Unable to get nomad config/get template function_denylist option

[bubejur]

@notnoop @tgross hi guys! I made an update for 1.2.4 but got another issue with consul templating:

Jan 25 08:44:53 microworker03.te01-shr.nl3 nomad: 2022-01-25T08:44:53.234Z [INFO]  client.alloc_runner.task_runner.task_hook.logmon.nomad: opening fifo: alloc_id=a7c04d65-2f29-c778-c34c-2513d29f25f4 task=worker-mpi-resolver @module=logmon path=/data/nomad/alloc/a7c04d65-2f29-c778-c34c-2513d29f25f4/alloc/logs/.worker-mpi-resolver.stdout.fifo timestamp=2022-01-25T08:44:53.234Z
Jan 25 08:44:53 microworker03.te01-shr.nl3 nomad[4342]: client.alloc_runner.task_runner.task_hook.logmon.nomad: opening fifo: alloc_id=a7c04d65-2f29-c778-c34c-2513d29f25f4 task=worker-mpi-resolver @module=logmon path=/data/nomad/alloc/a7c04d65-2f29-c778-c34c-2513d29f25f4/alloc/logs/.worker-mpi-resolver.stdout.fifo timestamp=2022-01-25T08:44:53.234Z
Jan 25 08:44:53 microworker03.te01-shr.nl3 nomad: 2022-01-25T08:44:53.234Z [INFO]  client.alloc_runner.task_runner.task_hook.logmon.nomad: opening fifo: alloc_id=a7c04d65-2f29-c778-c34c-2513d29f25f4 task=worker-mpi-resolver @module=logmon path=/data/nomad/alloc/a7c04d65-2f29-c778-c34c-2513d29f25f4/alloc/logs/.worker-mpi-resolver.stderr.fifo timestamp=2022-01-25T08:44:53.234Z
Jan 25 08:44:53 microworker03.te01-shr.nl3 nomad[4342]: client.alloc_runner.task_runner.task_hook.logmon.nomad: opening fifo: alloc_id=a7c04d65-2f29-c778-c34c-2513d29f25f4 task=worker-mpi-resolver @module=logmon path=/data/nomad/alloc/a7c04d65-2f29-c778-c34c-2513d29f25f4/alloc/logs/.worker-mpi-resolver.stderr.fifo timestamp=2022-01-25T08:44:53.234Z
Jan 25 08:44:53 microworker03.te01-shr.nl3 nomad: 2022-01-25T08:44:53.965Z [INFO]  agent: (runner) creating new runner (dry: false, once: false)
Jan 25 08:44:53 microworker03.te01-shr.nl3 nomad[4342]: agent: (runner) creating new runner (dry: false, once: false)
Jan 25 08:44:53 microworker03.te01-shr.nl3 nomad: 2022-01-25T08:44:53.966Z [INFO]  agent: (runner) creating watcher
Jan 25 08:44:53 microworker03.te01-shr.nl3 nomad: 2022-01-25T08:44:53.966Z [INFO]  agent: (runner) starting
Jan 25 08:44:53 microworker03.te01-shr.nl3 nomad[4342]: agent: (runner) creating watcher
Jan 25 08:44:53 microworker03.te01-shr.nl3 nomad[4342]: agent: (runner) starting
Jan 25 08:44:54 microworker03.te01-shr.nl3 nomad: 2022-01-25T08:44:54.307Z [INFO]  client.gc: marking allocation for GC: alloc_id=a7c04d65-2f29-c778-c34c-2513d29f25f4
Jan 25 08:44:54 microworker03.te01-shr.nl3 nomad[4342]: client.gc: marking allocation for GC: alloc_id=a7c04d65-2f29-c778-c34c-2513d29f25f4
Jan 25 08:44:58 microworker03.te01-shr.nl3 nomad: 2022-01-25T08:44:58.309Z [WARN]  client.alloc_runner.task_runner.task_hook.logmon.nomad: timed out waiting for read-side of process output pipe to close: alloc_id=a7c04d65-2f29-c778-c34c-2513d29f25f4 task=worker-mpi-resolver @module=logmon timestamp=2022-01-25T08:44:58.309Z
Jan 25 08:44:58 microworker03.te01-shr.nl3 nomad[4342]: client.alloc_runner.task_runner.task_hook.logmon.nomad: timed out waiting for read-side of process output pipe to close: alloc_id=a7c04d65-2f29-c778-c34c-2513d29f25f4 task=worker-mpi-resolver @module=logmon timestamp=2022-01-25T08:44:58.309Z
Jan 25 08:44:58 microworker03.te01-shr.nl3 nomad: 2022-01-25T08:44:58.309Z [WARN]  client.alloc_runner.task_runner.task_hook.logmon.nomad: timed out waiting for read-side of process output pipe to close: alloc_id=a7c04d65-2f29-c778-c34c-2513d29f25f4 task=worker-mpi-resolver @module=logmon timestamp=2022-01-25T08:44:58.309Z
Jan 25 08:44:58 microworker03.te01-shr.nl3 nomad[4342]: client.alloc_runner.task_runner.task_hook.logmon.nomad: timed out waiting for read-side of process output pipe to close: alloc_id=a7c04d65-2f29-c778-c34c-2513d29f25f4 task=worker-mpi-resolver @module=logmon timestamp=2022-01-25T08:44:58.309Z

