lornasong c8d0301dd5
nia/docs 0.5.0 (#12381)
* docs/nia: new configuration for services condition & source_input (#11646)

* docs/nia: new configuration for services condition

* docs/nia: new configuration for services source_input

* reword filter and cts_user_defined_meta

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update service block config to table format

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Remove deprecated driver.working_dir (#11831)

* Deprecate workspace_prefix for now workspaces.prefix (#11836)

* docs/nia: new config field names for services condition/source_input (#11896)

* docs/nia: new config field `names` for services condition/source_input

* Remove language about 'default condition' and services condition relation to services list

Context:
 - Added a new `names` field to condition/source_input "services"
 - `names` or `regexp` must be configured for condition/source_input "services"

This therefore:
 - Removed relationship between condition/source_input "services" and
 task.services list
 - Removed concept of "default condition" i.e. condition "services" must be
 configured with `names` or `regexp`, there is no meaningful unconfigured default

Change: remove language regarding "default condition" and relationship with services list

* docs/nia: Update paramters to table format

Changes from a bulleted list to a table. Also adds the possible response codes
and fixes the update example response to include the inspect object.

* docs/nia: Delete task API and CLI

* docs/nia: Update wording for run values

Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com>

* docs/nia: require condition "catalog-services" block's regexp to be configured (#11915)

Changes:
 - Update Catalog Services Condition configuration docs to new table format
 - Rewrite `regexp` field docs to be required, no longer optional
 - Remove details about `regexp` field's original default behavior when the
 field was optional

* docs/nia: Update status API docs to table format

* Cleaner wording for response descriptions

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* docs/nia - 'source_includes_var' changes (#11939)

* docs/nia - condition "services" new field source_includes_var

 - Add new configuration details for condition "services" block's
 `source_includes_var` field.
 - Note: this field's description is worded differently from condition type's
 `source_includes_var` since a services variable is always required (unlike
 other vars) for CTS modules.
 - Also worded in a way to anticipate renaming to `use_as_module_input`

* docs/nia - change 'source_includes_var' default value from false to true

 - Update configs
 - Table-ify Consul-KV condition (reuse wording from Consul-KV source input)

* docs/nia - reword task execution page for source_includes_var changes

 - Note: switched to using "module input" language over "source input" language.
 Separate PR will make a mass change across docs
 - Slim down general task condition section to have fewer details on module input
 - Updated services, catalog-services, and consul-kv condition sections for
 source_includes_var
 - Add config page links for details

* Improve CTS acronym usage
- Use Consul-Terraform-Sync at the first instance with CTS in brackets - Consul-Terraform-Sync (CTS) and then CTS for all following instances on a per-page basis.
- some exceptions: left usage of the term `Consul-Terraform-Sync` in config examples and where it made sense for hyperlinking

* Improve CTS acronym usage (part 2) (#11991)

Per page:
- At first instance in text, use "Consul-Terraform-Sync (CTS)"
- Subsequent instances in text, use "CTS"

* Update schedule condition config to table format

* Update config tables with type column

* docs/nia: Update required fields values

Standardizing Required/Optional over boolean values.

* docs/nia: Standardize order of columns

Updated Required to come before Type, which is how the configurations are formatted. Also
changed the empty strings to "none" for default values.

* Deprecate port CLI option for CTS and updated example usage

* docs/nia cts multiple source input configuration updates (#12158)

* docs/nia cts multiple source input configuration updates

CTS expanded its usage of `source_input` block configurations and added
some restrictions. This change accounts for the following changes:

- `source_input` block can be configured for a task. No longer restricting to
scheduled task
- Multiple `source_input` blocks can be configured for a task. No longer
restricting to one
- Task cannot have multiple configurations defining the same variable type

Future work: We're planning to do some renaming from "source" to "module" for
v0.5. These changes are made in the code and not yet in the docs. These will be
taken care of across our docs in a separate PR. Perpetuating "source" in this
PR to reduce confusion.

