Tim Gross
03433f35d4
client/template: configuration for function blacklist and sandboxing
...
When rendering a task template, the `plugin` function is no longer
permitted by default and will raise an error. An operator can opt-in
to permitting this function with the new `template.function_blacklist`
field in the client configuration.
When rendering a task template, path parameters for the `file`
function will be treated as relative to the task directory by
default. Relative paths or symlinks that point outside the task
directory will raise an error. An operator can opt-out of this
protection with the new `template.disable_file_sandbox` field in the
client configuration.
2019-08-12 16:34:48 -04:00
Danielle Lancashire
7e6c8e5ac1
Copy documentation to api/tasks
2019-08-12 16:22:27 +02:00
Danielle Lancashire
063e4240c1
client: Add parsing and registration of HostVolume configuration
2019-08-12 15:39:08 +02:00
Nick Ethier
7806f4c597
Revert "client: add autofetch for CNI plugins"
...
This reverts commit 0bd157cc3b04fb090dd0d54affcae71496102ce8.
2019-08-08 15:10:19 -04:00
Nick Ethier
af6b191963
client: add autofetch for CNI plugins
2019-07-31 01:04:09 -04:00
Nick Ethier
ef83f0831b
ar: plumb client config for networking into the network hook
2019-07-31 01:04:06 -04:00
Mahmood Ali
a9f81f2daa
client config flag to disable remote exec
...
This exposes a client flag to disable nomad remote exec support in
environments where access to tasks ought to be restricted.
I used `disable_remote_exec` client flag that defaults to allowing
remote exec. Opted for a client config that can be used to disable
remote exec globally, or to a subset of the cluster if necessary.
2019-06-03 15:31:39 -04:00
Michael Schurter
32daa7b47b
goimports until make check is happy
2019-01-23 06:27:14 -08:00
Michael Schurter
be0bab7c3f
move pluginutils -> helper/pluginutils
...
I wanted a different color bikeshed, so I get to paint it
2019-01-22 15:50:08 -08:00
Alex Dadgar
4bdccab550
goimports
2019-01-22 15:44:31 -08:00
Alex Dadgar
cdcd3c929c
loader and singleton
2019-01-22 15:11:57 -08:00
Preetha Appan
7bd1440710
REfactor statedb factory config to set it directly in client config
2019-01-12 10:38:20 -06:00
Alex Dadgar
4c57d2ec4d
Add plugin API versioning to plugin loader and plugins
2018-12-18 16:48:00 -08:00
Michael Schurter
f8cdd561f0
client: interpolate driver configurations
...
Also add missing SetDriverNetwork calls.
2018-11-15 16:25:57 -08:00
Michael Schurter
2bbd88888c
client: first pass at implementing task restoring
...
Task restoring works but dead tasks may be restarted
2018-11-05 12:32:05 -08:00
Nick Ethier
3fcf8ba7e6
Merge pull request #4795 from hashicorp/f-plugin-config
...
Pass client configuration to plugins through loader
2018-10-29 18:42:27 -07:00
Nick Ethier
bda3b1d3b3
rename NomadConfig to ClientAgentConfig
2018-10-29 21:34:34 -04:00
Nick Ethier
58b430edae
added driver specific client config struct to plugin configuration
2018-10-18 23:31:01 -04:00
Michael Schurter
21d78be961
tests: explicitly cleanup after clients
2018-10-17 10:06:59 -07:00
Nick Ethier
65adb80ebf
plumb NomadConfig into plugins
2018-10-16 22:47:22 -04:00
Michael Schurter
dd4227f84a
tests: make a test client/config easier to generate
...
Sadly can't move the fingerprint timeout tweak into the helper due to
circular imports.
2018-10-16 16:56:55 -07:00
Alex Dadgar
6f0ed6184b
Fix client reloading and pass the plugin loaders to server and client
2018-10-16 16:56:55 -07:00
Alex Dadgar
bac5cb1e8b
Scheduler uses allocated resources
2018-10-02 17:08:25 -07:00
Alex Dadgar
7739ef51ce
agent + consul
2018-09-13 10:43:40 -07:00
Chelsea Holland Komlo
38f611a7f2
refactor NewTLSConfiguration to pass in verifyIncoming/verifyOutgoing
...
add missing fields to TLS merge method
2018-05-23 18:35:30 -04:00
Mildred Ki'Lya
1017cbe8ab
Allow to specify total memory on agent configuration
...
