Permalink
Commits on Dec 20, 2011
  1. mvstore->cf (first rev) + merged-in post-r7 master + disabled mvstore…

    … by default
    
    Change-Id: I23950a9022c52b5d9d928aaa9df985a8478f0645
    mwindisch committed Dec 12, 2011
Commits on Dec 15, 2011
  1. Merge "Fix ruby install recipes"

    mahpat committed with Gerrit Code Review Dec 15, 2011
  2. Merge "small fix to accomodate symlinked tmp directories."

    Patrick Bozeman committed with Gerrit Code Review Dec 15, 2011
  3. small fix to accomodate symlinked tmp directories.

    Change-Id: I5d82e870c362f3e634061b9e1704aaccc65461ef
    Tal Garfinkel committed Dec 15, 2011
  4. Merge "resolve paths given in resource lists and ensure that they do …

    …not reference files outside of the applications directory."
    Tal Garfinkel committed with Gerrit Code Review Dec 15, 2011
  5. Fix ruby install recipes

    Added a new library function cf_ruby_install that abstracts the ruby
    installation. The current recipes were a hack.
    
    Also fixed rake db:migrate to use bundle exec in dev_setup/bin/vcap.
    
    Note for reviewers, This new library function is a straight copy of the
    existing code in ruby/recipes/default.rb with the ruby versions and paths passed
    in as parameters i.e. No new real code was added, existing code was moved and
    abstracted in a more chef compliant manner.
    
    Testing Done: Deployed a single host cloud.
    
    Change-Id: I0d9ba26e0fb5abc6ebe8add00c857faf2e797c26
    mahpat committed Dec 15, 2011
  6. Add container state.

    This adds an abstraction for tracking container state and ensuring
    that the container is in a specific set of states before executing
    a command.
    
    Test plan:
    - All unit tests pass.
    
    Change-Id: I1c397a39d0526dd12340b51650acf08e714f6500
    mpage committed Dec 15, 2011
  7. resolve paths given in resource lists and ensure that they do not

    reference files outside of the applications directory.
    
    Change-Id: Ic9020b57579a3f55bdecab9d13021495d4eec05a
    Tal Garfinkel committed Dec 14, 2011
Commits on Dec 14, 2011
  1. Merge changes I2f5d8831,I13144104

    * changes:
      Use epoll when available
      Add 'stats' command to warden
    mpage committed with Gerrit Code Review Dec 14, 2011
  2. Use epoll when available

    - Enable epoll when available
    - Fix ordering of close/detach to work around epoll issue
    - Bump version of em-posix-spawn to version that contains close/detach workaround
    
    Test plan:
    - All tests pass with epoll enabled.
    
    Change-Id: I2f5d883151e4176f617bef27788ce7aaa2a8927a
    mpage committed Dec 14, 2011
  3. Merge "vendor vcap_common in all core components"

    Patrick Bozeman committed with Gerrit Code Review Dec 14, 2011
Commits on Dec 13, 2011
  1. Add 'stats' command to warden

    This diff add support for the "stats" command. It returns a list
    of key value pairs that correspond to container-specific metrics.
    Currently, "disk_usage_B" and "mem_usage_B" are returned for LXC.
    
    Test plan:
    - New unit tests pass
    
    Change-Id: I1314410412095f1d37f2b1d675fd70295b41ca73
    mpage committed Dec 13, 2011
  2. vendor vcap_common in all core components

    * stop requring it via :path ../common
    * includes a dependency on em.0.12.11.cf.3 with a fixed up
    gemspec to avoid the syck::defaultkey issue.
    * bump staging and stager gems after taking new dependencies
    * lock 3rd party gems to minor versions in the Gemfiles
    
    Change-Id: I92648154036f8771400578a2ac14904c2c179d6c
    Patrick Bozeman committed Dec 13, 2011
  3. Add command to set memory limit for LXC containers

    This allows users to set the memory limit on their containers
    via 'memory.limit_in_bytes'. Containers whose cgroup exceeds the supplied
    limit will be destroyed automatically.
    
