Releases: hashicorp/nomad
Releases · hashicorp/nomad
v1.4.11
1.4.11 (July 18, 2023)
SECURITY:
- acl: Fixed a bug where a namespace ACL policy without label was applied to an unexpected namespace. CVE-2023-3072 [GH-17908]
- search: Fixed a bug where ACL did not filter plugin and variable names in search endpoint. CVE-2023-3300 [GH-17906]
- sentinel (Enterprise): Fixed a bug where ACL tokens could be exfiltrated via Sentinel logs CVE-2023-3299 [GH-17907]
IMPROVEMENTS:
- cli: Add
-quiet
flag tonomad var init
command [GH-17526] - cni: Ensure to setup CNI addresses in deterministic order [GH-17766]
- deps: Updated Vault SDK to 0.9.0 [GH-17281]
- deps: update docker to 23.0.3 [GH-16862]
BUG FIXES:
- api: Fixed a bug that caused a panic when calling the
Jobs().Plan()
function with a job missing an ID [GH-17689] - api: add missing constant for unknown allocation status [GH-17726]
- api: add missing field NetworkStatus for Allocation [GH-17280]
- cgroups: Fixed a bug removing all DevicesSets when alloc is created/removed [GH-17535]
- cli: Output error messages during deployment monitoring [GH-17348]
- client: Fixed a bug where Nomad incorrectly wrote to memory swappiness cgroup on old kernels [GH-17625]
- client: fixed a bug that prevented Nomad from fingerprinting Consul 1.13.8 correctly [GH-17349]
- consul: Fixed a bug where Nomad would repeatedly try to revoke successfully revoked SI tokens [GH-17847]
- core: Fix panic around client deregistration and pending heartbeats [GH-17316]
- core: fixed a bug that caused job validation to fail when a task with
kill_timeout
was placed inside a group withupdate.progress_deadline
set to 0 [GH-17342] - csi: Fixed a bug where CSI volumes would fail to restore during client restarts [GH-17840]
- drivers/docker: Fixed a bug where long-running docker operations would incorrectly timeout [GH-17731]
- identity: Fixed a bug where workload identities for periodic and dispatch jobs would not have access to their parent job's ACL policy [GH-17018]
- replication: Fix a potential panic when a non-authoritative region is upgraded and a server with the new version becomes the leader. [GH-17476]
- scheduler: Fixed a bug that could cause replacements for failed allocations to be placed in the wrong datacenter during a canary deployment [GH-17653]
- scheduler: Fixed a panic when a node has only one configured dynamic port [GH-17619]
- ui: dont show a service as healthy when its parent allocation stops running [GH-17465]
v1.6.0-rc.1
FEATURES:
- Node Pools: Allow cluster operators to partition Nomad clients and control which jobs are allowed to run in each pool. [GH-11041]
BREAKING CHANGES:
- acl: Job evaluate endpoit now requires
submit-job
instead ofread-job
capability [GH-16463]
IMPROVEMENTS:
- agent: Display server node ID in agent configuration at startup [GH-17084]
- api: enable support for storing original job source [GH-16763]
- api: return a structured error for unexpected responses [GH-16743]
- build: Publish official Docker images with the Nomad CLI [GH-17017]
- checks: Added support for Consul check field tls_server_name [GH-17334]
- cli: Add
-quiet
flag tonomad var init
command [GH-17526] - cli: Add check for missing host volume
path
innomad config validate
command [GH-17393] - cli: Add leader status to output of
nomad server members -json
[GH-17138] - cli: Sort output by Node name of the command
nomad operator raft list-peers
[GH-16221] - cli:
job plan
help text for running the plan now includes the-namespace
flag [GH-16243] - client: check kernel module in
/sys/module
to help with WSL2 bridge networking [GH-17306] - client: de-duplicate allocation client status updates and prevent allocation client status updates from being sent until clients have first synchronized with the server [GH-17074]
- client: prioritize allocation updates to reduce Raft and RPC load [GH-17354]
- connect: Auto detect when to use podman for connect sidecar proxies [GH-17065]
- connect: do not restrict automatic envoy versioning to docker driver [GH-17041]
