github.com/djenriquez/nomad-1@v0.8.1/client/config/config.go (about) 1 package config 2 3 import ( 4 "fmt" 5 "io" 6 "os" 7 "strconv" 8 "strings" 9 "time" 10 11 "github.com/hashicorp/nomad/helper" 12 "github.com/hashicorp/nomad/helper/tlsutil" 13 "github.com/hashicorp/nomad/nomad/structs" 14 "github.com/hashicorp/nomad/nomad/structs/config" 15 "github.com/hashicorp/nomad/version" 16 ) 17 18 var ( 19 // DefaultEnvBlacklist is the default set of environment variables that are 20 // filtered when passing the environment variables of the host to a task. 21 DefaultEnvBlacklist = strings.Join([]string{ 22 "CONSUL_TOKEN", 23 "VAULT_TOKEN", 24 "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", 25 "GOOGLE_APPLICATION_CREDENTIALS", 26 }, ",") 27 28 // DefaultUserBlacklist is the default set of users that tasks are not 29 // allowed to run as when using a driver in "user.checked_drivers" 30 DefaultUserBlacklist = strings.Join([]string{ 31 "root", 32 "Administrator", 33 }, ",") 34 35 // DefaultUserCheckedDrivers is the set of drivers we apply the user 36 // blacklist onto. For virtualized drivers it often doesn't make sense to 37 // make this stipulation so by default they are ignored. 38 DefaultUserCheckedDrivers = strings.Join([]string{ 39 "exec", 40 "qemu", 41 "java", 42 }, ",") 43 44 // A mapping of directories on the host OS to attempt to embed inside each 45 // task's chroot. 46 DefaultChrootEnv = map[string]string{ 47 "/bin": "/bin", 48 "/etc": "/etc", 49 "/lib": "/lib", 50 "/lib32": "/lib32", 51 "/lib64": "/lib64", 52 "/run/resolvconf": "/run/resolvconf", 53 "/sbin": "/sbin", 54 "/usr": "/usr", 55 } 56 ) 57 58 // RPCHandler can be provided to the Client if there is a local server 59 // to avoid going over the network. If not provided, the Client will 60 // maintain a connection pool to the servers 61 type RPCHandler interface { 62 RPC(method string, args interface{}, reply interface{}) error 63 } 64 65 // Config is used to parameterize and configure the behavior of the client 66 type Config struct { 67 // DevMode controls if we are in a development mode which 68 // avoids persistent storage. 69 DevMode bool 70 71 // StateDir is where we store our state 72 StateDir string 73 74 // AllocDir is where we store data for allocations 75 AllocDir string 76 77 // LogOutput is the destination for logs 78 LogOutput io.Writer 79 80 // Region is the clients region 81 Region string 82 83 // Network interface to be used in network fingerprinting 84 NetworkInterface string 85 86 // Network speed is the default speed of network interfaces if they can not 87 // be determined dynamically. 88 NetworkSpeed int 89 90 // CpuCompute is the default total CPU compute if they can not be determined 91 // dynamically. It should be given as Cores * MHz (2 Cores * 2 Ghz = 4000) 92 CpuCompute int 93 94 // MemoryMB is the default node total memory in megabytes if it cannot be 95 // determined dynamically. 96 MemoryMB int 97 98 // MaxKillTimeout allows capping the user-specifiable KillTimeout. If the 99 // task's KillTimeout is greater than the MaxKillTimeout, MaxKillTimeout is 100 // used. 101 MaxKillTimeout time.Duration 102 103 // Servers is a list of known server addresses. These are as "host:port" 104 Servers []string 105 106 // RPCHandler can be provided to avoid network traffic if the 107 // server is running locally. 108 RPCHandler RPCHandler 109 110 // Node provides the base node 111 Node *structs.Node 112 113 // ClientMaxPort is the upper range of the ports that the client uses for 114 // communicating with plugin subsystems over loopback 115 ClientMaxPort uint 116 117 // ClientMinPort is the lower range of the ports that the client uses for 118 // communicating with plugin subsystems over loopback 119 ClientMinPort uint 120 121 // GloballyReservedPorts are ports that are reserved across all network 122 // devices and IPs. 123 GloballyReservedPorts []int 124 125 // A mapping of directories on the host OS to attempt to embed inside each 126 // task's chroot. 