Nomad side:

Template failed: /data/nomad/alloc/3a20b272-9965-8c1f-6ab0-c841e303b623/worker-mpi-resolver/local/platformConfig/nl3.tmpl: execute: template: :1:36: executing "" at <plugin "/data/tools/consul.php">: error calling plugin: function is disabled
--


<br class="Apple-interchange-newline" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;">

Originally posted by @bubejur in #11547 (comment)

[bubejur]

nomad process is not overriding/can't get config from /etc/nomad/config.json...
/usr/lib/systemd/system/nomad.service:

[Unit]
Description=Nomad agent
Requires=network-online.target
After=network-online.target

[Service]
EnvironmentFile=-/etc/sysconfig/nomad
Restart=on-failure
ExecStart=/usr/local/bin/nomad agent -config=/etc/nomad
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGINT
RestartSec=42s
LimitNOFILE=131072

[Install]
WantedBy=multi-user.target

I'm also have /etc/nomad/config.json with my options, when i started nomad, it's launching, but i can't get final config at /var/log/messages. At other versions - i do. Can you please asap fix this issue?

[jrasell]

Hi @bubejur and thanks for raising this issue. Could you provide the Nomad version you upgraded from in order to help investigation as well as any potential configuration options you're using on the Nomad client/servers which could impact templating?

[bubejur]

Hi. Current version: 1.2.4. I also tried all versions from 1.1.6 to 1.2.4...

[bubejur]

example 1.2.0 is printing config:

