luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
13,330 Commits 1 Branch 0 Tags 311 MiB
Commit Graph

120 Commits

Author SHA1 Message Date
Michael Schurter 4d92603340 boltdd: return error on use-after-Close 
Return the same error as boltdb instead of panic'ing.
 2018-11-15 14:15:37 -08:00
Mahmood Ali 9da19c6450 address review comments 2018-10-30 13:58:52 -04:00
Mahmood Ali 4937095389 Allow artifacts checksum interpolation 
Fixes https://github.com/hashicorp/nomad/issues/4814
 2018-10-30 13:24:30 -04:00
Michael Schurter e060174130 ar: fix leader handling, state restoring, and destroying unrun ARs 
* Migrated all of the old leader task tests and got them passing
* Refactor and consolidate task killing code in AR to always kill leader
  tasks first
* Fixed lots of issues with state restoring
* Fixed deadlock in AR.Destroy if AR.Run had never been called
* Added a new in memory statedb for testing
 2018-10-19 09:45:45 -07:00
Nick Ethier 8b876e1cce fix package references after drivers/base subpackage removed 2018-10-16 16:53:31 -07:00
Nick Ethier 0e3f85222a driver/raw_exec: port existing raw_exec tests and add some testing utilities 2018-10-16 16:53:31 -07:00
Michael Schurter 4236255686 lots of comment/log fixes 2018-10-16 16:53:30 -07:00
Michael Schurter 820af27171 wrap boltdb in a write deduplicator 
Saves a tiny bit of cpu and some IO. Sadly doesn't prevent all IO on
duplicate writes as the transactions are still created and committed.

$ go test -bench=. -benchmem
goos: linux
goarch: amd64
pkg: github.com/hashicorp/nomad/helper/boltdd
BenchmarkWriteDeduplication_On-4             500           4059591 ns/op           23736 B/op         56 allocs/op
BenchmarkWriteDeduplication_Off-4            300           4115319 ns/op           25942 B/op         55 allocs/op
 2018-10-16 16:53:30 -07:00
Michael Schurter ae89b7da95 reimplement success state for tr hooks and state persistence 
splits apart local and remote persistence

removes some locking *for now*
 2018-10-16 16:53:29 -07:00
Alex Dadgar cbb5f21112 New parser and comparison 2018-10-12 15:25:34 -07:00
oleksii.shyman b4a4b395e3 Introduce nvidia-plugin fingerprinting 
- created go-nvml wrapper for fingerprinting
  - added fingerprinting feature to nvidia-plugin
 2018-10-03 15:11:56 -07:00
Alex Dadgar 9971b3393f yamux 2018-09-17 14:22:40 -07:00
Alex Dadgar 7739ef51ce agent + consul 2018-09-13 10:43:40 -07:00
Michael Schurter 401ed92847 config: accept CA PEM files with extra whitespace 
Previously we did a validation pass over CA PEM files before calling
Go's CertPool.AppendCertsFromPEM to provide more detailed error messages
than the stdlib provides.

Unfortunately our validation was overly strict and rejected valid CA
files. This is actually the reason the stdlib PEM parser doesn't return
meaningful errors: PEM files are extremely permissive and it's difficult
to tell the difference between invalid data and valid metadata.

This PR removes our custom validation as it would reject valid data and
the extra error messages were not useful in diagnosing the error
encountered.
 2018-09-06 11:38:56 -07:00
Michael Schurter 6def5bc4f9 client: set host name when migrating over tls 
Not setting the host name led the Go HTTP client to expect a certificate
with a DNS-resolvable name. Since Nomad uses `${role}.${region}.nomad`
names ephemeral dir migrations were broken when TLS was enabled.