* Apply suggestions from code review

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* code review feedback

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Add "Consul object" glossary entry

Changes:
 - Add "Consul object" to CTS glossary
 - Format glossary terms so that they can be linked
 - Add link to "Consul object" glossary entry

* Reorganize source_input limitations section

Co-authored-by: findkim <6362111+findkim@users.noreply.github.com>

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: findkim <6362111+findkim@users.noreply.github.com>

* docs/nia: overview of config streamlining deprecations (#12193)

* docs/nia: overview of config streamlining deprecations

* Update config snippets to use CodeTabs

* Apply code review feedback suggestions

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Clarify source table language

* Add use_as_module_input callout

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* docs/nia: deprecate "services" field and "service" block (#12234)

* Deprecate `services` field

Did a search on "`services`", "`task.services`", "services list", and "services
field"

Changes:
 - In config docs, mark `services` field as deprecated and `condition` block
 as required.
 - For necessary references to `services` field, mark with "(deprecated)" e.g.
 when listing all options for source input
 - Remove unnecessary references to `services` field from docs e.g. any docs
 encouraging use of `services`
 - Replace `services` field with `condition` / `module_input` "services" in
 config snippets and explanations

* Deprecate `service` block

Did a search for "service block", "`service`", and "service {"

Changes:
 - In config docs, mark `service` block as deprecated
 - For necessary references to `service` block, mark with "(deprecated)"
 - Remove unnecessary references to `service` block from docs

* Fix service block typos in config snippet

service block is singular and not plural

* docs/nia: deprecate "source includes var" and "source input" (#12244)

* Deprecate `source_includes_var` field

Did a search for "source_includes_var" and an audit of "include"

Changes
 - In config docs, mark `source_includes_var` field as deprecated
 - In config docs, add new field for `use_as_module_input`
 - For necessary references to `source_includes_var`, mark with "(deprecated)"
 - Audit and update "include" language

* Deprecate `source_input` field and language

Did a search and replace for "source_input", "source-input", "source input"

Changes:
 - In config docs, mark `source_input` field as deprecated
 - In config docs, add new entry for `module_input`
 - For necessary references to `source_input`, mark with "(deprecated)"
 - Remove or replace "source*input" with "module*input"

Note: added an anchor link alias e.g. `# Module Input ((#source-input))` for
headers that were renamed from "Source Input" so that bookmarked links won't
break

* Update config streamlining release removal version to 0.8

* remove duplicate bullet

* docs/nia: deprecate `source` (#12245)

* Update "source" field in config snippets to "module"

* Deprecate task config `source` field

Did a search and replace for "source" and "src"

Changes:
 - In config docs, mark `source` field as deprecated
 - In config docs, add new entry for `module`
 - Remove or replace "source" with "module"

* Deprecate Status API Event `source` field

Changes:
 - Mark `source` field as deprecated
 - Add new entry for `module`

* docs/nia - Get Task API docs & Task Status API deprecations (#12303)

* docs/nia - Get Task API

Added a Task Object section intended to be shared with the Create Task API

* docs/nia - Deprecate non-status fields from Task Status API

Deprecate the fields that Get Task API replaces

* docs/nia - Align API docs on `:task_name` request resource

Followed a convention found in Nomad docs

* docs/nia - misc fixes

Context for some:
 - remove "" from license_path for consistency - do not specify the default
 value when empty string
 - remove "optional" language from task condition. we want to move towards it
 being required

* docs/nia - add new columns to API Task Object

* Added Create Task API documentation

* Added create task CLI documentation

* addressed code review comments

* fixed example

* docs/nia: Update task delete with async behavior

CTS delete task command is now asynchronous, so updating docs to reflect
this new behavior.

* update create task CLI with new changes from code

* update create task api and cli
- update curl command to include the json header
- update example task names to use 'task_a' to conform with other examples

* docs/nia: Fix hyphens in CTS CLI output

* docs/nia: Add auto-approve option in CLI

* docs/nia: Clarify infrastructure is not destroyed on task deletion

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Kim Ngo <6362111+findkim@users.noreply.github.com>
Co-authored-by: Melissa Kam <mkam@hashicorp.com>
Co-authored-by: Melissa Kam <3768460+mkam@users.noreply.github.com>
Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com>
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: Michael Wilkerson <mwilkerson@hashicorp.com>
Co-authored-by: AJ Jwair <aj.jwair@hashicorp.com>
2022-02-23 14:22:34 -05:00

