nomad icon indicating copy to clipboard operation
nomad copied to clipboard
verified publisher icon hashicorp

Allow Agent Reload with API - /v1/agent/reload

Open benjamin-lykins opened this issue 3 months ago • 3 comments

Description

Provide an API endpoint to reload agent config without elevated permissions on the infrastructure running Nomad.

  • Provides ability to reload config remotely.
  • Leverage Nomad Token + ACL to reload.

Testing

Reloading log level without ACL

curl -k  -X PUT \
  https://localhost:4646/v1/agent/reload
{"message":"agent configuration reloaded"}

Attempting without token (ACL Enabled):

curl -k  -X PUT \  
https://localhost:4646/v1/agent/reload
Permission denied

Attempting with token (ACL Enabled; Agent = Write):

curl -k -X PUT \                                                    
  --header "X-Nomad-Token: 79d77f6a-e168-3bbb-8fa7-e668b2b09346" \
  https://localhost:4646/v1/agent/reload 
{"message":"agent configuration reloaded"}

Attempting with token (ACL Enabled; Agent = Read):

curl -k -X PUT \
  --header "X-Nomad-Token: 2cde0074-d0ac-53e1-a6dc-3f416a8e1737" \
  https://localhost:4646/v1/agent/reload
Permission denied

Invalid Config File:

curl -k -X PUT \
  --header "X-Nomad-Token: 79d77f6a-e168-3bbb-8fa7-e668b2b09346" \
  https://localhost:4646/v1/agent/reload
Error loading /Users/benjamin.lykins/git/nomad/nomad/bin/config/general.hcl: failed to decode HCL file /Users/benjamin.lykins/git/nomad/nomad/bin/config/general.hcl: At 3:16: literal not terminated

Links

Fixes: #24048

Contributor Checklist

  • [ ] Changelog Entry If this PR changes user-facing behavior, please generate and add a changelog entry using the make cl command.
  • [X] Testing Please add tests to cover any new functionality or to demonstrate bug fixes and ensure regressions will be caught.
  • [ ] Documentation If the change impacts user-facing functionality such as the CLI, API, UI, and job configuration, please update the Nomad website documentation to reflect this. Refer to the website README for docs guidelines. Please also consider whether the change requires notes within the upgrade guide.

Reviewer Checklist

  • [ ] Backport Labels Please add the correct backport labels as described by the internal backporting document.
  • [ ] Commit Type Ensure the correct merge method is selected which should be "squash and merge" in the majority of situations. The main exceptions are long-lived feature branches or merges where history should be preserved.
  • [ ] Enterprise PRs If this is an enterprise only PR, please add any required changelog entry within the public repository.
  • [ ] If a change needs to be reverted, we will roll out an update to the code within 7 days.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

benjamin-lykins avatar Nov 14 '25 19:11 benjamin-lykins