- connect: use full docker.io prefixed name for envoy image references [GH-17045]
- deploymentwatcher: Allow deployments to fail early when running out of reschedule attempts [GH-17341]
- deps: Updated Vault SDK to 0.9.0 [GH-17281]
- deps: Updated consul-template to v0.31.0 [GH-16908]
- deps: update docker to 23.0.3 [GH-16862]
- deps: update github.com/hashicorp/raft from 1.3.11 to 1.5.0 [GH-17421]
- deps: update go.etcd.io/bbolt from 1.3.6 to 1.3.7 [GH-16228]
- docker: Add
group_add
configuration [GH-17313] - drivers: Add
DisableLogCollection
to task driver capabilities interface [GH-17196] - runtime: Added 'os.build' attribute to node fingerprint on windows os [GH-17576]
- ui: Added a new Job Status Panel that helps show allocation status throughout a deployment and in steady state [GH-16134]
- ui: Job status and deployment redesign [GH-16932]
- ui: Restyles "toast" notifications in the web UI with the Helios Design System [GH-16099]
- ui: add tooltips to the node and datacenter labels in the Topology page [GH-17647]
- ui: adds keyboard nav for switching between regions by pressing "r 1", "r 2", etc. [GH-17169]
- ui: change token input type from text to password [GH-17345]
- ui: remove namespace, type, and priority columns from child job table [GH-17645]
- vault: Add new configuration
disable_file
to prevent access to the Vault token by tasks that useimage
filesystem isolation [GH-13343]
DEPRECATIONS:
- envoy: remove support for envoy fallback image [GH-17044]
BUG FIXES:
- api: Fixed a bug that caused a panic when calling the
Jobs().Plan()
function with a job missing an ID [GH-17689] - api: add missing constant for unknown allocation status [GH-17726]
- cgroups: Fixed a bug removing all DevicesSets when alloc is created/removed [GH-17535]
- cli: Fix a panic in the
nomad job restart
command when monitoring replacement allocations [GH-17346] - cli: Output error messages during deployment monitoring [GH-17348]
- client: Fixed a bug where Nomad incorrectly wrote to memory swappiness cgroup on old kernels [GH-17625]
- client: Fixed a bug where agent would panic during drain incurred by shutdown [GH-17450]
- client: fixed a bug that prevented Nomad from fingerprinting Consul 1.13.8 correctly [GH-17349]
- core: Fix panic around client deregistration and pending heartbeats [GH-17316]
- core: fixed a bug that caused job validation to fail when a task with
kill_timeout
was placed inside a group withupdate.progress_deadline
set to 0 [GH-17342] - docker: Fixed a bug where network pause container would not be removed after node restart [GH-17455]
- drivers/docker: Fixed a bug where long-running docker operations would incorrectly timeout [GH-17731]
- identity: Fixed a bug where workload identities for periodic and dispatch jobs would not have access to their parent job's ACL policy [GH-17018]
- replication: Fix a potential panic when a non-authoritative region is upgraded and a server with the new version becomes the leader. [GH-17476]
- scheduler: Fixed a panic when a node has only one configured dynamic port [GH-17619]
- tls: Fixed a bug where the
nomad tls cert
command did not create certificates with the correct SANs for them to work with non default domain and region names. [GH-16959] - ui: dont show a service as healthy when its parent allocation stops running [GH-17465]
- ui: fix a mirage-only issue where our mock token logs repeated unnecessarily [GH-17010]
- ui: fixed a handful of UX-related bugs during variable editing [GH-17319]
- ui: fixes an issue where the allocations table on child (periodic, parameterized) job pages wouldn't update when accessed via their parent [GH-17214]
- ui: preserve newlines when displaying shown variables in non-json mode [GH-17343]
v1.6.0-beta.1
FEATURES:
- Node Pools: Allow cluster operators to partition Nomad clients and control which jobs are allowed to run in each pool. [GH-11041]
BREAKING CHANGES:
- acl: Job evaluate endpoit now requires
submit-job
instead ofread-job
capability [GH-16463]
IMPROVEMENTS:
