oleksii.shyman
b4a4b395e3
Introduce nvidia-plugin fingerprinting
...
- created go-nvml wrapper for fingerprinting
- added fingerprinting feature to nvidia-plugin
2018-10-03 15:11:56 -07:00
Alex Dadgar
9971b3393f
yamux
2018-09-17 14:22:40 -07:00
Alex Dadgar
7739ef51ce
agent + consul
2018-09-13 10:43:40 -07:00
Michael Schurter
401ed92847
config: accept CA PEM files with extra whitespace
...
Previously we did a validation pass over CA PEM files before calling
Go's CertPool.AppendCertsFromPEM to provide more detailed error messages
than the stdlib provides.
Unfortunately our validation was overly strict and rejected valid CA
files. This is actually the reason the stdlib PEM parser doesn't return
meaningful errors: PEM files are extremely permissive and it's difficult
to tell the difference between invalid data and valid metadata.
This PR removes our custom validation as it would reject valid data and
the extra error messages were not useful in diagnosing the error
encountered.
2018-09-06 11:38:56 -07:00
Michael Schurter
6def5bc4f9
client: set host name when migrating over tls
...
Not setting the host name led the Go HTTP client to expect a certificate
with a DNS-resolvable name. Since Nomad uses `${role}.${region}.nomad`
names ephemeral dir migrations were broken when TLS was enabled.
Added an e2e test to ensure this doesn't break again as it's very
difficult to test and the TLS configuration is very easy to get wrong.
2018-09-05 17:24:17 -07:00
Alex Dadgar
c6576ddac1
Fix make check errors
2018-09-04 16:03:52 -07:00
Chelsea Holland Komlo
f5e631886f
add signature algorithm to error message
2018-08-13 16:21:18 -04:00
Chelsea Holland Komlo
ed21481ca1
rename signature algorithm type per code review feedback
2018-08-13 16:11:49 -04:00
Chelsea Holland Komlo
16ffb2e412
extract functionality for determining signature algorithm per code review feedback
2018-08-13 16:08:23 -04:00
Chelsea Holland Komlo
91edec5bf4
change string repr of signature algorithms to constants
2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
4b228b1919
remove redundant nil check
2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
3f1d54f628
add default case for empty TLS structs
2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
4755a65978
add comments
2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
86103d41d4
type safety for string keys
2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
31d6d00381
add simple getter for certificate
2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
568564f63f
refactor to use golang built in api for certs
2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
bb6c30ee3c
add functionality to check if signature algorithm is supported in cipher suites
2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
b92098fd08
change function signature to take entire tls config object
2018-08-10 12:37:21 -04:00
Nick Ethier
a3be46b5ee
vendor: remove unused github.com/kardianos/osext
2018-07-05 11:04:12 -04:00
Charlie Voiselle
1560d0b893
Extend timeout based on user feedback
...
Closes https://github.com/hashicorp/nomad/issues/4439 .
2018-06-21 15:27:56 -04:00
Chelsea Holland Komlo
da712f4f47
fixup! more specific test assertion
2018-06-13 09:58:40 -04:00
Chelsea Holland Komlo
dca7235ca5
add tests and improve should reload logic
2018-06-08 15:10:10 -04:00
Chelsea Holland Komlo
de03ce8070
move logic to determine whether to reload tls configuration to tlsutil helper
2018-06-08 14:33:58 -04:00
Chelsea Holland Komlo
914d2257ef
enable more tls 1.2 ciphers
2018-06-07 17:49:57 -04:00
Alex Dadgar
de98774f2c
Add test and docs
2018-05-31 18:05:03 -07:00
Alex Dadgar
446fc64850
Merge branch 'master' into f-tls-parse-certs
2018-05-30 17:25:50 +00:00
Chelsea Holland Komlo
3edf309096
fixup! clearify docs and group similar TLS fields
2018-05-29 21:30:49 -04:00
Chelsea Holland Komlo
498b57036d
refactor to remove duplication
2018-05-29 18:47:25 -04:00
Chelsea Holland Komlo
1dc14d8e0d
handle parsing multiple certificates in a pem file
2018-05-29 18:25:43 -04:00
Chelsea Holland Komlo
9156556555
remove unnecessary type conversation
2018-05-29 17:07:38 -04:00
Chelsea Holland Komlo
521f8d3fb4
parse CA certificate to catch more specific errors
2018-05-25 18:14:32 -04:00
Chelsea Holland Komlo
19e4a5489b
add support for tls PreferServerCipherSuites
...
add further tests for tls configuration
2018-05-25 13:20:00 -04:00
Chelsea Holland Komlo
38f611a7f2
refactor NewTLSConfiguration to pass in verifyIncoming/verifyOutgoing
...
add missing fields to TLS merge method
2018-05-23 18:35:30 -04:00
Chelsea Komlo
687c26093c
Merge pull request #4269 from hashicorp/f-tls-remove-weak-standards
...
Configurable TLS cipher suites and versions; disallow weak ciphers
2018-05-11 08:11:46 -04:00
Charlie Voiselle
fd952eefbc
Added deferred cancel to prevent context leaks
2018-05-10 18:52:54 -04:00
Chelsea Holland Komlo
44f536f18e
add support for configurable TLS minimum version
2018-05-09 18:07:12 -04:00
Chelsea Holland Komlo
796bae6f1b
allow configurable cipher suites
...
disallow 3DES and RC4 ciphers
add documentation for tls_cipher_suites
2018-05-09 17:15:31 -04:00
Charlie Voiselle
6e58e1ff4b
Merge branch 'master' into b-extend-win-cpu-fingerprint-timeout
2018-05-09 16:23:14 -04:00
Charlie Voiselle
62f99cc629
Addressed review comments
2018-05-09 13:21:35 -04:00
Charlie Voiselle
d64b02f07d
Override 3 sec. WMI timeout in gopsutil
...
The default timeout is too short for some overburdened or resource
constrained machines to complete the WMI query before the context
deadline expires. This causes them to be unable to fingerprint the CPU
properly.
2018-05-08 17:00:31 -04:00
Charlie Voiselle
893b01158c
Fix the CPU Information error message
...
The new version of gopsutil introduces a 3 second timeout that could come up as an error here; however, we are outputting the wrong variable and eating the error.
2018-05-08 14:11:29 -04:00
Seth Vargo
df4fe7e76c
Set user-agent when talking to GCE metadata
2018-04-10 10:36:46 -04:00
Michael Schurter
187716944f
testlog: override testlogger with envvar
2018-03-21 16:49:48 -07:00
Josh Soref
0790a58fb7
spelling: unknown
2018-03-11 19:07:31 +00:00
Alex Dadgar
f9cf642436
Client tls
2018-02-15 15:22:57 -08:00
Alex Dadgar
aa98f8ba7b
Enhance API pkg to utilize Server's Client Tunnel
...
This PR enhances the API package by having client only RPCs route
through the server when they are low cost and for filesystem access to
first attempt a direct connection to the node and then falling back to
a server routed request.
2018-02-15 13:59:03 -08:00
Alex Dadgar
2c0ad26374
New RPC Modes and basic setup for streaming RPC handlers
2018-02-15 13:59:01 -08:00
Alex Dadgar
6dd1c9f49d
Refactor
2018-02-15 13:59:00 -08:00
Alex Dadgar
940a2df8a1
Pull inmem codec to helper
2018-02-15 13:59:00 -08:00
Chelsea Komlo
d09cc2a69f
Merge pull request #3492 from hashicorp/f-client-tls-reload
...
Client/Server TLS dynamic reload
2018-01-23 05:51:32 -05:00