This project is mirrored from https://gitee.com/mirrors/nomad.git.
Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
- 31 Mar, 2020 1 commit
-
-
Yoan Blanc authored
Signed-off-by:
Yoan Blanc <yoan@dosimple.ch>
-
- 27 Mar, 2020 2 commits
-
-
Drew Bailey authored
-
Drew Bailey authored
better comments
-
- 25 Mar, 2020 2 commits
-
-
Drew Bailey authored
-
Michael Schurter authored
-
- 24 Mar, 2020 1 commit
-
-
Chris Baker authored
-
- 23 Mar, 2020 4 commits
-
-
Lang Martin authored
* command/agent/csi_endpoint: support type filter in volumes & plugins * command/agent/http: use /v1/volume/csi & /v1/plugin/csi * api/csi: use /v1/volume/csi & /v1/plugin/csi * api/nodes: use /v1/volume/csi & /v1/plugin/csi * api/nodes: not /volumes/csi, just /volumes * command/agent/csi_endpoint: fix ot parameter parsing
-
Lang Martin authored
* structs: CSIPlugin indexes jobs acting as plugins and node updates * schema: csi_plugins table for CSIPlugin * nomad: csi_endpoint use vol.Denormalize, plugin requests * nomad: csi_volume_endpoint: rename to csi_endpoint * agent: add CSI plugin endpoints * state_store_test: use generated ids to avoid t.Parallel conflicts * contributing: add note about registering new RPC structs * command: agent http register plugin lists * api: CSI plugin queries, ControllerHealthy -> ControllersHealthy * state_store: copy on write for volumes and plugins * structs: copy on write for volumes and plugins * state_store: CSIVolumeByID returns an unhealthy volume, denormalize * nomad: csi_endpoint use CSIVolumeDenormalizePlugins * structs: remove struct errors for missing objects * nomad: csi_endpoint return nil for missing objects, not errors * api: return meta from Register to avoid EOF error * state_store: CSIVolumeDenormalize keep allocs in their own maps * state_store: CSIVolumeDeregister error on missing volume * state_store: CSIVolumeRegister set indexes * nomad: csi_endpoint use CSIVolumeDenormalizePlugins tests
-
Lang Martin authored
-
Drew Bailey authored
allow oss to parse sink duration clean up audit sink parsing ent eventer config reload fix typo SetEnabled to eventer interface client acl test rm dead code fix failing test
-
- 30 Jan, 2020 1 commit
-
-
Michael Schurter authored
Introduce limits to prevent unauthorized users from exhausting all ephemeral ports on agents: * `{https,rpc}_handshake_timeout` * `{http,rpc}_max_conns_per_client` The handshake timeout closes connections that have not completed the TLS handshake by the deadline (5s by default). For RPC connections this timeout also separately applies to first byte being read so RPC connections with TLS enabled have `rpc_handshake_time * 2` as their deadline. The connection limit per client prevents a single remote TCP peer from exhausting all ephemeral ports. The default is 100, but can be lowered to a minimum of 26. Since streaming RPC connections create a new TCP connection (until MultiplexV2 is used), 20 connections are reserved for Raft and non-streaming RPCs to prevent connection exhaustion due to streaming RPCs. All limits are configurable and may be disabled by setting them to `0`. This also includes a fix that closes connections that attempt to create TLS RPC co...
-
- 09 Jan, 2020 5 commits
-
-
Drew Bailey authored
-
Drew Bailey authored
-
Drew Bailey authored
tidy up, add comments clean up seconds param assignment
-
Drew Bailey authored
m -> a receiver name return codederrors, fix query
-
Drew Bailey authored
wip, agent endpoint and client endpoint for pprof profiles agent endpoint test
-
- 19 Nov, 2019 1 commit
-
-
Mahmood Ali authored
Noticed that ACL endpoints return 500 status code for user errors. This is confusing and can lead to false monitoring alerts. Here, I introduce a concept of RPCCoded errors to be returned by RPC that signal a code in addition to error message. Codes for now match HTTP codes to ease reasoning. ``` $ nomad acl bootstrap Error bootstrapping: Unexpected response code: 500 (ACL bootstrap already done (reset index: 9)) $ nomad acl bootstrap Error bootstrapping: Unexpected response code: 400 (ACL bootstrap already done (reset index: 9)) ```
-
- 11 Nov, 2019 2 commits
-
-
Mahmood Ali authored
Nomad web UI currently fails when querying client nodes for allocation state end endpoints, due to CORS policy. The issue is that CORS requests that are marked `withCredentials` need the http server to include a `Access-Control-Allow-Credentials` [1]. But Nomad Task Logs and filesystem requests include authenticating information and thus marked with `credentials=true`[2][3]. It's worth noting that the browser currently sends credentials and authentication token to servers anyway; it's just that the response is not made available to caller nomad ui javascript. For task logs specifically, nomad ui retries again by querying the web ui address (typically pointing to a nomad server) which will forward the request to the nomad client agent appropriately. [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials [2] https://github.com/hashicorp/nomad/blob/101d0373eec5d58761d05e67e03f38916997a6d2/ui/app/components/task-log.js#L50 [3] https://github.com/hashicorp/nomad/blob/101d0373eec5d58761d05e67e03f38916997a6d2/ui/app/services/token.js#L25-L39
-
Drew Bailey authored
-
- 08 Nov, 2019 1 commit
-
-
Drew Bailey authored
-
- 05 Nov, 2019 4 commits
-
-
Drew Bailey authored
