Michael Schurter
337d07fdd8
client/state: improve upgradeTaskBucket error handling
...
And add a test
2018-12-19 10:39:27 -08:00
Mahmood Ali
fa9b9028a5
Use max 3 precision in displaying floats
...
When formating floats in `nomad node status`, use a maximum precision of
3.
2018-12-10 12:18:24 -05:00
Michael Schurter
4d92603340
boltdd: return error on use-after-Close
...
Return the same error as boltdb instead of panic'ing.
2018-11-15 14:15:37 -08:00
Mahmood Ali
9da19c6450
address review comments
2018-10-30 13:58:52 -04:00
Mahmood Ali
4937095389
Allow artifacts checksum interpolation
...
Fixes https://github.com/hashicorp/nomad/issues/4814
2018-10-30 13:24:30 -04:00
Michael Schurter
e060174130
ar: fix leader handling, state restoring, and destroying unrun ARs
...
* Migrated all of the old leader task tests and got them passing
* Refactor and consolidate task killing code in AR to always kill leader
tasks first
* Fixed lots of issues with state restoring
* Fixed deadlock in AR.Destroy if AR.Run had never been called
* Added a new in memory statedb for testing
2018-10-19 09:45:45 -07:00
Nick Ethier
8b876e1cce
fix package references after drivers/base subpackage removed
2018-10-16 16:53:31 -07:00
Nick Ethier
0e3f85222a
driver/raw_exec: port existing raw_exec tests and add some testing utilities
2018-10-16 16:53:31 -07:00
Michael Schurter
4236255686
lots of comment/log fixes
2018-10-16 16:53:30 -07:00
Michael Schurter
820af27171
wrap boltdb in a write deduplicator
...
Saves a tiny bit of cpu and some IO. Sadly doesn't prevent all IO on
duplicate writes as the transactions are still created and committed.
$ go test -bench=. -benchmem
goos: linux
goarch: amd64
pkg: github.com/hashicorp/nomad/helper/boltdd
BenchmarkWriteDeduplication_On-4 500 4059591 ns/op 23736 B/op 56 allocs/op
BenchmarkWriteDeduplication_Off-4 300 4115319 ns/op 25942 B/op 55 allocs/op
2018-10-16 16:53:30 -07:00
Michael Schurter
ae89b7da95
reimplement success state for tr hooks and state persistence
...
splits apart local and remote persistence
removes some locking *for now*
2018-10-16 16:53:29 -07:00
Alex Dadgar
cbb5f21112
New parser and comparison
2018-10-12 15:25:34 -07:00
oleksii.shyman
b4a4b395e3
Introduce nvidia-plugin fingerprinting
...
- created go-nvml wrapper for fingerprinting
- added fingerprinting feature to nvidia-plugin
2018-10-03 15:11:56 -07:00
Alex Dadgar
9971b3393f
yamux
2018-09-17 14:22:40 -07:00
Alex Dadgar
7739ef51ce
agent + consul
2018-09-13 10:43:40 -07:00
Michael Schurter
401ed92847
config: accept CA PEM files with extra whitespace
...
Previously we did a validation pass over CA PEM files before calling
Go's CertPool.AppendCertsFromPEM to provide more detailed error messages
than the stdlib provides.
Unfortunately our validation was overly strict and rejected valid CA
files. This is actually the reason the stdlib PEM parser doesn't return
meaningful errors: PEM files are extremely permissive and it's difficult
to tell the difference between invalid data and valid metadata.
This PR removes our custom validation as it would reject valid data and
the extra error messages were not useful in diagnosing the error
encountered.
2018-09-06 11:38:56 -07:00
Michael Schurter
6def5bc4f9
client: set host name when migrating over tls
...
Not setting the host name led the Go HTTP client to expect a certificate
with a DNS-resolvable name. Since Nomad uses `${role}.${region}.nomad`
names ephemeral dir migrations were broken when TLS was enabled.
Added an e2e test to ensure this doesn't break again as it's very
difficult to test and the TLS configuration is very easy to get wrong.