- agent: Display server node ID in agent configuration at startup [GH-17084]
- api: enable support for storing original job source [GH-16763]
- api: return a structured error for unexpected responses [GH-16743]
- build: Publish official Docker images with the Nomad CLI [GH-17017]
- checks: Added support for Consul check field tls_server_name [GH-17334]
- cli: Add
-quiet
flag tonomad var init
command [GH-17526] - cli: Add check for missing host volume
path
innomad config validate
command [GH-17393] - cli: Add leader status to output of
nomad server members -json
[GH-17138] - cli: Sort output by Node name of the command
nomad operator raft list-peers
[GH-16221] - cli:
job plan
help text for running the plan now includes the-namespace
flag [GH-16243] - client: check kernel module in
/sys/module
to help with WSL2 bridge networking [GH-17306] - client: de-duplicate allocation client status updates and prevent allocation client status updates from being sent until clients have first synchronized with the server [GH-17074]
- client: prioritize allocation updates to reduce Raft and RPC load [GH-17354]
- connect: Auto detect when to use podman for connect sidecar proxies [GH-17065]
- connect: do not restrict automatic envoy versioning to docker driver [GH-17041]
- connect: use full docker.io prefixed name for envoy image references [GH-17045]
- deploymentwatcher: Allow deployments to fail early when running out of reschedule attempts [GH-17341]
- deps: Updated Vault SDK to 0.9.0 [GH-17281]
- deps: Updated consul-template to v0.31.0 [GH-16908]
- deps: update docker to 23.0.3 [GH-16862]
- deps: update github.com/hashicorp/raft from 1.3.11 to 1.5.0 [GH-17421]
- deps: update go.etcd.io/bbolt from 1.3.6 to 1.3.7 [GH-16228]
- docker: Add
group_add
configuration [GH-17313] - drivers: Add
DisableLogCollection
to task driver capabilities interface [GH-17196] - runtime: Added 'os.build' attribute to node fingerprint on windows os [GH-17576]
- ui: Added a new Job Status Panel that helps show allocation status throughout a deployment and in steady state [GH-16134]
- ui: Job status and deployment redesign [GH-16932]
- ui: Restyles "toast" notifications in the web UI with the Helios Design System [GH-16099]
- ui: add tooltips to the node and datacenter labels in the Topology page [GH-17647]
- ui: adds keyboard nav for switching between regions by pressing "r 1", "r 2", etc. [GH-17169]
- ui: change token input type from text to password [GH-17345]
- ui: remove namespace, type, and priority columns from child job table [GH-17645]
- vault: Add new configuration
disable_file
to prevent access to the Vault token by tasks that useimage
filesystem isolation [GH-13343]
DEPRECATIONS:
- envoy: remove support for envoy fallback image [GH-17044]
BUG FIXES:
- api: Fixed a bug that caused a panic when calling the
Jobs().Plan()
function with a job missing an ID [GH-17689] - api: add missing constant for unknown allocation status [GH-17726]
- cgroups: Fixed a bug removing all DevicesSets when alloc is created/removed [GH-17535]
- cli: Fix a panic in the
nomad job restart
command when monitoring replacement allocations [GH-17346] - cli: Output error messages during deployment monitoring [GH-17348]
- client: Fixed a bug where Nomad incorrectly wrote to memory swappiness cgroup on old kernels [GH-17625]
- client: Fixed a bug where agent would panic during drain incurred by shutdown [GH-17450]
- client: fixed a bug that prevented Nomad from fingerprinting Consul 1.13.8 correctly [GH-17349]
- core: Fix panic around client deregistration and pending heartbeats [GH-17316]
- core: fixed a bug that caused job validation to fail when a task with
kill_timeout
was placed inside a group withupdate.progress_deadline
set to 0 [GH-17342] - docker: Fixed a bug where network pause container would not be removed after node restart [GH-17455]
- drivers/docker: Fixed a bug where long-running docker operations would incorrectly timeout [GH-17731]
- identity: Fixed a bug where workload identities for periodic and dispatch jobs would not have access to their parent job's ACL policy [GH-17018]