Jan 25 08:41:21 microworker03.te01-shr.nl3 nomad[2878]: agent: 2022/01/25 08:41:21.938781 [INFO] (runner) creating new runner (dry: false, once: false)
Jan 25 08:41:21 microworker03.te01-shr.nl3 nomad[2878]: agent: 2022/01/25 08:41:21.939687 [DEBUG] (runner) final config: {"Consul":{"Address":"127.0.0.1:8500","Namespace":"","Auth":{"Enabled":false,"Username":"","Password":""},"Retry":{"Attempts":12,"Backoff":250000000,"MaxBackoff":60000000000,"Enabled":true},"SSL":{"CaCert":"","CaPath":"","Cert":"","Enabled":false,"Key":"","ServerName":"","Verify":true},"Token":"","Transport":{"DialKeepAlive":30000000000,"DialTimeout":30000000000,"DisableKeepAlives":false,"IdleConnTimeout":90000000000,"MaxIdleConns":100,"MaxIdleConnsPerHost":5,"TLSHandshakeTimeout":10000000000}},"Dedup":{"Enabled":false,"MaxStale":2000000000,"Prefix":"consul-template/dedup/","TTL":15000000000,"BlockQueryWaitTime":60000000000},"DefaultDelims":{"Left":null,"Right":null},"Exec":{"Command":"","Enabled":false,"Env":{"Denylist":[],"Custom":[],"Pristine":false,"Allowlist":[]},"KillSignal":2,"KillTimeout":30000000000,"ReloadSignal":null,"Splay":0,"Timeout":0},"KillSignal":2,"LogLevel":"WARN","MaxStale":2000000000,"PidFile":"","ReloadSignal":1,"Syslog":{"Enabled":false,"Facility":"LOCAL0","Name":""},"Templates":[{"Backup":false,"Command":"","CommandTimeout":30000000000,"Contents":"","CreateDestDirs":true,"Destination":"/data/nomad/alloc/fbe7bd05-1fe4-9bb1-5080-400b7793c0d4/worker-mpi-resolver/local/platform.nl3.php","ErrMissingKey":false,"Exec":{"Command":"","Enabled":false,"Env":{"Denylist":[],"Custom":[],"Pristine":false,"Allowlist":[]},"KillSignal":2,"KillTimeout":30000000000,"ReloadSignal":null,"Splay":0,"Timeout":30000000000},"Perms":420,"Source":"/data/nomad/alloc/fbe7bd05-1fe4-9bb1-5080-400b7793c0d4/worker-mpi-resolver/local/platformConfig/nl3.tmpl","Wait":{"Enabled":false,"Min":0,"Max":0},"LeftDelim":"{{","RightDelim":"}}","FunctionDenylist":[""],"SandboxPath":"/data/nomad/alloc/fbe7bd05-1fe4-9bb1-5080-400b7793c0d4/worker-mpi-resolver"}],"Vault":{"Address":"","Enabled":false,"Namespace":"","RenewToken":false,"Retry":{"Attempts":12,"Backoff":250000000,"MaxBackoff":60000000000,"Enabled":true},"SSL":{"CaCert":"","CaPath":"","Cert":"","Enabled":true,"Key":"","ServerName":"","Verify":true},"Transport":{"DialKeepAlive":30000000000,"DialTimeout":30000000000,"DisableKeepAlives":false,"IdleConnTimeout":90000000000,"MaxIdleConns":100,"MaxIdleConnsPerHost":5,"TLSHandshakeTimeout":10000000000},"UnwrapToken":false},"Wait":{"Enabled":false,"Min":0,"Max":0},"Once":false,"BlockQueryWaitTime":60000000000}

1.2.4 is not. I did debug mode for nomad agent.

[jrasell]

Hi @bubejur. Could you please provide the following pieces of information to help understand the problem you are facing. Also to confirm, Nomad 1.2.0 you do not see the template rendering failure, but in 1.2.4 you do?

• any Nomad client agent configuration options you are using within the template stanza
• an example of the jobspec template block that is failing to render

Thanks in advance.

[bubejur]

Also to confirm, Nomad 1.2.0 you do not see the template rendering failure, but in 1.2.4 you do? Yeap.
Config:

        "template": {
            "function_denylist": [
                ""
            ]
        }

jobspec:

    task "worker-mpi-resolver" {
      driver = "raw_exec"
      user = "deploy"

      artifact {
        source      = "git::https://stash.ecommpay.com/scm/pr2/consul-templates.git"
        destination = "local/platformConfig"
      }

      template {
        source        = "local/platformConfig/nl3.tmpl"
        destination   = "local/platform.nl3.php"
        change_mode   = "signal"
        change_signal = "SIGINT"
      }

[ngmlabs]

Hello! I was able to reproduce the issue in a test environment with a jobspec similar to @bubejur's one. The issue seems to have appeared somewhere between 1.2.3 and 1.2.4, as the test job ran without issues on 1.2.3. I would suspect #11606.

[DerekStrickland]

Hi @bubejur & @ngmlabs. Thanks for reporting and confirming this issue. I've confirmed a similar issue in Consul Template config parsing ( #11902 ). If it turns out to be the same issue, and I suspect it is, I'll likely merge this issue into that. Thanks again. Your contributions were a big help in finding this.

[DerekStrickland]

Confirmed that this is a duplicate of #11902. Closing in favor of the original issue.

