-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nomad Actions #18794
Nomad Actions #18794
Conversation
* Task-level actions for job submissions and retrieval * FIXME: Temporary workaround to get ember dev server to pass exec through to 4646 * Update api/tasks.go Co-authored-by: Tim Gross <[email protected]> * Update command/agent/job_endpoint.go Co-authored-by: Tim Gross <[email protected]> * Diff and copy implementations * Action structs get their own file, diff updates to behave like our other diffs * Test to observe actions changes in a version update * Tests migrated into structs/diff_test and modified with PR comments in mind * APIActionToSTructsAction now returns a new value * de-comment some plain parts, remove unused action lookup * unused param in action converter --------- Co-authored-by: Tim Gross <[email protected]>
* unused param in action converter * backing out of parse_job level and moved toward new endpoint level * Adds taskName and taskGroupName to actions at job level * Unmodified job mock actions tests * actionless job test * actionless job test * Multi group multi task actions test * HTTP method check for GET, cleaner errors in job_endpoint_test * decomment
d7c5e08
to
3a931d1
Compare
Ember Test Audit comparison
|
67166ab
to
95923c0
Compare
* Working demo for review purposes * removal of cors passthru for websockets * Remove job_endpoint-specific ws handlers and aimed at existing alloc exec handlers instead * PR comments adressed, no need for taskGroup pass, better group and task lookups from alloc * early return in action validate and removed jobid from req args per PR comments * todo removal, we're checking later in the rpc * boolean style change on tty
* Action command init and stuck-notes * Conditional reqpath to aim at Job action endpoint * De-logged * General CLI command cleanup, observe namespace, pass action as string, get random alloc w group adherence * tab and varname cleanup * Remove action param from Allocations().Exec calls
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM once the ACL check comment is fixed.
This is amazing, does it support giving the actions any form of input? |
@kaspergrubbe We've been toying around with the idea internally, and I'd be interested in hearing your use-case. My own feeling on the matter is that allowing operators to provide variable input for actions would create some degree of risk and make the action workflows/output less "guaranteed". Certainly it would expand functionality and open up some cool new stuff, but we want to weigh that against the potential of providing a foot-gun here. |
A late comment, but @philrenaud, I want my foot gun. I've got a few cases where being able to enter arguments to an action would be a godsend (even if triggered through the API only); perhaps cage it behind a configuration flag that needs to be explicitly enabled to allow it so that it can be decorated with the usual "warning, foot gun" disclaimers in the docs? |
Introduces the concept of Actions to Nomad: operator-defined commands and workflows that Nomad users can run on an allocation without having to sweat the details.
These take a similar form to task config blocks and live at task level in the jobspec. To demonstrate:
These actions can be run from the CLI with
nomad action
by passing in either the allocation ID, or if none is provided, the task and group names and an allocation will be randomly selected:An endpoint at
v1/job/:id/actions
will GET return a list of actions the job has access to, and a GET atv1/job/:id/action?action=NAME&allocID=ID&group=GROUP&task=TASK&tty=true
will open a websocket with base64-encoded output (be sure to useUpgrade: websocket
and related headers)Future work:
When #18793 lands, the Nomad web UI will display interactive elements to run actions and view their output in various places:
Further, part of the intent behind actions is to give operators greater ability to specify which sorts of things a Nomad user can perform. With this in mind, ACL changes with actions in mind are planned in the near future.
Resolves #18627