All Versions
160
Latest Version
Avg Release Cycle
28 days
Latest Release
68 days ago
Changelog History
Page 2
Changelog History
Page 2
-
v1.3.2 Changes
July 13, 2022๐ IMPROVEMENTS:
- ๐ agent: Added delete support to the eval HTTP API [GH-13492]
- โ agent: emit a warning message if the agent starts with
bootstrap_expect
set to an even number. [GH-12961] - ๐ agent: logs are no longer buffered at startup when logging in JSON format [GH-13076]
- api: enable setting
?choose
parameter when querying services [GH-12862] - ๐จ api: refactor ACL check when using the all namespaces wildcard in the job and alloc list endpoints [GH-13608]
- ๐ api: support Authorization Bearer header in lieu of X-Nomad-Token header [GH-12534]
- bootstrap: Added option to allow for an operator generated bootstrap token to be passed to the
acl bootstrap
command [GH-12520] - cli: Added
delete
command to the eval CLI [GH-13492] - โฑ cli: Added
scheduler get-config
andscheduler set-config
commands to the operator CLI [GH-13045] - ๐ท cli: always display job ID and namespace in the
eval status
command [GH-13581] - cli: display namespace and node ID in the
eval list
command and wheneval status
matches multiple evals [GH-13581] - โก๏ธ cli: update default redis and use nomad service discovery [GH-13044]
- ๐ง client: added more fault tolerant defaults for template configuration [GH-13041]
- core: Added the ability to pause and un-pause the eval broker and blocked eval broker [GH-13045]
- โก๏ธ core: On node updates skip creating evaluations for jobs not in the node's datacenter. [GH-12955]
- core: automatically mark clients with recurring plan rejections as ineligible [GH-13421]
- ๐ณ driver/docker: Eliminate excess Docker registry pulls for the
infra_image
when it already exists locally. [GH-13265] - ๐จ fingerprint: add support for detecting kernel architecture of clients. (attribute:
kernel.arch
) [GH-13182] - ๐ท hcl: added support for using the
filebase64
function in jobspecs [GH-11791] - metrics: emit
nomad.nomad.plan.rejection_tracker.node_score
metric for the number of times a node had a plan rejection within the past time window [GH-13421] - ๐ qemu: add support for guest agent socket [GH-12800]
- ๐ป ui: Namespace filter query paramters are now isolated by route [GH-13679]
๐ BUG FIXES:
- api: Fix listing evaluations with the wildcard namespace and an ACL token [GH-13530]
- โช api: Fixed a bug where Consul token was not respected for job revert API [GH-13065]
- ๐ cli: Fixed a bug in the names of the
node drain
andnode status
sub-commands [GH-13656] - ๐ท cli: Fixed a bug where job validate did not respect vault token or namespace [GH-13070]
- client: Fixed a bug where max_kill_timeout client config was ignored [GH-13626]
- ๐ client: Fixed a bug where network.dns block was not interpolated [GH-12817]
- ๐ cni: Fixed a bug where loopback address was not set for all drivers [GH-13428]
- connect: Added missing ability of setting Connect upstream destination namespace [GH-13125]
- โฑ core: Fixed a bug where an evicted batch job would not be rescheduled [GH-13205]
- ๐ core: Fixed a bug where blocked eval resources were incorrectly computed [GH-13104]
- ๐ core: Fixed a bug where reserved ports on multiple node networks would be treated as a collision.