273 lines
18 KiB
Plaintext

---
layout: docs
page_title: Tasks
description: >-
Consul-Terraform-Sync Tasks
---
# Tasks
A task is the translation of dynamic service information from the Consul Catalog into network infrastructure changes downstream. Consul-Terraform-Sync (CTS) carries out automation for executing tasks using network drivers. For a Terraform driver, the scope of a task is a Terraform module.
Below is an example task configuration:
```hcl
task {
name = "frontend-firewall-policies"
description = "Add firewall policy rules for frontend services"
providers = ["fake-firewall", "null"]
module = "example/firewall-policy/module"
version = "1.0.0"
condition "services" {
names = ["web", "image"]
}
}
```
In the example task above, the "fake-firewall" and "null" providers, listed in the `providers` field, are used. These providers themselves should be configured in their own separate [`terraform_provider` blocks](/docs/nia/configuration#terraform-provider). These providers are used in the Terraform module "example/firewall-policy/module", configured in the `module` field, to create, update, and destroy resources. This module may do something like use the providers to create and destroy firewall policy objects based on IP addresses. The IP addresses come from the "web" and "image" service instances configured in the `condition "services"` block. This service-level information is retrieved by CTS which watches Consul catalog for changes.
See [task configuration](/docs/nia/configuration#task) for more details on how to configure a task.
A task can be either enabled or disabled using the [task cli](/docs/nia/cli/task). When enabled, tasks are executed and automated as described in sections below. However, disabled tasks do not execute when changes are detected from Consul catalog. Since disabled tasks do not execute, they also do not store [events](/docs/nia/tasks#event) until re-enabled.
## Task Execution
An enabled task can be configured to monitor and execute on different types of conditions, such as changes to services ([services condition](/docs/nia/tasks#services-condition)) or service registration and deregistration ([catalog-services condition](/docs/nia/tasks#catalog-services-condition)).
A task can also monitor, but not execute on, other variables that provide additional information to the task's module. For example, a task with a catalog-services condition may execute on registration changes and additionally monitor service instances for IP information.
All configured monitored information, regardless if it's used for execution or not, can be passed to the task's module as module input. Below are details on the types of execution conditions that CTS supports and their module inputs.
### Services Condition
Tasks with the services condition monitor and execute on either changes to a list of configured services or changes to any services that match a given regex.
There are two ways to configure a task with a services condition. Only one of the two options below can be configured for a single task:
1. Configure a task's [`services`](/docs/nia/configuration#services) field (deprecated) to specify the list of services to trigger the task
1. Configure a task's `condition` block with the [services condition](/docs/nia/configuration#services-condition) type to specify services to trigger the task.
The services condition operates by monitoring the [Health List Nodes For Service API](/api-docs/health#list-nodes-for-service) and executing the task on any change of information for services configured. These changes include one or more changes to service values, like IP address, added or removed service instance, or tags. A complete list of values that would cause a task to run are expanded below:
| Attribute | Description |
| ----------------------- | ------------------------------------------------------------------------------------------------- |
| `id` | A unique Consul ID for this service. This is unique per Consul agent. |
| `name` | The logical name of the service. Many service instances may share the same logical service name. |
| `address` | IP address of the service host -- if empty, node address should be used. |
| `port` | Port number of the service |
| `meta` | List of user-defined metadata key/value pairs for the service |
| `tags` | List of tags for the service |
| `namespace` | Consul Enterprise namespace of the service instance |
| `status` | Representative status for the service instance based on an aggregate of the list of health checks |
| `node` | Name of the Consul node on which the service is registered |
| `node_id` | ID of the node on which the service is registered. |
| `node_address` | The IP address of the Consul node on which the service is registered. |
| `node_datacenter` | Data center of the Consul node on which the service is registered. |
| `node_tagged_addresses` | List of explicit LAN and WAN IP addresses for the agent |
| `node_meta` | List of user-defined metadata key/value pairs for the node |
Below is an example configuration for a task that will execute when a service with a name that matches the regular expression has a change.
```hcl
task {
name = "services_condition_task"
description = "execute on changes to services whose name starts with web"
providers = ["my-provider"]
module = "path/to/services-condition-module"
condition "services" {
regexp = "^web.*"
use_as_module_input = false
}
}
```
The services condition can provide input for the [`services` input variable](/docs/nia/terraform-modules#services-variable) that is required for each CTS module. This can be provided depending on how the services condition is configured:
- task's `services` field (deprecated): services object is automatically passed as module input
