Go to file
Seth Hoenig 165791dd89
artifact: protect against unbounded artifact decompression (1.5.0) (#16151)
* artifact: protect against unbounded artifact decompression

Starting with 1.5.0, set defaut values for artifact decompression limits.

artifact.decompression_size_limit (default "100GB") - the maximum amount of
data that will be decompressed before triggering an error and cancelling
the operation

artifact.decompression_file_count_limit (default 4096) - the maximum number
of files that will be decompressed before triggering an error and
cancelling the operation.

* artifact: assert limits cannot be nil in validation
2023-02-14 09:28:39 -06:00
.changelog artifact: protect against unbounded artifact decompression (1.5.0) (#16151) 2023-02-14 09:28:39 -06:00
.circleci circle: hardcode go1.20 string because yaml (#16104) 2023-02-09 07:41:43 -06:00
.github ci: reduce number of ember-test-audit iterations (#16118) 2023-02-09 15:28:30 -05:00
.release Prepare for next release 2023-02-08 08:54:40 +00:00
.semgrep tests: don't mutate global structs in core scheduler tests (#16120) 2023-02-10 09:26:00 -05:00
.tours Make number of scheduler workers reloadable (#11593) 2022-01-06 11:56:13 -05:00
acl renamed stanza to block for consistency with other projects (#15941) 2023-01-30 15:48:43 +01:00
api api: fix missing Node Status "disconnected" in API (#16166) 2023-02-14 09:43:23 -05:00
ci ci: swap freeport for portal in packages (#15661) 2023-01-03 11:25:20 -06:00
client artifact: protect against unbounded artifact decompression (1.5.0) (#16151) 2023-02-14 09:28:39 -06:00
command Add warnings to `var put` for non-alphanumeric keys. (#15933) 2023-02-13 16:14:59 -05:00
contributing docs: update CLI contrib checklist (#16073) 2023-02-07 09:46:27 -05:00
demo renamed stanza to block for consistency with other projects (#15941) 2023-01-30 15:48:43 +01:00
dev docs: swap master for main in Nomad repo 2021-03-08 14:26:31 -05:00
drivers docker: disable driver when running as non-root on cgroups v2 hosts (#16063) 2023-02-06 14:09:19 -06:00
e2e artifact: protect against unbounded artifact decompression (1.5.0) (#16151) 2023-02-14 09:28:39 -06:00
helper Add warnings to `var put` for non-alphanumeric keys. (#15933) 2023-02-13 16:14:59 -05:00
integrations spelling: registrations 2018-03-11 18:40:53 +00:00
internal/testing/apitests api: add OIDC HTTP API endpoints and SDK. 2023-01-13 13:15:58 +00:00
jobspec Add option to expose workload token to task (#15755) 2023-02-02 10:59:14 -08:00
jobspec2 job parsing: fix panic when variable validation is missing condition (#16018) 2023-02-01 16:41:03 -05:00
lib deps: upgrade to hashicorp/golang-lru/v2 (#16085) 2023-02-08 15:20:33 -06:00
nomad artifact: protect against unbounded artifact decompression (1.5.0) (#16151) 2023-02-14 09:28:39 -06:00
plugins renamed stanza to block for consistency with other projects (#15941) 2023-01-30 15:48:43 +01:00
scheduler main: remove deprecated uses of rand.Seed (#16074) 2023-02-07 09:19:38 -06:00
scripts build: update to go1.20 (#16029) 2023-02-03 08:14:53 -06:00
terraform terraform: update installed versions of HashiCorp tools. (#13635) 2022-07-07 16:12:19 +02:00
testutil core: enforce strict steps for clients reconnect (#15808) 2023-01-25 15:53:59 -05:00
tools chore: Convert assets from bindatafs to go embeds (#16066) 2023-02-10 12:02:29 -05:00
ui Add warnings to `var put` for non-alphanumeric keys. (#15933) 2023-02-13 16:14:59 -05:00
version Prepare for next release 2023-02-08 08:54:40 +00:00
website artifact: protect against unbounded artifact decompression (1.5.0) (#16151) 2023-02-14 09:28:39 -06:00
.git-blame-ignore-revs ignore b0a20b4dc965a38b0c843f47c16685ccad7439da (#13648) 2022-07-07 15:16:18 -07:00
.gitattributes Remove invalid gitattributes 2018-02-14 14:47:43 -08:00
.gitignore git: ignore .fleet directory (#16144) 2023-02-13 07:39:30 -06:00
.go-version build: update to go1.20 (#16029) 2023-02-03 08:14:53 -06:00
.golangci.yml build: update linters (#15063) 2022-10-27 15:02:30 -05:00
.semgrepignore build: disable semgrep on structs.go for now 2022-02-01 10:09:49 -06:00
CHANGELOG.md docs: cleanup 1.5 changelog entries (#16094) 2023-02-08 12:10:08 -08:00
CODEOWNERS ensure engineering has merge authority on build pipeline (#15350) 2022-11-21 14:30:02 -05:00
GNUmakefile chore: Convert assets from bindatafs to go embeds (#16066) 2023-02-10 12:02:29 -05:00
LICENSE [COMPLIANCE] Update MPL 2.0 LICENSE (#14884) 2022-10-13 08:43:12 -04:00
README.md read: fix incorrect link to ref. arch. (#16103) 2023-02-09 11:52:31 +01:00
Vagrantfile tools: update virtualbox networking configuration (#11561) 2021-11-24 10:45:58 -05:00
build_linux_arm.go gofmt all the files 2021-10-01 10:14:28 -04:00
go.mod artifact: protect against unbounded artifact decompression (1.5.0) (#16151) 2023-02-14 09:28:39 -06:00
go.sum artifact: protect against unbounded artifact decompression (1.5.0) (#16151) 2023-02-14 09:28:39 -06:00
main.go main: remove deprecated uses of rand.Seed (#16074) 2023-02-07 09:19:38 -06:00
main_test.go Adding initial skeleton 2015-06-01 13:46:21 +02:00

