search

hashicorp / nomad

Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations.
https://www.nomadproject.io/
Other
14.84k stars 1.95k forks source link

validate `network.hostname` is only set for Docker and `bridge` networking #18857

Open tgross opened 11 months ago

tgross commented 11 months ago

As described in https://github.com/hashicorp/nomad/issues/18851, setting the network.hostname field is not allowed unless the task group is using bridge networking mode and Docker tasks. One reason for this is that the default mode is host, and that would mean each task could overwrite the host's own hostname! This is documented at hostname:

hostname (string: "") - The hostname assigned to the network namespace. This is currently only supported using the Docker driver and when the mode is set to bridge. This parameter supports interpolation.

Unfortunately we don't validate this. Instead, we place the allocation but it will always fail. We should instead validate this at the time of job submission.

devashishTaneja commented 11 months ago

@tgross Can I work on this issue?

tgross commented 11 months ago

Hi @devashishTaneja! Feel free to give it a try. The relevant code is in nomad/structs.

The only tricky bit is that we tend to validate the structs.Job struct by calling a Validate method on each of the many many sub-objects. In this scenario, we'll need to validate across those sub-objects because the Job.TaskGroups[].Networks[] blocks are validated separately (and before) the Job.TaskGroups[].Tasks[].Driver field.