Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

resources: allow job authors to configure size of secrets tmpfs #23696

Merged
merged 3 commits into from
Aug 5, 2024
Merged

resources: allow job authors to configure size of secrets tmpfs #23696

merged 3 commits into from
Aug 5, 2024

Conversation

tgross
Copy link
Member

@tgross tgross commented Jul 26, 2024
edited
Loading

On supported platforms, the secrets directory is a 1MiB tmpfs. But some tasks need larger space for downloading large secrets. This is especially the case for tasks using templates, which need extra room to write a temporary file to the secrets directory that gets renamed to the old file atomically.

This changeset allows increasing the size of the tmpfs in the resources block. Because this is a memory resource, we need to include it in the memory we allocate for scheduling purposes. The task is already prevented from using more memory in the tmpfs than the resources.memory field allows, but can bypass that limit by writing to the tmpfs via template or artifact blocks.

Therefore, we need to account for the size of the tmpfs in the allocation resources. Simply adding it to the memory needed when we create the allocation allows it to be accounted for in all downstream consumers, and then we'll subtract that amount from the memory resources just before configuring the task driver.

For backwards compatibility, the default value of 1MiB is "free" and ignored by the scheduler. Otherwise we'd be increasing the allocated resources for every existing alloc, which could cause problems across upgrades. If a user explicitly sets resources.secrets = 1 it will no longer be free.

Fixes: #2481
Ref: https://hashicorp.atlassian.net/browse/NET-10070

@tgross tgross mentioned this pull request Jul 26, 2024
Closed
@tgross tgross added this to the 1.8.x milestone Jul 26, 2024
@tgross tgross added the backport/1.8.x backport to 1.8.x release line label Jul 26, 2024
@tgross tgross requested review from a team and removed request for a team July 26, 2024 15:47
@tgross tgross force-pushed the f-jobspec-secrets-size branch 3 times, most recently from 6941e13 to 9d51553 Compare July 26, 2024 19:57
@tgross
resources: allow job authors to configure size of secrets tmpfs
781e3a1 
On supported platforms, the secrets directory is a 1MiB tmpfs. But some tasks
need larger space for downloading large secrets. This is especially the case for
tasks using `templates`, which need extra room to write a temporary file to the
secrets directory that gets renamed to the old file atomically.

This changeset allows increasing the size of the tmpfs in the `resources`
block. Because this is a memory resource, we need to include it in the memory we
allocate for scheduling purposes. The task is already prevented from using more
memory in the tmpfs than the `resources.memory` field allows, but can bypass
that limit by writing to the tmpfs via `template` or `artifact` blocks.

Therefore, we need to account for the size of the tmpfs in the allocation
resources. Simply adding it to the memory needed when we create the allocation
allows it to be accounted for in all downstream consumers, and then we'll
subtract that amount from the memory resources just before configuring the task
driver.

For backwards compatibility, the default value of 1MiB is "free" and ignored by
the scheduler. Otherwise we'd be increasing the allocated resources for every
existing alloc, which could cause problems across upgrades. If a user explicitly
sets `resources.secrets = 1` it will no longer be free.

Fixes: #2481
Ref: https://hashicorp.atlassian.net/browse/NET-10070
tgross
tgross commented Jul 29, 2024
View reviewed changes
helper/funcs.go Outdated Show resolved Hide resolved
@tgross tgross marked this pull request as ready for review July 29, 2024 14:23
@tgross tgross modified the milestones: 1.8.x, 1.8.3 Jul 29, 2024
@tgross tgross requested review from shoenig, gulducat, Juanadelacuesta, jrasell and schmichael and removed request for schmichael July 29, 2024 17:53
shoenig
shoenig approved these changes Aug 5, 2024
View reviewed changes
Copy link
Member

@shoenig shoenig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! just the suggested validation bit

@tgross tgross merged commit b25f1b6 into main Aug 5, 2024
21 checks passed
@tgross tgross deleted the f-jobspec-secrets-size branch August 5, 2024 20:07
@hc-github-team-nomad-core hc-github-team-nomad-core mentioned this pull request Aug 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shoenig shoenig shoenig approved these changes

@pkazmierczak pkazmierczak Awaiting requested review from pkazmierczak

@gulducat gulducat Awaiting requested review from gulducat

@Juanadelacuesta Juanadelacuesta Awaiting requested review from Juanadelacuesta

@jrasell jrasell Awaiting requested review from jrasell

@schmichael schmichael Awaiting requested review from schmichael

Assignees
No one assigned
Labels
backport/1.8.x backport to 1.8.x release line theme/resource-utilization type/enhancement
Projects
None yet
Milestone
1.8.3
Development

Successfully merging this pull request may close these issues.

configure size of secrets directory
2 participants
@tgross @shoenig