This project is mirrored from https://gitee.com/mirrors/nomad.git. Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
  1. 31 Mar, 2020 1 commit
  2. 27 Mar, 2020 2 commits
  3. 25 Mar, 2020 2 commits
  4. 24 Mar, 2020 1 commit
  5. 23 Mar, 2020 4 commits
    • Lang Martin's avatar
      csi: change the API paths to match CLI command layout (#7325) · ce8625cf
      Lang Martin authored
      * command/agent/csi_endpoint: support type filter in volumes & plugins
      
      * command/agent/http: use /v1/volume/csi & /v1/plugin/csi
      
      * api/csi: use /v1/volume/csi & /v1/plugin/csi
      
      * api/nodes: use /v1/volume/csi & /v1/plugin/csi
      
      * api/nodes: not /volumes/csi, just /volumes
      
      * command/agent/csi_endpoint: fix ot parameter parsing
      ce8625cf
    • Lang Martin's avatar
      csi: server-side plugin state tracking and api (#6966) · 15ffae27
      Lang Martin authored
      * structs: CSIPlugin indexes jobs acting as plugins and node updates
      
      * schema: csi_plugins table for CSIPlugin
      
      * nomad: csi_endpoint use vol.Denormalize, plugin requests
      
      * nomad: csi_volume_endpoint: rename to csi_endpoint
      
      * agent: add CSI plugin endpoints
      
      * state_store_test: use generated ids to avoid t.Parallel conflicts
      
      * contributing: add note about registering new RPC structs
      
      * command: agent http register plugin lists
      
      * api: CSI plugin queries, ControllerHealthy -> ControllersHealthy
      
      * state_store: copy on write for volumes and plugins
      
      * structs: copy on write for volumes and plugins
      
      * state_store: CSIVolumeByID returns an unhealthy volume, denormalize
      
      * nomad: csi_endpoint use CSIVolumeDenormalizePlugins
      
      * structs: remove struct errors for missing objects
      
      * nomad: csi_endpoint return nil for missing objects, not errors
      
      * api: return meta from Register to avoid EOF error
      
      * state_store: CSIVolumeDenormalize keep allocs in their own maps
      
      * state_store: CSIVolumeDeregister error on missing volume
      
      * state_store: CSIVolumeRegister set indexes
      
      * nomad: csi_endpoint use CSIVolumeDenormalizePlugins tests
      15ffae27
    • Lang Martin's avatar
      agent: csi endpoint · 4887c559
      Lang Martin authored
      4887c559
    • Drew Bailey's avatar
      Audit config, seams for enterprise audit features · ae5777c4
      Drew Bailey authored
      allow oss to parse sink duration
      
      clean up audit sink parsing
      
      ent eventer config reload
      
      fix typo
      
      SetEnabled to eventer interface
      
      client acl test
      
      rm dead code
      
      fix failing test
      ae5777c4
  6. 30 Jan, 2020 1 commit
    • Michael Schurter's avatar
      core: add limits to unauthorized connections · e3e1f5cb
      Michael Schurter authored
      Introduce limits to prevent unauthorized users from exhausting all
      ephemeral ports on agents:
      
       * `{https,rpc}_handshake_timeout`
       * `{http,rpc}_max_conns_per_client`
      
      The handshake timeout closes connections that have not completed the TLS
      handshake by the deadline (5s by default). For RPC connections this
      timeout also separately applies to first byte being read so RPC
      connections with TLS enabled have `rpc_handshake_time * 2` as their
      deadline.
      
      The connection limit per client prevents a single remote TCP peer from
      exhausting all ephemeral ports. The default is 100, but can be lowered
      to a minimum of 26. Since streaming RPC connections create a new TCP
      connection (until MultiplexV2 is used), 20 connections are reserved for
      Raft and non-streaming RPCs to prevent connection exhaustion due to
      streaming RPCs.
      
      All limits are configurable and may be disabled by setting them to `0`.
      
      This also includes a fix that closes connections that attempt to create
      TLS RPC co...
      e3e1f5cb
  7. 09 Jan, 2020 5 commits
  8. 19 Nov, 2019 1 commit
    • Mahmood Ali's avatar
      api: acl bootstrap errors aren't 500 · fd66b9c9
      Mahmood Ali authored
      Noticed that ACL endpoints return 500 status code for user errors.  This
      is confusing and can lead to false monitoring alerts.
      
      Here, I introduce a concept of RPCCoded errors to be returned by RPC
      that signal a code in addition to error message.  Codes for now match
      HTTP codes to ease reasoning.
      
      ```
      $ nomad acl bootstrap
      Error bootstrapping: Unexpected response code: 500 (ACL bootstrap already done (reset index: 9))
      
      $ nomad acl bootstrap
      Error bootstrapping: Unexpected response code: 400 (ACL bootstrap already done (reset index: 9))
      ```
      fd66b9c9
  9. 11 Nov, 2019 2 commits
  10. 08 Nov, 2019 1 commit
  11. 05 Nov, 2019 4 commits
    • Drew Bailey's avatar
      New monitor pkg for shared monitor functionality · 8095b486
      Drew Bailey authored
      Adds new package that can be used by client and server RPC endpoints to
      facilitate monitoring based off of a logger
      
      clean up old code
      
      small comment about write
      
      rm old comment about minsize
      
      rename to Monitor
      
      Removes connection logic from monitor command
      
      Keep connection logic in endpoints, use a channel to send results from
      monitoring
      
      use new multisink logger and interfaces
      
      small test for dropped messages
      
      update go-hclogger and update sink/intercept logger interfaces
      8095b486
    • Drew Bailey's avatar
      remove log_writer · 12819975
      Drew Bailey authored
      prefix output with proper spacing
      
