diff --git a/command/agent/config.go b/command/agent/config.go index d730bb4c582f..9ce5d6e3d9cd 100644 --- a/command/agent/config.go +++ b/command/agent/config.go @@ -26,344 +26,362 @@ import ( // Config is the configuration for the Nomad agent. type Config struct { // Region is the region this agent is in. Defaults to global. - Region string `mapstructure:"region"` + Region string `hcl:"region"` // Datacenter is the datacenter this agent is in. Defaults to dc1 - Datacenter string `mapstructure:"datacenter"` + Datacenter string `hcl:"datacenter"` // NodeName is the name we register as. Defaults to hostname. - NodeName string `mapstructure:"name"` + NodeName string `hcl:"name"` // DataDir is the directory to store our state in - DataDir string `mapstructure:"data_dir"` + DataDir string `hcl:"data_dir"` // PluginDir is the directory to lookup plugins. - PluginDir string `mapstructure:"plugin_dir"` + PluginDir string `hcl:"plugin_dir"` // LogLevel is the level of the logs to put out - LogLevel string `mapstructure:"log_level"` + LogLevel string `hcl:"log_level"` // LogJson enables log output in a JSON format - LogJson bool `mapstructure:"log_json"` + LogJson bool `hcl:"log_json"` // BindAddr is the address on which all of nomad's services will // be bound. If not specified, this defaults to 127.0.0.1. - BindAddr string `mapstructure:"bind_addr"` + BindAddr string `hcl:"bind_addr"` // EnableDebug is used to enable debugging HTTP endpoints - EnableDebug bool `mapstructure:"enable_debug"` + EnableDebug bool `hcl:"enable_debug"` // Ports is used to control the network ports we bind to. - Ports *Ports `mapstructure:"ports"` + Ports *Ports `hcl:"ports"` // Addresses is used to override the network addresses we bind to. // // Use normalizedAddrs if you need the host+port to bind to. - Addresses *Addresses `mapstructure:"addresses"` + Addresses *Addresses `hcl:"addresses"` // normalizedAddr is set to the Address+Port by normalizeAddrs() normalizedAddrs *Addresses // AdvertiseAddrs is used to control the addresses we advertise. - AdvertiseAddrs *AdvertiseAddrs `mapstructure:"advertise"` + AdvertiseAddrs *AdvertiseAddrs `hcl:"advertise"` // Client has our client related settings - Client *ClientConfig `mapstructure:"client"` + Client *ClientConfig `hcl:"client"` // Server has our server related settings - Server *ServerConfig `mapstructure:"server"` + Server *ServerConfig `hcl:"server"` // ACL has our acl related settings - ACL *ACLConfig `mapstructure:"acl"` + ACL *ACLConfig `hcl:"acl"` // Telemetry is used to configure sending telemetry - Telemetry *Telemetry `mapstructure:"telemetry"` + Telemetry *Telemetry `hcl:"telemetry"` // LeaveOnInt is used to gracefully leave on the interrupt signal - LeaveOnInt bool `mapstructure:"leave_on_interrupt"` + LeaveOnInt bool `hcl:"leave_on_interrupt"` // LeaveOnTerm is used to gracefully leave on the terminate signal - LeaveOnTerm bool `mapstructure:"leave_on_terminate"` + LeaveOnTerm bool `hcl:"leave_on_terminate"` // EnableSyslog is used to enable sending logs to syslog - EnableSyslog bool `mapstructure:"enable_syslog"` + EnableSyslog bool `hcl:"enable_syslog"` // SyslogFacility is used to control the syslog facility used. - SyslogFacility string `mapstructure:"syslog_facility"` + SyslogFacility string `hcl:"syslog_facility"` // DisableUpdateCheck is used to disable the periodic update // and security bulletin checking. - DisableUpdateCheck *bool `mapstructure:"disable_update_check"` + DisableUpdateCheck *bool `hcl:"disable_update_check"` // DisableAnonymousSignature is used to disable setting the // anonymous signature when doing the update check and looking // for security bulletins - DisableAnonymousSignature bool `mapstructure:"disable_anonymous_signature"` + DisableAnonymousSignature bool `hcl:"disable_anonymous_signature"` // Consul contains the configuration for the Consul Agent and // parameters necessary to register services, their checks, and // discover the current Nomad servers. - Consul *config.ConsulConfig `mapstructure:"consul"` + Consul *config.ConsulConfig `hcl:"consul"` // Vault contains the configuration for the Vault Agent and // parameters necessary to derive tokens. - Vault *config.VaultConfig `mapstructure:"vault"` + Vault *config.VaultConfig `hcl:"vault"` // NomadConfig is used to override the default config. // This is largely used for testing purposes. - NomadConfig *nomad.Config `mapstructure:"-" json:"-"` + NomadConfig *nomad.Config `hcl:"-" json:"-"` // ClientConfig is used to override the default config. // This is largely used for testing purposes. - ClientConfig *client.Config `mapstructure:"-" json:"-"` + ClientConfig *client.Config `hcl:"-" json:"-"` // DevMode is set by the -dev CLI flag. - DevMode bool `mapstructure:"-"` + DevMode bool `hcl:"-"` // Version information is set at compilation time Version *version.VersionInfo // List of config files that have been loaded (in order) - Files []string `mapstructure:"-"` + Files []string `hcl:"-"` // TLSConfig provides TLS related configuration for the Nomad server and // client - TLSConfig *config.TLSConfig `mapstructure:"tls"` + TLSConfig *config.TLSConfig `hcl:"tls"` // HTTPAPIResponseHeaders allows users to configure the Nomad http agent to // set arbitrary headers on API responses - HTTPAPIResponseHeaders