Skip to content
GitLab
Switch branch/tag
This project is mirrored from https://gitee.com/mirrors/nomad.git. Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
  1. 31 Oct, 2022 5 commits
  3. 28 Oct, 2022 1 commit
    • Tim Gross's avatar
      refactor eval delete safety check (#15070) · 8c19a126
      Tim Gross authored 
      The `Eval.Delete` endpoint has a helper that takes a list of jobs and allocs and
determines whether the eval associated with those is safe to delete (based on
their state). Filtering improvements to the `Eval.Delete` endpoint are going to
need this check to run in the state store itself for consistency.

Refactor to push this check down into the state store to keep the eventual diff
for that work reasonable.
      8c19a126
  5. 27 Oct, 2022 15 commits
  7. 26 Oct, 2022 2 commits
  9. 25 Oct, 2022 1 commit
  11. 24 Oct, 2022 7 commits
  13. 21 Oct, 2022 6 commits
    • Seth Hoenig's avatar
      ci: use the same go mod cache across test-core jobs (#15006) · dbd742d8
      Seth Hoenig authored 
      * ci: use the same go mod cache for test-core jobs

* ci: precache go modules

* ci: add a mods precache job
      dbd742d8
    • Tim Gross's avatar
      keyring: fixes for keyring replication on cluster join (#14987) · 5732eb2c
      Tim Gross authored 
      * keyring: don't unblock early if rate limit burst exceeded

The rate limiter returns an error and unblocks early if its burst limit is
exceeded (unless the burst limit is Inf). Ensure we're not unblocking early,
otherwise we'll only slow down the cases where we're already pausing to make
external RPC requests.

* keyring: set MinQueryIndex on stale queries

When keyring replication makes a stale query to non-leader peers to find a key
the leader doesn't have, we need to make sure the peer we're querying has had a
chance to catch up to the most current index for that key. Otherwise it's
possible for newly-added servers to query another newly-added server and get a
non-error nil response for that key ID.

Ensure that we're setting the correct reply index in the blocking query.

Note that the "not found" case does not return an error, just an empty key. So
as a belt-and-suspenders, update the handling of empty responses so that we
don't break the loop early if we hit a server that doesn't have the key.

* test for adding new servers to keyring

* leader: initialize keyring after we have consistent reads

Wait until we're sure the FSM is current before we try to initialize the
keyring.

Also, if a key is rotated immediately following a leader election, plans that
are in-flight may get signed before the new leader has the key. Allow for a
short timeout-and-retry to avoid rejecting plans
      5732eb2c
    • Michael Schurter's avatar
      test: use port collision instead of cpu exhaustion (#14994) · 5ed74049
      Michael Schurter authored 
      Originally this test relied on Job 1 blocking Job 2 until Job 1 had a
terminal *ClientStatus.* Job 2 ensured it would get blocked using 2
mechanisms:

1. A constraint requiring it is placed on the same node as Job 1.
2. Job 2 would require all unreserved CPU on the node to ensure it would
   be blocked until Job 1's resources were free.

That 2nd assertion breaks if *any previous job is still running on the
target node!* That seems very likely to happen in the flaky world of our
e2e tests. In fact there may be some jobs we intentionally want running
throughout; in hindsight it was never safe to assume my test would be
the only thing scheduled when it ran.

*Ports to the rescue!* Reserving a static port means that both Job 2
will now block on Job 1 being terminal. It will only conflict with other
tests if those tests use that port *on every node.* I ensured no
existing tests were using the port I chose.

Other changes:
- Gave job a bit more breathing room resource-wise.
- Tightened timings a bit since previous failure ran into the `go test`
  time limit.
- Cleaned up the DumpEvals output. It's quite nice and handy now!
      5ed74049
    • Luiz Aoqui's avatar
      docs: use of `node_class` when autoscaling (#14950) · f2318ed2
      Luiz Aoqui authored 
      Document how the value of `node_class` is used during cluster scaling.

https://github.com/hashicorp/nomad-autoscaler/issues/255
      f2318ed2
    • Seth Hoenig's avatar
      ci: use gotestsum for CI tests (#14995) · b52d40d4
      Seth Hoenig authored 
      Use gotestsum in both GHA and Circle with retries enabled.
      b52d40d4
    • James Rasell's avatar
      acl: allow tokens to read policies linked via roles to the token. (#14982) · fbe9f590
      James Rasell authored 
      ACL tokens are granted permissions either by direct policy links
or via ACL role links. Callers should therefore be able to read
policies directly assigned to the caller token or indirectly by
ACL role links.
      fbe9f590
  15. 20 Oct, 2022 3 commits

免费DevSecOps平台,让您的项目体验完整的DevSecOps流程,让项目更安全