Adds new package that can be used by client and server RPC endpoints to facilitate monitoring based off of a logger clean up old code small comment about write rm old comment about minsize rename to Monitor Removes connection logic from monitor command Keep connection logic in endpoints, use a channel to send results from monitoring use new multisink logger and interfaces small test for dropped messages update go-hclogger and update sink/intercept logger interfaces
-
Drew Bailey authored
prefix output with proper spacing update gzip handler, adjust first byte flow to allow gzip handler bypass wip, first stab at wiring up rpc endpoint
-
Drew Bailey authored
Adds nomad monitor command. Like consul monitor, this command allows you to stream logs from a nomad agent in real time with a a specified log level add endpoint tests Upgrade go-hclog to latest version The current version of go-hclog pads log prefixes to equal lengths so info becomes [INFO ] and debug becomes [DEBUG]. This breaks hashicorp/logutils/level.go Check function. Upgrading to the latest version removes this padding and fixes log filtering that uses logutils Check
-
Drew Bailey authored
Queries /v1/agent/monitor and receives streaming logs from client
-
- 09 May, 2019 1 commit
-
-
Mahmood Ali authored
This adds a websocket endpoint for handling `nomad exec`. The endpoint is a websocket interface, as we require a bi-directional streaming (to handle both input and output), which is not very appropriate for plain HTTP 1.0. Using websocket makes implementing the web ui a bit simpler. I considered using golang http hijack capability to treat http request as a plain connection, but the web interface would be too complicated potentially. Furthermore, the API endpoint operates against the raw core nomad exec streaming datastructures, defined in protobuf, with json serializer. Our APIs use json interfaces in general, and protobuf generates json friendly golang structs. Reusing the structs here simplify interface and reduce conversion overhead.
-
- 12 Nov, 2018 1 commit
-
-
Preetha Appan authored
-
- 06 Nov, 2018 1 commit
-
-
Alex Dadgar authored
Fix an issue in which the deployment watcher would fail the deployment based on the earliest progress deadline of the deployment regardless of if the task group has finished. Further fix an issue where the blocked eval optimization would make it so no evals were created to progress the deployment. To reproduce this issue, prior to this commit, you can create a job with two task groups. The first group has count 1 and resources such that it can not be placed. The second group has count 3, max_parallel=1, and can be placed. Run this first and then update the second group to do a deployment. It will place the first of three, but never progress since there exists a blocked eval. However, that doesn't capture the fact that there are two groups being deployed.
-
- 30 Oct, 2018 1 commit
-
-
Preetha Appan authored
-
- 13 Sep, 2018 1 commit
-
-
Alex Dadgar authored
-
- 23 May, 2018 1 commit
-
-
Chelsea Holland Komlo authored
add missing fields to TLS merge method
-
- 16 Apr, 2018 1 commit
-
-
Nick Ethier authored
The parse endpoint accepts a hcl jobspec body within a json object and returns the parsed json object for the job. This allows users to register jobs with the nomad json api without specifically needing a nomad binary to parse their hcl encoded jobspec file.
-
- 11 Mar, 2018 1 commit
-
-
Josh Soref authored
-
- 16 Feb, 2018 1 commit
-
-
Alex Dadgar authored
-
- 30 Jan, 2018 1 commit
-
-
Kyle Havlovitz authored
-
- 09 Jan, 2018 1 commit
-
-
Michael Schurter authored
Fixes #3697 The existing code and test case only covered the leader behavior. When querying against non-leaders the error has an "rpc error: " prefix. To provide consistency in HTTP error response I also strip the "rpc error: " prefix for 403 responses as they offer no beneficial additional information (and in theory disclose a tiny bit of data to unauthorized users, but it would be a pretty weird bit of data to use in a malicious way).
-
- 08 Jan, 2018 2 commits
-
-
Chelsea Holland Komlo authored
-
Chelsea Holland Komlo authored
-
- 18 Dec, 2017 1 commit
-
-
Kyle Havlovitz authored
-
- 21 Nov, 2017 1 commit
-
-
Michael Lange authored
-
- 15 Nov, 2017 1 commit
-
-
Chelsea Komlo authored
* Allow server TLS configuration to be reloaded via SIGHUP * dynamic tls reloading for nomad agents * code cleanup and refactoring * ensure keyloader is initialized, add comments * allow downgrading from TLS * initalize keyloader if necessary * integration test for tls reload * fix up test to assert success on reloaded TLS configuration * failure in loading a new TLS config should remain at current Reload only the config if agent is already using TLS * reload agent configuration before specific server/client lock keyloader before loading/caching a new certificate * introduce a get-or-set method for keyloader * fixups from code review * fix up linting errors * fixups from code review * add lock for config updates; improve copy of tls config * GetCertificate only reloads certificates dynamically for the server * config updates/copies should be on agent * improve http integration test * simplify agent reloading storing a local copy of config * reuse the same keyloader when reloading * Test that server and client get reloaded but keep keyloader * Keyloader exposes GetClientCertificate as well for outgoing connections * Fix spelling * correct changelog style
-