map[string]string `mapstructure:"http_api_response_headers"` + HTTPAPIResponseHeaders map[string]string `hcl:"http_api_response_headers"` // Sentinel holds sentinel related settings - Sentinel *config.SentinelConfig `mapstructure:"sentinel"` + Sentinel *config.SentinelConfig `hcl:"sentinel"` // Autopilot contains the configuration for Autopilot behavior. - Autopilot *config.AutopilotConfig `mapstructure:"autopilot"` + Autopilot *config.AutopilotConfig `hcl:"autopilot"` // Plugins is the set of configured plugins - Plugins []*config.PluginConfig `hcl:"plugin,expand"` + Plugins []*config.PluginConfig `hcl:"plugin"` + + // ExtraKeysHCL is used by hcl to surface unexpected keys + ExtraKeysHCL []string `hcl:",unusedKeys"` } // ClientConfig is configuration specific to the client mode type ClientConfig struct { // Enabled controls if we are a client - Enabled bool `mapstructure:"enabled"` + Enabled bool `hcl:"enabled"` // StateDir is the state directory - StateDir string `mapstructure:"state_dir"` + StateDir string `hcl:"state_dir"` // AllocDir is the directory for storing allocation data - AllocDir string `mapstructure:"alloc_dir"` + AllocDir string `hcl:"alloc_dir"` // Servers is a list of known server addresses. These are as "host:port" - Servers []string `mapstructure:"servers"` + Servers []string `hcl:"servers"` // NodeClass is used to group the node by class - NodeClass string `mapstructure:"node_class"` + NodeClass string `hcl:"node_class"` // Options is used for configuration of nomad internals, // like fingerprinters and drivers. The format is: // // namespace.option = value - Options map[string]string `mapstructure:"options"` + Options map[string]string `hcl:"options"` // Metadata associated with the node - Meta map[string]string `mapstructure:"meta"` + Meta map[string]string `hcl:"meta"` // A mapping of directories on the host OS to attempt to embed inside each // task's chroot. - ChrootEnv map[string]string `mapstructure:"chroot_env"` + ChrootEnv map[string]string `hcl:"chroot_env"` // Interface to use for network fingerprinting - NetworkInterface string `mapstructure:"network_interface"` + NetworkInterface string `hcl:"network_interface"` // NetworkSpeed is used to override any detected or default network link // speed. - NetworkSpeed int `mapstructure:"network_speed"` + NetworkSpeed int `hcl:"network_speed"` // CpuCompute is used to override any detected or default total CPU compute. - CpuCompute int `mapstructure:"cpu_total_compute"` + CpuCompute int `hcl:"cpu_total_compute"` // MemoryMB is used to override any detected or default total memory. - MemoryMB int `mapstructure:"memory_total_mb"` + MemoryMB int `hcl:"memory_total_mb"` // MaxKillTimeout allows capping the user-specifiable KillTimeout. - MaxKillTimeout string `mapstructure:"max_kill_timeout"` + MaxKillTimeout string `hcl:"max_kill_timeout"` // ClientMaxPort is the upper range of the ports that the client uses for // communicating with plugin subsystems - ClientMaxPort int `mapstructure:"client_max_port"` + ClientMaxPort int `hcl:"client_max_port"` // ClientMinPort is the lower range of the ports that the client uses for // communicating with plugin subsystems - ClientMinPort int `mapstructure:"client_min_port"` + ClientMinPort int `hcl:"client_min_port"` // Reserved is used to reserve resources from being used by Nomad. This can // be used to target a certain utilization or to prevent Nomad from using a // particular set of ports. - Reserved *Resources `mapstructure:"reserved"` + Reserved *Resources `hcl:"reserved"` // GCInterval is the time interval at which the client triggers garbage // collection - GCInterval time.Duration `mapstructure:"gc_interval"` + GCInterval time.Duration + GCIntervalHCL string `hcl:"gc_interval"` // GCParallelDestroys is the number of parallel destroys the garbage // collector will allow. - GCParallelDestroys int `mapstructure:"gc_parallel_destroys"` + GCParallelDestroys int `hcl:"gc_parallel_destroys"` // GCDiskUsageThreshold is the disk usage threshold given as a percent // beyond which the Nomad client triggers GC of terminal allocations - GCDiskUsageThreshold float64 `mapstructure:"gc_disk_usage_threshold"` + GCDiskUsageThreshold float64 `hcl:"gc_disk_usage_threshold"` // GCInodeUsageThreshold is the inode usage threshold beyond which the Nomad // client triggers GC of the terminal allocations - GCInodeUsageThreshold float64 `mapstructure:"gc_inode_usage_threshold"` + GCInodeUsageThreshold float64 `hcl:"gc_inode_usage_threshold"` // GCMaxAllocs is the maximum number of allocations a node can have // before garbage collection is triggered. - GCMaxAllocs int `mapstructure:"gc_max_allocs"` + GCMaxAllocs int `hcl:"gc_max_allocs"` // NoHostUUID disables using the host's UUID and will force generation of a // random UUID. - NoHostUUID *bool `mapstructure:"no_host_uuid"` + NoHostUUID *bool `hcl:"no_host_uuid"` // ServerJoin contains information that is used to attempt to join servers - ServerJoin *ServerJoin `mapstructure:"server_join"` + ServerJoin *ServerJoin `hcl:"server_join"` + + // ExtraKeysHCL is used by hcl to surface unexpected keys + ExtraKeysHCL []string `hcl:",unusedKeys"` } // ACLConfig is configuration specific to the ACL system type ACLConfig struct { // Enabled controls if we are enforce and manage ACLs - Enabled bool `mapstructure:"enabled"` + Enabled bool `hcl:"enabled"` // TokenTTL controls how long we cache ACL tokens. This controls // how stale they can be when we are enforcing policies. Defaults // to "30s". Reducing this impacts performance by forcing more // frequent resolution. - TokenTTL time.Duration `mapstructure:"token_ttl"` + TokenTTL time.Duration + TokenTTLHCL string `hcl:"token_ttl"` // PolicyTTL controls how long we cache ACL policies. This controls // how stale they can be when we are enforcing policies. Defaults // to "30s". Reducing this impacts performance by forcing more // frequent resolution. - PolicyTTL time.Duration `mapstructure:"policy_ttl"` + PolicyTTL time.Duration + PolicyTTLHCL string `hcl:"policy_ttl"` // ReplicationToken is used by servers to replicate tokens and policies // from the authoritative region. This must be a valid management token // within the authoritative region. - ReplicationToken string `mapstructure:"replication_token"` + ReplicationToken string `hcl:"replication_token"` + + // ExtraKeysHCL is used by hcl to surface unexpected keys + ExtraKeysHCL []string `hcl:",unusedKeys"` } // ServerConfig is configuration specific to the server mode type ServerConfig struct { // Enabled controls if we are a server - Enabled bool `mapstructure:"enabled"` + Enabled bool `hcl:"enabled"` // AuthoritativeRegion is used to control which region is treated as // the source of truth for global tokens and ACL policies. - AuthoritativeRegion string `mapstructure:"authoritative_region"` + AuthoritativeRegion string `hcl:"authoritative_region"` // BootstrapExpect tries to automatically bootstrap the Consul cluster, // by withholding peers until enough servers join. - BootstrapExpect int `mapstructure:"bootstrap_expect"` + BootstrapExpect int `hcl:"bootstrap_expect"` // DataDir is the directory to store our state in - DataDir string `mapstructure:"data_dir"` + DataDir string `hcl:"data_dir"` // ProtocolVersion is the protocol version to speak. This must be between // ProtocolVersionMin and ProtocolVersionMax. - ProtocolVersion int `mapstructure:"protocol_version"` + ProtocolVersion int `hcl:"protocol_version"` // RaftProtocol is the Raft protocol version to speak. This must be from [1-3]. - RaftProtocol int `mapstructure:"raft_protocol"` + RaftProtocol int `hcl:"raft_protocol"` // NumSchedulers is the number of scheduler thread that are run. // This can be as many as one per core, or zero to disable this server // from doing any scheduling work. - NumSchedulers *int `mapstructure:"num_schedulers"` + NumSchedulers *int `hcl:"num_schedulers"` // EnabledSchedulers controls the set of sub-schedulers that are // enabled for this server to handle. This will restrict the evaluations // that the workers dequeue for processing. - EnabledSchedulers []string `mapstructure:"enabled_schedulers"` + EnabledSchedulers []string `hcl:"enabled_schedulers"` // NodeGCThreshold controls how "old" a node must be to be collected by GC. // Age is not the only requirement for a node to be GCed but the threshold // can be used to filter by age. - NodeGCThreshold string `mapstructure:"node_gc_threshold"` + NodeGCThreshold string `hcl:"node_gc_threshold"` // JobGCThreshold controls how "old" a job must be to be collected by GC. // Age is not the only requirement for a Job to be GCed but the threshold // can be used to filter by age. - JobGCThreshold string `mapstructure:"job_gc_threshold"` + JobGCThreshold string `hcl:"job_gc_threshold"` // EvalGCThreshold controls how "old" an eval must be to be collected by GC. // Age is not the only requirement for a eval to be GCed but the threshold // can be used to filter by age. - EvalGCThreshold string `mapstructure:"eval_gc_threshold"` + EvalGCThreshold string `hcl:"eval_gc_threshold"` // DeploymentGCThreshold controls how "old" a deployment must be to be // collected by GC. Age is not the only requirement for a deployment to be // GCed but the threshold can be used to filter by age. - DeploymentGCThreshold string `mapstructure:"deployment_gc_threshold"` + DeploymentGCThreshold string `hcl:"deployment_gc_threshold"` // HeartbeatGrace is the grace period beyond the TTL to account for network, // processing delays and clock skew before marking a node as "down". - HeartbeatGrace time.Duration `mapstructure:"heartbeat_grace"` + HeartbeatGrace time.Duration + HeartbeatGraceHCL string `hcl:"heartbeat_grace"` // MinHeartbeatTTL is the minimum time between heartbeats. This is used as // a floor to prevent excessive updates. - MinHeartbeatTTL time.Duration `mapstructure:"min_heartbeat_ttl"` + MinHeartbeatTTL time.Duration + MinHeartbeatTTLHCL string `hcl:"min_heartbeat_ttl"` // MaxHeartbeatsPerSecond is the maximum target rate of heartbeats // being processed per second. This allows the TTL to be increased // to meet the target rate. - MaxHeartbeatsPerSecond float64 `mapstructure:"max_heartbeats_per_second"` + MaxHeartbeatsPerSecond float64 `hcl:"max_heartbeats_per_second"` // StartJoin is a list of addresses to attempt to join when the // agent starts. If Serf is unable to communicate with any of these // addresses, then the agent will error and exit. // Deprecated in Nomad 0.10 - StartJoin []string `mapstructure:"start_join"` + StartJoin []string `hcl:"start_join"` // RetryJoin is a