Commit graph

23100 commits

Author SHA1 Message Date
Radek Simko 498819f1a8
docs/docker: fix broken link to bridge mode (#13221) 2022-06-06 09:59:36 -04:00
Radek Simko 14227b8297
docs: link to client reqs section for added clarity (#13215) 2022-06-06 09:56:29 -04:00
Karan Sharma 9426be01fc
feat: Warn if bootstrap_expect is even number (#12961) 2022-06-06 15:22:59 +02:00
Lance Haig 4bf27d743d
Allow Operator Generated bootstrap token (#12520) 2022-06-03 07:37:24 -04:00
Luiz Aoqui 50f890a2da
update README Nomad logo (#13206) 2022-06-02 19:21:26 -04:00
Huan Wang 7d15157635
adding support for customized ingress tls (#13184) 2022-06-02 18:43:58 -04:00
Seth Hoenig 45e8748658
Merge pull request #13205 from hashicorp/b-batch-preempt2
core: reschedule evicted batch job when resources become available
2022-06-02 16:32:01 -05:00
Shantanu Gadgil 6cb8c95534
fingerprint kernel architecture name (#13182) 2022-06-02 15:51:00 -04:00
Seth Hoenig 0692190e12 core: reschedule evicted batch job when resources become available
This PR fixes a bug where an evicted batch job would not be rescheduled
once resources become available.

Closes #9890
2022-06-02 14:04:13 -05:00
Seth Hoenig 0399b7e4c5
Merge pull request #12951 from jorgemarey/f-srv-tagged-addresses
Allow setting tagged addresses on services
2022-06-01 10:51:49 -05:00
Tim Gross 141823da58
website: set dependabot assignees (#12969)
The website build code has been moved out to another repository, so
what's remaining here is local development tooling. Assign these PRs to
the web platform team, but also cut down on the noise we're sending
their way.
2022-06-01 11:40:32 -04:00
Seth Hoenig 189176f052 consul: avoid reflection in comparing service map types 2022-06-01 10:22:00 -05:00
Tim Gross 6873670dd6
refactor index threshold calculation for core GC jobs (#13196)
Almost all GC jobs check the index of the objects being GC'd to see if
they're older than a configured threshold. This code was repeated six
times in `CoreScheduler` with only logging changes, so it seems safe
to extract it as its own method.
2022-06-01 11:12:20 -04:00
Seth Hoenig a26f4578b1
Merge pull request #13194 from hashicorp/update-golangci-lint
build: update golangci-lint to v1.46.2
2022-06-01 08:12:44 -05:00
Jason Paul Deland a6ddee8743
demo/terraform: fix nvidia drivers installation 2022-05-31 20:17:55 -04:00
Seth Hoenig 2b184ef27f
Merge pull request #13193 from hashicorp/build-exclude-go-work-sum
build: git ignore go.work.sum files
2022-05-31 19:03:40 -05:00
Seth Hoenig f2af88b6ae build: git ignore go.work.sum files 2022-05-31 18:37:49 -05:00
Seth Hoenig dca954faac build: update golangci-lint to v1.46.2
This version of golangci-lint improves support for generics, but also
is more strict in copy vs. loop for slice copying.
2022-05-31 23:32:01 +00:00
Anthony d5e084b297
docs: added note about vault -period flag (#13185) 2022-05-31 14:26:03 -07:00
Seth Hoenig 54efec5dfe docs: add docs and tests for tagged_addresses 2022-05-31 13:02:48 -05:00
pabloyoyoista d0ff73ddbe
docs: add podman ulimit option (#13180) 2022-05-31 11:16:46 -04:00
Jorge Marey f966614602 Allow setting tagged addresses on services 2022-05-31 10:06:55 -05:00
James Rasell 59a4a19a4f
docs: add allocation and job services API endpoint docs. (#13174) 2022-05-30 16:15:09 +02:00
Waquid Valiya Peedikakkal c06edaacc8
docs: add nomad-pipeline to community tools page (#13172) 2022-05-30 09:05:38 +02:00
Luiz Aoqui bb7b44a9ae
docs: add wander to the community tools page (#13165) 2022-05-27 11:53:01 -04:00
Toyam Cox 06b934ccf6
docs: make the example for 'load' work (#13102) 2022-05-27 08:48:58 -04:00
James Rasell 84aabe8963
cli: fix minor formatting issue with alloc restart help. (#13135) 2022-05-27 13:18:47 +02:00
Seth Hoenig c2ba1e2e29
Merge pull request #13125 from hashicorp/b-connect-upstream-namespace
connect: enable setting connect upstream destination namespace
2022-05-26 10:29:11 -05:00
Seth Hoenig 4631045d83 connect: enable setting connect upstream destination namespace 2022-05-26 09:39:36 -05:00
Amier Chery 05274c9c9f
Merge pull request #13083 from josegonzalez/patch-1
Update service.check.task definition to match code
2022-05-26 10:38:49 -04:00
Seth Hoenig 9e476c75b8
Merge pull request #13036 from hashicorp/f-update-golang-1.18.2
build: update golang version to 1.18.2
2022-05-25 13:32:20 -05:00
Seth Hoenig 069f13a533 git: add go.work to gitignore 2022-05-25 11:15:00 -05:00
Seth Hoenig f7c0e078a9 build: update golang version to 1.18.2
This PR update to Go 1.18.2. Also update the versions of hclfmt
and go-hclogfmt which includes newer dependencies necessary for dealing
with go1.18.

