Tim Gross
Tim Gross
The behavior of Nomad client heartbeats under various failure scenarios has been a subject of internal discussion, resulting in new documentation for [Client Heartbeats](https://www.nomadproject.io/docs/configuration/server#client-heartbeats). This issue is a report of...
Fixes https://github.com/hashicorp/nomad/issues/11781 The exec driver and other drivers derived from the shared executor check the path of the command before handing off to libcontainer to ensure that the command doesn't...
We'll need to update the `rpc-potentially-unauthenticated` rule to account for handling of workload identity-based auth, like we have in Secure Variables (example: https://github.com/hashicorp/nomad/actions/runs/2799623079/jobs/4414032548): ``` nomad/secure_variables_endpoint.go semgrep.rpc-potentially-unauthenticated RPC method structs.SecureVariablesApplyRPCMethod appears...
A reminder for post-Nomad 1.4.0: We've got a PR open https://github.com/hashicorp/consul-template/pull/1632 that adds support for Nomad Variables. Because the timelines for releasing consul-template, releasing Nomad 1.4.0-beta.1, and release Nomad 1.4.0...
Nomad Variables is shipping in Nomad 1.4.0 with a very small maximum entry size (16KiB) in order to reduce the potential performance impact of Variables on our raft store. Per-namespace...
The rarely-used [`enable_syslog`](https://developer.hashicorp.com/nomad/docs/configuration#enable_syslog) configuration emits Nomad agent logs to a syslog interface. While debugging a problem for an internal user, I noticed that they were only getting high-level logs. When...
@ron-savoia reported getting the following errors with a federated clusters using mTLS: > 2022-10-28T20:33:32.124Z [WARN] nomad.rpc: failed TLS handshake: remote_addr=192.168.1.190:55376 error="remote error: tls: bad certificate" > 2022-10-28T20:33:32.755Z [WARN] nomad.stats_fetcher: error...
Many workloads will want to access all the variables available to them under the `nomad/jobs/` prefix as environment variables. We can expect there to be a fairly common template block...
When an evaluation is acknowledged by a scheduler, the resulting plan is guaranteed to cover up to the `ModifyIndex` ("wait index") set by the worker based on the most recent...
While looking into metrics emitted by the raft FSM, I noticed that the `AllocUpdateRequestType` raft entry has no non-test callers other than the event stream that reads those non-existent raft...