README.md

Nomad License: MPL 2.0 Discuss

HashiCorp Nomad logo

Nomad is a simple and flexible workload orchestrator to deploy and manage containers (docker, podman), non-containerized applications (executable, Java), and virtual machines (qemu) across on-prem and clouds at scale.

Nomad is supported on Linux, Windows, and macOS. A commercial version of Nomad, Nomad Enterprise, is also available.

Nomad provides several key features:

  • Deploy Containers and Legacy Applications: Nomads flexibility as an orchestrator enables an organization to run containers, legacy, and batch applications together on the same infrastructure. Nomad brings core orchestration benefits to legacy applications without needing to containerize via pluggable task drivers.

  • Simple & Reliable: Nomad runs as a single binary and is entirely self contained - combining resource management and scheduling into a single system. Nomad does not require any external services for storage or coordination. Nomad automatically handles application, node, and driver failures. Nomad is distributed and resilient, using leader election and state replication to provide high availability in the event of failures.

  • Device Plugins & GPU Support: Nomad offers built-in support for GPU workloads such as machine learning (ML) and artificial intelligence (AI). Nomad uses device plugins to automatically detect and utilize resources from hardware devices such as GPU, FPGAs, and TPUs.

  • Federation for Multi-Region, Multi-Cloud: Nomad was designed to support infrastructure at a global scale. Nomad supports federation out-of-the-box and can deploy applications across multiple regions and clouds.

  • Proven Scalability: Nomad is optimistically concurrent, which increases throughput and reduces latency for workloads. Nomad has been proven to scale to clusters of 10K+ nodes in real-world production environments.

  • HashiCorp Ecosystem: Nomad integrates seamlessly with Terraform, Consul, Vault for provisioning, service discovery, and secrets management.

Quick Start

Testing

See Learn: Getting Started for instructions on setting up a local Nomad cluster for non-production use.

Optionally, find Terraform manifests for bringing up a development Nomad cluster on a public cloud in the terraform directory.

Production

See Learn: Nomad Reference Architecture for recommended practices and a reference architecture for production deployments.

Documentation

Full, comprehensive documentation is available on the Nomad website: https://www.nomadproject.io/docs

Guides are available on HashiCorp Learn.

Contributing

See the contributing directory for more developer documentation.