Allow to set the total memory of an agent in its configuration file. This
can be used in case the automatic detection doesn't work or in specific
environments when memory overcommit (using swap for example) can be
desirable.
2018-03-27 15:46:18 -05:00
Josh Soref
18c5659474
spelling: version
2018-03-11 19:13:25 +00:00
Josh Soref
97dc9a00c0
spelling: default
2018-03-11 17:52:58 +00:00
Alex Dadgar
e03b074650
Plumb config
2018-02-15 13:59:01 -08:00
Chelsea Holland Komlo
649f86f094
refactor creating a new tls configuration
2018-01-16 08:02:39 -05:00
Chelsea Holland Komlo
214d128eb9
reload raft transport layer
...
fix up linting
2018-01-08 14:52:28 -05:00
Chelsea Holland Komlo
9741097406
reloading tls config should be atomic for clients/servers
2018-01-08 09:21:06 -05:00
Chelsea Komlo
2dfda33703
Nomad agent reload TLS configuration on SIGHUP ( #3479 )
...
* Allow server TLS configuration to be reloaded via SIGHUP
* dynamic tls reloading for nomad agents
* code cleanup and refactoring
* ensure keyloader is initialized, add comments
* allow downgrading from TLS
* initalize keyloader if necessary
* integration test for tls reload
* fix up test to assert success on reloaded TLS configuration
* failure in loading a new TLS config should remain at current
Reload only the config if agent is already using TLS
* reload agent configuration before specific server/client
lock keyloader before loading/caching a new certificate
* introduce a get-or-set method for keyloader
* fixups from code review
* fix up linting errors
* fixups from code review
* add lock for config updates; improve copy of tls config
* GetCertificate only reloads certificates dynamically for the server
* config updates/copies should be on agent
* improve http integration test
* simplify agent reloading storing a local copy of config
* reuse the same keyloader when reloading
* Test that server and client get reloaded but keep keyloader
* Keyloader exposes GetClientCertificate as well for outgoing connections
* Fix spelling
* correct changelog style
2017-11-14 17:53:23 -08:00
Alex Dadgar
701f462d33
remove atlas
2017-11-02 11:27:21 -07:00
Chelsea Holland Komlo
0175f80775
add metrics options to client config
2017-09-05 14:12:57 +00:00
Armon Dadgar
792f176a44
agent: thread ACL config to client
2017-09-04 13:04:45 -07:00
Alex Dadgar
d6187cd3e8
Fix tests
2017-08-16 16:26:52 -07:00
Alex Dadgar
1a86aecf55
Add version package
...
This PR adds a version package and consolidates version strings into a
Version struct.
2017-08-16 15:44:21 -07:00
Michael Schurter
e81252ba45
Default no_host_uuid to true instead of false
...
The host UUID isn't unique in many virtualized cases and of dubious
value even when it is univerally unique. Default to a random UUID.
2017-06-23 16:23:01 -07:00
Michael Schurter
49ce86ee0a
Lower default gc_max_allocs to 50
2017-05-12 15:57:27 -07:00
Michael Schurter
0453c2709c
Add new gc_max_allocs tuneable
...
More than gc_max_allocs may be running on a node, but terminal allocs
will be garbage collected to try to keep the total number below the
limit.
2017-05-11 17:18:02 -07:00
Alex Dadgar
a1a7941dec
Various fixes
...
This PR:
* Uses Go 1.8 executable lookup
* Stores any err message from stats init method
* Allows overriding of Cpu Compute for hosts where it can't be detected
2017-03-14 12:56:31 -07:00
Alex Dadgar
70e4feb045
Limit parallelism during garbage collection
...
This PR introduces a parallelism limit during garbage collection. This
is used to avoid large resource usage spikes if garbage collecting many
allocations at once.
2017-03-10 16:27:00 -08:00
Alex Dadgar
6910678c21
Allow random UUID
2017-02-27 13:42:37 -08:00
Alex Dadgar
b5d4f39734
Docker Image Coordinator
...
