Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Reboot in real node repo | Håkon Hallingstad | 2022-12-06 | 2 | -0/+12 |
| | |||||
* | Create file with correct permissions | Håkon Hallingstad | 2022-12-06 | 3 | -16/+26 |
| | |||||
* | Revert "Revert collect(Collectors.toList())" | Henning Baldersheim | 2022-12-04 | 17 | -26/+26 |
| | |||||
* | Revert collect(Collectors.toList()) | Henning Baldersheim | 2022-12-04 | 17 | -26/+26 |
| | |||||
* | collect(Collectors.toList()) -> toList() | Henning Baldersheim | 2022-12-02 | 17 | -26/+26 |
| | |||||
* | Stop using report-cores-via-cfg | Håkon Hallingstad | 2022-12-01 | 5 | -233/+67 |
| | |||||
* | Add GPU fields to node repository client | Martin Polden | 2022-12-01 | 2 | -12/+25 |
| | |||||
* | Revert "Re-create container if wanted create command changes" | Martin Polden | 2022-11-30 | 8 | -52/+20 |
| | |||||
* | Update signature in mock | Martin Polden | 2022-11-28 | 2 | -2/+2 |
| | |||||
* | Pass wanted resources | Martin Polden | 2022-11-25 | 3 | -4/+4 |
| | |||||
* | Re-create container if wanted create command changes | Martin Polden | 2022-11-25 | 8 | -20/+52 |
| | |||||
* | Revert "Re-create container if wanted create command changes" | Valerij Fredriksen | 2022-11-25 | 8 | -52/+20 |
| | |||||
* | Re-create container if wanted create command changes | Martin Polden | 2022-11-24 | 8 | -20/+52 |
| | |||||
* | Merge pull request #24902 from vespa-engine/enclaves-api | gjoranv | 2022-11-17 | 1 | -1/+2 |
|\ | | | | | Enclaves api | ||||
| * | Add test for enclave nodes, and necessary supporting infrastructure | gjoranv | 2022-11-16 | 1 | -1/+2 |
| | | |||||
* | | Use BouncyCastle AES GCM cipher and I/O streams instead of JCA | Tor Brede Vekterli | 2022-11-16 | 1 | -3/+1 |
|/ | | | | | | | | | | | | | | | | | | This resolves two issues: * `javax.crypto.OutputCipherStream` swallows MAC tag mismatch exceptions when the stream is closed, which means that corruptions (intentional or not) are not caught. This is documented behavior, but still very surprising and a rather questionable default. BC's interchangeable `CipherOutputStream` throws as expected. To avoid regressions, add an explicit test that both ciphertext and MAC tag corruptions are propagated. * The default-provided `AES/GCM/NoPadding` `Cipher` instance will not emit decrypted plaintext per `update()` chunk, but buffer everything until `doFinal()` is invoked when the stream is closed. This means that decrypting very large ciphertexts can blow up memory usage since internal output buffers are reallocated and increased per iteration...! Instead use an explicit BC `GCMBlockCipher` which has the expected behavior (and actually lets cipher streams, well, _stream_). Add an `AeadCipher` abstraction to avoid leaking BC APIs outside the security module. | ||||
* | Revert "Revert "Revert "Revert "Move $VESPA_HOME/tmp to $VESPA_HOME/var/tmp ↵ | Eirik Nygaard | 2022-11-07 | 2 | -6/+6 |
| | | | | [run-systemtest]"""" | ||||
* | Revert "Revert "Revert "Move $VESPA_HOME/tmp to $VESPA_HOME/var/tmp ↵ | Eirik Nygaard | 2022-11-07 | 2 | -6/+6 |
| | | | | [run-systemtest]""" | ||||
* | Revert "Revert "Move $VESPA_HOME/tmp to $VESPA_HOME/var/tmp [run-systemtest]"" | Eirik Nygaard | 2022-11-04 | 2 | -6/+6 |
| | |||||
* | Revert "Move $VESPA_HOME/tmp to $VESPA_HOME/var/tmp [run-systemtest]" | Arnstein Ressem | 2022-11-04 | 2 | -6/+6 |
| | |||||
* | Move $VESPA_HOME/tmp to $VESPA_HOME/var/tmp | Eirk Nygaard | 2022-11-04 | 2 | -6/+6 |
| | | | | | Prepare to support immutable container image where only var and logs directories must be writable. Create symlink from old tmp directory to $VESPA_HOME/var/tmp | ||||
* | Wire core dump encryption public key ID to core dump handler logic | Tor Brede Vekterli | 2022-11-04 | 3 | -9/+67 |
| | |||||
* | Merge pull request #24715 from vespa-engine/vekterli/encapsulate-key-id | Tor Brede Vekterli | 2022-11-02 | 1 | -1/+2 |
|\ | | | | | Encapsulate key identifier in own object | ||||
| * | Encapsulate key identifier in own object | Tor Brede Vekterli | 2022-11-02 | 1 | -1/+2 |
| | | | | | | | | Enforces invariants and avoids having to pass raw byte arrays around. | ||||
