Reserved ports are not honored

[phreakocious]

Nomad version

Nomad v0.12.7 (6147cb578794cb2d0c35d68fe1791728a09bb081)

Operating system and Environment details

Debian 10

Issue

Regardless of where reserved_ports is specified in the client stanza, ports within the range are still allocated. Just in case the documentation for this was incorrect, I tried it as both an inclusive and exclusive range with the same results.

Reproduction steps

ensure the nomad.hcl has reserved_ports defined

client {
  enabled       = true
  network_speed = 1000
  host_network "dummy_net1" { 
    cidr = "10.9.9.1/32"
    # dummy_net1 specifies a small range of ports.  if range is inclusive, it has to pick 32766 or 32767
    reserved_ports = "32766-32767"
  }
  host_network "dummy_net2" { 
    cidr = "10.9.9.2/32"
    # dummy_net2 specifies a large range of ports.  if range is exclusive, it has to pick 65535
    reserved_ports = "1-65534"
  }
}

bring up a new dummy interface with our IPs

# ip link add name nomad type dummy

# ip addr add 10.9.9.1/32 dev nomad
# ip addr add 10.9.9.2/32 dev nomad

# ip link set up dev nomad

restart nomad, run the job

# systemctl restart nomad
# nomad job dispatch  -meta xid=test reserved_ports_test
Dispatched Job ID = reserved_ports_test/dispatch-1606876795-355d4a46
Evaluation ID     = 28d63a84

==> Monitoring evaluation "28d63a84"
    Evaluation triggered by job "reserved_ports_test/dispatch-1606876795-355d4a46"
    Allocation "69636c82" created: node "3a31e222", group "group1"
    Evaluation status changed: "pending" -> "complete"
==> Evaluation "28d63a84" finished with status "complete"

the allocated ports do not seem to reflect either inclusive or exclusive behavior for the reserved_ports ranges

# docker ps
CONTAINER ID        IMAGE                 COMMAND                  CREATED              STATUS              PORTS                                                                                                        NAMES
8a5ce20df8ff        alpine/socat:latest   "socat tcp-listen:32…"   About a minute ago   Up About a minute   10.9.9.2:28234->32766/tcp, 10.9.9.2:28234->32766/udp, 10.9.9.1:29469->32767/tcp, 10.9.9.1:29469->32767/udp   task-69636c82-ee14-649b-cc6a-c8a7abd77ff3

Job file

job "reserved_ports_test" {
  region = "global"
  datacenters = ["dc1"]
  type = "batch"

  parameterized {
    meta_required = ["xid"]
  }

  group "group1" {

    network {
      port "port1" {
        to = 32767
        host_network = "dummy_net1"
      }
      port "port2" {
        to = 32766
        host_network = "dummy_net2"
      }
    }

    task "task" {
      driver = "docker"

      config {
        image = "alpine/socat:latest"
        args = [ "tcp-listen:32767", "file:/etc/hostname" ]
        ports = [ "port1", "port2" ]
      }

      resources {
        cpu    = 20 # MHz
        memory = 16 # MB
      }
    }
  }
}

[shoenig]

Thanks for reporting @phreakocious , I believe the client port reservations (used for exclusion) currently only apply to static port requests. The dynamic port range is at the moment hard-coded and doesn't take the reservations into account. We'll probably want to take care of this at the same time we enable configurable dynamic port ranges #8186.

[phreakocious]

Closed in error and reopened. Thanks for the info.

[tgross]

Cross-linking #9506

[github-actions]

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.