This PR introduces a coordinator for doing CRUD on a Docker image. It
should fix racy deletion of images. The issue before was images would be
deleted between prestart and start causing an error.
2017-02-24 13:20:40 -08:00
Diptanu Choudhury
11d7cb1230
Making the GC related fields tunable
2017-01-31 15:51:20 -08:00
Diptanu Choudhury
1999b7eebb
Merge pull request #2159 from hashicorp/b-consul-config
...
Fixed merging consul config
2017-01-18 16:14:54 -08:00
Diptanu Choudhury
e927de02d2
Moved functions to helper from structs
2017-01-18 15:55:14 -08:00
Diptanu Choudhury
b1d0078db5
Filter executor log messages
2017-01-12 11:54:19 -08:00
Michael Schurter
3ea09ba16a
Move chroot building into TaskRunner
...
* Refactor AllocDir to have a TaskDir struct per task.
* Drivers expose filesystem isolation preference
* Fix lxc mounting of `secrets/`
2017-01-05 16:31:49 -08:00
Michael Schurter
536c2921e9
Remove ServerName because we verify based on region
2016-11-01 14:17:31 -07:00
Diptanu Choudhury
84722234b4
Fixed a bunch of TLS related failures
2016-10-26 14:08:46 -07:00
Diptanu Choudhury
7c61e115bd
Moved tlsutil into helpers
2016-10-25 16:05:37 -07:00
Diptanu Choudhury
cf35aeac84
Moving the TLSConfig to structs
2016-10-25 15:57:38 -07:00
Diptanu Choudhury
eefc8db3b3
Enabling TLS on cli
2016-10-25 10:39:17 -07:00
Diptanu Choudhury
e03927bb5c
Changed the way TLS config is parsed
2016-10-24 13:56:19 -07:00
Diptanu Choudhury
2e3118e69c
Implemented TLS support for http and rpc
2016-10-23 22:22:00 -07:00
vishalnayak
6002e596c4
VaultClient for Nomad Client
2016-08-24 09:43:45 -04:00
Alex Dadgar
7d899b6c60
Pass Vault config to client
2016-08-17 16:23:29 -07:00
Diptanu Choudhury
9a75052d2c
Merge pull request #1518 from pubnub/feature/chroot-map-rebase
...
Add config field to specify chroot mapping for exec driver
2016-08-10 17:00:03 -07:00
Jay Oster
7df692226a
Add config field to specify chroot mapping for exec driver
...
- Same format as used by the internal chroot mapping
- Map: source_path -> dest_path
- Example HCL:
client {
chroot_env {
"/etc" = "/etc"
"/lib" = "/lib"
"/opt/projects/foo/bin" = "/usr/bin"
}
}
2016-08-03 17:17:17 -07:00
Diptanu Choudhury
41b540fbc8
Allow operators to opt into publishing node and alloc metrics
2016-08-01 19:52:20 -07:00
Sean Chittenden
d17af396ca
Create config.DefaultConsulConfig()
2016-06-16 20:41:05 -07:00
Sean Chittenden
6e22b680ce
Disambiguate auto_join
from auto_register
, rename reg to auto_advertise
.
...
Provide an option that describes the value to the user vs the
operation performed by the software. Momentarily introducing
`auto_join`
2016-06-14 12:11:38 -07:00
Alex Dadgar
fdda90229f
only support latest and remove ring buffer
2016-06-12 09:32:38 -07:00
Sean Chittenden
4b021b79b0
Bump the default Consul client timeout from 500ms to 5s.
...
Requsted by: @dadgar
2016-06-10 15:50:11 -04:00
Sean Chittenden
6fdf9135cb
Provide a default ConsulConfig for client/config.DefaultConfig()
...
Change the unit test to only test if the consul link exists, not the
value of the link. The old test was hostname specific and therefore
would always be different based on the environment running the tests.
2016-06-10 15:50:11 -04:00
Sean Chittenden
cb80e93a6b
Move client.DefaultConfig() to client/config.DefaultConfig()
...
Resolves an import cycle in testing and is more appropriate because
the default should reside next to its struct definition.