client.reserved.reserved_ports
is now merged into eachhost_network
's reserved ports instead of being treated as a collision. [GH-13651] - ๐ core: Fixed a bug where the plan applier could deadlock if leader's state lagged behind plan's creation index for more than 5 seconds. [GH-13407]
- ๐ง csi: Fixed a regression where a timeout was introduced that prevented some plugins from running by marking them as unhealthy after 30s by introducing a configurable
health_timeout
field [GH-13340] - โฑ csi: Fixed a scheduler bug where failed feasibility checks would return early and prevent processing additional nodes [GH-13274]
- ๐ณ docker: Fixed a bug where cgroups-v1 parent was being set [GH-13058]
- ๐ lifecycle: fixed a bug where sidecar tasks were not being stopped last [GH-13055]
- state: Fix listing evaluations from all namespaces [GH-13551]
- ๐ท ui: Allow running jobs from a namespace-limited token [GH-13659]
- 0๏ธโฃ ui: Fix a bug that prevented viewing the details of an evaluation in a non-default namespace [GH-13530]
- ๐ป ui: Fixed a bug that prevented the UI task exec functionality to work from behind a reverse proxy. [GH-12925]
- ๐ท ui: Fixed an issue where editing or running a job with a namespace via the UI would throw a 404 on redirect. [GH-13588]
- ๐ท ui: fixed a bug where links to jobs with "@" in their name would mis-identify namespace and 404 [GH-13012]
- โก๏ธ volumes: Fixed a bug where additions, updates, or removals of host volumes or CSI volumes were not treated as destructive updates [GH-13008]
-
v1.3.1 Changes
May 19, 2022๐ SECURITY:
- ๐ท A vulnerability was identified in the go-getter library that Nomad uses for its artifacts such that a specially crafted Nomad jobspec can be used for privilege escalation onto client agent hosts. CVE-2022-30324 [GH-13057]
๐ BUG FIXES:
- ๐ agent: fixed a panic on startup when the
server.protocol_version
config parameter was set [GH-12962]
-
v1.3.0 Changes
May 11, 2022๐ FEATURES:
- Edge compute improvements: Added support for reconnecting healthy allocations when disconnected clients reconnect. [GH-12476]
- Native service discovery: Register and discover services using builtin simple service discovery. [GH-12368]
๐ฅ BREAKING CHANGES:
- โฌ๏ธ agent: The state database on both clients and servers will automatically migrate its underlying database on startup. Downgrading to a previous version of an agent after upgrading it to Nomad 1.3 is not supported. [GH-12107]
- โฌ๏ธ client: The client state store will be automatically migrated to a new schema version when upgrading a client. Downgrading to a previous version of the client after upgrading it to Nomad 1.3 is not supported. To downgrade safely, users should erase the Nomad client's data directory. [GH-12078]
- connect: Consul Service Identity ACL tokens automatically generated for Connect services are now created as Local rather than Global tokens. Nomad clusters with Connect services making cross-Consul ๐ง datacenter requests will need to ensure their Consul agents are configured with anonymous ACL tokens of sufficient node and service read permissions. [GH-8068]
- ๐ connect: The minimum Consul version supported by Nomad's Connect integration is now Consul v1.8.0. [GH-8068]
- ๐ csi: The client filesystem layout for CSI plugins has been updated to correctly handle the lifecycle of multiple allocations serving the same plugin. Running plugin tasks will not be updated after upgrading the client, but it is recommended to redeploy CSI plugin jobs after upgrading the cluster. [GH-12078]
- โฌ๏ธ raft: The default raft protocol version is now 3 so you must follow the Upgrading to Raft Protocol 3 guide when upgrading an existing cluster to Nomad 1.3.0. Downgrading the raft protocol version is not supported. [GH-11572]
๐ SECURITY:
- server: validate mTLS certificate names on agent to agent endpoints [GH-11956]
๐ IMPROVEMENTS:
- agent: Switch from boltdb/bolt to go.etcd.io/bbolt [GH-12107]
- api: Add
related
query parameter to the Evaluation details endpoint [GH-12305] - ๐ท api: Add support for filtering and pagination to the jobs and volumes list endpoint [GH-12186]