* | | Log core dump processing | Håkon Hallingstad | 2022-11-02 | 5 | -20/+164 |
|/ | |||||
* | Write absolute path of file | Håkon Hallingstad | 2022-11-01 | 1 | -1/+1 |
| | |||||
* | Merge pull request #24689 from ↵ | Valerij Fredriksen | 2022-11-01 | 8 | -33/+265 |
|\ | | | | | | | | | vespa-engine/hakonhall/guard-core-dump-upload-via-cfg Guard core dump upload via cfg | ||||
| * | Guard core dump upload via cfg | Håkon Hallingstad | 2022-11-01 | 8 | -33/+265 |
| | | |||||
* | | Let token key IDs be UTF-8 byte strings instead of just an integer | Tor Brede Vekterli | 2022-11-01 | 1 | -1/+1 |
|/ | | | | | | | | | | | | | | This makes key IDs vastly more expressive. Max size is 255 bytes, and UTF-8 form is enforced by checking that the byte sequence can be identity-transformed to and from a string with UTF-8 encoding. In addition, we now protect the integrity of the key ID by supplying it as the AAD parameter to the key sealing and opening operations. Reduce v1 token max length of `enc` part to 255, since this is always an X25519 public key, which is never bigger than 32 bytes (but may be _less_ if the random `BigInteger` is small enough, so we still have to encode the length). | ||||
* | zst is the extension for std compressed files. | Henning Baldersheim | 2022-11-01 | 2 | -5/+5 |
| | |||||
* | Add encryption capabilities to core dump handler | Tor Brede Vekterli | 2022-11-01 | 2 | -35/+132 |
| | | | | | | | | | | | | | Once wired in (not currently the case), a Supplier of non-null `SecretSharedKey` instances will trigger: 1. Wrapping the output stream with an encrypting output stream using the secret component of the supplied key. Zstd compression is handled on the input stream, so this should transparently encrypt compressed data. To disambiguate, encrypted core dumps are suffixed with an additional `.enc` file extension. 2. Emitting a public decryption token as part of the metadata using the shared component of the supplied key. | ||||
* | Add missing suffix newline | Håkon Hallingstad | 2022-11-01 | 1 | -1/+1 |
| | |||||
* | Export com.yahoo.vespa.hosted.node.admin.configserver.cores | Håkon Hallingstad | 2022-11-01 | 2 | -1/+9 |
| | |||||
* | Revert "Revert "New cores client in node-admin"" | Håkon Hallingstad | 2022-11-01 | 12 | -43/+297 |
| | |||||
* | Revert "New cores client in node-admin" | Håkon Hallingstad | 2022-11-01 | 12 | -297/+43 |
| | |||||
* | New cores client in node-admin | Håkon Hallingstad | 2022-10-31 | 12 | -43/+297 |
| | |||||
* | * apply new common bootstrap | Arne Juul | 2022-10-24 | 1 | -0/+3 |
| | | | | | * remove now-duplicated code * prefer using ${VESPA_HOME} environment variable | ||||
* | Allow suffix of base name of filename for upload URI | Håkon Hallingstad | 2022-10-20 | 1 | -8/+20 |
| | |||||
* | Start wireguard on configserver hosts (#24345) | gjoranv | 2022-10-13 | 4 | -6/+24 |
| | | | Co-authored-by: gjoranv <gv@verizonmedia.com> | ||||
* | Use UnixPath::exists | Håkon Hallingstad | 2022-10-12 | 1 | -1/+1 |
| | |||||
* | Don't ignore exit code | Ola Aunronning | 2022-09-30 | 1 | -1/+0 |
| | |||||
* | Get systemctl service property | Ola Aunronning | 2022-09-30 | 2 | -0/+12 |
| | |||||
* | Remove pem-trust-store flag | Håkon Hallingstad | 2022-09-29 | 1 | -14/+6 |
| | |||||
* | Add wantToRebuild field | Martin Polden | 2022-09-28 | 3 | -47/+71 |
| | |||||
* | Trust store path is associated with ZTS | Håkon Hallingstad | 2022-09-23 | 1 | -9/+9 |
| | |||||
* | Merge pull request #24130 from ↵ | Harald Musum | 2022-09-20 | 1 | -17/+15 |
|\ | | | | | | | | | vespa-engine/hakonhall/refresh-identity-from-pem-trust-store Refresh identity from PEM trust store | ||||
| * | Refresh identity from PEM trust store | Håkon Hallingstad | 2022-09-19 | 1 | -17/+15 |
| | | |||||
* | | Dont fail coredump reports if /proc/cpuinfo is missing microcode information. | Arnstein Ressem | 2022-09-16 | 1 | -1/+1 |
| | | |||||
* | | Fail service dump request gracefully if JSON is invalid | Bjørn Christian Seime | 2022-09-15 | 3 | -10/+52 |
|/ | |||||
* | Support censoring of command arguments | Martin Polden | 2022-09-08 | 3 | -14/+46 |
| |