list of addresses to join with retry enabled. // Deprecated in Nomad 0.10 - RetryJoin []string `mapstructure:"retry_join"` + RetryJoin []string `hcl:"retry_join"` // RetryMaxAttempts specifies the maximum number of times to retry joining a // host on startup. This is useful for cases where we know the node will be // online eventually. // Deprecated in Nomad 0.10 - RetryMaxAttempts int `mapstructure:"retry_max"` + RetryMaxAttempts int `hcl:"retry_max"` // RetryInterval specifies the amount of time to wait in between join // attempts on agent start. The minimum allowed value is 1 second and // the default is 30s. // Deprecated in Nomad 0.10 - RetryInterval time.Duration `mapstructure:"retry_interval"` + RetryInterval time.Duration + RetryIntervalHCL string `hcl:"retry_interval"` // RejoinAfterLeave controls our interaction with the cluster after leave. // When set to false (default), a leave causes Consul to not rejoin // the cluster until an explicit join is received. If this is set to // true, we ignore the leave, and rejoin the cluster on start. - RejoinAfterLeave bool `mapstructure:"rejoin_after_leave"` + RejoinAfterLeave bool `hcl:"rejoin_after_leave"` // (Enterprise-only) NonVotingServer is whether this server will act as a // non-voting member of the cluster to help provide read scalability. - NonVotingServer bool `mapstructure:"non_voting_server"` + NonVotingServer bool `hcl:"non_voting_server"` // (Enterprise-only) RedundancyZone is the redundancy zone to use for this server. - RedundancyZone string `mapstructure:"redundancy_zone"` + RedundancyZone string `hcl:"redundancy_zone"` // (Enterprise-only) UpgradeVersion is the custom upgrade version to use when // performing upgrade migrations. - UpgradeVersion string `mapstructure:"upgrade_version"` + UpgradeVersion string `hcl:"upgrade_version"` // Encryption key to use for the Serf communication - EncryptKey string `mapstructure:"encrypt" json:"-"` + EncryptKey string `hcl:"encrypt" json:"-"` // ServerJoin contains information that is used to attempt to join servers - ServerJoin *ServerJoin `mapstructure:"server_join"` + ServerJoin *ServerJoin `hcl:"server_join"` + + // ExtraKeysHCL is used by hcl to surface unexpected keys + ExtraKeysHCL []string `hcl:",unusedKeys"` } // ServerJoin is used in both clients and servers to bootstrap connections to @@ -372,21 +390,25 @@ type ServerJoin struct { // StartJoin is a list of addresses to attempt to join when the // agent starts. If Serf is unable to communicate with any of these // addresses, then the agent will error and exit. - StartJoin []string `mapstructure:"start_join"` + StartJoin []string `hcl:"start_join"` // RetryJoin is a list of addresses to join with retry enabled, or a single // value to find multiple servers using go-discover syntax. - RetryJoin []string `mapstructure:"retry_join"` + RetryJoin []string `hcl:"retry_join"` // RetryMaxAttempts specifies the maximum number of times to retry joining a // host on startup. This is useful for cases where we know the node will be // online eventually. - RetryMaxAttempts int `mapstructure:"retry_max"` + RetryMaxAttempts int `hcl:"retry_max"` // RetryInterval specifies the amount of time to wait in between join // attempts on agent start. The minimum allowed value is 1 second and // the default is 30s. - RetryInterval time.Duration `mapstructure:"retry_interval"` + RetryInterval time.Duration + RetryIntervalHCL string `hcl:"retry_interval"` + + // ExtraKeysHCL is used by hcl to surface unexpected keys + ExtraKeysHCL []string `hcl:",unusedKeys"` } func (s *ServerJoin) Merge(b *ServerJoin) *ServerJoin { @@ -423,38 +445,38 @@ func (s *ServerConfig) EncryptBytes() ([]byte, error) { // Telemetry is the telemetry configuration for the server type Telemetry struct { - StatsiteAddr string `mapstructure:"statsite_address"` - StatsdAddr string `mapstructure:"statsd_address"` - DataDogAddr string `mapstructure:"datadog_address"` - DataDogTags []string `mapstructure:"datadog_tags"` - PrometheusMetrics bool `mapstructure:"prometheus_metrics"` - DisableHostname bool `mapstructure:"disable_hostname"` - UseNodeName bool `mapstructure:"use_node_name"` - CollectionInterval string `mapstructure:"collection_interval"` - collectionInterval time.Duration `mapstructure:"-"` - PublishAllocationMetrics bool `mapstructure:"publish_allocation_metrics"` - PublishNodeMetrics bool `mapstructure:"publish_node_metrics"` + StatsiteAddr string `hcl:"statsite_address"` + StatsdAddr string `hcl:"statsd_address"` + DataDogAddr string `hcl:"datadog_address"` + DataDogTags []string `hcl:"datadog_tags"` + PrometheusMetrics bool `hcl:"prometheus_metrics"` + DisableHostname bool `hcl:"disable_hostname"` + UseNodeName bool `hcl:"use_node_name"` + CollectionInterval string `hcl:"collection_interval"` + collectionInterval time.Duration `hcl:"-"` + PublishAllocationMetrics bool `hcl:"publish_allocation_metrics"` + PublishNodeMetrics bool `hcl:"publish_node_metrics"` // DisableTaggedMetrics disables a new version of generating metrics which // uses tags - DisableTaggedMetrics bool `mapstructure:"disable_tagged_metrics"` + DisableTaggedMetrics bool `hcl:"disable_tagged_metrics"` // BackwardsCompatibleMetrics allows for generating metrics in a simple // key/value structure as done in older versions of Nomad - BackwardsCompatibleMetrics bool `mapstructure:"backwards_compatible_metrics"` + BackwardsCompatibleMetrics bool `hcl:"backwards_compatible_metrics"` // PrefixFilter allows for filtering out metrics from being collected - PrefixFilter []string `mapstructure:"prefix_filter"` + PrefixFilter []string `hcl:"prefix_filter"` // FilterDefault controls whether to allow metrics that have not been specified // by the filter - FilterDefault *bool `mapstructure:"filter_default"` + FilterDefault *bool `hcl:"filter_default"` // DisableDispatchedJobSummaryMetrics allows ignoring dispatched jobs when // publishing Job summary metrics. This is useful in environments that produce // high numbers of single count dispatch jobs as the metrics for each take up // a small memory overhead. - DisableDispatchedJobSummaryMetrics bool `mapstructure:"disable_dispatched_job_summary_metrics"` + DisableDispatchedJobSummaryMetrics bool `hcl:"disable_dispatched_job_summary_metrics"` // Circonus: see https://github.com/circonus-labs/circonus-gometrics // for more details on the various configuration options. @@ -472,46 +494,46 @@ type Telemetry struct { // CirconusAPIToken is a valid API Token used to create/manage check. If provided, // metric management is enabled. // Default: none - CirconusAPIToken string `mapstructure:"circonus_api_token"` + CirconusAPIToken string `hcl:"circonus_api_token"` // CirconusAPIApp is an app name associated with API token. // Default: "nomad" - CirconusAPIApp string `mapstructure:"circonus_api_app"` + CirconusAPIApp string `hcl:"circonus_api_app"` // CirconusAPIURL is the base URL to use for contacting the Circonus API. // Default: "https://api.circonus.com/v2" - CirconusAPIURL string `mapstructure:"circonus_api_url"` + CirconusAPIURL string `hcl:"circonus_api_url"` // CirconusSubmissionInterval is the interval at which metrics are submitted to Circonus. // Default: 10s - CirconusSubmissionInterval string `mapstructure:"circonus_submission_interval"` + CirconusSubmissionInterval string `hcl:"circonus_submission_interval"` // CirconusCheckSubmissionURL is the check.config.submission_url field from a // previously created HTTPTRAP check. // Default: none - CirconusCheckSubmissionURL string `mapstructure:"circonus_submission_url"` + CirconusCheckSubmissionURL string `hcl:"circonus_submission_url"` // CirconusCheckID is the check id (not check bundle id) from a previously created // HTTPTRAP check. The numeric portion of the check._cid field. // Default: none - CirconusCheckID string `mapstructure:"circonus_check_id"` + CirconusCheckID string `hcl:"circonus_check_id"` // CirconusCheckForceMetricActivation will force enabling metrics, as they are encountered, // if the metric already exists and is NOT active. If check management is enabled, the default // behavior is to add new metrics as they are encountered. If the metric already exists in the // check, it will *NOT* be activated. This setting overrides that behavior. // Default: "false" - CirconusCheckForceMetricActivation string `mapstructure:"circonus_check_force_metric_activation"` + CirconusCheckForceMetricActivation string `hcl:"circonus_check_force_metric_activation"` // CirconusCheckInstanceID serves to uniquely identify the metrics coming from this "instance". // It can be used to maintain metric continuity with transient or ephemeral instances as // they move around within an infrastructure. // Default: hostname:app - CirconusCheckInstanceID string `mapstructure:"circonus_check_instance_id"` + CirconusCheckInstanceID string `hcl:"circonus_check_instance_id"` // CirconusCheckSearchTag is a special tag which, when coupled with the instance id, helps to // narrow down the search results when neither a Submission URL or Check ID is provided. // Default: service:app (e.g. service:nomad) - CirconusCheckSearchTag string `mapstructure:"circonus_check_search_tag"` + CirconusCheckSearchTag string `hcl:"circonus_check_search_tag"` // CirconusCheckTags is a comma separated list of tags to apply to the check. Note that // the value of CirconusCheckSearchTag will always be added to the check. // Default: none - CirconusCheckTags string `mapstructure:"circonus_check_tags"` + CirconusCheckTags string `hcl:"circonus_check_tags"` // CirconusCheckDisplayName is the name for the check which will be displayed in the Circonus UI. // Default: value of CirconusCheckInstanceID - CirconusCheckDisplayName string `mapstructure:"circonus_check_display_name"` + CirconusCheckDisplayName string `hcl:"circonus_check_display_name"` // CirconusBrokerID is an explicit broker to use when creating a new check. The numeric portion // of broker._cid. If metric management is enabled and neither a Submission URL nor Check ID // is provided, an attempt will be made to search for an existing check using Instance ID and @@ -519,13 +541,16 @@ type Telemetry struct { // Default: use Select Tag if provided, otherwise, a random Enterprise Broker associated // with the specified API token or the default Circonus Broker. // Default: none - CirconusBrokerID string `mapstructure:"circonus_broker_id"` + CirconusBrokerID string `hcl:"circonus_broker_id"` // CirconusBrokerSelectTag is a special tag which will be used to select a broker when // a Broker ID is not provided. The best use of this is to as a hint for which broker // should be used based on *where* this particular instance is running. // (e.g. a specific geo location or datacenter, dc:sfo) // Default: none - CirconusBrokerSelectTag string `mapstructure:"circonus_broker_select_tag"` + CirconusBrokerSelectTag string `hcl:"circonus_broker_select_tag"` + + // ExtraKeysHCL is used by hcl to surface unexpected keys + ExtraKeysHCL []string `hcl:",unusedKeys"` } // PrefixFilters parses the PrefixFilter field and returns a list of allowed and blocked filters @@ -549,33 +574,41 @@ func (t *Telemetry) PrefixFilters() (allowed, blocked []string, err error) { // Ports encapsulates the various ports we bind to for network services. If any // are not specified then the defaults are used instead. type Ports struct { - HTTP int `mapstructure:"http"` - RPC int `mapstructure:"rpc"` - Serf int `mapstructure:"serf"` + HTTP int `hcl:"http"` + RPC int `hcl:"rpc"` + Serf int `hcl:"serf"` + // ExtraKeysHCL is used by hcl to surface unexpected keys + ExtraKeysHCL []string `hcl:",unusedKeys"` } // Addresses encapsulates all of the addresses we bind to for various // network services. Everything is optional and defaults to BindAddr. type Addresses struct { - HTTP string `mapstructure:"http"` - RPC string `mapstructure:"rpc"` - Serf string `mapstructure:"serf"` + HTTP string `hcl:"http"` + RPC string `hcl:"rpc"` + Serf string `hcl:"serf"` + // ExtraKeysHCL is used by hcl to surface unexpected keys + ExtraKeysHCL []string `hcl:",unusedKeys"` } // AdvertiseAddrs is used to control the addresses we advertise out for // different network services. All are optional and default to BindAddr and // their default Port. type AdvertiseAddrs struct { - HTTP string `mapstructure:"http"` - RPC string `mapstructure:"rpc"` - Serf string `mapstructure:"serf"` + HTTP string `hcl:"http"` + RPC string `hcl:"rpc"` + Serf string `hcl:"serf"` + // ExtraKeysHCL is used by hcl to surface unexpected keys + ExtraKeysHCL []string `hcl:",unusedKeys"` } type Resources struct { - CPU int `mapstructure:"cpu"` - MemoryMB int `mapstructure:"memory"` - DiskMB int `mapstructure:"disk"` - ReservedPorts string `mapstructure:"reserved_ports"` + CPU int `hcl:"cpu"` + MemoryMB int `hcl:"memory"` + DiskMB int `hcl:"disk"` + ReservedPorts string `hcl:"reserved_ports"` + // ExtraKeysHCL is used by hcl to surface unexpected keys + ExtraKeysHCL []string `hcl:",unusedKeys"` } // CanParseReserved returns if the reserved ports specification is parsable. diff --git a/nomad/structs/config/autopilot.go b/nomad/structs/config/autopilot.go index ffa52bc09f7c..04d080131e60 100644 --- a/nomad/structs/config/autopilot.go +++ b/nomad/structs/config/autopilot.go @@ -9,32 +9,37 @@ import ( type AutopilotConfig struct { // CleanupDeadServers controls whether to remove dead servers when a new // server is added to the Raft peers. - CleanupDeadServers *bool `mapstructure:"cleanup_dead_servers"` + CleanupDeadServers *bool `hcl:"cleanup_dead_servers"` // ServerStabilizationTime is the minimum amount of time a server must be // in a stable, healthy state before it can be added to the cluster. Only // applicable with Raft protocol version 3 or higher. - ServerStabilizationTime time.Duration `mapstructure:"server_stabilization_time"` + ServerStabilizationTime time.Duration + ServerStabilizationTimeHCL string `hcl:"server_stabilization_time"` // LastContactThreshold is the limit on the amount of time a server can go // without leader contact before being considered unhealthy. - LastContactThreshold time.Duration `mapstructure:"last_contact_threshold"` + LastContactThreshold time.Duration + LastContactThresholdHCL string `hcl:"last_contact_threshold"` // MaxTrailingLogs is the amount of entries in the Raft Log that a server can // be behind before being considered unhealthy. - MaxTrailingLogs int `mapstructure:"max_trailing_logs"` + MaxTrailingLogs int `hcl:"max_trailing_logs"` // (Enterprise-only) EnableRedundancyZones specifies whether to enable redundancy zones. - EnableRedundancyZones *bool `mapstructure:"enable_redundancy_zones"` + EnableRedundancyZones *bool `hcl:"enable_redundancy_zones"` // (Enterprise-only) DisableUpgradeMigration will disable Autopilot's upgrade migration // strategy of waiting until enough newer-versioned servers have been added to the // cluster before promoting them to voters. - DisableUpgradeMigration *bool `mapstructure:"disable_upgrade_migration"` + DisableUpgradeMigration *bool `hcl:"disable_upgrade_migration"` // (Enterprise-only) EnableCustomUpgrades specifies whether to enable using custom // upgrade versions when performing migrations. - EnableCustomUpgrades *bool `mapstructure:"enable_custom_upgrades"` + EnableCustomUpgrades *bool `hcl:"enable_custom_upgrades"` + + // ExtraKeysHCL is used by hcl to surface unexpected keys + ExtraKeysHCL []string `hcl:",unusedKeys"` } // DefaultAutopilotConfig() returns the canonical defaults for the Nomad diff --git a/nomad/structs/config/consul.go b/nomad/structs/config/consul.go index 9473ea814d48..e3525c08dfce 100644 --- a/nomad/structs/config/consul.go +++ b/nomad/structs/config/consul.go @@ -21,73 +21,77 @@ import ( type ConsulConfig struct { // ServerServiceName is the name of the service that Nomad uses to register // servers with Consul - ServerServiceName string `mapstructure:"server_service_name"` + ServerServiceName string `hcl:"server_service_name"` // ServerHTTPCheckName is the name of the health check that Nomad uses // to register the server HTTP health check with Consul - ServerHTTPCheckName string `mapstructure:"server_http_check_name"` + ServerHTTPCheckName string `hcl:"server_http_check_name"` // ServerSerfCheckName is the name of the health check that Nomad uses // to register the server Serf health check with Consul - ServerSerfCheckName string `mapstructure:"server_serf_check_name"` + ServerSerfCheckName string `hcl:"server_serf_check_name"` // ServerRPCCheckName is the name of the health check that Nomad uses // to register the server RPC health check with Consul - ServerRPCCheckName string `mapstructure:"server_rpc_check_name"` + ServerRPCCheckName string `hcl:"server_rpc_check_name"` // ClientServiceName is the name of the service that Nomad uses to register // clients with Consul - ClientServiceName string `mapstructure:"client_service_name"` + ClientServiceName string `hcl:"client_service_name"` // ClientHTTPCheckName is the name of the health check that Nomad uses // to register the client HTTP health check with Consul - ClientHTTPCheckName string `mapstructure:"client_http_check_name"` + ClientHTTPCheckName string `hcl:"client_http_check_name"` // AutoAdvertise determines if this Nomad Agent will advertise its // services via Consul. When true, Nomad Agent will register // services with Consul. - AutoAdvertise *bool `mapstructure:"auto_advertise"` + AutoAdvertise *bool `hcl:"auto_advertise"` // ChecksUseAdvertise specifies that Consul checks should use advertise // address instead of bind address - ChecksUseAdvertise *bool `mapstructure:"checks_use_advertise"` + ChecksUseAdvertise *bool `hcl:"checks_use_advertise"` // Addr is the address of the local Consul agent - Addr string `mapstructure:"address"` + Addr string `hcl:"address"` // Timeout is used by Consul HTTP Client - Timeout time.Duration `mapstructure:"timeout"` + Timeout time.Duration + TimeoutHCL string `hcl:"timeout"` // Token is used to provide a per-request ACL token. This options overrides // the agent's default token - Token string `mapstructure:"token"` + Token string `hcl:"token"` // Auth is the information to use for http access to Consul agent - Auth string `mapstructure:"auth"` + Auth string `hcl:"auth"` // EnableSSL sets the transport scheme to talk to the Consul agent as https - EnableSSL *bool `mapstructure:"ssl"` + EnableSSL *bool `hcl:"ssl"` // VerifySSL enables or disables SSL verification when the transport scheme // for the consul api client is https - VerifySSL *bool `mapstructure:"verify_ssl"` + VerifySSL *bool `hcl:"verify_ssl"` // CAFile is the path to the ca certificate used for Consul communication - CAFile string `mapstructure:"ca_file"` + CAFile string `hcl:"ca_file"` // CertFile is the path to the certificate for Consul communication - CertFile string `mapstructure:"cert_file"` + CertFile string `hcl:"cert_file"` // KeyFile is the path to the private key for Consul communication - KeyFile string `mapstructure:"key_file"` + KeyFile string `hcl:"key_file"` // ServerAutoJoin enables Nomad servers to find peers by querying Consul and // joining them - ServerAutoJoin *bool `mapstructure:"server_auto_join"` + ServerAutoJoin *bool `hcl:"server_auto_join"` // ClientAutoJoin enables Nomad servers to find addresses of Nomad servers // and register with them - ClientAutoJoin *bool `mapstructure:"client_auto_join"` + ClientAutoJoin *bool `hcl:"client_auto_join"` + + // ExtraKeysHCL is used by hcl to surface unexpected keys + ExtraKeysHCL []string `hcl:",unusedKeys"` } // DefaultConsulConfig() returns the canonical defaults for the Nomad diff --git a/nomad/structs/config/plugins.go b/nomad/structs/config/plugins.go index 55f3a25abc69..948ad1a2df23 100644 --- a/nomad/structs/config/plugins.go +++ b/nomad/structs/config/plugins.go @@ -7,6 +7,8 @@ type PluginConfig struct { Name string `hcl:",key"` Args []string `hcl:"args"` Config map[string]interface{} `hcl:"config"` + // ExtraKeysHCL is used by hcl to surface unexpected keys + ExtraKeysHCL []string `hcl:",unusedKeys"` } func (p *PluginConfig) Merge(o *PluginConfig) *PluginConfig { diff --git a/nomad/structs/config/tls.go b/nomad/structs/config/tls.go index 875a6e20b7c9..0067a995f10b 100644 --- a/nomad/structs/config/tls.go +++ b/nomad/structs/config/tls.go @@ -14,10 +14,10 @@ import ( type TLSConfig struct { // EnableHTTP enabled TLS for http traffic to the Nomad server and clients - EnableHTTP bool `mapstructure:"http"` + EnableHTTP bool `hcl:"http"` // EnableRPC enables TLS for RPC and Raft traffic to the Nomad servers - EnableRPC bool `mapstructure:"rpc"` + EnableRPC bool `hcl:"rpc"` // VerifyServerHostname is used to enable hostname verification of servers. This // ensures that the certificate presented is valid for server..nomad @@ -25,15 +25,15 @@ type TLSConfig struct { // intercepting request traffic as well as being added as a raft peer. This should be // enabled by default with VerifyOutgoing, but for legacy reasons we cannot break // existing clients. - VerifyServerHostname bool `mapstructure:"verify_server_hostname"` + VerifyServerHostname bool `hcl:"verify_server_hostname"` // CAFile is a path to a certificate authority file. This is used with