Nomad template custom change_mode

[linuxgood1230]

Custom change_mode scripts

I want to execute my custom scripts when template file changed
Example:
1. Alter mysql config opts can not restart mysqld, I want to execute mysql command to to make the changed opt effect
2. Second: I can custom Validate rules, then decide to make the change commit or rollback.

[DhashS]

I'd really like this. Zookeeper cannot be updated with a SIGHUP/SIGUSR1, and the dynamic reconfiguration support requires running

reconfig -file newconfig.cfg //newconfig.cfg is a dynamic config file
within a zkCli.sh line.

[DhashS]

Additionally, I'd be happy to submit a PR for this, but I can't find my way around the Repo. If someone can point me towards where change_mode = "signal" actually gets interpreted into whatever, i'm happy to whack in support for change_mode = "script"

[schmichael]

The script check code is here: https://github.com/hashicorp/nomad/blob/6943943a92f7faaa059519d182bb66799bf41e50/command/agent/consul/script.go

The DriverPlugin.ExecTask() is used to execute script checks inside the task environment (eg in the docker container or exec chroot), so it would work perfectly for this.

[rkettelerij]

+1 here, I've had this need a couple of times. Especially relevant when deploying datastores like Zookeeper or Kafka on Nomad.

One workaround that I came up with - but haven't implemented yet - is to:

• add change_mode = "signal" to your template and choose a signal like SIGUSR1
• wrap your off-the-shelf Docker container (e.g. Zookeeper) in a bash script by overwriting the entrypoint in the Nomad job
• In said bash script listen to the SIGUSR1 signal using the trap command
• execute your custom logic when the signal is received

Having change_mode = "script" available would be much better of course.

[danlsgiga]

Would love to see this feature too, specially knowing that consul-template supports specifying a command for when the template is rendered / updated.

My use case is to be able to reload caddy on the fly whenever the client certificates are replaced by Nomad. caddy does not support signaling the process, the way they reload the configuration without a full restart is via the caddy reload command.

[westeras]

+1 on this feature

[chrismikehogan]

This would be a great feature for some of our JVM based apps too. While we can trap signals in the JVM, we'd prefer not to.

[rkettelerij]

Currently the (consul-)template stanza in Nomad only supports restarting a task or sending a signal. Lots of C and Go apps support signals but this isn't the case for most apps in other languages, in particular those running in a virtual machine like the JVM. In those cases it would be great to add support for change_mode=script and change_mode=http. As requested by @tgross in #10021 here are some use cases for this feature:

• Reloading a Spring Boot app by calling /actuator/refresh
• Reloading a synonym text file in Elasticsearch by calling /_reload_search_analyzers
• Reloading Zookeeper (as already mentioned above)
• Converting a certificate from Vault (generated by the template stanza) to a PKCS12 keystore so for example Kafka is able to do a dynamic reload of the keystore. Side note: it would be even greater if Vault would be able to just hand out PKCS12 keystores, I've lost count of the number of times I've had to write logic to do a PEM-to-PKCS12 conversion. But that's a different issue, the ability to execute a script after a certificate is generated would be a step forward.
• Reloading <insert tool here> via a CLI command e.g. mytool --reload <path to config file generated by template stanza>.
• .....

[josegonzalez]

Another use-case: The caddy proxy no longer supports signals for reloading config (boo) and so you either need to load the config via api or run caddy reload.

[jaen]

Adding fail2ban to examples where this is useful – you can run fail2ban-client reload to reload, but they don't document what (if any) signal this uses.

[github-actions]

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.