- ๐ api: Add support for filtering and pagination to the node list endpoint [GH-12727]
- ๐ api: Add support for filtering, sorting, and pagination to the ACL tokens and allocations list endpoint [GH-12186]
- ๐ท api: Added ParseHCLOpts helper func to ease parsing HCLv1 jobspecs [GH-12777]
- api: CSI secrets for list and delete snapshots are now passed in HTTP headers [GH-12144]
- ๐ api:
AllocFS.Logs
now explicitly closes frames channel after being canceled [GH-12248] - 0๏ธโฃ api: default to using
DefaultPooledTransport
client to support keep-alive by default [GH-12492] - ๐ api: filter values of evaluation and deployment list api endpoints [GH-12034]
- ๐ api: sort return values of evaluation and deployment list api endpoints by creation index [GH-12054]
- ๐ build: make targets now respect GOBIN variable [GH-12077]
- โฌ๏ธ build: upgrade and speedup circleci configuration [GH-11889]
- ๐ท cli: Added -json flag to
nomad job {run,plan,validate}
to support parsing JSON formatted jobs [GH-12591] - cli: Added -os flag to node status to display operating system name [GH-12388]
- cli: Added
nomad operator api
command to ease querying Nomad's HTTP API. [GH-10808] - cli: CSI secrets argument for
volume snapshot list
has been made consistent withvolume snapshot delete
[GH-12144] - cli: Return a redacted value for mount flags in the
volume status
command, instead of<none>
[GH-12150] - cli:
operator debug
command now skips generating pprofs to avoid a panic on Nomad 0.11.2. 0.11.1, and 0.11.0 [GH-12807] - ๐ง cli: add
nomad config validate
command to check configuration files without an agent [GH-9198] - cli: added
-pprof-interval
tonomad operator debug
command [GH-11938] - cli: display the Raft version instead of the Serf protocol in the
nomad server members
command [GH-12317] - cli: rename the
nomad server members
-detailed
flag to-verbose
so it matches other commands [GH-12317] - client: Added
NOMAD_SHORT_ALLOC_ID
allocation env var [GH-12603] - client: Allow interpolation of the network.dns block [GH-12021]
- client: Download up to 3 artifacts concurrently [GH-11531]
- ๐ client: Enable support for cgroups v2 [GH-12274]
- ๐จ client: fingerprint AWS instance life cycle option [GH-12371]
- client: set NOMAD_CPU_CORES environment variable when reserving cpu cores [GH-12496]
- connect: automatically set alloc_id in envoy_stats_tags configuration [GH-12543]
- connect: bootstrap envoy sidecars using -proxy-for [GH-12011]
- consul/connect: write Envoy bootstrapping information to disk for debugging [GH-11975]
- consul: Added implicit Consul constraint for task groups utilising Consul service and check registrations [GH-12602]
- ๐ consul: add go-sockaddr templating support to nomad consul address [GH-12084]
- consul: improve service name validation message to include maximum length requirement [GH-12012]
- ๐ง core: Enable configuring raft boltdb freelist sync behavior [GH-12107]
- ๐ง core: The unused protocol_version agent configuration value has been removed. [GH-11600]
- csi: Add pagination parameters to
volume snapshot list
command [GH-12193] - csi: Added
-secret
and-parameter
flags tovolume snapshot create
command [GH-12360] - ๐ csi: Added support for storage topology [GH-12129]
- ๐ csi: Allow for concurrent plugin allocations [GH-12078]
- โก๏ธ csi: Allow volumes to be re-registered to be updated while not in use [GH-12167]
- ๐ csi: Display plugin capabilities in
nomad plugin status -verbose
output [GH-12116] - csi: Respect the verbose flag in the output of
volume status
[GH-12153] - ๐ csi: Sort allocations in
plugin status
output [GH-12154] - csi: add flag for providing secrets as a set of key/value pairs to delete a volume [GH-11245]
- csi: allow namespace field to be passed in volume spec [GH-12400]
- โก๏ธ deps: Update hashicorp/raft-boltdb to v2.2.0 [GH-12107]
- โก๏ธ deps: Update serf library to v0.9.7 [GH-12130]
- โก๏ธ deps: Updated hashicorp/consul-template to v0.29.0 [GH-12747]
- โก๏ธ deps: Updated hashicorp/raft to v1.3.5 [GH-12079]
- โฌ๏ธ deps: Upgrade kr/pty to creack/pty v1.1.5 [GH-11855]
