Nomad: Enable ability to send username/password for Basic Auth in service check stanza

Created on 28 Jul 2017  路  3Comments  路  Source: hashicorp/nomad

Nomad v0.6

Request for ability to pass username/password for Basic Auth in the service check stanza. As example, I have below where it checks the cluster endpoints for ElasticSearch:

      service {
        name = "escluster"
        tags = [
          "search",
          "cluster"
        ]
        port = "eshttp"
        check {
          name = "available"
          type = "tcp"
          interval = "10s"
          timeout = "2s"
        }
        check {
          name = "ready"
          type = "http"
          port = "eshttp"
          path = "/_cluster/health?wait_for_status=yellow"
          interval = "30s"
          timeout = "10s"
        }
      }

As cannot authenticate; will hit error below:

HTTP GET http://10.0.42.4:47553/_cluster/health?wait_for_status=yellow: 401 Unauthorized Output: {"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/_cluster/health?wait_for_status=yellow]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication token for REST request [/_cluster/health?wait_for_status=yellow]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}

Thanks for any possible guidance. Thanks!

themdiscovery typenhancement
Source
picture leowmjw

Most helpful comment

@leowmjw Ah sorry to confuse you! I was agreeing that we should add support. It isn't there currently. Hopefully in 0.6.1 or 0.6.2

picture dadgar on 1 Aug 2017
👍2 🎉1

All 3 comments

Looks like there is support in Consul as of late: https://github.com/hashicorp/consul/pull/3107

Should allow headers in Nomad as well.

dadgar picture dadgar on 28 Jul 2017

Thanks @dadgar. Unfortunately it seems header in check is not valid?

$ nomad run docker-cluster-elasticsearch.nomad 
Error getting job struct: Error parsing job file from docker-cluster-elasticsearch.nomad: error parsing 'job': 1 error(s) occurred:

* group: 'complex', task: 'elasticsearch', service: 'escluster', check -> invalid key: header

Config below:

        check {
          name = "ready"
          type = "http"
          port = "eshttp"
          path = "/_cluster/health?wait_for_status=yellow"
          header = "Authorization: Basic ZWxhc3RpYzpjaGFuZ2VtZQ=="
          interval = "30s"
          timeout = "10s"
        }

If you can provide some guidance on what needs to be done; I'll take a stab at doing a PR --> I'm a Golang noob :)

I see in the Consul docs, the example for header is like below:

...
"header": {"x-foo":["bar", "baz"]},
...

so does the resulting output will have to be as below; correct?

...
"header": {"Authorization":["Basic", "ZWxhc3RpYzpjaGFuZ2VtZQ=="]},
...
leowmjw picture leowmjw on 29 Jul 2017

@leowmjw Ah sorry to confuse you! I was agreeing that we should add support. It isn't there currently. Hopefully in 0.6.1 or 0.6.2

dadgar picture dadgar on 1 Aug 2017
👍2 🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

funkytaco picture funkytaco  路  3Comments
mancusogmu picture mancusogmu  路  3Comments
dvusboy picture dvusboy  路  3Comments
byronwolfman picture byronwolfman  路  3Comments
jrasell picture jrasell  路  3Comments