NOTICE: SUPPORT FOR THIS PROJECT ENDED ON 18 November 2020
This projected was owned and maintained by Jet.com (Walmart). This project has reached its end of life and Walmart no longer supports this project.
We will no longer be monitoring the issues for this project or reviewing pull requests. You are free to continue using this project under the license terms or forks of this project at your own risk. This project is no longer subject to Jet.com/Walmart's bug bounty program or other security monitoring.
We recommend you take the following action:
- Review any configuration files used for build automation and make appropriate updates to remove or replace this project
- Notify other members of your team and/or organization of this change
- Notify your security team to help you evaluate alternative options
For security reasons, Walmart does not transfer the ownership of our primary repos on Github or other platforms to other individuals/organizations. Further, we do not transfer ownership of packages for public package management systems.
If you would like to fork this package and continue development, you should choose a new name for the project and create your own packages, build automation, etc.
Please review the licensing terms of this project, which continue to be in effect even after decommission.
ORIGINAL README BELOW
Damon is a supervisor program to constrain windows executables that are run under the raw_exec driver in Nomad.
To use Damon, run it before your command.
damon.exe yourapp.exe [args]
Damon uses environment variables to configure process monitoring and resource constraints.
DAMON_LOG_MAX_FILES: the number of old logs to keep after rotating.DAMON_LOG_MAX_SIZE: the maximum size (in MB) of the active log file before it gets rotated.DAMON_LOG_DIR: directory in which to place damon log files. WhenDAMON_LOG_DIRis unset, it will attempt to use the standard nomad log directory${NOMAD_ALLOC_DIR}/logs. IfNOMAD_ALLOC_DIRis unset, then it will default to the current working directory.DAMON_NOMAD_LOG_SUFFIX: Is appended to the log name of the active log file. Rotated log files contain a datestamp. The default value is.damon.logDAMON_LOG_NAME: Is the full name of the log file (without the directory) - Setting this overridesDAMON_NOMAD_LOG_SUFFIX. When this is unset, it will default to${NOMAD_TASK_NAME}${DAMON_NOMAD_LOG_SUFFIX}
DAMON_ENFORCE_CPU_LIMIT: When set toY- it enforces CPU constraints on the wrapped process. Set to 'N' to disable CPU-rate limits. (Default: 'Y')DAMON_ENFORCE_MEMORY_LIMIT: When set toY- it enforces memory limits on the wrapped process. Set to 'N' to disable memory limits. (Default: 'Y')DAMON_CPU_LIMIT: The CPU Limit in MHz. Defaults toNOMAD_CPU_LIMIT.DAMON_MEMORY_LIMIT: The Memory Limit in MB. Defaults toNOMAD_MEMORY_LIMIT.DAMON_RESTRICTED_TOKEN: When set toY- it runs the wrapped process with a Restricted Token:- Drops all Privileges
- Disables the
BUILTIN\AdministratorSID
DAMON_ADDR: Listens on this address to serve prometheus metrics. Default:${NOMAD_ADDR_damon}This option is designed to work with theNOMAD_ADDR_damonenvironment variable. This means you should change your job spec to:- request a port labeled
"damon" - add a service to the task that advertises the "damon" port to Consul service discovery - so that your prometheus infrastructure can find it and scrape it.
- request a port labeled
DAMON_METRICS_ENDPOINT: The path to the prometheus metrics endpoint. Default:/metrics
Included with this repository is make.ps1 which can be used to build damon.exe and also run tests.
.\make.ps1 -BuildRuns golangci-lint against the codebase. It will Install golangci-lint if it doesn't exist in ${GOPATH}/bin.
.\make.ps1 -LintRuns tests and generates code coverage files.
.\make.ps1 -TestCheck out the examples directory for scripts and job definitions.
- Locally: damon-test-locally.ps1
- On Nomad: damon-job.nomad
Be sure to alter to environment variables, artifact locations, etc... to match your environment.