Go to file
Seth Hoenig 5b1970468e
artifact: git needs more files for private repositories (#16508)
* landlock: git needs more files for private repositories

This PR fixes artifact downloading so that git may work when cloning from
private repositories. It needs

- file read on /etc/passwd
- dir read on /root/.ssh
- file write on /root/.ssh/known_hosts

Add these rules to the landlock rules for the artifact sandbox.

* cr: use nonexistent instead of devnull

Co-authored-by: Michael Schurter <mschurter@hashicorp.com>

* cr: use go-homdir for looking up home directory

* pr: pull go-homedir into explicit require

* cr: fixup homedir tests in homeless root cases

* cl: fix root test for real

---------

Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
2023-03-16 12:22:25 -05:00
.changelog artifact: git needs more files for private repositories (#16508) 2023-03-16 12:22:25 -05:00
.circleci build: update from go1.20.1 to go1.20.2 (#16427) 2023-03-13 09:47:07 -07:00
.github CI: delete test-link-rewrites.yml (#16354) 2023-03-06 15:41:01 -05:00
.release Prepare for next release 2023-03-13 11:13:27 -04:00
.semgrep Accept Workload Identities for Client RPCs (#16254) 2023-02-27 10:17:47 -08:00
.tours Make number of scheduler workers reloadable (#11593) 2022-01-06 11:56:13 -05:00
acl acl: prevent privilege escalation via workload identity 2023-03-13 11:13:27 -04:00
api Update ioutil library references to os and io respectively for API and Plugins package (#16330) 2023-03-08 10:25:09 -06:00
ci tests: add functionality to skip a test if it's not running in CI and not with root user (#16222) 2023-03-02 13:38:27 -05:00
client artifact: git needs more files for private repositories (#16508) 2023-03-16 12:22:25 -05:00
command test: set BuildDate in default TestAgent config (#16499) 2023-03-15 11:47:15 -05:00
contributing scheduler: annotate tasksUpdated with reason and purge DeepEquals (#16421) 2023-03-14 09:46:00 -05:00
demo Update ioutil library references to os and io respectively for e2e helper nomad (#16332) 2023-03-08 09:39:03 -06:00
dev docs: swap master for main in Nomad repo 2021-03-08 14:26:31 -05:00
drivers deps: Update ioutil library references to os and io respectively for drivers package (#16331) 2023-03-08 10:31:09 -06:00
e2e artifact: use specific version link for zipbomb artifact (#16513) 2023-03-16 10:18:46 -05:00
helper scheduler: annotate tasksUpdated with reason and purge DeepEquals (#16421) 2023-03-14 09:46:00 -05:00
integrations
internal/testing/apitests api: add OIDC HTTP API endpoints and SDK. 2023-01-13 13:15:58 +00:00
jobspec Add option to expose workload token to task (#15755) 2023-02-02 10:59:14 -08:00
jobspec2 Update ioutil library references to os and io respectively for e2e helper nomad (#16332) 2023-03-08 09:39:03 -06:00
lib deps: upgrade to hashicorp/golang-lru/v2 (#16085) 2023-02-08 15:20:33 -06:00
nomad scheduler: annotate tasksUpdated with reason and purge DeepEquals (#16421) 2023-03-14 09:46:00 -05:00
plugins plugin: add missing fields to `TaskConfig` (#16434) 2023-03-13 15:58:16 -04:00
scheduler scheduler: annotate tasksUpdated with reason and purge DeepEquals (#16421) 2023-03-14 09:46:00 -05:00
scripts build: update from go1.20.1 to go1.20.2 (#16427) 2023-03-13 09:47:07 -07:00
terraform terraform: update installed versions of HashiCorp tools. (#13635) 2022-07-07 16:12:19 +02:00
testutil Update ioutil library references to os and io respectively for e2e helper nomad (#16332) 2023-03-08 09:39:03 -06:00
tools chore: Convert assets from bindatafs to go embeds (#16066) 2023-02-10 12:02:29 -05:00
ui [ui] Fix: New toast notifications no longer last forever (#16384) 2023-03-08 14:50:18 -05:00
version Prepare for next release 2023-03-13 11:13:27 -04:00
website docs: dispatch_payload and jobs api docs had some weirdness (#16514) 2023-03-16 09:42:46 -07:00
.git-blame-ignore-revs ignore b0a20b4dc965a38b0c843f47c16685ccad7439da (#13648) 2022-07-07 15:16:18 -07:00
.gitattributes
.gitignore git: ignore .fleet directory (#16144) 2023-02-13 07:39:30 -06:00
.go-version build: update from go1.20.1 to go1.20.2 (#16427) 2023-03-13 09:47:07 -07:00
.golangci.yml build: update linters (#15063) 2022-10-27 15:02:30 -05:00
.semgrepignore build: disable semgrep on structs.go for now 2022-02-01 10:09:49 -06:00
CHANGELOG.md Merge release 1.5.1 files 2023-03-13 11:15:04 -04:00
CODEOWNERS ensure engineering has merge authority on build pipeline (#15350) 2022-11-21 14:30:02 -05:00
GNUmakefile build: fix `test-nomad` make target when running locally. (#16506) 2023-03-16 09:32:14 +01:00
LICENSE [COMPLIANCE] Update MPL 2.0 LICENSE (#14884) 2022-10-13 08:43:12 -04:00
README.md read: fix incorrect link to ref. arch. (#16103) 2023-02-09 11:52:31 +01:00
Vagrantfile tools: update virtualbox networking configuration (#11561) 2021-11-24 10:45:58 -05:00
build_linux_arm.go gofmt all the files 2021-10-01 10:14:28 -04:00
go.mod artifact: git needs more files for private repositories (#16508) 2023-03-16 12:22:25 -05:00
go.sum build(deps): bump go.uber.org/goleak from 1.2.0 to 1.2.1 (#16439) 2023-03-13 11:23:56 -05:00
main.go main: remove deprecated uses of rand.Seed (#16074) 2023-02-07 09:19:38 -06:00
main_test.go