    Test plan:
    - New unit test passes
    
    Change-Id: I52e3eb74bcaf5f43f186d98bc599d06f02f359c0
    mpage committed Dec 8, 2011
Commits on Dec 12, 2011
  1. Merge "warden: Use constants to store ipt regexes"

    pietern committed with Gerrit Code Review Dec 12, 2011
  2. Merge "warden: Allow whitelisting of hosts/ports at runtime"

    pietern committed with Gerrit Code Review Dec 12, 2011
  3. warden: Use constants to store ipt regexes

    Change-Id: I17857b08e1768dedf930045193519c145a473fef
    pietern committed Dec 12, 2011
  4. Merge "Add limit for droplet size"

    mpage committed with Gerrit Code Review Dec 12, 2011
  5. warden: Allow whitelisting of hosts/ports at runtime

    Change-Id: Ib81e0af0bd1a0fec6a32c76b326d06da60f6bf7e
    pietern committed Dec 12, 2011
  6. Merge "warden: Make sure iptables rules are not added twice"

    pietern committed with Gerrit Code Review Dec 12, 2011
  7. Merge "warden: Support outbound network traffic filtering"

    pietern committed with Gerrit Code Review Dec 12, 2011
  8. Add limit for droplet size

    This adds a limit on the total size of the pre-staged droplet. Users
    are no longer able to upload apps that exceed this size.
    
    Test plan:
    - Existing tests pass
    - New unit tests pass
    - BVTs pass
    - Manual testing with large apps behaves as expected
    
    Change-Id: I7690249b997a5593f882508dd00fe5b2c4cad126
    mpage committed Dec 12, 2011
  9. Update Tomcat to v6.0.35.

    Change-Id: I2f5d68d916612e3efde3e6e29923a7bff3367527
    AB Srinivasan committed Dec 12, 2011
Commits on Dec 9, 2011
  1. warden: Make sure iptables rules are not added twice

    Change-Id: I2473e8c2fe088348c7d625ec00f1055bcb34301b
    pietern committed Dec 9, 2011
  2. warden: Support outbound network traffic filtering

    This adds support for black/whitelisting of networks. These
    configuration parameters are applied as follows:
    
    * If destination IP is whitelisted => allow
    * If destination IP is blacklisted => deny
    * Default => allow
    
    To use a deny-by-default policy, the 0.0.0.0/0 network may be added as a
    blacklisted and all traffic that is not explicitly allowed is denied.
    
    Change-Id: I3b610e15d02dc95acce04d27902b172afa27c4d3
    pietern committed Dec 9, 2011
  3. warden: Move isolated features to their own files

    Change-Id: I93c1f7ad5e79dac59588303ccc19318c18fbda87
    pietern committed Dec 9, 2011
  4. warden: Atomic resource allocation

    This changeset prevents resources from leaking when one or more
    resources cannot be allocated, while some resources are already
    allocated. Previously, this required the client connection to be bound
    in order to make it clean up the container after closing. Now, the
    container gets initialized with all the resources it needs.
    
    To facilitate this, subclasses of Container::Base should have #acquire
    and #release class methods that acquire and release the resources it
    needs. These methods should follow the same pattern as shown in
    Container::LXC.
    
    Change-Id: I68e21c8841207a19e9dfc015ceccc6c6a638e90c
    pietern committed Dec 9, 2011
Commits on Dec 8, 2011
  1. warden: Call setuid before running scripts inside container

    Change-Id: I3beeaab7fd19114ca3e75ee3122493e85dd2eb6d
    pietern committed Dec 8, 2011
  2. warden: Rework bootstrap process for containers

    Change-Id: Ied4afef02732d79931252ba72f1542d00d627afd
    pietern committed Dec 8, 2011
  3. Merge "warden: Run scripts inside container through shell"

    pietern committed with Gerrit Code Review Dec 8, 2011
  4. Merge "Stylistic fixups"

    mpage committed with Gerrit Code Review Dec 8, 2011
  5. warden: Run scripts inside container through shell

    Previously, EM executed scripts in the context of a container by
    connecting to a Unix socket itself. Because warden shells out for every
    other task it does, executing scripts inside a container is now also
    done by shelling out. Making this work right using existing tools
    proved to be cumbersome, so I included a small C program that either
    listens or connects to a Unix socket.
    
    Change-Id: I7f6df9786b9631aff2bd57cc1d20c8d337415bf0
    pietern committed Dec 8, 2011
  6. Stylistic fixups

    Change-Id: Ia7845e64790afd6051f3d77ced0ebc12339104ed
    mpage committed Dec 8, 2011
  7. warden: Make container configuration as minimal as possible

    Change-Id: I1e4c8104bdd05bccfe9242ec9946787b31b1fbf8
    pietern committed Dec 6, 2011
  8. Merge "Add quota monitor to tear down containers that exceed their di…

    …sk usage limits"
    mpage committed with Gerrit Code Review Dec 8, 2011