Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update test. | gjoranv | 2023-02-16 | 1 | -2/+2 |
| | |||||
* | Don't fail if a configserver lacks wg pubkey. | gjoranv | 2023-02-16 | 3 | -2/+9 |
| | |||||
* | Add unit test for /nodes/v2/wireguard | gjoranv | 2023-02-16 | 1 | -0/+28 |
| | |||||
* | Return a sorted list of configservers | gjoranv | 2023-02-16 | 1 | -0/+2 |
| | |||||
* | Use List instead of Collection | gjoranv | 2023-02-16 | 1 | -2/+1 |
| | |||||
* | Implement nodes/v2/wireguard support in client. | gjoranv | 2023-02-16 | 5 | -0/+99 |
| | |||||
* | Move VersionedIpAddress to node-admin | gjoranv | 2023-02-16 | 1 | -0/+49 |
| | |||||
* | Re-register if identity document is outdated | Bjørn Christian Seime | 2023-02-15 | 1 | -4/+10 |
| | |||||
* | Allow getting and patching wg pubkey from/to node repo. | gjoranv | 2023-02-13 | 5 | -18/+68 |
| | | | | + Add missing 'trustStore' to NodeAttributes.hashCode | ||||
* | Use a list of wg tasks, instead of an optional. | gjoranv | 2023-02-08 | 3 | -9/+9 |
| | |||||
* | Remove 'ip' from TenantParameters, was not useful. | gjoranv | 2023-02-06 | 2 | -5/+2 |
| | |||||
* | Update comment | gjoranv | 2023-02-06 | 1 | -1/+1 |
| | |||||
* | Merge pull request #25862 from vespa-engine/bjorncs/cluster-type-in-node-cert | Bjørn Christian Seime | 2023-02-06 | 1 | -8/+7 |
|\ | | | | | Bjorncs/cluster type in node cert | ||||
| * | Add cluster type as SAN URI in Athenz instance certificates for Vespa | Bjørn Christian Seime | 2023-02-03 | 1 | -8/+7 |
| | | |||||
* | | Collect GPU metrics | Martin Polden | 2023-02-02 | 6 | -56/+140 |
| | | |||||
* | | Convert to records | Martin Polden | 2023-02-02 | 2 | -180/+40 |
|/ | |||||
* | Throw `ConvergenceException` instead of `IllegalStateException` | Tor Brede Vekterli | 2023-02-01 | 2 | -4/+5 |
| | |||||
* | Fail closed when no core dump encryption public key is found | Tor Brede Vekterli | 2023-02-01 | 2 | -22/+18 |
| | |||||
* | Rename WireguardMaintainer -> ContainerWireguardTask | gjoranv | 2023-01-27 | 2 | -5/+5 |
| | |||||
* | Use container-apache-http-client-bundle | Bjørn Christian Seime | 2023-01-26 | 1 | -9/+6 |
| | |||||
* | Revert "Revert "Revert "Bjorncs/bundle cleanup [run-systemtest]""" | Bjørn Christian Seime | 2023-01-26 | 1 | -6/+9 |
| | |||||
* | Stack => Deque and gc unused ConfigFileFormat | Henning Baldersheim | 2023-01-25 | 1 | -3/+3 |
| | |||||
* | Revert "Revert "Bjorncs/bundle cleanup [run-systemtest]" (#25713)" | Bjørn Christian Seime | 2023-01-25 | 1 | -9/+6 |
| | | | | This reverts commit 1ef8e73ab5ef6ea72297bed35ecc1f0f0703c46f. | ||||
* | Revert "Bjorncs/bundle cleanup [run-systemtest]" (#25713) | Jon Marius Venstad | 2023-01-24 | 1 | -6/+9 |
| | |||||
* | Use container-apache-http-client-bundle | Bjørn Christian Seime | 2023-01-24 | 1 | -9/+6 |
| | |||||
* | Upgrade to gcc 12 | Henning Baldersheim | 2023-01-19 | 2 | -2/+2 |
| | |||||
* | Just use Streams.toList as that is unmdifiable. | Henning Baldersheim | 2023-01-18 | 3 | -3/+3 |
| | |||||
* | Revert "Revert "open wireguard port for config servers"" | Andreas Eriksen | 2023-01-16 | 5 | -66/+102 |
| | |||||
* | Revert "open wireguard port for config servers (#25586)" | Henning Baldersheim | 2023-01-16 | 5 | -102/+66 |
| | | | | This reverts commit 2ee6905f0c6535fe95cc0516e4634f3ac37414b2. | ||||
* | open wireguard port for config servers (#25586) | Andreas Eriksen | 2023-01-16 | 5 | -66/+102 |