- ๐ฆ deps: use gorilla package for gzip http handler [GH-11843]
- ๐ drainer: defer draining CSI plugin jobs until system jobs are drained [GH-12324]
- ๐ drivers/raw_exec: Add support for cgroups v2 in raw_exec driver [GH-12419]
- ๐ drivers: removed support for restoring tasks created before Nomad 0.9 [GH-12791]
- ๐จ fingerprint: add support for detecting DigitalOcean environment [GH-12015]
- metrics: Emit metrics regarding raft boltdb operations [GH-12107]
- metrics: emit
nomad.vault.token_last_renewal
andnomad.vault.token_next_renewal
metrics for Vault token renewal information [GH-12435] - ๐ namespaces: Allow adding custom metadata to namespaces. [GH-12138]
- namespaces: Allow enabling/disabling allowed drivers per namespace. [GH-11807]
- 0๏ธโฃ raft: The default raft protocol version is now 3. [GH-11572]
- โฑ scheduler: Seed node shuffling with the evaluation ID to make the order reproducible [GH-12008]
- โฑ scheduler: recover scheduler goroutines on panic [GH-12009]
- server: Transfer Raft leadership in case the Nomad server fails to establish leadership [GH-12293]
- โฌ๏ธ server: store and check previous Raft protocol version to prevent downgrades [GH-12362]
- services: Enable setting arbitrary address on Nomad or Consul service registration [GH-12720]
- โฌ๏ธ template: Upgraded to from consul-template v0.25.2 to v0.28.0 which includes the sprig library of functions and more. [GH-12312]
- ๐ป ui: added visual indicators for disconnected allocations and client nodes [GH-12544]
- ๐ป ui: break long service tags into multiple lines [GH-11995]
- ๐ป ui: change sort-order of evaluations to be reverse-chronological [GH-12847]
- ๐ป ui: make buttons with confirmation more descriptive of their actions [GH-12252]
๐ DEPRECATIONS:
- ๐ Raft protocol version 2 is deprecated and will be removed in Nomad 1.4.0. [GH-11572]
๐ BUG FIXES:
- api: Apply prefix filter when querying CSI volumes in all namespaces [GH-12184]
- cleanup: prevent leaks from time.After [GH-11983]
- ๐ client: Fixed a bug that could prevent a preempting alloc from ever starting. [GH-12779]
- ๐ client: Fixed a bug where clients that retry blocking queries would not reset the correct blocking duration [GH-12593]
- ๐ config: Fixed a bug where the
reservable_cores
setting was not respected [GH-12044] - ๐ท core: Fixed auto-promotion of canaries in jobs with at least one task group without canaries. [GH-11878]
- core: prevent malformed plans from crashing leader [GH-11944]
- ๐ csi: Fixed a bug where
plugin status
commands could choose the incorrect plugin if a plugin with a name that matched the same prefix existed. [GH-12194] - ๐ csi: Fixed a bug where
volume snapshot list
did not correctly filter by plugin IDs. The-plugin
parameter is required. [GH-12197] - โฑ csi: Fixed a bug where allocations with volume claims would fail their first placement after a reschedule [GH-12113]
- โช csi: Fixed a bug where allocations with volume claims would fail to restore after a client restart [GH-12113]
- ๐ csi: Fixed a bug where creating snapshots required a plugin ID instead of falling back to the volume's plugin ID [GH-12195]
- ๐ csi: Fixed a bug where fields were missing from the Read Volume API response [GH-12178]
- ๐ csi: Fixed a bug where garbage collected nodes would block releasing a volume [GH-12350]
- ๐ csi: Fixed a bug where per-alloc volumes used the incorrect ID when querying for
alloc status -verbose
[GH-12573] - โก๏ธ csi: Fixed a bug where plugin configuration updates were not considered destructive [GH-12774]
- ๐ csi: Fixed a bug where plugins would not restart if they failed any time after a client restart [GH-12752]
- ๐ csi: Fixed a bug where plugins written in NodeJS could fail to fingerprint [GH-12359]
- ๐ csi: Fixed a bug where purging a job with a missing plugin would fail [GH-12114]
- ๐ csi: Fixed a bug where single-use access modes were not enforced during validation [GH-12337]
- ๐ csi: Fixed a bug where the maximum number of volume claims was incorrectly enforced when an allocation claims a volume [GH-12112]
- ๐ csi: Fixed a bug where the plugin instance manager would not retry the initial gRPC connection to plugins [GH-12057]