Added an e2e test to ensure this doesn't break again as it's very
difficult to test and the TLS configuration is very easy to get wrong.
 2018-09-05 17:24:17 -07:00
Alex Dadgar c6576ddac1 Fix make check errors 2018-09-04 16:03:52 -07:00
Chelsea Holland Komlo f5e631886f add signature algorithm to error message 2018-08-13 16:21:18 -04:00
Chelsea Holland Komlo ed21481ca1 rename signature algorithm type per code review feedback 2018-08-13 16:11:49 -04:00
Chelsea Holland Komlo 16ffb2e412 extract functionality for determining signature algorithm per code review feedback 2018-08-13 16:08:23 -04:00
Chelsea Holland Komlo 91edec5bf4 change string repr of signature algorithms to constants 2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo 4b228b1919 remove redundant nil check 2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo 3f1d54f628 add default case for empty TLS structs 2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo 4755a65978 add comments 2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo 86103d41d4 type safety for string keys 2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo 31d6d00381 add simple getter for certificate 2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo 568564f63f refactor to use golang built in api for certs 2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo bb6c30ee3c add functionality to check if signature algorithm is supported in cipher suites 2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo b92098fd08 change function signature to take entire tls config object 2018-08-10 12:37:21 -04:00
Nick Ethier a3be46b5ee
vendor: remove unused github.com/kardianos/osext 2018-07-05 11:04:12 -04:00
Charlie Voiselle 1560d0b893
Extend timeout based on user feedback 
Closes https://github.com/hashicorp/nomad/issues/4439.
 2018-06-21 15:27:56 -04:00
Chelsea Holland Komlo da712f4f47 fixup! more specific test assertion 2018-06-13 09:58:40 -04:00
Chelsea Holland Komlo dca7235ca5 add tests and improve should reload logic 2018-06-08 15:10:10 -04:00
Chelsea Holland Komlo de03ce8070 move logic to determine whether to reload tls configuration to tlsutil helper 2018-06-08 14:33:58 -04:00
Chelsea Holland Komlo 914d2257ef enable more tls 1.2 ciphers 2018-06-07 17:49:57 -04:00
Alex Dadgar de98774f2c Add test and docs 2018-05-31 18:05:03 -07:00
Alex Dadgar 446fc64850
Merge branch 'master' into f-tls-parse-certs 2018-05-30 17:25:50 +00:00
Chelsea Holland Komlo 3edf309096 fixup! clearify docs and group similar TLS fields 2018-05-29 21:30:49 -04:00
Chelsea Holland Komlo 498b57036d refactor to remove duplication 2018-05-29 18:47:25 -04:00
Chelsea Holland Komlo 1dc14d8e0d handle parsing multiple certificates in a pem file 2018-05-29 18:25:43 -04:00
Chelsea Holland Komlo 9156556555 remove unnecessary type conversation 2018-05-29 17:07:38 -04:00
Chelsea Holland Komlo 521f8d3fb4 parse CA certificate to catch more specific errors 2018-05-25 18:14:32 -04:00
Chelsea Holland Komlo 19e4a5489b add support for tls PreferServerCipherSuites 
add further tests for tls configuration
 2018-05-25 13:20:00 -04:00
Chelsea Holland Komlo 38f611a7f2 refactor NewTLSConfiguration to pass in verifyIncoming/verifyOutgoing 
add missing fields to TLS merge method
 2018-05-23 18:35:30 -04:00
Chelsea Komlo 687c26093c
Merge pull request #4269 from hashicorp/f-tls-remove-weak-standards 
Configurable TLS cipher suites and versions; disallow weak ciphers
 2018-05-11 08:11:46 -04:00
Charlie Voiselle fd952eefbc Added deferred cancel to prevent context leaks 2018-05-10 18:52:54 -04:00
Chelsea Holland Komlo 44f536f18e add support for configurable TLS minimum version 2018-05-09 18:07:12 -04:00
Chelsea Holland Komlo 796bae6f1b allow configurable cipher suites 
disallow 3DES and RC4 ciphers

add documentation for tls_cipher_suites
 2018-05-09 17:15:31 -04:00
Charlie Voiselle 6e58e1ff4b
Merge branch 'master' into b-extend-win-cpu-fingerprint-timeout 2018-05-09 16:23:14 -04:00
Charlie Voiselle 62f99cc629 Addressed review comments 2018-05-09 13:21:35 -04:00
Charlie Voiselle d64b02f07d Override 3 sec. WMI timeout in gopsutil 
The default timeout is too short for some overburdened or resource
constrained machines to complete the WMI query before the context
deadline expires.  This causes them to be unable to fingerprint the CPU
properly.
 2018-05-08 17:00:31 -04:00