Added note to document that link-local addresses can be fingerprinted in
cases where no routable address can be found. Crosslinked to
`"fingerprint.network.disallow_link_local"` because they are somewhat
related and it is documented at a reasonable distance from this setting.
When rendering a task template, the `plugin` function is no longer
permitted by default and will raise an error. An operator can opt-in
to permitting this function with the new `template.function_blacklist`
field in the client configuration.
When rendering a task template, path parameters for the `file`
function will be treated as relative to the task directory by
default. Relative paths or symlinks that point outside the task
directory will raise an error. An operator can opt-out of this
protection with the new `template.disable_file_sandbox` field in the
client configuration.
This exposes a client flag to disable nomad remote exec support in
environments where access to tasks ought to be restricted.
I used `disable_remote_exec` client flag that defaults to allowing
remote exec. Opted for a client config that can be used to disable
remote exec globally, or to a subset of the cluster if necessary.
* master: (912 commits)
Update redirects.txt
Added redirect for Spark guide link
client: log when server list changes
docs: mention regression in task config validation
fix update to changelog
update CHANGELOG with datacenter config validation https://github.com/hashicorp/nomad/pull/5665
typo: "atleast" -> "at least"
implement nomad exec for rkt
docs: fixed typo
use pty/tty terminology similar to github.com/kr/pty
vendor github.com/kr/pty
drivers: implement streaming exec for executor based drivers
executors: implement streaming exec
executor: scaffolding for executor grpc handling
client: expose allocated memory per task
client improve a comment in updateNetworks
stalebot: Add 'thinking' as an exempt label (#5684)
Added Sparrow link
update links to use new canonical location
Add redirects for restructing done in GH-5667
...
* call out pluggable drivers in task drivers section and link/add info to plugin stanza
* fix hyphenation
* removing page and nav that tells users drivers are not pluggable
* show new syntax for configuring raw_exec plugin on client
* enabled option value for raw_exec is boolean
* add plugin options section and mark client options as soon to be deprecated
* fix typos
* add plugin options for rkt task drivers and place deprecation warning in client options
* add some plugin options with plugin configuration example + mark client options as soon to be deprecated
* modify deprecation warning
* replace colon with - for options
* add docker plugin options
* update links within docker task driver to point to plugin options
* fix typo and clarify config options for lxc task driver
* replace raw_exec plugin syntax example with docker example
* create external section
* restructure lxc docs and add backward incompatibility warning
* update lxc driver doc
* add redirect for lxc driver doc
* call out plugin options and mark client config options for drivers as deprecated
* add placeholder for lxc driver binary download
* update data_dir/plugins reference with plugin_dir reference
* Update website/source/docs/external/lxc.html.md
Co-Authored-By: Omar-Khawaja <Omar-Khawaja@users.noreply.github.com>
* corrections
* remove lxc from built-in drivers navigation
* reorganize doc structure and fix redirect
* add detail about 0.9 changes
* implement suggestions/fixes
* removed extraneous punctuation
* add official lxc driver link
* add vault integration guide in guides section and move current vault integration content to docs section
* complete guide with image
* fix typos
* rename step 6 and fix typos
* fix typos and awkward phrasing along with links
* fix duplicated step #
* fix typo
* fix links so that pages that pointed to the original vault integration content still point there