- ๐ csi: Fixed a bug where the plugin supervisor would not restart the task if it failed to connect to the plugin [GH-12057]
- ๐ csi: Fixed a bug where volume snapshot timestamps were always zero values [GH-12352]
- ๐ csi: Fixed bug where accessing plugins was subject to a data race [GH-12553]
- ๐ csi: fixed a bug where
volume detach
,volume deregister
, andvolume status
commands did not accept an exact ID if multiple volumes matched the prefix [GH-12051] - ๐ csi: provide
CSI_ENDPOINT
environment variable to plugin tasks [GH-12050] - ๐ท jobspec: Fixed a bug where connect sidecar resources were ignored when using HCL1 [GH-11927]
- ๐ lifecycle: Fixed a bug where successful poststart tasks were marked as unhealthy [GH-11945]
- ๐ recommendations (Enterprise): Fixed a bug where the recommendations list RPC incorrectly forwarded requests to the authoritative region [GH-12040]
- โก๏ธ scheduler: fixed a bug where in-place updates on ineligible nodes would be ignored [GH-12264]
- server: Write peers.json file with correct permissions [GH-12369]
- ๐ template: Fixed a bug preventing allowing all consul-template functions. [GH-12312]
- 0๏ธโฃ template: Fixed a bug where the default
function_denylist
would be appended to a specified list [GH-12071] - ๐ป ui: Fix the link target for CSI volumes on the task detail page [GH-11896]
- ๐ป ui: Fixed a bug where volumes were being incorrectly linked when per_alloc=true [GH-12713]
- ๐ท ui: fix broken link to task-groups in the Recent Allocations table in the Job Detail overview page. [GH-12765]
- ๐ป ui: fix the unit for the task row memory usage metric [GH-11980]
-
v1.2.15 Changes
November 21, 2022๐ BUG FIXES:
- api: Ensure all request body decode errors return a 400 status code [GH-15252]
- ๐ cleanup: fixed missing timer.Reset for plan queue stat emitter [GH-15134]
- ๐ client: Fixed a bug where tasks would restart without waiting for interval [GH-15215]
- ๐ณ client: fixed a bug where non-
docker
tasks with network isolation would leak network namespaces and iptables rules if the client was restarted while they were running [GH-15214] - ๐ csi: Fixed race condition that can cause a panic when volume is garbage collected [GH-15101]
- ๐ device: Fixed a bug where device plugins would not fingerprint on startup [GH-15125]
- ๐ drivers: Fixed a bug where one goroutine was leaked per task [GH-15180]
- ๐ง drivers: pass missing
propagation_mode
configuration for volume mounts to external plugins [GH-15096] - ๐ event_stream: fixed a bug where dynamic port values would fail to serialize in the event stream [GH-12916]
- ๐จ fingerprint: Ensure Nomad can correctly fingerprint Consul gRPC where the Consul agent is running v1.14.0 or greater [GH-15309]
-
v1.2.14 Changes
October 26, 2022 -
v1.2.13 Changes
October 04, 2022๐ SECURITY:
- client: recover from panics caused by artifact download to prevent the Nomad client from crashing [GH-14696]
๐ BUG FIXES:
- ๐ api: Fixed a bug where the List Volume API did not include the
ControllerRequired
andResourceExhausted
fields. [GH-14484] - ๐ client: Fixed bug where clients could attempt to connect to servers with invalid addresses retrieved from Consul. [GH-14431]
- ๐ csi: Fixed a bug where a volume that was successfully unmounted by the client but then failed controller unpublishing would not be marked free until garbage collection ran. [GH-14675]
- ๐ csi: Fixed a bug where the server would not send controller unpublish for a failed allocation. [GH-14484]
- ๐ csi: Fixed a bug where volume claims on lost or garbage collected nodes could not be freed [GH-14720]
- ๐ csi: Fixed a data race in the volume unpublish endpoint that could result in claims being incorrectly marked as freed before being persisted to raft. [GH-14484]
- ๐ง jobspec: Fixed a bug where an
artifact
withheaders
configuration would fail to parse when using HCLv1 [GH-14637] - โฑ metrics: Update client
node_scheduling_eligibility
value with server heartbeats. [GH-14483] - โก๏ธ quotas (Enterprise): Fixed a server crashing panic when updating and checking a quota concurrently.