[DerekStrickland]

Hi @bubejur. I'm sorry to hear you are still having issues after 1.2.5. I'm re-opening this issue for investigation, and will let you know if I see any work arounds for you so you don't have to wait for another release. What's confusing to me though, is that I don't see you actually calling any functions in your jobspec. Any chance you know where a function is being called? Is it possibly something embedded in the local/platformConfig/nl3.tmpl file?

[bubejur]

@DerekStrickland

fyi i can see full config now in debug mode:

{"Consul":{"Address":"127.0.0.1:8500","Namespace":"","Auth":{"Enabled":false,"Username":"","Password":""},"Retry":{"Attempts":12,"Backoff":250000000,"MaxBackoff":60000000000,"Enabled":true},"SSL":{"CaCert":"","CaPath":"","Cert":"","Enabled":false,"Key":"","ServerName":"","Verify":true},"Token":"","Transport":{"DialKeepAlive":30000000000,"DialTimeout":30000000000,"DisableKeepAlives":false,"IdleConnTimeout":90000000000,"MaxIdleConns":100,"MaxIdleConnsPerHost":5,"TLSHandshakeTimeout":10000000000}},"Dedup":{"Enabled":false,"MaxStale":2000000000,"Prefix":"consul-template/dedup/","TTL":15000000000,"BlockQueryWaitTime":60000000000},"DefaultDelims":{"Left":null,"Right":null},"Exec":{"Command":"","Enabled":false,"Env":{"Denylist":[],"Custom":[],"Pristine":false,"Allowlist":[]},"KillSignal":2,"KillTimeout":30000000000,"ReloadSignal":null,"Splay":0,"Timeout":0},"KillSignal":2,"LogLevel":"WARN","MaxStale":2000000000,"PidFile":"","ReloadSignal":1,"Syslog":{"Enabled":false,"Facility":"LOCAL0","Name":""},"Templates":[{"Backup":false,"Command":"","CommandTimeout":30000000000,"Contents":"","CreateDestDirs":true,"Destination":"/data/nomad/alloc/5dab3450-74b8-aeb7-45b3-718e8b000421/worker-mpi-resolver/local/platform.nl3.php","ErrMissingKey":false,"Exec":{"Command":"","Enabled":false,"Env":{"Denylist":[],"Custom":[],"Pristine":false,"Allowlist":[]},"KillSignal":2,"KillTimeout":30000000000,"ReloadSignal":null,"Splay":0,"Timeout":30000000000},"Perms":420,"Source":"/data/nomad/alloc/5dab3450-74b8-aeb7-45b3-718e8b000421/worker-mpi-resolver/local/platformConfig/nl3.tmpl","Wait":{"Enabled":false,"Min":0,"Max":0},"LeftDelim":"{{","RightDelim":"}}","FunctionDenylist":["plugin",""],"SandboxPath":"/data/nomad/alloc/5dab3450-74b8-aeb7-45b3-718e8b000421/worker-mpi-resolver"}],"Vault":{"Address":"","Enabled":false,"Namespace":"","RenewToken":false,"Retry":{"Attempts":12,"Backoff":250000000,"MaxBackoff":60000000000,"Enabled":true},"SSL":{"CaCert":"","CaPath":"","Cert":"","Enabled":true,"Key":"","ServerName":"","Verify":true},"Transport":{"DialKeepAlive":30000000000,"DialTimeout":30000000000,"DisableKeepAlives":false,"IdleConnTimeout":90000000000,"MaxIdleConns":100,"MaxIdleConnsPerHost":5,"TLSHandshakeTimeout":10000000000},"UnwrapToken":false},"Wait":{"Enabled":false,"Min":0,"Max":0},"Once":false,"BlockQueryWaitTime":60000000000}

/worker-mpi-resolver/local/platformConfig/nl3.tmpl:

{{ tree "nl3" | explode | toJSON |  plugin "/data/tools/consul.php"}}

[DerekStrickland]

@bubejur I see the issue. I apologize for any inconvenience this causes you. I'll get a PR up as soon as I can.

