Merge branch 'master' into f-cc-ingress

CHANGELOG.md

@@ -5,11 +5,16 @@ IMPROVEMENTS:
  * api: Added node purge SDK functionality. [[GH-8142](https://github.com/hashicorp/nomad/issues/8142)]
  * driver/docker: Allow configurable image pull context timeout setting. [[GH-5718](https://github.com/hashicorp/nomad/issues/5718)]
 
+BUG FIXES:
+
+ * core: Fixed a bug where unpromoted job versions are used when rescheduling failed allocations [[GH-8691](https://github.com/hashicorp/nomad/issues/8691)]
+
 ## 0.12.3 (August 13, 2020)
 
 BUG FIXES:
 
  * csi: Fixed a panic in the API affecting both plugins and volumes. [[GH-8655](https://github.com/hashicorp/nomad/issues/8655)]
+ * core (Enterprise): Fixed a bug where enterprise servers may self-terminate as licenses are ignored after a Raft snapshot restore. [[GH-8737](https://github.com/hashicorp/nomad/issues/8737)]
 
 ## 0.12.2 (August 12, 2020)
 

acl/policy.go

@@ -238,7 +238,7 @@ func Parse(rules string) (*Policy, error) {
 	}
 
 	// Attempt to parse
-	if err := hcl.Decode(p, rules); err != nil {
+	if err := hclDecode(p, rules); err != nil {
 		return nil, fmt.Errorf("Failed to parse ACL Policy: %v", err)
 	}
 
@@ -312,3 +312,14 @@ func Parse(rules string) (*Policy, error) {
 	}
 	return p, nil
 }
+
+// hclDecode wraps hcl.Decode function but handles any unexpected panics
+func hclDecode(p *Policy, rules string) (err error) {
+	defer func() {
+		if rerr := recover(); rerr != nil {
+			err = fmt.Errorf("invalid acl policy: %v", rerr)
+		}
+	}()
+
+	return hcl.Decode(p, rules)
+}

acl/policy_test.go

@@ -327,3 +327,16 @@ func TestParse(t *testing.T) {
 		})
 	}
 }
+
+func TestParse_BadInput(t *testing.T) {
+	inputs := []string{
+		`namespace "\500" {}`,
+	}
+
+	for i, c := range inputs {
+		t.Run(fmt.Sprintf("%d: %v", i, c), func(t *testing.T) {
+			_, err := Parse(c)
+			assert.Error(t, err)
+		})
+	}
+}

client/allocdir/alloc_dir.go

@@ -117,12 +117,13 @@ func NewAllocDir(logger hclog.Logger, allocDir string) *AllocDir {
 // Copy an AllocDir and all of its TaskDirs. Returns nil if AllocDir is
 // nil.
 func (d *AllocDir) Copy() *AllocDir {
-	d.mu.RLock()
-	defer d.mu.RUnlock()
-
 	if d == nil {
 		return nil
 	}
+
+	d.mu.RLock()
+	defer d.mu.RUnlock()
+
 	dcopy := &AllocDir{
 		AllocDir:  d.AllocDir,
 		SharedDir: d.SharedDir,
@@ -429,6 +430,7 @@ func detectContentType(fileInfo os.FileInfo, path string) string {
 			if err == nil {
 				contentType = http.DetectContentType(fileBytes)
 			}
+			f.Close()
 		}
 	}
 	// Special case json files

client/fingerprint/bridge_linux.go

@@ -7,6 +7,7 @@ import (
 	"regexp"
 
 	"github.com/hashicorp/nomad/nomad/structs"
+	"github.com/shirou/gopsutil/host"
 )
 
 const bridgeKernelModuleName = "bridge"
@@ -35,19 +36,39 @@ func (f *BridgeFingerprint) Fingerprint(req *FingerprintRequest, resp *Fingerpri
 }
 
 func (f *BridgeFingerprint) checkKMod(mod string) error {
-	file, err := os.Open("/proc/modules")
+	hostInfo, err := host.Info()
 	if err != nil {
-		return fmt.Errorf("could not read /proc/modules: %v", err)
+		return err
+	}
+
+	dynErr := f.checkKModFile(mod, "/proc/modules", fmt.Sprintf("%s\\s+.*$", mod))
+	if dynErr == nil {
+		return nil
+	}
+
+	builtinErr := f.checkKModFile(mod,
+		fmt.Sprintf("/lib/modules/%s/modules.builtin", hostInfo.KernelVersion),
+		fmt.Sprintf(".+\\/%s.ko$", mod))
+	if builtinErr == nil {
+		return nil
+	}
+
+	return fmt.Errorf("%v, %v", dynErr, builtinErr)
+}
+
+func (f *BridgeFingerprint) checkKModFile(mod, fileName, pattern string) error {
+	file, err := os.Open(fileName)
+	if err != nil {
+		return fmt.Errorf("could not read %s: %v", fileName, err)
 	}
 	defer file.Close()
 
