Consul is done asynchronously (see Run).

func (*ServiceClient) Run

func (c *ServiceClient) Run()

Run the Consul main loop which retries operations against Consul. It should be called exactly once.

func (*ServiceClient) Shutdown

func (c *ServiceClient) Shutdown() error

Shutdown the Consul client. Update running task registrations and deregister agent from Consul. On first call blocks up to shutdownWait before giving up on syncing operations.

func (*ServiceClient) UpdateTTL

func (c *ServiceClient) UpdateTTL(id, output, status string) error

UpdateTTL is used to update the TTL of a check. Typically this will only be called to heartbeat script checks.

func (*ServiceClient) UpdateWorkload

func (c *ServiceClient) UpdateWorkload(old, newWorkload *WorkloadServices) error

UpdateWorkload in Consul. Does not alter the service if only checks have changed.

DriverNetwork must not change between invocations for the same allocation.

type ServiceRegistration

type ServiceRegistration struct {

	// Service is the AgentService registered in Consul.
	Service *api.AgentService

	// Checks is the status of the registered checks.
	Checks []*api.AgentCheck
	// contains filtered or unexported fields
}

ServiceRegistration holds the status of a registered Consul Service and its Checks.

type ServiceRegistrations

type ServiceRegistrations struct {
	Services map[string]*ServiceRegistration
}

ServiceRegistrations holds the status of services registered for a particular task or task group.

type WorkloadRestarter

type WorkloadRestarter interface {
	Restart(ctx context.Context, event *structs.TaskEvent, failure bool) error
}

WorkloadRestarter allows the checkWatcher to restart tasks or entire task groups.

func NoopRestarter

func NoopRestarter() WorkloadRestarter

type WorkloadServices

type WorkloadServices struct {
	AllocID string

	// Name of the task and task group the services are defined for. For
	// group based services, Task will be empty
	Task  string
	Group string

	// Canary indicates whether or not the allocation is a canary
	Canary bool

	// Restarter allows restarting the task or task group depending on the
	// check_restart stanzas.
	Restarter WorkloadRestarter

	// Services and checks to register for the task.
	Services []*structs.Service

	// Networks from the task's resources stanza.
	Networks structs.Networks

	// DriverExec is the script executor for the task's driver.
	// For group services this is nil and script execution is managed by
	// a tasklet in the taskrunner script_check_hook
	DriverExec interfaces.ScriptExecutor

	// DriverNetwork is the network specified by the driver and may be nil.
	DriverNetwork *drivers.DriverNetwork
}

WorkloadServices describes services defined in either a Task or TaskGroup that need to be syncronized with Consul

func BuildAllocServices

func BuildAllocServices(node *structs.Node, alloc *structs.Allocation, restarter WorkloadRestarter) *WorkloadServices

func (*WorkloadServices) Copy

func (ws *WorkloadServices) Copy() *WorkloadServices

Copy method for easing tests

func (*WorkloadServices) Name

func (ws *WorkloadServices) Name() string