Supervisor program to constrain Windows executables running under Nomad's raw_exec driver
NOTICE: SUPPORT FOR THIS PROJECT ENDED ON 18 November 2020
This projected was owned and maintained by Jet.com (Walmart). This project has reached its end of life and Walmart no longer supports this project.
We will no longer be monitoring the issues for this project or reviewing pull requests. You are free to continue using this project under the license terms or forks of this project at your own risk. This project is no longer subject to Jet.com/Walmart's bug bounty program or other security monitoring.
We recommend you take the following action:
For security reasons, Walmart does not transfer the ownership of our primary repos on Github or other platforms to other individuals/organizations. Further, we do not transfer ownership of packages for public package management systems.
If you would like to fork this package and continue development, you should choose a new name for the project and create your own packages, build automation, etc.
Please review the licensing terms of this project, which continue to be in effect even after decommission.
ORIGINAL README BELOW
Damon is a supervisor program to constrain windows executables that are run under the raw_exec
driver in Nomad.
To use Damon, run it before your command.
damon.exe yourapp.exe [args]
Damon uses environment variables to configure process monitoring and resource constraints.
DAMON_LOG_MAX_FILES
: the number of old logs to keep after rotating.DAMON_LOG_MAX_SIZE
: the maximum size (in MB) of the active log file before it gets rotated.DAMON_LOG_DIR
: directory in which to place damon log files. When DAMON_LOG_DIR
is unset, it will attempt to use the standard nomad log directory ${NOMAD_ALLOC_DIR}/logs
. If NOMAD_ALLOC_DIR
is unset, then it will default to the current working directory.DAMON_NOMAD_LOG_SUFFIX
: Is appended to the log name of the active log file. Rotated log files contain a datestamp. The default value is .damon.log
DAMON_LOG_NAME
: Is the full name of the log file (without the directory) - Setting this overrides DAMON_NOMAD_LOG_SUFFIX
. When this is unset, it will default to ${NOMAD_TASK_NAME}${DAMON_NOMAD_LOG_SUFFIX}
DAMON_ENFORCE_CPU_LIMIT
: When set to Y
- it enforces CPU constraints on the wrapped process. Set to 'N' to disable CPU-rate limits. (Default: 'Y')DAMON_ENFORCE_MEMORY_LIMIT
: When set to Y
- it enforces memory limits on the wrapped process. Set to 'N' to disable memory limits. (Default: 'Y')DAMON_CPU_LIMIT
: The CPU Limit in MHz. Defaults to NOMAD_CPU_LIMIT
.DAMON_MEMORY_LIMIT
: The Memory Limit in MB. Defaults to NOMAD_MEMORY_LIMIT
.DAMON_RESTRICTED_TOKEN
: When set to Y
- it runs the wrapped process with a Restricted Token:
BUILTIN\Administrator
SIDDAMON_ADDR
: Listens on this address to serve prometheus metrics. Default: ${NOMAD_ADDR_damon}
This option is designed to work with the NOMAD_ADDR_damon
environment variable.
This means you should change your job spec to:
"damon"
DAMON_METRICS_ENDPOINT
: The path to the prometheus metrics endpoint. Default: /metrics
Included with this repository is make.ps1
which can be used to build damon.exe
and also run tests.
.\make.ps1 -Build
Runs golangci-lint against the codebase. It will Install golangci-lint if it doesn't exist in ${GOPATH}/bin
.
.\make.ps1 -Lint
Runs tests and generates code coverage files.
.\make.ps1 -Test
Check out the examples directory for scripts and job definitions.
Be sure to alter to environment variables, artifact locations, etc... to match your environment.