- ๐ท rpc: check for spec changes in all regions when registering multiregion jobs [GH-14519]
-
v1.2.12 Changes
August 31, 2022 -
v1.2.11 Changes
August 25, 2022๐ IMPROVEMENTS:
- โก๏ธ build: update to go1.19 [GH-14132]
๐ BUG FIXES:
- api: cleanup whitespace from failed api response body [GH-14145]
- ๐ client/logmon: fixed a bug where logmon cannot find nomad executable [GH-14297]
- ๐ client: Fixed a bug where user lookups would hang or panic [GH-14248]
- ๐ป ui: Fixed a bug that caused the allocation details page to display the stats bar chart even if the task was pending. [GH-14224]
- ๐ง vault: Fixed a bug where Vault clients were recreated when the server configuration was reloaded, even if there were no changes to the Vault configuration. [GH-14298]
- ๐ง vault: Fixed a bug where changing the Vault configuration
namespace
field was not detected as a change during server configuration reload. [GH-14298]
-
v1.2.10 Changes
August 05, 2022๐ BUG FIXES:
- ๐ acl: Fixed a bug where the timestamp for expiring one-time tokens was not deterministic between servers [GH-13737]
- โก๏ธ build: Update go toolchain to 1.18.5 [GH-13956]
- ๐ deployments: Fixed a bug that prevented auto-approval if canaries were marked as unhealthy during deployment [GH-14001]
- ๐ metrics: Fixed a bug where blocked evals with no class produced no dc:class scope metrics [GH-13786]
- ๐ namespaces: Fixed a bug that allowed deleting a namespace that contained a CSI volume [GH-13880]
- โช qemu: restore the monitor socket path when restoring a QEMU task. [GH-14000]
-
v1.2.9 Changes
July 13, 2022๐ BUG FIXES:
- api: Fix listing evaluations with the wildcard namespace and an ACL token [GH-13552]
- โช api: Fixed a bug where Consul token was not respected for job revert API [GH-13065]
- ๐ cli: Fixed a bug in the names of the
node drain
andnode status
sub-commands [GH-13656] - client: Fixed a bug where max_kill_timeout client config was ignored [GH-13626]
- ๐ client: Fixed a bug where network.dns block was not interpolated [GH-12817]
- ๐ cni: Fixed a bug where loopback address was not set for all drivers [GH-13428]
- connect: Added missing ability of setting Connect upstream destination namespace [GH-13125]
- โฑ core: Fixed a bug where an evicted batch job would not be rescheduled [GH-13205]
- ๐ core: Fixed a bug where blocked eval resources were incorrectly computed [GH-13104]
- ๐ core: Fixed a bug where reserved ports on multiple node networks would be treated as a collision.
client.reserved.reserved_ports
is now merged into eachhost_network
's reserved ports instead of being treated as a collision. [GH-13651] - ๐ core: Fixed a bug where the plan applier could deadlock if leader's state lagged behind plan's creation index for more than 5 seconds. [GH-13407]
- ๐ง csi: Fixed a regression where a timeout was introduced that prevented some plugins from running by marking them as unhealthy after 30s by introducing a configurable
health_timeout
field [GH-13340] - โฑ csi: Fixed a scheduler bug where failed feasibility checks would return early and prevent processing additional nodes [GH-13274]
- ๐ lifecycle: fixed a bug where sidecar tasks were not being stopped last [GH-13055]
- state: Fix listing evaluations from all namespaces [GH-13551]
- ๐ท ui: Allow running jobs from a namespace-limited token [GH-13659]
- ๐ป ui: Fixed a bug that prevented the UI task exec functionality to work from behind a reverse proxy. [GH-12925]
- โก๏ธ volumes: Fixed a bug where additions, updates, or removals of host volumes or CSI volumes were not treated as destructive updates [GH-13008]