      update gzip handler, adjust first byte flow to allow gzip handler bypass
      
      wip, first stab at wiring up rpc endpoint
      12819975
    • Drew Bailey's avatar
      Adds nomad monitor command · 74cfdf55
      Drew Bailey authored
      Adds nomad monitor command. Like consul monitor, this command allows you
      to stream logs from a nomad agent in real time with a a specified log
      level
      
      add endpoint tests
      
      Upgrade go-hclog to latest version
      
      The current version of go-hclog pads log prefixes to equal lengths
      so info becomes [INFO ] and debug becomes [DEBUG]. This breaks
      hashicorp/logutils/level.go Check function. Upgrading to the latest
      version removes this padding and fixes log filtering that uses logutils
      Check
      74cfdf55
    • Drew Bailey's avatar
      Add Agent Monitor to receive streaming logs · dc328648
      Drew Bailey authored
      Queries /v1/agent/monitor and receives streaming logs from client
      dc328648
  12. 09 May, 2019 1 commit
    • Mahmood Ali's avatar
      agent: add websocket handler for nomad exec · bfb4f0ca
      Mahmood Ali authored
      This adds a websocket endpoint for handling `nomad exec`.
      
      The endpoint is a websocket interface, as we require a bi-directional
      streaming (to handle both input and output), which is not very appropriate for
      plain HTTP 1.0. Using websocket makes implementing the web ui a bit simpler. I
      considered using golang http hijack capability to treat http request as a plain
      connection, but the web interface would be too complicated potentially.
      
      Furthermore, the API endpoint operates against the raw core nomad exec streaming
      datastructures, defined in protobuf, with json serializer.  Our APIs use json
      interfaces in general, and protobuf generates json friendly golang structs.
      Reusing the structs here simplify interface and reduce conversion overhead.
      bfb4f0ca
  13. 12 Nov, 2018 1 commit
  14. 06 Nov, 2018 1 commit
    • Alex Dadgar's avatar
      Fix multiple tgs with progress deadline handling · 8615b1d5
      Alex Dadgar authored
      Fix an issue in which the deployment watcher would fail the deployment
      based on the earliest progress deadline of the deployment regardless of
      if the task group has finished.
      
      Further fix an issue where the blocked eval optimization would make it
      so no evals were created to progress the deployment. To reproduce this
      issue, prior to this commit, you can create a job with two task groups.
      The first group has count 1 and resources such that it can not be
      placed. The second group has count 3, max_parallel=1, and can be placed.
      Run this first and then update the second group to do a deployment. It
      will place the first of three, but never progress since there exists a
      blocked eval. However, that doesn't capture the fact that there are two
      groups being deployed.
      8615b1d5
  15. 30 Oct, 2018 1 commit
  16. 13 Sep, 2018 1 commit
  17. 23 May, 2018 1 commit
  18. 16 Apr, 2018 1 commit
    • Nick Ethier's avatar
      command/agent: add /v1/jobs/parse endpoint · b2b99924
      Nick Ethier authored
      The parse endpoint accepts a hcl jobspec body within a json object
      and returns the parsed json object for the job. This allows users to
      register jobs with the nomad json api without specifically needing
      a nomad binary to parse their hcl encoded jobspec file.
      b2b99924
  19. 11 Mar, 2018 1 commit
  20. 16 Feb, 2018 1 commit
  21. 30 Jan, 2018 1 commit
  22. 09 Jan, 2018 1 commit
    • Michael Schurter's avatar
      Fix HTTP code for permission denied errors · ae61f730
      Michael Schurter authored
      Fixes #3697
      
      The existing code and test case only covered the leader behavior. When
      querying against non-leaders the error has an "rpc error: " prefix.
      
      To provide consistency in HTTP error response I also strip the "rpc
      error: " prefix for 403 responses as they offer no beneficial additional
      information (and in theory disclose a tiny bit of data to unauthorized
      users, but it would be a pretty weird bit of data to use in a malicious
      way).
      ae61f730
  23. 08 Jan, 2018 2 commits
  24. 18 Dec, 2017 1 commit
  25. 21 Nov, 2017 1 commit
  26. 15 Nov, 2017 1 commit
    • Chelsea Komlo's avatar
      Nomad agent reload TLS configuration on SIGHUP (#3479) · fa9fd442
      Chelsea Komlo authored
      * Allow server TLS configuration to be reloaded via SIGHUP
      
      * dynamic tls reloading for nomad agents
      
      * code cleanup and refactoring
      
      * ensure keyloader is initialized, add comments
      
      * allow downgrading from TLS
      
      * initalize keyloader if necessary
      
      * integration test for tls reload
      
      * fix up test to assert success on reloaded TLS configuration
      
      * failure in loading a new TLS config should remain at current
      
      Reload only the config if agent is already using TLS
      
      * reload agent configuration before specific server/client
      
      lock keyloader before loading/caching a new certificate
      
      * introduce a get-or-set method for keyloader
      
      * fixups from code review
      
      * fix up linting errors
      
      * fixups from code review
      
      * add lock for config updates; improve copy of tls config
      
      * GetCertificate only reloads certificates dynamically for the server
      
      * config updates/copies should be on agent
      
      * improve http integration test
      
      * simplify agent reloading storing a local copy of config
      
      * reuse the same keyloader when reloading
      
      * Test that server and client get reloaded but keep keyloader
      
      * Keyloader exposes GetClientCertificate as well for outgoing connections
      
      * Fix spelling
      
      * correct changelog style
      fa9fd442