- replication: Fix a potential panic when a non-authoritative region is upgraded and a server with the new version becomes the leader. [GH-17476]
- scheduler: Fixed a panic when a node has only one configured dynamic port [GH-17619]
- tls: Fixed a bug where the
nomad tls cert
command did not create certificates with the correct SANs for them to work with non default domain and region names. [GH-16959] - ui: dont show a service as healthy when its parent allocation stops running [GH-17465]
- ui: fix a mirage-only issue where our mock token logs repeated unnecessarily [GH-17010]
- ui: fixed a handful of UX-related bugs during variable editing [GH-17319]
- ui: fixes an issue where the allocations table on child (periodic, parameterized) job pages wouldn't update when accessed via their parent [GH-17214]
- ui: preserve newlines when displaying shown variables in non-json mode [GH-17343]
v1.5.6
1.5.6 (May 19, 2023)
IMPROVEMENTS:
- core: Prevent
task.kill_timeout
being greater thanupdate.progress_deadline
[GH-16761]
BUG FIXES:
- bug: Corrected status description and modification time for canceled evaluations [GH-17071]
- build: Linux packages now have vendor label and set the default label to HashiCorp. This fix is implemented for any future releases, but will not be updated for historical releases [GH-16071]
- client: Fixed a bug where restarting a terminal allocation turns it into a zombie where allocation and task hooks will run unexpectedly [GH-17175]
- client: clean up resources upon failure to restore task during client restart [GH-17104]
- logs: Fixed a bug where disabling log collection would prevent Windows tasks from starting [GH-17199]
- scale: Fixed a bug where evals could be created with the wrong type [GH-17092]
- scheduler: Fixed a bug where implicit
spread
targets were treated as separate targets for scoring [GH-17195] - scheduler: Fixed a bug where scores for spread scheduling could be -Inf [GH-17198]
- services: Fixed a bug preventing group service deregistrations after alloc restarts [GH-16905]
v1.4.10
1.4.10 (May 19, 2023)
IMPROVEMENTS:
- core: Prevent
task.kill_timeout
being greater thanupdate.progress_deadline
[GH-16761]
BUG FIXES:
- bug: Corrected status description and modification time for canceled evaluations [GH-17071]
- client: Fixed a bug where restarting a terminal allocation turns it into a zombie where allocation and task hooks will run unexpectedly [GH-17175]
- client: clean up resources upon failure to restore task during client restart [GH-17104]
- scale: Fixed a bug where evals could be created with the wrong type [GH-17092]
- scheduler: Fixed a bug where implicit
spread
targets were treated as separate targets for scoring [GH-17195] - scheduler: Fixed a bug where scores for spread scheduling could be -Inf [GH-17198]
v1.3.15
1.3.15 (May 19, 2023)
BUG FIXES:
- bug: Corrected status description and modification time for canceled evaluations [GH-17071]
- client: Fixed a bug where restarting a terminal allocation turns it into a zombie where allocation and task hooks will run unexpectedly [GH-17175]
- client: clean up resources upon failure to restore task during client restart [GH-17104]
- scale: Fixed a bug where evals could be created with the wrong type [GH-17092]
- scheduler: Fixed a bug where implicit
spread
targets were treated as separate targets for scoring [GH-17195] - scheduler: Fixed a bug where scores for spread scheduling could be -Inf [GH-17198]
v1.5.5
v1.3.14
1.3.14 (May 03, 2023)
v1.5.4
1.5.4 (May 02, 2023)
BREAKING CHANGES:
- artifact: environment variables no longer inherited by default from Nomad client [GH-15514]
IMPROVEMENTS:
- acl: New auth-method type: JWT [GH-15897]
- build: Update from Go 1.20.3 to Go 1.20.4 [GH-17056]
- cli: Added new
nomad job restart
command to restart all allocations for a job [GH-16278] - cli: stream both stdout and stderr logs by default when following an allocation [GH-16556]
- client/fingerprint: detect fastest cpu core during cpu performance fallback [GH-16740]