127 ChrootEnv map[string]string 128 129 // Options provides arbitrary key-value configuration for nomad internals, 130 // like fingerprinters and drivers. The format is: 131 // 132 // namespace.option = value 133 Options map[string]string 134 135 // Version is the version of the Nomad client 136 Version *version.VersionInfo 137 138 // ConsulConfig is this Agent's Consul configuration 139 ConsulConfig *config.ConsulConfig 140 141 // VaultConfig is this Agent's Vault configuration 142 VaultConfig *config.VaultConfig 143 144 // StatsCollectionInterval is the interval at which the Nomad client 145 // collects resource usage stats 146 StatsCollectionInterval time.Duration 147 148 // PublishNodeMetrics determines whether nomad is going to publish node 149 // level metrics to remote Telemetry sinks 150 PublishNodeMetrics bool 151 152 // PublishAllocationMetrics determines whether nomad is going to publish 153 // allocation metrics to remote Telemetry sinks 154 PublishAllocationMetrics bool 155 156 // TLSConfig holds various TLS related configurations 157 TLSConfig *config.TLSConfig 158 159 // GCInterval is the time interval at which the client triggers garbage 160 // collection 161 GCInterval time.Duration 162 163 // GCParallelDestroys is the number of parallel destroys the garbage 164 // collector will allow. 165 GCParallelDestroys int 166 167 // GCDiskUsageThreshold is the disk usage threshold given as a percent 168 // beyond which the Nomad client triggers GC of terminal allocations 169 GCDiskUsageThreshold float64 170 171 // GCInodeUsageThreshold is the inode usage threshold given as a percent 172 // beyond which the Nomad client triggers GC of the terminal allocations 173 GCInodeUsageThreshold float64 174 175 // GCMaxAllocs is the maximum number of allocations a node can have 176 // before garbage collection is triggered. 177 GCMaxAllocs int 178 179 // LogLevel is the level of the logs to putout 180 LogLevel string 181 182 // NoHostUUID disables using the host's UUID and will force generation of a 183 // random UUID. 184 NoHostUUID bool 185 186 // ACLEnabled controls if ACL enforcement and management is enabled. 187 ACLEnabled bool 188 189 // ACLTokenTTL is how long we cache token values for 190 ACLTokenTTL time.Duration 191 192 // ACLPolicyTTL is how long we cache policy values for 193 ACLPolicyTTL time.Duration 194 195 // DisableTaggedMetrics determines whether metrics will be displayed via a 196 // key/value/tag format, or simply a key/value format 197 DisableTaggedMetrics bool 198 199 // BackwardsCompatibleMetrics determines whether to show methods of 200 // displaying metrics for older versions, or to only show the new format 201 BackwardsCompatibleMetrics bool 202 203 // RPCHoldTimeout is how long an RPC can be "held" before it is errored. 204 // This is used to paper over a loss of leadership by instead holding RPCs, 205 // so that the caller experiences a slow response rather than an error. 206 // This period is meant to be long enough for a leader election to take 207 // place, and a small jitter is applied to avoid a thundering herd. 208 RPCHoldTimeout time.Duration 209 } 210 211 func (c *Config) Copy() *Config { 212 nc := new(Config) 213 *nc = *c 214 nc.Node = nc.Node.Copy() 215 nc.Servers = helper.CopySliceString(nc.Servers) 216 nc.Options = helper.CopyMapStringString(nc.Options) 217 nc.GloballyReservedPorts = helper.CopySliceInt(c.GloballyReservedPorts) 218 nc.ConsulConfig = c.ConsulConfig.Copy() 219 nc.VaultConfig = c.VaultConfig.Copy() 220 return nc 221 } 222 223 // DefaultConfig returns the default configuration 224 func DefaultConfig() *Config { 225 return &Config{ 226 Version: version.GetVersion(), 227 VaultConfig: config.DefaultVaultConfig(), 228 ConsulConfig: config.DefaultConsulConfig(), 229 LogOutput: os.Stderr, 230 Region: "global", 231 StatsCollectionInterval: 1 * time.Second, 232 TLSConfig: &config.TLSConfig{}, 233 LogLevel: "DEBUG", 234 GCInterval: 1 * time.Minute, 235 GCParallelDestroys: 2, 236 GCDiskUsageThreshold: 80, 237 GCInodeUsageThreshold: 70, 238 GCMaxAllocs: 50, 239 NoHostUUID: true, 240 DisableTaggedMetrics: false, 241 BackwardsCompatibleMetrics: false, 242 RPCHoldTimeout: 5 * time.Second, 243 } 244 } 245 246 // Read returns the specified configuration value or "". 