aboutsummaryrefslogtreecommitdiffstats
path: root/node-admin
Commit message (Collapse)AuthorAgeFilesLines
* Update test.gjoranv2023-02-161-2/+2
|
* Don't fail if a configserver lacks wg pubkey.gjoranv2023-02-163-2/+9
|
* Add unit test for /nodes/v2/wireguardgjoranv2023-02-161-0/+28
|
* Return a sorted list of configserversgjoranv2023-02-161-0/+2
|
* Use List instead of Collectiongjoranv2023-02-161-2/+1
|
* Implement nodes/v2/wireguard support in client.gjoranv2023-02-165-0/+99
|
* Move VersionedIpAddress to node-admingjoranv2023-02-161-0/+49
|
* Re-register if identity document is outdatedBjørn Christian Seime2023-02-151-4/+10
|
* Allow getting and patching wg pubkey from/to node repo.gjoranv2023-02-135-18/+68
| | | | + Add missing 'trustStore' to NodeAttributes.hashCode
* Use a list of wg tasks, instead of an optional.gjoranv2023-02-083-9/+9
|
* Remove 'ip' from TenantParameters, was not useful.gjoranv2023-02-062-5/+2
|
* Update commentgjoranv2023-02-061-1/+1
|
* Merge pull request #25862 from vespa-engine/bjorncs/cluster-type-in-node-certBjørn Christian Seime2023-02-061-8/+7
|\ | | | | Bjorncs/cluster type in node cert
| * Add cluster type as SAN URI in Athenz instance certificates for VespaBjørn Christian Seime2023-02-031-8/+7
| |
* | Collect GPU metricsMartin Polden2023-02-026-56/+140
| |
* | Convert to recordsMartin Polden2023-02-022-180/+40
|/
* Throw `ConvergenceException` instead of `IllegalStateException`Tor Brede Vekterli2023-02-012-4/+5
|
* Fail closed when no core dump encryption public key is foundTor Brede Vekterli2023-02-012-22/+18
|
* Rename WireguardMaintainer -> ContainerWireguardTaskgjoranv2023-01-272-5/+5
|
* Use container-apache-http-client-bundleBjørn Christian Seime2023-01-261-9/+6
|
* Revert "Revert "Revert "Bjorncs/bundle cleanup [run-systemtest]"""Bjørn Christian Seime2023-01-261-6/+9
|
* Stack => Deque and gc unused ConfigFileFormatHenning Baldersheim2023-01-251-3/+3
|
* Revert "Revert "Bjorncs/bundle cleanup [run-systemtest]" (#25713)"Bjørn Christian Seime2023-01-251-9/+6
| | | | This reverts commit 1ef8e73ab5ef6ea72297bed35ecc1f0f0703c46f.
* Revert "Bjorncs/bundle cleanup [run-systemtest]" (#25713)Jon Marius Venstad2023-01-241-6/+9
|
* Use container-apache-http-client-bundleBjørn Christian Seime2023-01-241-9/+6
|
* Upgrade to gcc 12Henning Baldersheim2023-01-192-2/+2
|
* Just use Streams.toList as that is unmdifiable.Henning Baldersheim2023-01-183-3/+3
|
* Revert "Revert "open wireguard port for config servers""Andreas Eriksen2023-01-165-66/+102
|
* Revert "open wireguard port for config servers (#25586)"Henning Baldersheim2023-01-165-102/+66
| | | | This reverts commit 2ee6905f0c6535fe95cc0516e4634f3ac37414b2.
* open wireguard port for config servers (#25586)Andreas Eriksen2023-01-165-66/+102
|
* Resolve /proc/cpuinfo with test filesystemValerij Fredriksen2023-01-102-2/+3
|
* Remove unused codeValerij Fredriksen2023-01-102-51/+2
|
* Use Path.of() instead to avoid extra importValerij Fredriksen2023-01-105-16/+16
|
* Add http-utils as explicit dependencyBjørn Christian Seime2023-01-091-0/+7
|
* Ensure that HTTPS clients only use allowed ciphers and protocol versionsBjørn Christian Seime2023-01-091-2/+3
|
* Revert "Ensure that HTTPS clients only use allowed ciphers and protocol ↵Andreas Eriksen2023-01-061-3/+2
| | | | versions" (#25436)
* Ensure that HTTPS clients only use allowed ciphers and protocol versionsBjørn Christian Seime2023-01-061-2/+3
|
* Update expected token with new token versionTor Brede Vekterli2023-01-051-1/+1
|
* Use ChaCha20-Poly1305 instead of AES-GCM for shared key-based cryptoTor Brede Vekterli2023-01-052-2/+2
| | | | | | | | | | | | | | | | | | | | | This is to get around the limitation where AES GCM can only produce a maximum of 64 GiB of ciphertext for a particular <key, IV> pair before its security properties break down. ChaCha20-Poly1305 does not have any practical limitations here. ChaCha20-Poly1305 uses a 256-bit key whereas the shared key is 128 bits. A HKDF is used to internally expand the key material to 256 bits. To let token based decryption be fully backwards compatible, introduce a token version 2. V1 tokens will be decrypted with AES-GCM 128, while V2 tokens use ChaCha20-Poly1305. As a bonus, cryptographic operations will generally be _faster_ after this cipher change, as we use BouncyCastle ciphers and these do not use any native AES instructions. ChaCha20-Poly1305 is usually considerably faster when running without specialized hardware support. An ad-hoc experiment with a large ciphertext showed a near 70% performance increase over AES-GCM 128.
* Merge pull request #25374 from vespa-engine/jonmv/no-metricsp-proxy-logs-to-s3Jon Marius Venstad2023-01-032-1/+16
|\ | | | | Avoid uploading metrics-proxy access logs
| * Avoid regexJon Marius Venstad2023-01-031-1/+1
| |
| * Avoid uploading metrics-proxy access logsjonmv2023-01-032-1/+16
| |
* | OrchestratorException should not increment unhandled_exceptionsHåkon Hallingstad2023-01-031-1/+1
|/
* Merge pull request #25279 from ↵Håkon Hallingstad2022-12-214-8/+49
|\ | | | | | | | | vespa-engine/revert-25274-revert-25247-bjormel/yum_--disablerepo Revert "Revert "support for disablerepo in yum command""
| * do not disable other repos by defaultbjormel2022-12-192-9/+20
| |
| * test for disable other reposbjormel2022-12-191-0/+6
| |
| * mimic maybeEscapeArgument() in CommandLinebjormel2022-12-191-1/+5
| |
| * Revert "Revert "support for disablerepo in yum command""Bjørn Meland2022-12-164-13/+33
| |
* | Clean up /opt/vespa/var/tmp in content node too...bjormel2022-12-181-2/+3
| |
* | Clean up /opt/vespa/var/tmp in containerbjormel2022-12-182-2/+8
|/