This project is mirrored from https://gitee.com/mirrors/nomad.git.
Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
- 15 Jan, 2022 1 commit
-
-
Luiz Aoqui authored
-
- 14 Jan, 2022 14 commits
-
-
Jai authored
feat: add links to legend items in `allocation-summary`
-
Tim Gross authored
The command line client sends a specific volume ID, but this isn't enforced at the API level and we were incorrectly using a prefix match for volume deregistration, resulting in cases where a volume with a shorter ID that's a prefix of another volume would be deregistered instead of the intended volume.
-
Tim Gross authored
When the `volume deregister` or `volume detach` commands get an ID prefix that matches multiple volumes, show the full length of the volume IDs in the list of volumes shown so so that the user can select the correct one.
-
Tim Gross authored
The size of `stat_t` fields is architecture dependent, which was reportedly causing a build failure on FreeBSD ARM7 32-bit systems. This changeset matches the behavior we have on Linux.
-
Tim Gross authored
When we copy the system DNS to a task's `resolv.conf`, we should set the permissions as world-readable so that unprivileged users within the task can read it.
-
Jai Bhagat authored
-
Jai Bhagat authored
-
Jai Bhagat authored
-
Jai Bhagat authored
-
Jai Bhagat authored
-
Jai Bhagat authored
-
Jai Bhagat authored
-
Jai Bhagat authored
-
James Rasell authored
chore: ensure consistent file naming for non-enterprise files.
-
- 13 Jan, 2022 9 commits
-
-
James Rasell authored
agent/docs: add better clarification when top-level data dir needs setting
-
James Rasell authored
taskrunner: add clarifying initial vault token renew comment.
-
Luiz Aoqui authored
-
Seth Hoenig authored
mods: explain replace statements
-
James Rasell authored
-
Luiz Aoqui authored
-
Luiz Aoqui authored
-
Michael Schurter authored
agent: validate reserved_ports are valid
-
Michael Schurter authored
deps: update go-getter to v1.5.11
-
- 12 Jan, 2022 7 commits
-
-
Michael Schurter authored
-
Michael Schurter authored
Goal is to fix at least one of the causes that can cause a node to be ineligible to receive work: https://github.com/hashicorp/nomad/issues/9506#issuecomment-1002880600
-
Michael Schurter authored
Pulls in https://github.com/hashicorp/go-getter/pull/348 Fixes the possibility to log an sshkey if a specific error condition is hit.
-
Seth Hoenig authored
-
Seth Hoenig authored
cleanup: stop referencing depreceted HeaderMap field
-
Seth Hoenig authored
Remove reference to the deprecated ResponseRecorder.HeaderMap field, instead calling .Response.Header() to get the same data. closes #10520
-
sara-gawlinski authored
Updating banner for edge survey
-
- 11 Jan, 2022 1 commit
-
-
Tim Gross authored
-
- 10 Jan, 2022 5 commits
-
-
Tim Gross authored
-
Alessandro De Blasis authored
Signed-off-by:
Alessandro De Blasis <alex@deblasis.net> Co-authored-by:
Nate <37554478+servusdei2018@users.noreply.github.com>
-
grembo authored
Templates in nomad jobs make use of the vault token defined in the vault stanza when issuing credentials like client certificates. When using change_mode "noop" in the vault stanza, consul-template is not informed in case a vault token is re-issued (which can happen from time to time for various reasons, as described in https://www.nomadproject.io/docs/job-specification/vault). As a result, consul-template will keep using the old vault token to renew credentials and - once the token expired - stop renewing credentials. The symptom of this problem is a vault_token file that is newer than the issued credential (e.g., TLS certificate) in a job's /secrets directory. This change corrects this, so that h.updater.updatedVaultToken(token) is called, which will inform stakeholders about the new token and make sure, the new token is used by consul-template. Example job template fragment: vault { policies = ["nomad-job-policy"] change_mode = "noop" } template { data = <<-EOH {{ with secret "pki_int/issue/nomad-job" "common_name=myjob.service.consul" "ttl=90m" "alt_names=localhost" "ip_sans=127.0.0.1"}} {{ .Data.certificate }} {{ .Data.private_key }} {{ .Data.issuing_ca }} {{ end }} EOH destination = "${NOMAD_SECRETS_DIR}/myjob.crt" change_mode = "noop" } This fix does not alter the meaning of the three change modes of vault - "noop" - Take no action - "restart" - Restart the job - "signal" - send a signal to the task as the switch statement following line 232 contains the necessary logic. It is assumed that "take no action" was never meant to mean "don't tell consul-template about the new vault token". Successfully tested in a staging cluster consisting of multiple nomad client nodes.
-
Conor Evans authored
-
Derek Strickland authored
This PR exposes the following existing`consul-template` configuration options to Nomad jobspec authors in the `{job.group.task.template}` stanza. - `wait` It also exposes the following`consul-template` configuration to Nomad operators in the `{client.template}` stanza. - `max_stale` - `block_query_wait` - `consul_retry` - `vault_retry` - `wait` Finally, it adds the following new Nomad-specific configuration to the `{client.template}` stanza that allows Operators to set bounds on what `jobspec` authors configure. - `wait_bounds` Co-authored-by:
Tim Gross <tgross@hashicorp.com> Co-authored-by:
Michael Schurter <mschurter@hashicorp.com>
-
- 07 Jan, 2022 3 commits
-
-
Tim Gross authored
Client endpoints such as `alloc exec` are enforced on the client if the API client or CLI has "line of sight" to the client. This is already in the Learn guide but having it in the ACL configuration docs would be helpful.
-
Tim Gross authored
Small refactoring of the allocrunner hook for CSI to make it more testable, and a unit test that covers most of its logic.
-
Tim Gross authored
* Fixed name of `nomad.scheduler.allocs.reschedule` metric * Added new metrics to metrics reference documentation * Expanded definitions of "waiting" metrics * Changelog entry for #10236 and #10237
-