2018-09-05 17:24:17 -07:00
Alex Dadgar
c6576ddac1
Fix make check errors
2018-09-04 16:03:52 -07:00
Chelsea Holland Komlo
f5e631886f
add signature algorithm to error message
2018-08-13 16:21:18 -04:00
Chelsea Holland Komlo
ed21481ca1
rename signature algorithm type per code review feedback
2018-08-13 16:11:49 -04:00
Chelsea Holland Komlo
16ffb2e412
extract functionality for determining signature algorithm per code review feedback
2018-08-13 16:08:23 -04:00
Chelsea Holland Komlo
91edec5bf4
change string repr of signature algorithms to constants
2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
4b228b1919
remove redundant nil check
2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
3f1d54f628
add default case for empty TLS structs
2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
4755a65978
add comments
2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
86103d41d4
type safety for string keys
2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
31d6d00381
add simple getter for certificate
2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
568564f63f
refactor to use golang built in api for certs
2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
bb6c30ee3c
add functionality to check if signature algorithm is supported in cipher suites
2018-08-10 12:37:21 -04:00
Chelsea Holland Komlo
b92098fd08
change function signature to take entire tls config object
2018-08-10 12:37:21 -04:00
Nick Ethier
a3be46b5ee
vendor: remove unused github.com/kardianos/osext
2018-07-05 11:04:12 -04:00
Charlie Voiselle
1560d0b893
Extend timeout based on user feedback
...
Closes https://github.com/hashicorp/nomad/issues/4439 .
2018-06-21 15:27:56 -04:00
Chelsea Holland Komlo
da712f4f47
fixup! more specific test assertion
2018-06-13 09:58:40 -04:00
Chelsea Holland Komlo
dca7235ca5
add tests and improve should reload logic
2018-06-08 15:10:10 -04:00
Chelsea Holland Komlo
de03ce8070
move logic to determine whether to reload tls configuration to tlsutil helper
2018-06-08 14:33:58 -04:00
Chelsea Holland Komlo
914d2257ef
enable more tls 1.2 ciphers
2018-06-07 17:49:57 -04:00
Alex Dadgar
de98774f2c
Add test and docs
2018-05-31 18:05:03 -07:00
Alex Dadgar
446fc64850
Merge branch 'master' into f-tls-parse-certs
2018-05-30 17:25:50 +00:00
Chelsea Holland Komlo
3edf309096
fixup! clearify docs and group similar TLS fields
2018-05-29 21:30:49 -04:00
Chelsea Holland Komlo
498b57036d
refactor to remove duplication
2018-05-29 18:47:25 -04:00
Chelsea Holland Komlo
1dc14d8e0d
handle parsing multiple certificates in a pem file
2018-05-29 18:25:43 -04:00
Chelsea Holland Komlo
9156556555
remove unnecessary type conversation
2018-05-29 17:07:38 -04:00
Chelsea Holland Komlo
521f8d3fb4
parse CA certificate to catch more specific errors
2018-05-25 18:14:32 -04:00
Chelsea Holland Komlo
19e4a5489b
add support for tls PreferServerCipherSuites
...
add further tests for tls configuration
2018-05-25 13:20:00 -04:00
Chelsea Holland Komlo
38f611a7f2
refactor NewTLSConfiguration to pass in verifyIncoming/verifyOutgoing
...
add missing fields to TLS merge method
2018-05-23 18:35:30 -04:00
Chelsea Komlo
687c26093c
Merge pull request #4269 from hashicorp/f-tls-remove-weak-standards
...
Configurable TLS cipher suites and versions; disallow weak ciphers
2018-05-11 08:11:46 -04:00
Charlie Voiselle
fd952eefbc
Added deferred cancel to prevent context leaks
2018-05-10 18:52:54 -04:00
Chelsea Holland Komlo
44f536f18e
add support for configurable TLS minimum version
2018-05-09 18:07:12 -04:00
Chelsea Holland Komlo
796bae6f1b
allow configurable cipher suites
...
disallow 3DES and RC4 ciphers
add documentation for tls_cipher_suites
2018-05-09 17:15:31 -04:00
Charlie Voiselle
6e58e1ff4b
Merge branch 'master' into b-extend-win-cpu-fingerprint-timeout
2018-05-09 16:23:14 -04:00