 	scanner := bufio.NewScanner(file)
-	pattern := fmt.Sprintf("%s\\s+.*$", mod)
 	for scanner.Scan() {
 		if matched, err := regexp.MatchString(pattern, scanner.Text()); matched {
 			return nil
 		} else if err != nil {
-			return fmt.Errorf("could not parse /proc/modules: %v", err)
+			return fmt.Errorf("could not parse %s: %v", fileName, err)
 		}
 	}
 

command/agent/csi_endpoint.go

@@ -296,7 +296,9 @@ func structsCSIPluginToApi(plug *structs.CSIPlugin) *api.CSIPlugin {
 	}
 
 	for _, a := range plug.Allocations {
-		out.Allocations = append(out.Allocations, structsAllocListStubToApi(a))
+		if a != nil {
+			out.Allocations = append(out.Allocations, structsAllocListStubToApi(a))
+		}
 	}
 
 	return out
@@ -341,11 +343,15 @@ func structsCSIVolumeToApi(vol *structs.CSIVolume) *api.CSIVolume {
 	}
 
 	for _, a := range vol.WriteAllocs {
-		out.Allocations = append(out.Allocations, structsAllocListStubToApi(a.Stub()))
+		if a != nil {
+			out.Allocations = append(out.Allocations, structsAllocListStubToApi(a.Stub()))
+		}
 	}
 
 	for _, a := range vol.ReadAllocs {
-		out.Allocations = append(out.Allocations, structsAllocListStubToApi(a.Stub()))
+		if a != nil {
+			out.Allocations = append(out.Allocations, structsAllocListStubToApi(a.Stub()))
+		}
 	}
 
 	return out

contributing/issue-labels.md

@@ -0,0 +1,75 @@
+# Nomad Issue Labels
+
+This document briefly describes the labels the Nomad team will apply when you
+open a GitHub issue. The workflows described here are a work-in-progress.
+
+### Types
+
+Type labels define the workflow for an issue. See the description of the
+workflows below.
+
+Label | Description
+---|---
+type/enhancement | Proposed improvement or new feature
+type/bug | Feature does not function as expected or crashes Nomad
+type/question | General questions
+
+### Stages
+
+Triage labels define the stages of a workflow for an issue.
+
+Label | Description
+---|---
+stage/accepted | The Nomad team intends to work on this bug or feature, but does not commit to a specific timeline. This doesn’t mean the design of the feature has been fully completed, just that we want to do so.
+stage/thinking | The Nomad team member who triages the issue needs a few days to think and respond to the issue
+stage/needs-discussion | This topic needs discussion with the larger Nomad maintainers group before committing to it. This doesn’t signify that design needs to be discussed.
+stage/needs-investigation | The issue described is detailed and complex. It will need some work and can't be immediately resolved.
+stage/waiting-reply | We need more information from the reporter.
+stage/not-a-bug | Reported as a bug but turned out to be expected behavior and was closed.
+
+### Themes
+
+Theme labels define the component of Nomad involved. These will frequently
+change and new themes will be added for new features, so see the description
+of each label for details.
+
+## Workflows
+
+### `type/enhancement`
+
+When you as a community member make a feature request, a Nomad maintainer will
+triage it and generally label the issue as follows:
+
+* `stage/thinking`: The Nomad team member who triages the issue wants to think
+  about the idea some more.
+* `stage/needs-discussion`: The Nomad team needs to discuss the idea within
+  the larger maintainers group before committing to it.
+* `stage/waiting-reply`: The Nomad maintainer needs you to provide some more
+  information about the idea or its use cases.
+* Closed: the Nomad team member may be able to tell right away that this
+  request is not a good fit for Nomad.
+
+The goal for issue labeled `stage/thinking`, `stage/needs-discussion`, or
+`stage/waiting-reply` is to move them to `stage/accepted` (or to close
+them). At this point, you can submit a PR that we'll be happy to review, the
+Nomad maintainer who triaged the issue may open a PR, or for complex features
+it will get into the Nomad team's roadmap for scheduling.
+
+### `type/bug`
+
+When you as a community member report a bug, a Nomad maintainer will triage it and generally label the issue as follows:
+
+* `stage/needs-investigation`: The Nomad maintainer thinks this bug needs some
+  initial investigation to determine if it's a bug or what system might be
+  involved.
+* `stage/waiting-reply`: The Nomad team member needs you to provide more
+  information about the problem.
+* `stage/accepted`: The bug will need more than a trivial amount of time to
+  fix. Depending on the severity, the Nomad maintainers will work on fixing it
+  immediately or get it into the roadmap for an upcoming release.
+* `stage/not-a-bug`: The issue is not really a bug but is working as
+  designed. Often this is a documentation issue, in which case the label may
+  be changed to `type/enhancement` and `theme/docs`
+* Fixed! If the issue is small, the Nomad maintainer may just immediately open
+  a PR to fix the problem and will let you know to expect the in the next
+  release.