VerifyIncoming // or VerifyOutgoing to verify the TLS connection. - CAFile string `mapstructure:"ca_file"` + CAFile string `hcl:"ca_file"` // CertFile is used to provide a TLS certificate that is used for serving TLS connections. // Must be provided to serve TLS connections. - CertFile string `mapstructure:"cert_file"` + CertFile string `hcl:"cert_file"` // KeyLoader is a helper to dynamically reload TLS configuration KeyLoader *KeyLoader @@ -42,15 +42,15 @@ type TLSConfig struct { // KeyFile is used to provide a TLS key that is used for serving TLS connections. // Must be provided to serve TLS connections. - KeyFile string `mapstructure:"key_file"` + KeyFile string `hcl:"key_file"` // RPCUpgradeMode should be enabled when a cluster is being upgraded // to TLS. Allows servers to accept both plaintext and TLS connections and // should only be a temporary state. - RPCUpgradeMode bool `mapstructure:"rpc_upgrade_mode"` + RPCUpgradeMode bool `hcl:"rpc_upgrade_mode"` // Verify connections to the HTTPS API - VerifyHTTPSClient bool `mapstructure:"verify_https_client"` + VerifyHTTPSClient bool `hcl:"verify_https_client"` // Checksum is a MD5 hash of the certificate CA File, Certificate file, and // key file. @@ -58,17 +58,17 @@ type TLSConfig struct { // TLSCipherSuites are operator-defined ciphers to be used in Nomad TLS // connections - TLSCipherSuites string `mapstructure:"tls_cipher_suites"` + TLSCipherSuites string `hcl:"tls_cipher_suites"` // TLSMinVersion is used to set the minimum TLS version used for TLS // connections. Should be either "tls10", "tls11", or "tls12". - TLSMinVersion string `mapstructure:"tls_min_version"` + TLSMinVersion string `hcl:"tls_min_version"` // TLSPreferServerCipherSuites controls whether the server selects the // client's most preferred ciphersuite, or the server's most preferred // ciphersuite. If true then the server's preference, as expressed in // the order of elements in CipherSuites, is used. - TLSPreferServerCipherSuites bool `mapstructure:"tls_prefer_server_cipher_suites"` + TLSPreferServerCipherSuites bool `hcl:"tls_prefer_server_cipher_suites"` } type KeyLoader struct { diff --git a/nomad/structs/config/vault.go b/nomad/structs/config/vault.go index 3a0b8fab6324..67dd618d26b1 100644 --- a/nomad/structs/config/vault.go +++ b/nomad/structs/config/vault.go @@ -23,19 +23,19 @@ const ( type VaultConfig struct { // Enabled enables or disables Vault support. - Enabled *bool `mapstructure:"enabled"` + Enabled *bool `hcl:"enabled"` // Token is the Vault token given to Nomad such that it can // derive child tokens. Nomad will renew this token at half its lease // lifetime. - Token string `mapstructure:"token"` + Token string `hcl:"token"` // Role sets the role in which to create tokens from. The Token given to // Nomad does not have to be created from this role but must have "update" // capability on "auth/token/create/". If this value is // unset and the token is created from a role, the value is defaulted to the // role the token is from. - Role string `mapstructure:"create_from_role"` + Role string `hcl:"create_from_role"` // Namespace sets the Vault namespace used for all calls against the // Vault API. If this is unset, then Nomad does not use Vault namespaces. @@ -44,16 +44,16 @@ type VaultConfig struct { // AllowUnauthenticated allows users to submit jobs requiring Vault tokens // without providing a Vault token proving they have access to these // policies. - AllowUnauthenticated *bool `mapstructure:"allow_unauthenticated"` + AllowUnauthenticated *bool `hcl:"allow_unauthenticated"` // TaskTokenTTL is the TTL of the tokens created by Nomad Servers and used // by the client. There should be a minimum time value such that the client // does not have to renew with Vault at a very high frequency - TaskTokenTTL string `mapstructure:"task_token_ttl"` + TaskTokenTTL string `hcl:"task_token_ttl"` // Addr is the address of the local Vault agent. This should be a complete // URL such as "http://vault.example.com" - Addr string `mapstructure:"address"` + Addr string `hcl:"address"` // ConnectionRetryIntv is the interval to wait before re-attempting to // connect to Vault. @@ -61,23 +61,23 @@ type VaultConfig struct { // TLSCaFile is the path to a PEM-encoded CA cert file to use to verify the // Vault server SSL certificate. - TLSCaFile string `mapstructure:"ca_file"` + TLSCaFile string `hcl:"ca_file"` // TLSCaFile is the path to a directory of PEM-encoded CA cert files to // verify the Vault server SSL certificate. - TLSCaPath string `mapstructure:"ca_path"` + TLSCaPath string `hcl:"ca_path"` // TLSCertFile is the path to the certificate for Vault communication - TLSCertFile string `mapstructure:"cert_file"` + TLSCertFile string `hcl:"cert_file"` // TLSKeyFile is the path to the private key for Vault communication - TLSKeyFile string `mapstructure:"key_file"` + TLSKeyFile string `hcl:"key_file"` // TLSSkipVerify enables or disables SSL verification - TLSSkipVerify *bool `mapstructure:"tls_skip_verify"` + TLSSkipVerify *bool `hcl:"tls_skip_verify"` // TLSServerName, if set, is used to set the SNI host when connecting via TLS. - TLSServerName string `mapstructure:"tls_server_name"` + TLSServerName string `hcl:"tls_server_name"` } // DefaultVaultConfig() returns the canonical defaults for the Nomad