- client: Added
drain_on_shutdown
configuration [GH-16827] - connect: Added support for meta field on sidecar service block [GH-16705]
- dependency: update runc to 1.1.5 [GH-16712]
- driver/docker: Default
devices.container_path
todevices.host_path
like Docker's CLI [GH-16811] - ephemeral disk: migrate=true now implies sticky=true [GH-16826]
- fingerprint/cpu: correctly fingerprint P/E cores of Apple Silicon chips [GH-16672]
- jobspec: Added option for disabling task log collection in the
logs
block [GH-16962] - license: show Terminated field in
license get
command [GH-16892] - ui: Added copy-to-clipboard buttons to server and client pages [GH-16548]
- ui: added new keyboard commands for job start, stop, exec, and client metadata [GH-16378]
BUG FIXES:
- api: Fixed filtering on maps with missing keys [GH-16991]
- cli: Fix panic on job plan when -diff=false [GH-16944]
- client: Fix CNI plugin version fingerprint when output includes protocol version [GH-16776]
- client: Fix address for ports in IPv6 networks [GH-16723]
- client: Fixed a bug where restarting proxy sidecar tasks failed [GH-16815]
- client: Prevent a panic when an allocation has a legacy task-level bridge network and uses a driver that does not create a network namespace [GH-16921]
- client: Remove setting attributes when spawning the getter child [GH-16791]
- core: the deployment's list endpoint now supports look up by prefix using the wildcard for namespace [GH-16792]
- csi: gracefully recover tasks that use csi node plugins [GH-16809]
- docker: Fixed a bug where plugin config values were ignored [GH-16713]
- drain: Fixed a bug where drains would complete based on the server status and not the client status of an allocation [GH-14348]
- driver/exec: Fixed a bug where
cap_drop
andcap_add
would not expand capabilities [GH-16643] - fix: Added "/usr/libexec" to the landlocked directories the getter has access to [GH-16900]
- scale: Do not allow scale requests for jobs of type system [GH-16969]
- scheduler: Fix reconciliation of reconnecting allocs when the replacement allocations are not running [GH-16609]
- scheduler: honor false value for distinct_hosts constraint [GH-16907]
- server: Added verification of cron jobs already running before forcing new evals right after leader change [GH-16583]
- ui: Fix a visual bug where evaluation response wasn't scrollable in the Web UI. [GH-16960]
v1.4.9
1.4.9 (May 02, 2023)
IMPROVEMENTS:
BUG FIXES:
- api: Fixed filtering on maps with missing keys [GH-16991]
- build: Linux packages now have vendor label and set the default label to HashiCorp. This fix is implemented for any future releases, but will not be updated for historical releases [GH-16071]
- client: Fix CNI plugin version fingerprint when output includes protocol version [GH-16776]
- client: Fix address for ports in IPv6 networks [GH-16723]
- client: Fixed a bug where restarting proxy sidecar tasks failed [GH-16815]
- client: Prevent a panic when an allocation has a legacy task-level bridge network and uses a driver that does not create a network namespace [GH-16921]
- core: the deployment's list endpoint now supports look up by prefix using the wildcard for namespace [GH-16792]
- csi: gracefully recover tasks that use csi node plugins [GH-16809]
- docker: Fixed a bug where plugin config values were ignored [GH-16713]
- drain: Fixed a bug where drains would complete based on the server status and not the client status of an allocation [GH-14348]
- driver/exec: Fixed a bug where
cap_drop
andcap_add
would not expand capabilities [GH-16643] - scale: Do not allow scale requests for jobs of type system [GH-16969]
- scheduler: Fix reconciliation of reconnecting allocs when the replacement allocations are not running [GH-16609]
- scheduler: honor false value for distinct_hosts constraint [GH-16907]
- server: Added verification of cron jobs already running before forcing new evals right after leader change [GH-16583]
- services: Fixed a bug preventing group service deregistrations after alloc restarts [GH-16905]