247 func (c *Config) Read(id string) string { 248 return c.Options[id] 249 } 250 251 // ReadDefault returns the specified configuration value, or the specified 252 // default value if none is set. 253 func (c *Config) ReadDefault(id string, defaultValue string) string { 254 val, ok := c.Options[id] 255 if !ok { 256 return defaultValue 257 } 258 return val 259 } 260 261 // ReadBool parses the specified option as a boolean. 262 func (c *Config) ReadBool(id string) (bool, error) { 263 val, ok := c.Options[id] 264 if !ok { 265 return false, fmt.Errorf("Specified config is missing from options") 266 } 267 bval, err := strconv.ParseBool(val) 268 if err != nil { 269 return false, fmt.Errorf("Failed to parse %s as bool: %s", val, err) 270 } 271 return bval, nil 272 } 273 274 // ReadBoolDefault tries to parse the specified option as a boolean. If there is 275 // an error in parsing, the default option is returned. 276 func (c *Config) ReadBoolDefault(id string, defaultValue bool) bool { 277 val, err := c.ReadBool(id) 278 if err != nil { 279 return defaultValue 280 } 281 return val 282 } 283 284 // ReadInt parses the specified option as a int. 285 func (c *Config) ReadInt(id string) (int, error) { 286 val, ok := c.Options[id] 287 if !ok { 288 return 0, fmt.Errorf("Specified config is missing from options") 289 } 290 ival, err := strconv.Atoi(val) 291 if err != nil { 292 return 0, fmt.Errorf("Failed to parse %s as int: %s", val, err) 293 } 294 return ival, nil 295 } 296 297 // ReadIntDefault tries to parse the specified option as a int. If there is 298 // an error in parsing, the default option is returned. 299 func (c *Config) ReadIntDefault(id string, defaultValue int) int { 300 val, err := c.ReadInt(id) 301 if err != nil { 302 return defaultValue 303 } 304 return val 305 } 306 307 // ReadDuration parses the specified option as a duration. 308 func (c *Config) ReadDuration(id string) (time.Duration, error) { 309 val, ok := c.Options[id] 310 if !ok { 311 return time.Duration(0), fmt.Errorf("Specified config is missing from options") 312 } 313 dval, err := time.ParseDuration(val) 314 if err != nil { 315 return time.Duration(0), fmt.Errorf("Failed to parse %s as time duration: %s", val, err) 316 } 317 return dval, nil 318 } 319 320 // ReadDurationDefault tries to parse the specified option as a duration. If there is 321 // an error in parsing, the default option is returned. 322 func (c *Config) ReadDurationDefault(id string, defaultValue time.Duration) time.Duration { 323 val, err := c.ReadDuration(id) 324 if err != nil { 325 return defaultValue 326 } 327 return val 328 } 329 330 // ReadStringListToMap tries to parse the specified option as a comma separated list. 331 // If there is an error in parsing, an empty list is returned. 332 func (c *Config) ReadStringListToMap(key string) map[string]struct{} { 333 s := strings.TrimSpace(c.Read(key)) 334 list := make(map[string]struct{}) 335 if s != "" { 336 for _, e := range strings.Split(s, ",") { 337 trimmed := strings.TrimSpace(e) 338 list[trimmed] = struct{}{} 339 } 340 } 341 return list 342 } 343 344 // ReadStringListToMap tries to parse the specified option as a comma separated list. 345 // If there is an error in parsing, an empty list is returned. 346 func (c *Config) ReadStringListToMapDefault(key, defaultValue string) map[string]struct{} { 347 val, ok := c.Options[key] 348 if !ok { 349 val = defaultValue 350 } 351 352 list := make(map[string]struct{}) 353 if val != "" { 354 for _, e := range strings.Split(val, ",") { 355 trimmed := strings.TrimSpace(e) 356 list[trimmed] = struct{}{} 357 } 358 } 359 return list 360 } 361 362 // TLSConfiguration returns a TLSUtil Config based on the existing client 363 // configuration 364 func (c *Config) TLSConfiguration() *tlsutil.Config { 365 return &tlsutil.Config{ 366 VerifyIncoming: true, 367 VerifyOutgoing: true, 368 VerifyServerHostname: c.TLSConfig.VerifyServerHostname, 369 CAFile: c.TLSConfig.CAFile, 370 CertFile: c.TLSConfig.CertFile, 371 KeyFile: c.TLSConfig.KeyFile, 372 KeyLoader: c.TLSConfig.GetKeyLoader(), 373 } 374 }