The hcl v2 branch is now 'nomad-v2.9.1+tweaks2', to include a fix for
newer macOS versions: 8927e75e82
2022-05-25 10:04:04 -05:00
Luiz Aoqui 769ff1dcc3
Merge pull request #13109 from hashicorp/merge-release-1.3.1-branch
Merge release 1.3.1 branch
2022-05-25 10:45:09 -04:00
Seth Hoenig 10b029a1fd
Merge pull request #13107 from hashicorp/b-docker-test-fixes
tests: minor fixes for some docker tests
2022-05-25 09:26:34 -05:00
Seth Hoenig 8af061ffc5 docker: remove dead comment 2022-05-25 09:26:20 -05:00
Seth Hoenig 92685bad63 tests: minor fixes for some docker tests 2022-05-25 08:48:24 -05:00
Seth Hoenig 48e3405cda
Merge pull request #13059 from hashicorp/ci-gha-22.04
ci: switch to 22.04 for GHA Core CI tests
2022-05-25 08:44:36 -05:00
Seth Hoenig 626a345fb2 ci: switch to 22.04 LTS for GHA Core CI tests 2022-05-25 08:19:40 -05:00
Seth Hoenig 20b6bf3c22
Merge pull request #13104 from hashicorp/b-blocked-eval-math
core: fix blocked eval math
2022-05-24 16:23:06 -05:00
Luiz Aoqui 63441b54b3
Post 1.3.1 release changes 2022-05-24 16:33:30 -04:00
hc-github-team-nomad-core e9630d31be
Prepare for next release 2022-05-24 16:29:47 -04:00
hc-github-team-nomad-core 15caf5eab2
Generate files for 1.3.1 release 2022-05-24 16:29:46 -04:00
Luiz Aoqui fb41b82e82
prepare release 1.3.1 2022-05-24 16:29:46 -04:00
Michael Schurter 2965dc6a1a
artifact: fix numerous go-getter security issues
Fix numerous go-getter security issues:

- Add timeouts to http, git, and hg operations to prevent DoS
- Add size limit to http to prevent resource exhaustion
- Disable following symlinks in both artifacts and `job run`
- Stop performing initial HEAD request to avoid file corruption on
  retries and DoS opportunities.

**Approach**

Since Nomad has no ability to differentiate a DoS-via-large-artifact vs
a legitimate workload, all of the new limits are configurable at the
client agent level.

The max size of HTTP downloads is also exposed as a node attribute so
that if some workloads have large artifacts they can specify a high
limit in their jobspecs.

In the future all of this plumbing could be extended to enable/disable
specific getters or artifact downloading entirely on a per-node basis.
2022-05-24 16:29:39 -04:00
Luiz Aoqui 0a00059f3c
core: test duplicated blocked eval stats
In the original test, the eval generator would use a random value for
the job ID, resulting in an unxercised code path for duplicate blocked
evals.
2022-05-24 15:44:06 -04:00
Seth Hoenig 83bab8ed64
Merge pull request #13058 from hashicorp/b-cgroupsv1-docker-cgparent
drivers/docker: do not set cgroup parent in v1 mode
2022-05-24 14:07:40 -05:00
Seth Hoenig c6c3ae020d drivers/docker: do not set cgroup parent in v1 mode
This PR fixes a bug where the CgroupParent on the docker
HostConfig struct was accidently being set when running in
cgroups v1 mode.
2022-05-24 11:22:50 -05:00
Seth Hoenig 27d0c0dc9f docs: add changelog 2022-05-24 09:13:15 -05:00
Seth Hoenig a5943da0c7 core: add tests for blocked evals math 2022-05-24 09:05:18 -05:00