Skip to content

task env: add NOMAD_UNIX_ADDR var #25598

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

task env: add NOMAD_UNIX_ADDR var #25598

wants to merge 3 commits into from

Conversation

gulducat
Copy link
Member

@gulducat gulducat commented Apr 4, 2025
edited
Loading

I keep thinking of this, and finally I'm doin it. Allows for easier usage in task setup:

task "nomad-cli" {
  driver = "raw_exec"
  config { ... run `nomad` commands ... }
  identity {
    env = true
  }
  env {
    NOMAD_ADDR = "${NOMAD_UNIX_ADDR}"
    # instead of this, which requires you to know the right "unix://" prefix, and socket location
    NOMAD_ADDR = "unix://${NOMAD_SECRETS_DIR}/api.sock"
  }
}

I named it "_UNIX_ADDR" instead of "_ADDR_UNIX" because I figure there may be services out there called "UNIX" that would cause a name collision, but I'm open to other names.

E2E spot check on my linux laptop:

    --- PASS: TestTaskAPI/testTaskAPI_NomadCLI (1.12s)

@gulducat gulducat added type/enhancement backport/ent/1.8.x+ent Changes are backported to 1.8.x+ent backport/ent/1.9.x+ent Changes are backported to 1.9.x+ent backport/1.10.x backport to 1.10.x release line labels Apr 4, 2025
@gulducat gulducat requested review from a team as code owners April 4, 2025 19:25
@gulducat
task env: add NOMAD_UNIX_ADDR var
cda7f39 
for easier task setup when using workload identity
and nomad CLI
@gulducat gulducat force-pushed the env-nomad-unix-addr branch from a61728b to cda7f39 Compare April 4, 2025 19:31
@tgross tgross added this to the 1.10.x milestone Apr 4, 2025
tgross
tgross reviewed Apr 4, 2025
View reviewed changes
.changelog/25598.txt Outdated
@@ -0,0 +1,3 @@
```release-note:improvement
task environment: add NOMAD_UNIX_ADDR env var when using workload identity
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"when using workload identity" doesn't quite feel like the right way to describe this. It's for use with workload identity. Maybe point out that it points to the Task API socket?

client/taskenv/env.go Outdated
@@ -620,10 +624,12 @@ func (b *Builder) buildEnv(allocDir, localDir, secretsDir string,
// Build the Nomad Workload Token
if b.workloadTokenDefault != "" {
envMap[WorkloadToken] = b.workloadTokenDefault
envMap[UnixAddr] = "unix:" + filepath.Join(secretsDir, "api.sock")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aren't these usually of the form: unix://$PATH? ex. unix:///secrets/api.sock

Copy link
Member Author

@gulducat gulducat Apr 4, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right?? That's part of why this is all needed - the world is not consistent. With a caddy reverse proxy, for example, it's unix//path/to/sock 🤷

In our particular case, it can be either unix:{path} or unix://{path} (but not unix:/{path} nor unix/{path}).

Would you prefer unix://?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the world is not consistent

Yeah, there's no real standard here. The Go parser (which we're using in the api package) handles both https://go.dev/play/p/S2tCmK6la8H I think I'd prefer unix:// just because it matches the file:// URL scheme (from RFC1738 and friends). But that's a matter of taste.

@tgross
Copy link
Member

tgross commented Apr 4, 2025

Minor nit: this is a new feature, so it wouldn't get backported to 1.9.x/1.8.x

@gulducat gulducat removed backport/ent/1.8.x+ent Changes are backported to 1.8.x+ent backport/ent/1.9.x+ent Changes are backported to 1.9.x+ent labels Apr 4, 2025
@aimeeu aimeeu added the theme/docs Documentation issues and enhancements label Apr 7, 2025
aimeeu
aimeeu previously approved these changes Apr 7, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tgross tgross tgross left review comments

@aimeeu aimeeu aimeeu approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
backport/1.10.x backport to 1.10.x release line theme/docs Documentation issues and enhancements type/enhancement
Projects
None yet
Milestone
1.10.x
Development

Successfully merging this pull request may close these issues.
3 participants
@gulducat @tgross @aimeeu