| | |||||
* | Resolve /proc/cpuinfo with test filesystem | Valerij Fredriksen | 2023-01-10 | 2 | -2/+3 |
| | |||||
* | Remove unused code | Valerij Fredriksen | 2023-01-10 | 2 | -51/+2 |
| | |||||
* | Use Path.of() instead to avoid extra import | Valerij Fredriksen | 2023-01-10 | 5 | -16/+16 |
| | |||||
* | Add http-utils as explicit dependency | Bjørn Christian Seime | 2023-01-09 | 1 | -0/+7 |
| | |||||
* | Ensure that HTTPS clients only use allowed ciphers and protocol versions | Bjørn Christian Seime | 2023-01-09 | 1 | -2/+3 |
| | |||||
* | Revert "Ensure that HTTPS clients only use allowed ciphers and protocol ↵ | Andreas Eriksen | 2023-01-06 | 1 | -3/+2 |
| | | | | versions" (#25436) | ||||
* | Ensure that HTTPS clients only use allowed ciphers and protocol versions | Bjørn Christian Seime | 2023-01-06 | 1 | -2/+3 |
| | |||||
* | Update expected token with new token version | Tor Brede Vekterli | 2023-01-05 | 1 | -1/+1 |
| | |||||
* | Use ChaCha20-Poly1305 instead of AES-GCM for shared key-based crypto | Tor Brede Vekterli | 2023-01-05 | 2 | -2/+2 |
| | | | | | | | | | | | | | | | | | | | | | This is to get around the limitation where AES GCM can only produce a maximum of 64 GiB of ciphertext for a particular <key, IV> pair before its security properties break down. ChaCha20-Poly1305 does not have any practical limitations here. ChaCha20-Poly1305 uses a 256-bit key whereas the shared key is 128 bits. A HKDF is used to internally expand the key material to 256 bits. To let token based decryption be fully backwards compatible, introduce a token version 2. V1 tokens will be decrypted with AES-GCM 128, while V2 tokens use ChaCha20-Poly1305. As a bonus, cryptographic operations will generally be _faster_ after this cipher change, as we use BouncyCastle ciphers and these do not use any native AES instructions. ChaCha20-Poly1305 is usually considerably faster when running without specialized hardware support. An ad-hoc experiment with a large ciphertext showed a near 70% performance increase over AES-GCM 128. | ||||
* | Merge pull request #25374 from vespa-engine/jonmv/no-metricsp-proxy-logs-to-s3 | Jon Marius Venstad | 2023-01-03 | 2 | -1/+16 |
|\ | | | | | Avoid uploading metrics-proxy access logs | ||||
| * | Avoid regex | Jon Marius Venstad | 2023-01-03 | 1 | -1/+1 |
| | | |||||
| * | Avoid uploading metrics-proxy access logs | jonmv | 2023-01-03 | 2 | -1/+16 |
| | | |||||
* | | OrchestratorException should not increment unhandled_exceptions | Håkon Hallingstad | 2023-01-03 | 1 | -1/+1 |
|/ | |||||
* | Merge pull request #25279 from ↵ | Håkon Hallingstad | 2022-12-21 | 4 | -8/+49 |
|\ | | | | | | | | | vespa-engine/revert-25274-revert-25247-bjormel/yum_--disablerepo Revert "Revert "support for disablerepo in yum command"" | ||||
| * | do not disable other repos by default | bjormel | 2022-12-19 | 2 | -9/+20 |
| | | |||||
| * | test for disable other repos | bjormel | 2022-12-19 | 1 | -0/+6 |
| | | |||||
| * | mimic maybeEscapeArgument() in CommandLine | bjormel | 2022-12-19 | 1 | -1/+5 |
| | | |||||
| * | Revert "Revert "support for disablerepo in yum command"" | Bjørn Meland | 2022-12-16 | 4 | -13/+33 |
| | | |||||
* | | Clean up /opt/vespa/var/tmp in content node too... | bjormel | 2022-12-18 | 1 | -2/+3 |
| | | |||||
* | | Clean up /opt/vespa/var/tmp in container | bjormel | 2022-12-18 | 2 | -2/+8 |
|/ |