- allow to specify pwd in secexec (#1901).
Also the usage of "secexec" has been slightly changed: now the executable and
its arguments must be specified after "--".
For example: secexec /etc/secexec -- /bin/ls -lith.
- watch for keystore in sysinit.
- more nvidia related .so files for volumes (#1907).
Found out that we're skipping a lot of useful nvidia's .so files.
This PR adds all of them to the docker volume.
Based on the content of NVIDIA-Linux-x86_64-440.82.
To keep the list up-to-date in the future:
- download the latest version on drivers;
- unpack them without installing: "./NVIDIA-Linux-x86_64-XXX.YY.run
- list .so and update the list in "insonmnia/worker/gpu/nvidia_tuner.go";
Don't forget to remove versions and .0 from file names;
- Congratulation, you're awesome open-source contributor;
- dwh tests (#1908).
This PR fixes behavior with dwh test suite:
- add required for run "POSTGRES_PASSWORD" environment
- returns an error when Postgres not started any times, not null
- format touched file imports
- check for mount required before mounting.
- weaken errors while constructing secsh banner.
- allow to start QOS without secsh.
- traverse children while looking for a device (#1898).
- Remote secure shell (#1895).
This commit allows exposing a server on a host, which act as a remote secure shell, executing allowed commands within the security policy.
- Add bid and ask tags to dwh deal (#1896).
- Worker now waits until Docker starts (#1894).
- Wrong streaming authorization check (#1897).
Previously streaming gRPC authorization always ignored the first chunk for the incoming stream and checked for others. This is wrong for methods which stream only back because the entire authorization mechanism is suppressed at all. This commit fixes such behavior by forcing the auth routing to check for the first incoming message.
- Sys init capability for QoS service (#1891).
- Multiple gRPC compressions (#1889).
Before the only gzip compression was always used, which caused troubles with gRPC clients without compression support. This commit allows selecting how to compress the response depending on request compression type.
- Memory limit for Optimus (#1883).
- Restore order duration after execution in Optimus.
- Optimus should no longer ignore forward deals.
- Stop ignoring filters in Optimus (#1881).
Stop ignoring filters in Optimus in entire machine lease mode.
- Track worker's identity level in Optimus (#1874).
This change activates a new filter in Optimus that is capable of filtering orders with identity requirements greater than a Worker have.
- Reduce brute-force threshold for predictor (#1865).
6!=720, which is not so big as 16!=20 922 789 888 000.
- Avoid duplicated driver volumes for GPUs (#1864).
Now we're storing whole information required to mount single GPU into a container inside the "sonm.GPUDevice" structure. and now we can turn up into a situation, when we're trying to mount more than one GPU with the same type. The Tuner will try to attach more than one (absolutely same) volume to the container. In that case, it will lead to the container' start failure. This PR fixes that behavior by collecting proposed mount points into the set, and then applying only non-repeated ones.
- Benchmark support for GPU type (#1857).
this PR adds benchmarks for GPU type - NVidia or Radeon only, which is useful when specific card type is required.
- Remote GPU tuner (#1853).
- Fix already fixed streaming auth (#1859).
- Proper version for go-reuseport (#1860).
- Use LinkOrCopyStrategy to provision nvidia volumes (#1855).
Now we're hardlinking .so files and other nvidia related stuff into the volume. This way isn't working when /var is present in another partition, we must fallback to Copy in such case.
- Preventing division by zero panics in the sonm-mon (#1852).
- Worker config command (#1849).
Exposed an ability to watch Worker's config for its admin, master and inspection subjects.
- Revert per-chunk stream authorization (#1848).
It was implemented for inspection service, but no longer required, since it has a more convenient way to subscribe for authorization change events. Fixes inability to use "TaskLogs" handle.
- Proper error type in ErrorOrNil (#1847).
Fixed bug with task cancellation:
- Process ask-plan which are pending for deletion in a usual pipeline to update order info in case ask-plan cannot be deleted right now.
- Return proper type from ErrorOrNil function to fix this https://golang.org/doc/faq#nil_error behavior.
- Do not terminate on default (empty) QoS URI (#1846).
- Add missing method for the worker management ACL (#1845).
- Accept URI as remote QoS endpoint for consistency (#1843).
Previously we can only specify
unix:///path, but not
tcp://ip:port. Now, the scheme prefix is required and correctly parsed.
- Flush IFB on demand when using remote service (#1844).