2016-06-10 15:50:11 -04:00
Sean Chittenden
d1442dc317
Reduce all forms of ConsulConfig down to a single struct
...
nomad/structs/config/consul.go's ConsulConfig is the canonical definition
for all things Consul now.
2016-06-10 15:50:11 -04:00
Sean Chittenden
73e173673e
Rename client/config/config's ConsulConfig to ConsulAgentConfig
...
A follow up commit to the previous rename. More to come.
2016-06-10 15:48:36 -04:00
Sean Chittenden
e97652bbfb
Rename consul.ConsulConfig to consul.AgentConfig
...
There were two `ConsulConfig` structs running around, one of them
needed to go away. Rely on the package's path to provide context
for the type of AgentConfig.
2016-06-10 15:48:36 -04:00
Diptanu Choudhury
c46400597e
Making the stats collection interval and number of data points to keep in memory configurable
2016-05-28 19:59:20 -07:00
Sean Chittenden
dc28ab0cb5
Speling police
2016-05-15 09:41:34 -07:00
Diptanu Choudhury
ecd995b283
Added some docs
2016-05-14 00:36:26 -07:00
Diptanu Choudhury
83fed62a0a
Implemented registering client and server services
2016-05-11 16:07:02 -07:00
Alex Dadgar
f43891a790
swap raw_exec and qemu in the blacklist
2016-03-25 12:43:50 -07:00
Alex Dadgar
45dfae8f6f
Operator specifiable blacklist for task's using certain users
2016-03-24 10:55:14 -07:00
Alex Dadgar
f3d09755c5
Pass environment variables from host to exec based tasks
2016-03-23 13:01:45 -07:00
Alex Dadgar
aefa4b9207
add nomad fingerprinter
2016-03-22 17:12:30 -07:00
Alex Dadgar
7d4c19ed99
reserve resources on the node
2016-03-13 19:05:41 -07:00
Diptanu Choudhury
e3d6c4a9dd
Adding version information to snapshots
2016-02-24 19:06:30 -08:00
Alex Dadgar
4d7ed4f164
Strip as much copystructure as possible
2016-02-10 17:54:43 -08:00
Alex Dadgar
0c4c3fc4ee
safe but slow
2016-02-10 13:44:53 -08:00
Diptanu Choudhury
21677468cf
Setting defaults for client max and min port
2016-02-08 13:29:53 -08:00
Diptanu Choudhury
fa45e0b8ca
Using net.IsLoopback to determine if ifc is a loopback device
2016-02-08 07:57:31 -08:00
Diptanu Choudhury
d2eeba213c
Reserving ports on windows
2016-02-05 15:17:15 -08:00
Alex Dadgar
ddf392c6be
User specifiable kill timeout and operator configurable max
2015-12-22 16:10:30 -08:00
max
953ed6ac76
Client config option "fingerprint.whitelist"
2015-11-24 16:18:49 +01:00
Chris Bednarski
e9bc0905d1
Add missing param and error in the missing case so default will work as expected
2015-11-16 19:55:08 -08:00
Chris Bednarski
bd4c6b371d
Added config reader for booleans
2015-11-16 19:30:37 -08:00
Alex Dadgar
4cc8588cb5
Merges
2015-10-02 17:32:11 -07:00
Antoine POPINEAU
36daef1625
Renamed all instances of Iface
to NetworkInterface
.
2015-10-02 09:29:18 +02:00
Antoine POPINEAU
70d34da1bc
Client config param added to specify net iface to use for fingerprinting. Added a Golang-native method for determining the interface IP address.
2015-10-01 17:31:47 +02:00
Chris Bednarski
7070b80167
Added test for config.Read and config.ReadDefault
2015-08-31 20:11:01 -07:00
Chris Bednarski
2e5a080354
Delete unused NewConfig function
2015-08-31 20:01:04 -07:00
Chris Bednarski
ecfeba3ce6
Added ReadDefault for supreme laziness
2015-08-31 19:54:49 -07:00
Chris Bednarski
1936932406
Added Config.Options so we can support arbitrary key-value configuration
2015-08-31 19:48:59 -07:00
Chris Bednarski
98331bbf87
We need a new package for this or we get a circular import between client and client/fingerprint
2015-08-25 16:13:33 -07:00