- task's `condition "services"` block: users can configure the `use_as_module_input` field to optionally use the condition's services object as module input
- Field was previously named `source_includes_var` (deprecated)
### Catalog-Services Condition
Tasks with a catalog-services condition monitor and execute on service registration changes for services that satisfy the condition configuration. 'Service registration changes' specifically refers to service registration and deregistration where service registration occurs on the first service instance registration, and service deregistration occurs on the last service instance registration. Tasks with a catalog-services condition may, depending on the module, additionally monitor but not execute on service instance information.
The catalog-services condition operates by monitoring the [Catalog List Services API](/api-docs/catalog#list-services) and executing the task when services are added or removed in the list of registered services. Note, the task does not execute on changes to the tags of the list of services. This is similar to how changes to service instance information, mentioned above, also does not execute a task.
Below is an example configuration for a task that will execute when a service with a name that matches the "web.*" regular expression in datacenter "dc1" has a registration change. It additionally monitors but does not execute on service instance changes to "web-api" in datacenter "dc2".
```hcl
task {
name = "catalog_service_condition_task"
module = "path/to/catalog-services-module"
providers = ["my-provider"]
condition "catalog-services" {
datacenter = "dc1"
regexp = "web.*"
use_as_module_input = false
}
module_input "services" {
names = ["web-api"]
datacenter = "dc2"
}
}
```
Using the condition block's `use_as_module_input` field, users can configure CTS to use the condition's object as module input for the [`catalog_services` input variable](/docs/nia/terraform-modules#catalog-services-variable). Users can refer to the configured module's documentation on how to set `use_as_module_input`.
See the [Catalog-Services Condition](/docs/nia/configuration#catalog-services-condition) configuration section for further details and additional configuration options.
### Consul KV Condition
Tasks with a consul-kv condition monitor and execute on Consul KV changes for KV pairs that satisfy the condition configuration. The consul-kv condition operates by monitoring the [Consul KV API](/api-docs/kv#read-key) and executing the task when a configured KV entry is created, deleted, or updated.
Based on the `recurse` option, the condition either monitors a single Consul KV pair for a given path or monitors all pairs that are prefixed by that path. In the example below, because `recurse` is set to true, the `path` option is treated as a prefix. Changes to an entry with the key `my-key` and an entry with the key `my-key/another-key` would both trigger the task. If `recurse` were set to false, then only changes to `my-key` would trigger the task.
```hcl
task {
name = "consul_kv_condition_task"
description = "execute on changes to Consul KV entry"
module = "path/to/consul-kv-module"
providers = ["my-provider"]
condition "consul-kv" {
path = "my-key"
recurse = true
datacenter = "dc1"
namespace = "default"
use_as_module_input = true
}
}
```
Using the condition block's `use_as_module_input` field, users can configure CTS to use the condition's object as module input for the [`consul_kv` input variable](/docs/nia/terraform-modules#consul-kv-variable). Users can refer to the configured module's documentation on how to set `use_as_module_input`.
See the [Consul-KV Condition](/docs/nia/configuration#consul-kv-condition) configuration section for more details and additional configuration options.
### Schedule Condition
All scheduled tasks must be configured with a schedule condition. The schedule condition sets the cadence to trigger a task with a [`cron`](/docs/nia/configuration#cron) configuration. The schedule condition block does not support parameters to configure module input. As a result, inputs must be configured separately. You can configure [`module_input` blocks](/docs/nia/configuration#module_input) to define the module inputs.
Below is an example configuration for a task that will execute every Monday, which is set by the schedule condition's [`cron`](/docs/nia/configuration#cron) configuration. The module input is defined by the `module_input` block. When the task is triggered on Monday, it will retrieve the latest information on "web" and "db" from Consul and provide this to the module's input variables.
```hcl
task {
name = "scheduled_task"
description = "execute every Monday using service information from web and db"
module = "path/to/module"
condition "schedule" {
cron = "* * * * Mon"
}
module_input "services" {
names = ["web", "db"]
}
}
```
Below are the available options for module input types and how to configure them:
- [Services module input](/docs/nia/terraform-modules/#services-module-input):
- [`task.services`](/docs/nia/configuration#services) field (deprecated)
- [`module_input "services"`](/docs/nia/configuration#services-configure-input) block
- Block was previously named `source_input "services"` (deprecated)
- [Consul KV module input](/docs/nia/terraform-modules/#consul-kv-module-input):
- [`module_input "consul-kv"`](/docs/nia/configuration#consul-kv-module-input)
- Block was previously named `source_input "consul-kv"` (deprecated)
#### Running Behavior
Scheduled tasks generally run on schedule, but they can be triggered on demand when running CTS in the following ways:
