Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to revert a Nomad job with Vault policies when allow_unauthenticated is set to false #4555

Closed
robloxrob opened this issue Aug 2, 2018 · 7 comments

Comments

@robloxrob
Copy link

Nomad version

Nomad v0.8.4

Operating system and Environment details

CentOS 7.5

Issue

Unable to revert to a previous revision of a job when allow_unauthenticated is set to false on the nomad server. We can create the job and the validation works. However when attempting to do a revert I get a 500 error that the Vault token is missing. This is a similar error I would receive if I did not provide a vault token when attempting a run.

Reproduction steps

$ env | grep VAULT_TOKEN
VAULT_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx

$ nomad run artifacttest.nomad
==> Monitoring evaluation "38c8cd1b"
    Evaluation triggered by job "artifact-test"
    Evaluation within deployment: "e0bc827c"
    Evaluation status changed: "pending" -> "complete"
==> Evaluation "38c8cd1b" finished with status "complete"

$ nomad job history artifact-test
Version     = 8
Stable      = false
Submit Date = 2018-08-01T18:10:49-07:00

Version     = 7
Stable      = true
Submit Date = 2018-08-01T17:56:00-07:00

Version     = 6
Stable      = true
Submit Date = 2018-08-01T17:46:38-07:00

Version     = 5
Stable      = true
Submit Date = 2018-08-01T17:38:16-07:00

Version     = 4
Stable      = true
Submit Date = 2018-08-01T17:07:01-07:00

Version     = 3
Stable      = true
Submit Date = 2018-08-01T17:04:50-07:00

$ nomad job revert artifact-test 7
Error retrieving job versions: Unexpected response code: 500 (rpc error: Vault policies requested but missing Vault Token)

### Attempt to run WITHOUT Vault token
$ env | grep VAULT_TOKEN

$ nomad run artifacttest.nomad 
Error submitting job: Unexpected response code: 500 (rpc error: Vault policies requested but missing Vault Token)

Job file (if appropriate)

job "artifact-test" {
  region      = "us-west"
  datacenters = ["dc1"]
  type        = "service"

  vault {
    policies = ["secret_policy"]
  }


  group "service-group" {

    count = 2

    task "test-task" {
      driver = "docker"

      config {
        image = "nginx:1.15.1-alpine"
      
        volumes = [ "local/:/usr/share/nginx/html" ]

        port_map {
          http = 80
        }
      }

      resources {
        cpu = 200
        memory = 128

        network {
          mbits = 1

          port "http" {}
        }
      }

      service {
        name = "artifact-test"
        port = "http"
        check {
          name = "artifact"
          type = "http"
          path = "/"
          interval = "10s"
          timeout = "5s"
        }
      }
    }
  }
}
@chelseakomlo
Copy link
Contributor

It is worth looking at whether this issue is also related to #4226

@robloxrob
Copy link
Author

I don't believe they are related. My issue seems to occur for an API call against a Nomad master to the revert the job to a previous version. The issue #4226 is related to restarting the Nomad client service.

@pserranoa
Copy link

pserranoa commented Mar 15, 2019

Any news about this issue? I have the same problem. Nomad v8.4 with VAULT_TOKEN exported.

@cgbaker cgbaker self-assigned this Mar 25, 2019
@cgbaker
Copy link
Contributor

cgbaker commented Mar 25, 2019

thanks for the report, targeting this for 0.9.1

@robloxrob
Copy link
Author

Thank you

@stale
Copy link

stale bot commented Jun 23, 2019

Hey there

Since this issue hasn't had any activity in a while - we're going to automatically close it in 30 days. If you're still seeing this issue with the latest version of Nomad, please respond here and we'll keep this open and take another look at this.

Thanks!

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 21, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

4 participants