[bubejur]

@DerekStrickland thank you for ur time, it will be great if u can fix it

[bubejur]

@DerekStrickland Hi! Do you have any updates?

[DerekStrickland]

HI @bubejur,

Sorry for the delay. I've set aside time to work on this Friday. Once it lands in main, you'll be able to pull, build, and test. I'd love to get your confirmation before we cut the next release. I'll link this issue to the PR so you that you are notified when it lands, and can test it out if you have time.

Thanks for your help!

Derek

[bubejur]

Great, thanks! Sure, i'll help you with some checks. See u on Friday.

[bubejur]

Thanks a lot! Finally got binary - going to test it now!

[bubejur]

Still unlucky :-(

Template failed: /data/nomad/alloc/7d494cda-5b9f-bca6-5a52-613b24d3506a/worker-id-generator/local/platformConfig/nl3.tmpl: execute: template: :1:36: executing "" at <plugin "/data/tools/consul.php">: error calling plugin: function is disabled

nomad -v
Nomad v1.2.6-dev (1fabefd27ecfe2e3ad4125dc54540bf59ac3e705)

[bubejur]

[DerekStrickland]

@bubejur what happens if you put

"template": {
   "function_denylist": []
 }

[bubejur]

@DerekStrickland tried this way, still getting error...

[DerekStrickland]

All right. Thanks for the update. I'll let you know when I have new bits to share.

[bubejur]

@DerekStrickland hi! any updates?

[DerekStrickland]

Hi @bubejur!

I'm sorry no. I haven't been able to get back to it this week yet, but I'm looking for some schedule time because I know it's not ideal. I haven't forgotten about you I promise 😄

[DerekStrickland]

@bubejur

I've got some new code up for you to pull build and test. I just ran this on our test cluster and the template worked. Also, I see this in the final config in the logs.

      "FunctionDenylist": [
        ""
      ],

[bubejur]

@DerekStrickland still nothing...

Template failed: /data/nomad/alloc/82d8891b-dfe9-d84e-7242-f7f13e64f56b/worker-id-generator/local/platformConfig/nl3.tmpl: execute: template: :1:36: executing "" at <plugin "/data/tools/consul.php">: error calling plugin: function is disabled

Nomad v1.2.6-dev (b76e04dc51246e40897599554c436519294a64c5)


Feb 27 16:38:53 microworker01.te01-shr.nl3 nomad[31069]: agent: (runner) final config: {"Consul":{"Address":"127.0.0.1:8500","Namespace":"","Auth":{"Enabled":false,"Username":"","Password":""},"Retry":{"Attempts":12,"Backoff":250000000,"MaxBackoff":60000000000,"Enabled":true},"SSL":{"CaCert":"","CaPath":"","Cert":"","Enabled":false,"Key":"","ServerName":"","Verify":true},"Token":"","Transport":{"DialKeepAlive":30000000000,"DialTimeout":30000000000,"DisableKeepAlives":false,"IdleConnTimeout":90000000000,"MaxIdleConns":100,"MaxIdleConnsPerHost":5,"TLSHandshakeTimeout":10000000000}},"Dedup":{"Enabled":false,"MaxStale":2000000000,"Prefix":"consul-template/dedup/","TTL":15000000000,"BlockQueryWaitTime":60000000000},"DefaultDelims":{"Left":null,"Right":null},"Exec":{"Command":"","Enabled":false,"Env":{"**Denylist**":[],"Custom":[],"Pristine":false,"Allowlist":[]},"KillSignal":2,"KillTimeout":30000000000,"ReloadSignal":null,"Splay":0,"Timeout":0},"KillSignal":2,"LogLevel":"WARN","MaxStale":2000000000,"PidFile":"","ReloadSignal":1,"Syslog":{"Enabled":false,"Facility":"LOCAL0","Name":""},"Templates":[{"Backup":false,"Command":"","CommandTimeout":30000000000,"Contents":"","CreateDestDirs":true,"Destination":"/data/nomad/alloc/81f99fc9-7284-0730-a9a7-7814c8f8558b/worker-id-generator/local/platform.nl3.php","ErrMissingKey":false,"Exec":{"Command":"","Enabled":false,"Env":{"Denylist":[],"Custom":[],"Pristine":false,"Allowlist":[]},"KillSignal":2,"KillTimeout":30000000000,"ReloadSignal":null,"Splay":0,"Timeout":30000000000},"Perms":420,"Source":"/data/nomad/alloc/81f99fc9-7284-0730-a9a7-7814c8f8558b/worker-id-generator/local/platformConfig/nl3.tmpl","Wait":{"Enabled":false,"Min":0,"Max":0},"LeftDelim":"{{","RightDelim":"}}","**FunctionDenylist**":["plugin"],"SandboxPath":"/data/nomad/alloc/81f99fc9-7284-0730-a9a7-7814c8f8558b/worker-id-generator"}],"Vault":{"Address":"","Enabled":false,"Namespace":"","RenewToken":false,"Retry":{"Attempts":12,"Backoff":250000000,"MaxBackoff":60000000000,"Enabled":true},"SSL":{"CaCert":"","CaPath":"","Cert":"","Enabled":true,"Key":"","ServerName":"","Verify":true},"Transport":{"DialKeepAlive":30000000000,"DialTimeout":30000000000,"DisableKeepAlives":false,"IdleConnTimeout":90000000000,"MaxIdleConns":100,"MaxIdleConnsPerHost":5,"TLSHandshakeTimeout":10000000000},"UnwrapToken":false},"Wait":{"Enabled":false,"Min":0,"Max":0},"Once":false,"BlockQueryWaitTime":60000000000}

