This project is mirrored from https://gitee.com/mirrors/nomad.git.
Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
- 25 May, 2022 17 commits
-
-
Tim Gross authored
When a server becomes leader, it will check if there are any keys in the state store, and create one if there is not. The key metadata will be replicated via raft to all followers, who will then get the key material via key replication (not implemented in this changeset).
-
Tim Gross authored
This changeset implements the keystore serialization/deserialization: * Adds a JSON serialization extension for the `RootKey` struct, along with a metadata stub. When we serialize RootKey to the on-disk keystore, we want to base64 encode the key material but also exclude any frequently-changing fields which are stored in raft. * Implements methods for loading/saving keys to the keystore. * Implements methods for restoring the whole keystore from disk. * Wires it all up with the `Keyring` RPC handlers and fixes up any fallout on tests.
-
Tim Gross authored
-
Tim Gross authored
Implement the upsert, list, delete, and rotate RPC handlers for the secure variables keyring. Operations on the keyring itself are still stubbed out.
-
Tim Gross authored
Implement the basic upsert, list, and delete operations for `RootKeyMeta` needed by the Keyring RPCs. This changeset also implements two convenience methods `RootKeyMetaByID` and `GetActiveRootKeyMeta` which are useful for testing but also will be needed to implement the rest of the RPCs.
-
Phil Renaud authored
* Route init * Bones of a mirage-mocked secure variables policy * Functinoing policy for list vars * Delog and transition on route * Basic guard test * Page guard tests for secure variables * Cleanup and unit tests for variables ability * Linter cleanup * Set expectations for test assertions * PR feedback addressed * Read label changed to View per suggestion
-
Charlie Voiselle authored
* Add SecureVariable mock * Add SecureVariableStub * Add SecureVariable Copy and Stub funcs
-
Tim Gross authored
Implement the core SecureVariable and RootKey structs in memdb, provide the minimal skeleton for FSM, and a dummy storage and keyring RPC endpoint.
-
Seth Hoenig authored
build: update golang version to 1.18.2
-
Seth Hoenig authored
-
Seth Hoenig authored
This PR update to Go 1.18.2. Also update the versions of hclfmt and go-hclogfmt which includes newer dependencies necessary for dealing with go1.18. The hcl v2 branch is now 'nomad-v2.9.1+tweaks2', to include a fix for newer macOS versions: https://github.com/hashicorp/hcl/commit/8927e75e82c19370aabaf06b7dca91c2c9e73e3c
-
Luiz Aoqui authored
Merge release 1.3.1 branch
-
Seth Hoenig authored
tests: minor fixes for some docker tests
-
Seth Hoenig authored
-
Seth Hoenig authored
-
Seth Hoenig authored
ci: switch to 22.04 for GHA Core CI tests
-
Seth Hoenig authored
-
- 24 May, 2022 11 commits
-
-
Seth Hoenig authored
core: fix blocked eval math
-
Luiz Aoqui authored
-
hc-github-team-nomad-core authored
-
hc-github-team-nomad-core authored
-
Luiz Aoqui authored
-
Michael Schurter authored
Fix numerous go-getter security issues: - Add timeouts to http, git, and hg operations to prevent DoS - Add size limit to http to prevent resource exhaustion - Disable following symlinks in both artifacts and `job run` - Stop performing initial HEAD request to avoid file corruption on retries and DoS opportunities. **Approach** Since Nomad has no ability to differentiate a DoS-via-large-artifact vs a legitimate workload, all of the new limits are configurable at the client agent level. The max size of HTTP downloads is also exposed as a node attribute so that if some workloads have large artifacts they can specify a high limit in their jobspecs. In the future all of this plumbing could be extended to enable/disable specific getters or artifact downloading entirely on a per-node basis.
-
Luiz Aoqui authored
In the original test, the eval generator would use a random value for the job ID, resulting in an unxercised code path for duplicate blocked evals.
-
Seth Hoenig authored
drivers/docker: do not set cgroup parent in v1 mode
-
Seth Hoenig authored
This PR fixes a bug where the CgroupParent on the docker HostConfig struct was accidently being set when running in cgroups v1 mode.
-
Seth Hoenig authored
-
Seth Hoenig authored
-
- 23 May, 2022 1 commit
-
-
Seth Hoenig authored
-
- 20 May, 2022 2 commits
-
-
PinkLolicorn authored
The description of `mount_flags` provides incorrect example of the accepted value format. This fixes the issue by changing the example from a string `ro,noatime` to a slice of strings `["ro", "noatime"]`.
-
Tim Gross authored
The nightly playwright tests are currently failing because of a mismatch between the expected version of Chromium and what's in the container image. Unfortunately the previous specific tag we were using for the container image is no longer tagged on the registry. With some testing, I was able to find an image tag that results in a good run.
-
- 19 May, 2022 6 commits
-
-
Will Jordan authored
There's no reason to buffer json logs on agent startup since logs in this format already aren't reordered.
-
Seth Hoenig authored
cli: correctly validate job with vault token set
-
claire labry authored
[CI-only] Use the postinstall script for linux packages
-
Seth Hoenig authored
This PR fixes `job validate` to respect '-vault-token', '$VAULT_TOKEN', '-vault-namespace' if set.
-
Thomas Wunderlich authored
It appears that the postinstall script was created but never used. This change is to actually use the post-install script.
-
Tim Gross authored
-
- 17 May, 2022 3 commits
-
-
Seth Hoenig authored
cli: update default redis and use nomad service discovery
-
Seth Hoenig authored
-
Seth Hoenig authored
Closes #12927 Closes #12958 This PR updates the version of redis used in our examples from 3.2 to 7. The old version is very not supported anymore, and we should be setting a good example by using a supported version. The long-form example job is now fixed so that the service stanza uses nomad as the service discovery provider, and so now the job runs without a requirement of having Consul running and configured.
-