kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-03 17:05:43 +03:00
Code Issues Packages Projects Releases Wiki Activity
13,398 Commits 1 Branch 0 Tags
5f124c7ce3dbfb2aaa270dbbc2fa59ca60ebcfcc
Commit Graph

120 Commits

Author SHA1 Message Date
Michael Schurter
2a90a336cd boltdd: return error on use-after-Close 
Return the same error as boltdb instead of panic'ing.
 2018-11-15 14:15:37 -08:00
Mahmood Ali
abd2451d52 address review comments 2018-10-30 13:58:52 -04:00
Mahmood Ali
e9fa36f9ef Allow artifacts checksum interpolation 
Fixes https://github.com/hashicorp/nomad/issues/4814
 2018-10-30 13:24:30 -04:00
Michael Schurter
d71e7666bd ar: fix leader handling, state restoring, and destroying unrun ARs 
* Migrated all of the old leader task tests and got them passing
* Refactor and consolidate task killing code in AR to always kill leader
  tasks first
* Fixed lots of issues with state restoring
* Fixed deadlock in AR.Destroy if AR.Run had never been called
* Added a new in memory statedb for testing
 2018-10-19 09:45:45 -07:00
Nick Ethier
391005706f fix package references after drivers/base subpackage removed 2018-10-16 16:53:31 -07:00
Nick Ethier
c9f0d2e0b4 driver/raw_exec: port existing raw_exec tests and add some testing utilities 2018-10-16 16:53:31 -07:00
Michael Schurter
de5426124b lots of comment/log fixes 2018-10-16 16:53:30 -07:00
Michael Schurter
c0d1b63b75 wrap boltdb in a write deduplicator 
Saves a tiny bit of cpu and some IO. Sadly doesn't prevent all IO on
duplicate writes as the transactions are still created and committed.

$ go test -bench=. -benchmem
goos: linux
goarch: amd64
pkg: github.com/hashicorp/nomad/helper/boltdd
BenchmarkWriteDeduplication_On-4             500           4059591 ns/op           23736 B/op         56 allocs/op
BenchmarkWriteDeduplication_Off-4            300           4115319 ns/op           25942 B/op         55 allocs/op
 2018-10-16 16:53:30 -07:00
Michael Schurter
4107afdbf6 reimplement success state for tr hooks and state persistence 
splits apart local and remote persistence

removes some locking *for now*
 2018-10-16 16:53:29 -07:00
Alex Dadgar
929eb5570a New parser and comparison 2018-10-12 15:25:34 -07:00
oleksii.shyman
63f4fbf273 Introduce nvidia-plugin fingerprinting 
- created go-nvml wrapper for fingerprinting
  - added fingerprinting feature to nvidia-plugin
 2018-10-03 15:11:56 -07:00
Alex Dadgar
58c889aa94 yamux 2018-09-17 14:22:40 -07:00
Alex Dadgar
40d095fd1a agent + consul 2018-09-13 10:43:40 -07:00
Michael Schurter
556adad26a config: accept CA PEM files with extra whitespace 
Previously we did a validation pass over CA PEM files before calling
Go's CertPool.AppendCertsFromPEM to provide more detailed error messages
than the stdlib provides.

Unfortunately our validation was overly strict and rejected valid CA
files. This is actually the reason the stdlib PEM parser doesn't return
meaningful errors: PEM files are extremely permissive and it's difficult
to tell the difference between invalid data and valid metadata.

This PR removes our custom validation as it would reject valid data and
the extra error messages were not useful in diagnosing the error
encountered.
 2018-09-06 11:38:56 -07:00
Michael Schurter
c55d166712 client: set host name when migrating over tls 
Not setting the host name led the Go HTTP client to expect a certificate
with a DNS-resolvable name. Since Nomad uses `${role}.${region}.nomad`
names ephemeral dir migrations were broken when TLS was enabled.

