search

hashicorp / nomad

Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations.
https://www.nomadproject.io/
Other
14.92k stars 1.95k forks source link

Custom actions stanza #15713

Closed davidlublink closed 1 month ago

davidlublink commented 1 year ago

When I go into the nomad web interface I have the options 'stop' and 'restart alloc', and 'exec'. I propose a new stanza that will allow adding arbitrary/custom buttons to any job/group/task

/*
Use case ideas 1 : Asterisk reloads
*/
 action "Reload" {
    command = "/usr/bin/asterisk"
    args = [ "-r", "-x", "core reload" ]
  }

 action "SIP Reload" {
    command = "/usr/bin/asterisk"
    args = [ "-r", "-x", "sip reload" ]
  }
/* 
Use case idea 2 : Minecraft server, leave it running but signal no new joins
*/
 action "Stop New Players" {
    command = "/opt/bin/minecraft"
    args = [ "-x", "banana" ]
  }

 action "Allow New Players" {
    command = "/opt/bin/minecraft"
    args = [ "-Z", "banana" ]
  }

/* 
Use case idea 3 : Quick access to consoles

In this case you can imagine that an interactive window ( like exec ) would appear, but with a different command entered.
*/

 action "Asterisk Console" {
    command = "/opt/bin/asterisk"
    args = [ "-r" ]
    interactive = true
  }

/* Use case idea 4: Having a website that is 'open' and 'closed' */
 action "Close Service" {
    command = "rm"
    args = [ "/opt/service-open" ]
    interactive = true
  }

 action "Open Service" {
    command = "touch"
    args = [ "/opt/service-closed" ]
    interactive = true
  }
tgross commented 1 year ago

Hi @davidlublink! This is interesting because it's kind of like a scoped-down nomad alloc exec. With the alloc-exec ACL users can run arbitrary commands in the allocation, including the via the web UI. But this proposal would limit that to a particular set of commands -- what's you're thinking around how the ACL policy for this sort of thing might work?

davidlublink commented 1 year ago

This is interesting because it's kind of like a scoped-down nomad alloc exec. With the alloc-exec ACL users can run arbitrary commands in the allocation, including the via the web UI. But this proposal would limit that to a particular set of commands -- what's you're thinking around how the ACL policy for this sort of thing might work?

Not just scoped-down, but predefined. The real selling point here is that since it's predefined, an operator can trigger an action without worrying about typing the command right.

For ACL, I would suggest a new ACL 'alloc-exec-preconfigured' that would allow you to execute any preconfigured action, but not necessarily run an arbitrary action. With this ACL, and not alloc-exec, running the command would not allow any changes to the command itself, but would allow interacting with the output ( if it launchs a mysql terminal, I can run commands on it, but if I exit the mysql client, the connection to the allocation ends. )

If you have the ACL alloc-exec, you would be able to not only run the preconfigured commands, but possibly modify ( one time ) the parameters run, so it becomes like alloc-exec with a default command.

So alloc-exec would imply alloc-exec-preconfigured.

falsaform commented 1 year ago

Highly recommend adding this as a feature, we have a few Django sites where we would love to have the ability to be able to run preconfigured actions ondemand, actions triggerable from the nomad gui and via api calls, such as clearing a cache or performing a backup of a DB /media before a deployment.

mikenomitch commented 1 year ago

Hey all, just FYI that we're planning to do this hopefully as part of the 1.7 release. Thanks for the suggestion!

davidlublink commented 1 year ago

I looked at the videos and examples in #16249, it looks great!

Looking forward to trying it out. Great work!

josegonzalez commented 1 month ago

Should this be closed now?