[DerekStrickland]

Hi @bubejur

We're getting closer I think. Looking at the commit hash in this output you included

Nomad v1.2.6-dev (b76e04dc51246e40897599554c436519294a64c5)

It looks like you haven't built with the latest changes. You should see the following if you are on the latest commit for this branch.

Nomad v1.2.6-dev (89b4f3c7476ba0e14451c01b47c523892a7be598)

Here are the steps I'm taking to make sure I am testing the new code. I just want to make sure we are both testing the same way. Forgive me if I am stating obvious things. I just don't want to assume anything.

• First I cd to my nomad source code directory
• git pull
• git checkout f-fix-function-denylist
• git log - when I do this the most recent commit message should start with commit 89b4f3c7476ba0e14451c01b47c523892a7be598
• make deps
• make dev
• Now, from the source directory I run bin/nomad -version to make sure what was just built is what I expect - it should output Nomad v1.2.6-dev (89b4f3c7476ba0e14451c01b47c523892a7be598)

Now that I have the right binary built my process is the following.

NOTE: I am running a development cluster for testing so this is safe for me. If you are testing this fix with a non-development cluster you will have to adjust your steps to avoid an outage.

• sudo systemctl stop nomad on all servers and clients
• I delete the data directory on the server and clients to make sure I don't have any old copies of the previously executed template sudo rm -rf /etc/nomad.d/data. This assumes the data directory is /etc/nomad.d/data.
• Copy the binary I just build to the GOPATH - cp bin/nomad $GOPATH/bin
• Run nomad -version - you should see Nomad v1.2.6-dev (89b4f3c7476ba0e14451c01b47c523892a7be598)
• sudo systemctl start nomad on all servers and clients
• Now I submit my template job.

I am no longer seeing "plugin" in the function deny list with these steps and the sample config I pulled from your previous comments on this issue. Let me know if that helps at all.

Also, if you have problems deleting the data directory on the clients because the alloc dir or it's subdirs are mounted, you can try this following script. It also assumes the data dir is /etc/nomad.d/data so you may have to adjust it. It works for me on Ubuntu 18.04.

grep /etc/nomad.d/data /proc/mounts | cut -f2 -d" " | sort -r | sudo xargs umount -n

[DerekStrickland]

@bubejur I just remembered you included a systemd unit file in your comments. After looking at that, it looks like you'll want to copy the binary to /usr/local/bin instead of GOPATH.

