* #9 Implement routes to list, get and delete execution environments.
A refactoring was required to introduce the ExecutionEnvironment interface.
* Fix MR comments, linting issues and bug that lead to e2e test failure
* Add e2e tests
* Add unit tests
* Configure an ansible playbook
to copy all required configurations to a Poseidon host.
* Copy also all TLS certificates if configured
* Exclude playbook in its own repository
* Adjust security.md to our current recommendations
* Add certificate generation and deployment
* Move access policy example file to the resources folder
* Change authorization header key
as the use of headers starting with X- has been deprecated in RFC6648.
* Update configuration.example.yaml
Co-authored-by: Sebastian Serth <MrSerth@users.noreply.github.com>
This also adds a new Dockerfile for a e2e-test-image, as the old
image was hosted on our private registry. By having the image located
near the code, we don't have to rely on images on external registries.
Previously, the execution.Storer interface was embedded in the Runner interface.
However, this resulted in calls like runner.Add(...) to add an execution to the
store which is kind of ugly. Thus, we decided to add only the required functions to
the runner interface and make the execution.Storer a field of the implementation.
Previously, the interactivity timer was implemented in the same file
as the runner. This made the file long and the project structure more
complicated.
Previously, the template job HCL file was hardcoded using go:embed
in the binary. However, this did not allow users running Poseidon
to change its content. Now, users can change the content of the
template job HCL file using the configuration option.
As of version 1.1.2 of Nomad, the CLI monitors job deployments by
default until they are finished. Thus our custom job deployment
watcher script is not required anymore.
Previously, the server sometimes crashed due to concurrent writes
to the websocket connection. Now, we ensure that only one concurrent
function writes to the websocket at a time by enclosing the WriteMessage
function with a mutex.
When the context passed to Nomad Allocation Exec is cancelled, the
process is not terminated. Instead, just the WebSocket connection is
closed. In order to terminate long-running processes, a special
character is injected into the standard input stream. This character is
parsed by the tty line discipline (tty has to be true). The line
discipline sends a SIGQUIT signal to the process, terminating it and
producing a core dump (in a file called 'core'). The SIGQUIT signal can
be caught but isn't by default, which is why the runner is destroyed if
the program does not terminate during a grace period after the signal
was sent.
The TestCreateOrUpdateEnvironment function would previously use
the python:latest Docker image in its execution environment request.
However, this lead to pull rate limiting by Docker Hub in our CI.
