Allow jobs not requiring network resources with network fingerprinter disabled

[wjordan]

Jobs not requiring any network resources should be allowed even when the network fingerprinter is disabled.

My use-case: Nomad Client running on a host with thousands of virtual network interfaces where the network fingerprinter takes a long time (several minutes), and the job definitions aren't allocating any network resources. I would like to add network to the fingerprint.denylist option, but this makes the scheduler fail to place any job because the current NetworkChecker fails if the node doesn't have any network. Allowing jobs not requiring any network resources would let me disable the network fingerprinter while still placing jobs properly.

[tgross]

Hi @wjordan! This is a great idea -- I always love finding ways to do less work in the scheduler. I've left a suggestion about a way we could make this a bit more intentional in behavior.

Also, you can add a changelog file at .changelog/14300.txt similar to this one? Something like "scheduler: Allow jobs not...", etc. Thanks!

[tgross]

There's a network.mode = "none" that I would expect to be set in the scenario you've described. Rather than using nil ports as an implied "no network", it'd be better if we checked explicitly on that mode. That way we're not confusing potential misconfiguration for an intentional user instruction.

[wjordan]

@tgross I've updated the PR based on your suggestion to allow network.mode = "none" to not require network resources, please take another look.

[tgross]

LGTM, thanks @wjordan! We're in the release candidate window for Nomad 1.4.0 and this didn't get in, but I'll merge this once we've shipped GA (next week-ish).

Tested with the following job:

jobspec

job "example" {
  type        = "batch"
  datacenters = ["dc1"]

  parameterized {
    payload = "required"
  }

  group "group" {

    network {
      mode = "none"
    }

    task "task" {

      driver = "docker"

      config {
        image   = "busybox:1"
        command = "/bin/sh"
        args    = ["-c", "cat local/payload.txt; sleep 1"]
      }

      dispatch_payload {
        file = "payload.txt"
      }

      resources {
        cpu    = 64
        memory = 500
      }

    }
  }
}

And with the following in my client config:

client {
  options {
    fingerprint.denylist = "network"
  }
}

(Which I'm now realizing isn't available without the deprecated options block, so I really should not have removed that from the docs in #12416 and I should revert that.)

[tgross]

Hi @wjordan we had to push out a quick Nomad 1.4.1 but this has now been merged and will ship in the next regular patch release of Nomad. Thanks again!

[github-actions]

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.