README.md

Nomad License: MPL 2.0 Discuss

HashiCorp Nomad logo

Nomad is a simple and flexible workload orchestrator to deploy and manage containers (docker, podman), non-containerized applications (executable, Java), and virtual machines (qemu) across on-prem and clouds at scale.

Nomad is supported on Linux, Windows, and macOS. A commercial version of Nomad, Nomad Enterprise, is also available.

Nomad provides several key features:

  • Deploy Containers and Legacy Applications: Nomads flexibility as an orchestrator enables an organization to run containers, legacy, and batch applications together on the same infrastructure. Nomad brings core orchestration benefits to legacy applications without needing to containerize via pluggable task drivers.

  • Simple & Reliable: Nomad runs as a single binary and is entirely self contained - combining resource management and scheduling into a single system. Nomad does not require any external services for storage or coordination. Nomad automatically handles application, node, and driver failures. Nomad is distributed and resilient, using leader election and state replication to provide high availability in the event of failures.

  • Device Plugins & GPU Support: Nomad offers built-in support for GPU workloads such as machine learning (ML) and artificial intelligence (AI). Nomad uses device plugins to automatically detect and utilize resources from hardware devices such as GPU, FPGAs, and TPUs.

  • Federation for Multi-Region, Multi-Cloud: Nomad was designed to support infrastructure at a global scale. Nomad supports federation out-of-the-box and can deploy applications across multiple regions and clouds.

  • Proven Scalability: Nomad is optimistically concurrent, which increases throughput and reduces latency for workloads. Nomad has been proven to scale to clusters of 10K+ nodes in real-world production environments.

  • HashiCorp Ecosystem: Nomad integrates seamlessly with Terraform, Consul, Vault for provisioning, service discovery, and secrets management.

Quick Start

Testing

See Learn: Getting Started for instructions on setting up a local Nomad cluster for non-production use.

Optionally, find Terraform manifests for bringing up a development Nomad cluster on a public cloud in the terraform directory.

Production

See Learn: Nomad Reference Architecture for recommended practices and a reference architecture for production deployments.

Documentation

Full, comprehensive documentation is available on the Nomad website: https://www.nomadproject.io/docs

Guides are available on HashiCorp Learn.

Contributing

See the contributing directory for more developer documentation.