- [Long-running mode](/docs/nia/cli#long-running-mode): At the beginning of the long-running mode, CTS first passes through a once-mode phase in which all tasks are executed once. Scheduled tasks will trigger once during this once-mode phase. This behavior also applies to tasks that are not scheduled. After once-mode has completed, scheduled tasks subsequently trigger on schedule.
- [Inspect mode](/docs/nia/cli#inspect-mode): When running in inspect mode, the terminal will output a plan of proposed updates that would be made if the tasks were to trigger at that moment and then exit. No changes are applied in this mode. The outputted plan for a scheduled task is also the proposed updates that would be made if the task was triggered at that moment, even if off-schedule.
- [Once mode](/docs/nia/cli#once-mode): During the once mode, all tasks are only triggered one time. Scheduled tasks will execute during once mode even if not on the schedule.
- [Enable CLI](/docs/nia/cli/task#task-enable): When a task is enabled through the CLI, any type of task, including scheduled tasks, will be triggered at that time.
#### Buffer Period
Because scheduled tasks trigger on a configured cadence, buffer periods are disabled for scheduled tasks. Any configured `buffer_period` at the global level or task level will only apply to dynamic tasks and not scheduled ones.
#### Events
[Events](#event) are stored each time a task executes. For scheduled tasks, an event will be stored each time the task triggers on schedule regardless of if there was a change in Consul catalog.
## Task Automation
CTS will attempt to execute each enabled task once upon startup to synchronize infrastructure with the current state of Consul. The daemon will stop and exit if any error occurs while preparing the automation environment or executing a task for the first time. This helps ensure tasks have proper configuration and are executable before the daemon transitions into running tasks in full automation as service changes are discovered over time. As a result, it is not recommended to configure a task as disabled from the start. After all tasks have successfully executed once, task failures during automation will be logged and retried or attempted again after a subsequent change.
Tasks are executed near-real time when service changes are detected. For services or environments that are prone to flapping, it may be useful to configure a [buffer period](/docs/nia/configuration#buffer_period-1) for a task to accumulate changes before it is executed. The buffer period would reduce the number of consecutive network calls to infrastructure by batching changes for a task over a short duration of time.
## Status Information
Status-related information is collected and offered via [status API](/docs/nia/api#status) to provide visibility into what and how the tasks are running. Information is offered in three-levels (lowest to highest):
- Event data
- Task status
- Overall status
These three levels form a hierarchy where each level of data informs the one higher. The lowest-level, event data, is collected each time a task runs to update network infrastructure. This event data is then aggregated to inform individual task statuses. The count distribution of all the task statuses inform the overall status's task summary.
### Event
When a task is triggered, CTS takes a series of steps in order to update the network infrastructure. These steps consist of fetching the latest data from Consul for the task's module inputs and then updating the network infrastructure accordingly. An event captures information across this process. It stores information to help understand if the update to network infrastructure was successful or not and any errors that may have occurred.
A dynamic task will store an event when it is triggered by a change in Consul. A scheduled task will store an event when it is triggered on schedule, regardless if there is a change in Consul. A disabled task does not update network infrastructures, so it will not store events until until re-enabled.
Sample event:
```json
{
"id": "ef202675-502f-431f-b133-ed64d15b0e0e",
"success": false,
"start_time": "2020-11-24T12:05:18.651231-05:00",
"end_time": "2020-11-24T12:05:20.900115-05:00",
"task_name": "task_b",
"error": {
"message": "example error: error while doing terraform-apply"
},
...
}
```
For complete information on the event structure, see [events in our API documentation](/docs/nia/api#event). Event information can be retrieved by using the [`include=events` parameter](/docs/nia/api#include) with the [task status API](/docs/nia/api#task-status).
### Task Status
Each time a task runs to update network infrastructure, event data is stored for that run. 5 most recent events are stored for each task, and these stored events are used to determine task status. For example, if the most recent stored event is not successful but the others are, then the task's health status is "errored".
Sample task status:
```json
{
"task_name": "task_b",
"status": "errored",
"providers": ["null"],
"services": ["web"],
"events_url": "/v1/status/tasks/task_b?include=events"
}
```
Task status information can be retrieved with [task status API](/docs/nia/api#task-status). The API documentation includes details on what health statuses are available and how it is calculated based on events' success/failure information.
### Overall Status
Overall status returns a summary of the health statuses across all tasks. The summary is the count of tasks in each health status category.
Sample overall status:
```json
{
"task_summary": {
"successful": 28,
"errored": 5,
"critical": 1
}
}
```
Overall status information can be retrieved with [overall status API](/docs/nia/api#overall-status). The API documentation includes details on what health statuses are available and how it is calculated based on task statuses' health status information.