Can not plan job: Call to function "file" failed: no file exists at

[EugenKon]

Nomad version

Output from nomad version

Operating system and Environment details

Nomad v1.8.0
BuildDate 2024-05-28T17:38:17Z
Revision 28b82e4b2259fae5a62e2ed47395334bea5a24c4

Issue

I have 'prestart' task which generates the file with secrets and then this file should be reread for the main task. But Nomad issues error during plan

Reproduction steps

nomad job plan postgres.hcl
Error getting job struct: Error parsing job file from postgres.hcl:
postgres.hcl:101,23-28: Error in function call; Call to function "file" failed: no file exists at $NOMAD_ALLOC_DIR/secrets/secrets.env.
postgres.hcl:101,23-28: Unsuitable value type; Unsuitable value: value must be known

Expected Result

If file is dynamically generated it should not be checked to exists during "plan" phase.

Actual Result

File existence is checked too early.

Job file (if appropriate)

Job file

job "postgres" {
  region = "xxx"
  datacenters = ["dc"]
  type = "service"

  group "postgres-db" {
    count = 1

    network {
      port "postgres-db" {
        static = 5432
        to     = 5432
      }
    }

    task "gen-password" {
      driver = "exec"

      config {
        command = "/bin/bash"
        args    = ["local/script.sh"]
      }

      template {
        destination = "local/script.sh"
        data        = <<-EOH
          set -ex

          pwd -P

          if [[ -z "$(ls -A "$NOMAD_ALLOC_DIR/postgres")" ]]; then INITIAL_PASSWORD="${uuidv4()}"; fi;
          echo $INITIAL_PASSWORD > $NOMAD_ALLOC_DIR/initial_password;

          echo "TEST" > $NOMAD_ALLOC_DIR/secrets/secrets.env;

          cat $NOMAD_ALLOC_DIR/initial_password
        EOH
      }
    }

    task "postgres-task" {
      driver = "docker"

      config {
        force_pull = false
        image = "postgres"
        ports = ["postgres-db"]
      }

      template {
        env         = true
        destination = "secrets/file.env"        
        data        = file("$NOMAD_ALLOC_DIR/secrets/secrets.env")
      }

      service {
        name = "postgres"
        port = "postgres-db"
        tags = [ "postgres", "nomad-alloc-id=${NOMAD_ALLOC_ID}" ]

        provider = "consul"
      }
    }
  }
}

It would be nice to have a good way to pass results from the "prestart" task to the "main" task.

[tgross]

Hi @EugenKon! The documentation for the HCL2 file function says:

Functions are evaluated by the CLI during configuration parsing rather than job run time, so this function can only be used with files that are already present on disk on operator host.

The parsing context for HCL2 is further described here: https://developer.hashicorp.com/nomad/docs/job-specification/hcl2#hcl-parsing-context.

So in other words, you're trying to read a file named $NOMAD_ALLOC_DIR/secrets/secrets.env (literally, without shell interpolation) in your own terminal. It doesn't exist there.