[bubejur]

same on Nomad v1.2.6-dev (89b4f3c)

nomad -v
Nomad v1.2.6-dev (89b4f3c7476ba0e14451c01b47c523892a7be598)

but i didn't restart and update server side, will do it later in the evening...

[DerekStrickland]

Thanks. Also really important to delete the data directories or you might end up with a copy of the job that has the template already rendered. If that still fails for any reason, could you post your full client config minus any secrets? That would be really helpful. Thanks for working through this with me!

[bubejur]

Yes, i read it and almost deleted any client info before nomad update. Here is client config:

{
    "advertise": {
        "http": "10.11.19.28",
        "rpc": "10.11.19.28",
        "serf": "10.11.19.28"
    },
    "bind_addr": "0.0.0.0",
    "client": {
        "cpu_total_compute": 0,
        "enabled": true,
        "gc_disk_usage_threshold": 80,
        "gc_inode_usage_threshold": 70,
        "gc_interval": "1m",
        "gc_max_allocs": 300,
        "gc_parallel_destroys": 2,
        "max_kill_timeout": "30s",
        "meta": {
            "dc": "",
            "line_type": "production",
            "line_version": "0",
            "pool": "micro_worker",
            "type": ""
        },
        "network_speed": 0,
        "no_host_uuid": false,
        "node_class": "",
        "options": {
            "driver.raw_exec.enable": 1
        },
        "reserved": {
            "cpu": 0,
            "disk": 0,
            "memory": 0,
            "reserved_ports": 22
        },
        "template": {
            "FunctionDenylist": [
                ""
            ]
        }
    },
    "data_dir": "/data/nomad",
    "datacenter": "nl3",
    "disable_update_check": false,
    "enable_debug": false,
    "enable_syslog": true,
    "leave_on_interrupt": false,
    "leave_on_terminate": true,
    "limits": {
        "http_max_conns_per_client": 2048
    },
    "log_level": "DEBUG",
    "name": "microworker01.te01-shr.nl3",
    "ports": {
        "http": 4646,
        "rpc": 4647,
        "serf": 4648
    },
    "region": "undef",
    "server": {
        "bootstrap_expect": 0,
        "enabled": false,
        "enabled_schedulers": [
            "service",
            "batch",
            "system"
        ],
        "encrypt": "",
        "eval_gc_threshold": "1h",
        "job_gc_threshold": "4h",
        "node_gc_threshold": "24h",
        "num_schedulers": 4,
        "rejoin_after_leave": false
    },
    "telemetry": {
        "prometheus_metrics": false,
        "publish_allocation_metrics": true,
        "publish_node_metrics": true
    }
}

[DerekStrickland]

Was that a typo? You have FunctionDenyList in the config, but it should be function_denylist right?

[DerekStrickland]

Also, it's worth pointing out, that you don't actually want an empty string in the array. We've discussed it internally, and it should have rejected the empty string as invalid config, but since it hasn't in the past, we won't change that for now so as not to break backward compatibility.

Here's an example f you don't want to deny any functions.

"template": {
    "function_denylist": []
 }

[bubejur]

Hmm... I thought that it might be there after this...

[bubejur]

Nomad v1.2.6-dev (89b4f3c)

@DerekStrickland Victory!

[bubejur]

How can i get new rpm with this fix in your repo?

[DerekStrickland]

Once it's merged into main it will be in the next release. We don't produce packages except for official releases. Sorry for the delay ☹️

[DerekStrickland]

Hmm... I thought that it might be there after this...

Oh wow.. That was MY typo!!! I am so sorry! Thank you for being kind about pointing it out.

[bubejur]

@DerekStrickland can you also somehow add our ips to whitelist? 88.218.113.16 88.218.112.16 178.57.66.244 - it's not Russian ips. We are from luxembourg, amsterdam and finland.

[bubejur]

@tgross maybe you can tell me a date for new 1.2.7 release? so excited about it!

[tgross]

@bubejur unfortunately we can't give out dates for releases. I can tell you the whole team is actively working on 1.3.0 (which will have backports to 1.2.7).

[github-actions]

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.