luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity

Merge pull request #488 from max0d41/patch-1

Browse source 
Disable AWS and GCE fingerprinting via environment variables
This commit is contained in:
Alex Dadgar 2015-11-24 11:06:03 -08:00
parent dc4a7e428a 953ed6ac76
commit 1c20d56b4c
4 changed files with 62 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
client/client.go
View file

@ -8,7 +8,6 @@ import (
"os" "os"
"path/filepath" "path/filepath"
"strconv" "strconv"
"strings"
"sync" "sync"
"time" "time"
@ -453,8 +452,17 @@ func (c *Client) setupNode() error {
// fingerprint is used to fingerprint the client and setup the node // fingerprint is used to fingerprint the client and setup the node
func (c *Client) fingerprint() error { func (c *Client) fingerprint() error {
whitelist := c.config.ReadStringListToMap("fingerprint.whitelist")
whitelistEnabled := len(whitelist) > 0
var applied []string var applied []string
var skipped []string
for _, name := range fingerprint.BuiltinFingerprints { for _, name := range fingerprint.BuiltinFingerprints {
// Skip modules that are not in the whitelist if it is enabled.
if _, ok := whitelist[name]; whitelistEnabled && !ok {
skipped = append(skipped, name)
continue
}
f, err := fingerprint.NewFingerprint(name, c.logger) f, err := fingerprint.NewFingerprint(name, c.logger)
if err != nil { if err != nil {
return err return err
@ -475,6 +483,9 @@ func (c *Client) fingerprint() error {
} }
} }
c.logger.Printf("[DEBUG] client: applied fingerprints %v", applied) c.logger.Printf("[DEBUG] client: applied fingerprints %v", applied)
if len(skipped) != 0 {
c.logger.Printf("[DEBUG] client: fingerprint modules skipped due to whitelist: %v", skipped)
}
return nil return nil
} }
@ -496,14 +507,7 @@ func (c *Client) fingerprintPeriodic(name string, f fingerprint.Fingerprint, d t
// setupDrivers is used to find the available drivers // setupDrivers is used to find the available drivers
func (c *Client) setupDrivers() error { func (c *Client) setupDrivers() error {
// Build the whitelist of drivers. // Build the whitelist of drivers.
userWhitelist := strings.TrimSpace(c.config.ReadDefault("driver.whitelist", "")) whitelist := c.config.ReadStringListToMap("driver.whitelist")
whitelist := make(map[string]struct{})
if userWhitelist != "" {
for _, driver := range strings.Split(userWhitelist, ",") {
trimmed := strings.TrimSpace(driver)
whitelist[trimmed] = struct{}{}
}
}
whitelistEnabled := len(whitelist) > 0 whitelistEnabled := len(whitelist) > 0
var avail []string var avail []string

27
client/client_test.go
View file

@ -140,6 +140,33 @@ func TestClient_Fingerprint(t *testing.T) {
} }
} }
func TestClient_Fingerprint_InWhitelist(t *testing.T) {
ctestutil.ExecCompatible(t)
c := testClient(t, func(c *config.Config) {
// Weird spacing to test trimming. Whitelist all modules expect cpu.
c.Options["fingerprint.whitelist"] = " arch, consul,env_aws,env_gce,host,memory,network,storage,foo,bar "
})
defer c.Shutdown()
node := c.Node()
if node.Attributes["cpu.frequency"] == "" {
t.Fatalf("missing cpu fingerprint module")
}
}
func TestClient_Fingerprint_OutOfWhitelist(t *testing.T) {
ctestutil.ExecCompatible(t)
c := testClient(t, func(c *config.Config) {
c.Options["fingerprint.whitelist"] = "arch,consul,cpu,env_aws,env_gce,host,memory,network,storage,foo,bar"
})
defer c.Shutdown()
node := c.Node()
if node.Attributes["cpu.frequency"] != "" {
t.Fatalf("found cpu fingerprint module")
}
}
func TestClient_Drivers(t *testing.T) { func TestClient_Drivers(t *testing.T) {
ctestutil.ExecCompatible(t) ctestutil.ExecCompatible(t)
c := testClient(t, nil) c := testClient(t, nil)

15
client/config/config.go
View file

@ -4,6 +4,7 @@ import (
"fmt" "fmt"
"io" "io"
"strconv" "strconv"
"strings"
"github.com/hashicorp/nomad/nomad/structs" "github.com/hashicorp/nomad/nomad/structs"
) )
@ -98,3 +99,17 @@ func (c *Config) ReadBoolDefault(id string, defaultValue bool) bool {
} }
return val return val
} }
// ReadStringListToMap tries to parse the specified option as a comma seperated list.
// If there is an error in parsing, an empty list is returned.
func (c *Config) ReadStringListToMap(key string) map[string]struct{} {
s := strings.TrimSpace(c.Read(key))
list := make(map[string]struct{})
if s != "" {
for _, e := range strings.Split(s, ",") {
trimmed := strings.TrimSpace(e)
list[trimmed] = struct{}{}
}
}
return list
}

7
website/source/docs/agent/config.html.md
View file

@ -236,6 +236,13 @@ documentation [here](/docs/drivers/index.html)
If the whitelist is empty, all drivers are fingerprinted and enabled where If the whitelist is empty, all drivers are fingerprinted and enabled where
applicable. applicable.
* `fingerprint.whitelist`: A comma seperated list of whitelisted modules (e.g.
"arch,consul,cpu,host,memory,network,storage" to enabled all current
implemented modules expect AWS and GCE). If specified, fingerprinting modules
not in the whitelist will be disabled.
If the whitelist is empty, all modules are fingerprinted and enabled where
applicable.
## Atlas Options ## Atlas Options
**NOTE**: Nomad integration with Atlas is awaiting release of Atlas features **NOTE**: Nomad integration with Atlas is awaiting release of Atlas features