Supervisor program to constrain Windows executables running under Nomad's raw_exec driver
Branch: master
Clone or download
Latest commit 9008151 Jan 25, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.vscode Add vscode workspace settings Oct 15, 2018
container container: add log on process exit Oct 19, 2018
examples examples: fix typo in job definition Oct 19, 2018
log Add Logger Oct 15, 2018
metrics
testcmd Add testcmd executable Sep 30, 2018
vendor Add Prometheus Metrics Oct 15, 2018
version Remove pre-release info Nov 20, 2018
win32 win32: process add debug logs Oct 19, 2018
.gitignore .gitignore log files Sep 29, 2018
.golangci.yml Add initial appveyor config Oct 15, 2018
LICENSE Update LICENSE Jan 24, 2019
README.md add badge Oct 19, 2018
SECURITY.md Add SECURITY.md Oct 15, 2018
appveyor.yml Add initial appveyor config Oct 15, 2018
config.go Add Main Oct 15, 2018
go.mod Add Prometheus Metrics Oct 15, 2018
go.sum Add Prometheus Metrics Oct 15, 2018
main.go Move metrics lister and setup into a goroutine Oct 19, 2018
make.ps1 Add initial appveyor config Oct 15, 2018

README.md

Build status

Damon

Damon is a supervisor program to constrain windows executables that are run under the raw_exec driver in Nomad.

Usage

To use Damon, run it before your command.

damon.exe yourapp.exe [args]

Configuration

Damon uses environment variables to configure process monitoring and resource constraints.

Logging Options

  • DAMON_LOG_MAX_FILES: the number of old logs to keep after rotating.
  • DAMON_LOG_MAX_SIZE: the maximum size (in MB) of the active log file before it gets rotated.
  • DAMON_LOG_DIR: directory in which to place damon log files. When DAMON_LOG_DIR is unset, it will attempt to use the standard nomad log directory ${NOMAD_ALLOC_DIR}/logs. If NOMAD_ALLOC_DIR is unset, then it will default to the current working directory.
  • DAMON_NOMAD_LOG_SUFFIX: Is appended to the log name of the active log file. Rotated log files contain a datestamp. The default value is .damon.log
  • DAMON_LOG_NAME: Is the full name of the log file (without the directory) - Setting this overrides DAMON_NOMAD_LOG_SUFFIX. When this is unset, it will default to ${NOMAD_TASK_NAME}${DAMON_NOMAD_LOG_SUFFIX}

Constraint Options

  • DAMON_ENFORCE_CPU_LIMIT: When set to Y - it enforces CPU constraints on the wrapped process. Set to 'N' to disable CPU-rate limits. (Default: 'Y')
  • DAMON_ENFORCE_MEMORY_LIMIT: When set to Y - it enforces memory limits on the wrapped process. Set to 'N' to disable memory limits. (Default: 'Y')
  • DAMON_CPU_LIMIT: The CPU Limit in MHz. Defaults to NOMAD_CPU_LIMIT.
  • DAMON_MEMORY_LIMIT: The Memory Limit in MB. Defaults to NOMAD_MEMORY_LIMIT.
  • DAMON_RESTRICTED_TOKEN: When set to Y - it runs the wrapped process with a Restricted Token:
    • Drops all Privileges
    • Disables the BUILTIN\Administrator SID

Metrics Options

  • DAMON_ADDR: Listens on this address to serve prometheus metrics. Default: ${NOMAD_ADDR_damon} This option is designed to work with the NOMAD_ADDR_damon environment variable. This means you should change your job spec to:
    • request a port labeled "damon"
    • add a service to the task that advertises the "damon" port to Consul service discovery - so that your prometheus infrastructure can find it and scrape it.
  • DAMON_METRICS_ENDPOINT: The path to the prometheus metrics endpoint. Default: /metrics

Building & Testing Damon

Included with this repository is make.ps1 which can be used to build damon.exe and also run tests.

Build Binary

.\make.ps1 -Build

Lint Code

Runs golangci-lint against the codebase. It will Install golangci-lint if it doesn't exist in ${GOPATH}/bin.

.\make.ps1 -Lint

Test Code

Runs tests and generates code coverage files.

.\make.ps1 -Test

Give it a Try

Check out the examples directory for scripts and job definitions.

Be sure to alter to environment variables, artifact locations, etc... to match your environment.