| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|\
| |
| | |
Bump OpenSSL spec requirements to v3.1.4
|
| | |
|
|\ \
| | |
| | | |
Balder/add noexcept
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Extend `/application/v4` with API for approving terms of service
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
vespa-engine/hakonhall/retire-if-there-are-shared-hosts-dedicated-to-cluster-type
Retire if there are shared hosts dedicated to cluster type
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Extend `ConsoleUrls` with additional ctor and `tenantBilling(TenantName,Bill.Id)`
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
`tenantBilling(TenantName,Bill.Id)`
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Specify metric unit in description string
|
| |/ / / / / |
|
|\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | |
| | | | | |
| | | | | | |
vespa-engine/renovate/vitejs-plugin-react-4.x-lockfile
Update dependency @vitejs/plugin-react to v4.1.1
|
| | |_|_|/
| |/| | | |
|
|\ \ \ \ \
| |/ / / /
|/| | | |
| | | | |
| | | | | |
vespa-engine/vekterli/avoid-docstore-prealloc-when-sanitizer-instrumented
Do not preallocate doc store based on node memory if sanitizers are enabled
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If sanitizers are enabled, `mmap`-allocations may be intercepted
and allocated pages may be implicitly touched+committed. This
tends to explode when testing locally, so fall back to configured
initial num-docs if this is the case.
|
|\ \ \ \
| |/ / /
|/| | | |
map_subspaces operation
|
| | | |
| | | |
| | | |
| | | | |
also disallow map_subspaces in compiled functions
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
vespa-engine/vekterli/merge-memory-usage-soft-limiting
Add configurable soft limiting of memory used by merge operations on a content node
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add config for min/max capping of deduced limit, as well as a scaling
factor based on the memory available to the process. Defaults
have been chosen based on empirical observations over many years,
but having these as config means we can tune things live if
it should ever be required.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The distributor only knows a limited amount of metadata per
bucket replica (roughly: checksum, doc count, doc size). It
therefore has no way to know if two replicas with different
checksums, both with 1000 documents, have 999 or 0 documents
in common. We therefore have to assume the worst and estimate
the worst case memory usage as being the _sum_ of mutually
divergent replica sizes.
Estimates are bounded by the expected bucket merge chunk size,
as we make the simplifying assumption that memory usage for
a particular node is (roughly) limited to this value for any
given bucket.
One special-cased exception to this is single-document replicas,
as one document can not be split across multiple chunks by
definition. Here we track the largest single document replica.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If configured, the active merge window is limited so that the
sum of estimated memory usage for its merges does not go
beyond the configured soft memory limit. The window can
always fit a minimum of 1 merge regardless of its size to
ensure progress in the cluster (thus this is a soft limit,
not a hard limit).
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Balder/deinline foreach
|
| | | | | | |
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
vespa-engine/toregge/dynamic-summary-fields-dont-require-tokenizer
Dynamic summary fields don't require tokenizer.
|
| | |_|_|_|/
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Tokenization is enabled by the presence of an index expression in the
indexing script for the field, and the annotated strings containing the
result of tokenization are written to the document field.
|
|\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
Exclude airlift from linkcheck
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
vespa-engine/vekterli/test-openssl-integration-not-vulnerable-to-cred-stuffing
Test that OpenSSL mTLS integration is not vulnerable to certificate stuffing
|
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This adds a test that our OpenSSL mTLS integration is not
vulnerable to CVE-2023-2422-style certificate credential
stuffing.
Spoiler alert: we're not, and never have been vulnerable.
But this test shall help to ensure we also never accidentally
will be in the future.
If a server is vulnerable to certificate stuffing, a sneaky
client may include both a valid certificate chain (containing
credential set A) as well as a self-signed peer certificate
(containing credential set B). The vulnerable server thinks
the latter cert has been verified, even though the mTLS
implementation only verifies the first (actual) client cert
as being signed by the CA. The server may then wrongfully
choose to include set B as the client's credentials.
We explicitly only consider certificates in the chain at
OpenSSL "error depth zero", which means the "end entity
certificate", i.e. the client peer.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Use 'value' when getting an enum object from a String.
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
- Ensures that the correct value is returned even if the name
and value does not match.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Minor cleanup
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| |_|_|/ / / /
|/| | | | | |
| | | | | | |
| | | | | | | |
vespa-engine/aressem/use-plain-image-when-mirroring
Use plain CentOS Stream 8 image for mirroring to avoid confusion with…
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | | |
preinstalled packages.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
vespa-engine/toregge/dont-censor-map-indexes-that-starts-with-left-brace
Don't censor map indexes that start with left bracket in
|
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | | |
readAndCensorIndexes.
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
HostFlavorUpgrader: Reprocess hosts with non-retiring nodes
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Update more bill states
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
external system into the database.
|
| | | | | | | |
|