Added an e2e test to ensure this doesn't break again as it's very
difficult to test and the TLS configuration is very easy to get wrong.
 2018-09-05 17:24:17 -07:00
Alex Dadgar
da0bec03c1 Fix make check errors 2018-09-04 16:03:52 -07:00
Chelsea Holland Komlo
067eef565a add signature algorithm to error message 2018-08-13 16:21:18 -04:00
Chelsea Holland Komlo
eb3cead2bc rename signature algorithm type per code review feedback 2018-08-13 16:11:49 -04:00
Chelsea Holland Komlo
011eced69d extract functionality for determining signature algorithm per code review feedback 2018-08-13 16:08:23 -04:00
Chelsea Holland Komlo
4f1d40926e change string repr of signature algorithms to constants 2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
4fe562ca8c remove redundant nil check 2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
5bb7d9d570 add default case for empty TLS structs 2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
1a1effd2aa add comments 2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
febf24e71f type safety for string keys 2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
781b9c640d add simple getter for certificate 2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
92fc1ce470 refactor to use golang built in api for certs 2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
bc01b401fc add functionality to check if signature algorithm is supported in cipher suites 2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
bfaf4dcb2b change function signature to take entire tls config object 2018-08-10 12:37:21 -04:00
Nick Ethier
2c311f4321 vendor: remove unused github.com/kardianos/osext 2018-07-05 11:04:12 -04:00
Charlie Voiselle
b2fe392cfb Extend timeout based on user feedback 
Closes https://github.com/hashicorp/nomad/issues/4439.
 2018-06-21 15:27:56 -04:00
Chelsea Holland Komlo
2cc252baa7 fixup! more specific test assertion 2018-06-13 09:58:40 -04:00
Chelsea Holland Komlo
cd8de515cc add tests and improve should reload logic 2018-06-08 15:10:10 -04:00
Chelsea Holland Komlo
ce9e93514c move logic to determine whether to reload tls configuration to tlsutil helper 2018-06-08 14:33:58 -04:00
Chelsea Holland Komlo
9943b9bafe enable more tls 1.2 ciphers 2018-06-07 17:49:57 -04:00
Alex Dadgar
ec95677a4d Add test and docs 2018-05-31 18:05:03 -07:00
Alex Dadgar
f547535292 Merge branch 'master' into f-tls-parse-certs 2018-05-30 17:25:50 +00:00
Chelsea Holland Komlo
36fc53c057 fixup! clearify docs and group similar TLS fields 2018-05-29 21:30:49 -04:00
Chelsea Holland Komlo
8e2da4e048 refactor to remove duplication 2018-05-29 18:47:25 -04:00
Chelsea Holland Komlo
5ae88d9f0c handle parsing multiple certificates in a pem file 2018-05-29 18:25:43 -04:00
Chelsea Holland Komlo
a8ff38f790 remove unnecessary type conversation 2018-05-29 17:07:38 -04:00
Chelsea Holland Komlo
d4152c77ea parse CA certificate to catch more specific errors 2018-05-25 18:14:32 -04:00
Chelsea Holland Komlo
25896ddf3c add support for tls PreferServerCipherSuites 
add further tests for tls configuration
 2018-05-25 13:20:00 -04:00
Chelsea Holland Komlo
6733d768f0 refactor NewTLSConfiguration to pass in verifyIncoming/verifyOutgoing 
add missing fields to TLS merge method
 2018-05-23 18:35:30 -04:00
Chelsea Komlo
31c21988b8 Merge pull request #4269 from hashicorp/f-tls-remove-weak-standards 
Configurable TLS cipher suites and versions; disallow weak ciphers
 2018-05-11 08:11:46 -04:00
Charlie Voiselle
41b71b6138 Added deferred cancel to prevent context leaks 2018-05-10 18:52:54 -04:00
Chelsea Holland Komlo
509180ee00 add support for configurable TLS minimum version 2018-05-09 18:07:12 -04:00
Chelsea Holland Komlo
0f46208cc1 allow configurable cipher suites 
disallow 3DES and RC4 ciphers

add documentation for tls_cipher_suites
 2018-05-09 17:15:31 -04:00
Charlie Voiselle
43765af758 Merge branch 'master' into b-extend-win-cpu-fingerprint-timeout 2018-05-09 16:23:14 -04:00
Charlie Voiselle
2220b12446 Addressed review comments 2018-05-09 13:21:35 -04:00
Charlie Voiselle
db19b177ad Override 3 sec. WMI timeout in gopsutil 
The default timeout is too short for some overburdened or resource
constrained machines to complete the WMI query before the context
deadline expires.  This causes them to be unable to fingerprint the CPU
properly.
 2018-05-08 17:00:31 -04:00