Nomad v0.9.2 Release Notes
Release Date: 2019-06-05 // almost 5 years ago-
🔒 SECURITY:
- driver/exec: Fix privilege escalation issue introduced in Nomad 0.9.0. In
Nomad 0.9.0 and 0.9.1, exec tasks by default run as
nobody
but with elevated capabilities, allowing tasks to perform privileged linux operations and potentially escalate permissions. (CVE-2019-12618) [GH-5728]
BACKWARDS INCOMPATIBILITIES:
- api: The
api
package removedConfig.SetTimeout
andConfig.ConfigureTLS
functions, intended to be used internally only. [GH-5275] - api: The job deployments endpoint
now filters out deployments associated with older instances of the job. This can happen if jobs are
purged and recreated with the same id. To get all deployments irrespective of creation time, add
all=true
. Thenomad job deployment
CLI also defaults to doing this filtering. [GH-5702] - client: The format of service IDs in Consul has changed. If you rely upon Nomad's service IDs (not service names; those are stable), you will need to update your code. [GH-5536]
- client: The format of check IDs in Consul has changed. If you rely upon Nomad's check IDs you will need to update your code. [GH-5536]
- client: On startup a client will reattach to running tasks as before but will not restart exited tasks. Exited tasks will be restarted only after the client has reestablished communication with servers. System jobs will always be restarted. [GH-5669]
🔋 FEATURES:
- core: Add
nomad alloc stop
command to reschedule allocs [GH-5512] - core: Add
nomad alloc signal
command to signal allocs and tasks [GH-5515] - core: Add
nomad alloc restart
command to restart allocs and tasks [GH-5502] - code: Add
nomad alloc exec
command for debugging and running commands in an alloc [GH-5632] - core/enterprise: Preemption capabilities for batch and service jobs
- ui: Preemption reporting everywhere where allocations are shown and as part of the plan step of job submit [GH-5594]
- ui: Ability to search clients list by class, status, datacenter, or eligibility flags [GH-5318]
- ui: Ability to search jobs list by type, status, datacenter, or prefix [GH-5236]
- ui: Ability to stop and restart allocations [GH-5734]
- ui: Ability to restart tasks [GH-5734]
- vault: Add initial support for Vault namespaces [GH-5520]
👌 IMPROVEMENTS:
- core: Add
-verbose
flag tonomad status
wrapper command [GH-5516] - core: Add ability to filter job deployments by most recent version of job [GH-5702]
- core: Add node name to output of
nomad node status
command in verbose mode [GH-5224] - core: Reduce the size of the raft transaction for plans by only sending fields updated by the plan applier [GH-5602]
- core: Add job update
auto_promote
flag, which causes deployments to promote themselves when all canaries become healthy [GH-5719] - api: Support configuring
http.Client
used by golangapi
package [GH-5275] - api: Add preemption related fields to API results that return an allocation list. [GH-5580]
- api: Add additional config options to scheduler configuration endpoint to disable preemption [GH-5628]
- cli: Add acl token list command [GH-5557]
- client: Reduce unnecessary lost nodes on server failure [GH-5654]
- client: Canary Promotion no longer causes services registered in Consul to become unhealthy [GH-4566]
- client: Allow use of maintenance mode and externally registered checks against Nomad-registered consul services [GH-4537]
- driver/exec: Fixed an issue causing large memory consumption for light processes [GH-5437]
- telemetry: Add
client.allocs.memory.allocated
metric to expose allocated task memory in bytes. [GH-5492] - ui: Colored log support [GH-5620]
- ui: Upgraded from Ember 2.18 to 3.4 [GH-5544]
- ui: Replace XHR cancellation by URL with XHR cancellation by token [GH-5721]
🐛 BUG FIXES:
- core: Fixed accounting of allocated resources in metrics. [GH-5637]
- core: Fixed disaster recovering with raft 3 protocol peers.json [GH-5629], [GH-5651]
- core: Fixed a panic that may occur when preempting service jobs [GH-5545]
- core: Fixed an edge case that caused division by zero when computing spread score [GH-5713]
- core: Change configuration parsing to use the HCL library's decode, improving JSON support [GH-1290]
- core: Fix a case where non-leader servers would have an ever growing number of waiting evaluations [GH-5699]
- cli: Fix output and exit status for system jobs with constraints [GH-2381] and [GH-5169]
- client: Fix network fingerprinting to honor manual configuration [GH-2619]
- client: Job validation now checks that the datacenter field does not contain empty strings [GH-5665]
- client: Fix network port mapping related environment variables when running with Nomad 0.8 servers [GH-5587]
- client: Fix issue with terminal state deployments being modified when allocation subsequently fails [GH-5645]
- driver/docker: Fix regression around image GC [GH-5768]
- metrics: Fixed stale metrics [GH-5540]
- vault: Fix renewal time to be 1/2 lease duration with jitter [GH-5479]
- driver/exec: Fix privilege escalation issue introduced in Nomad 0.9.0. In
Nomad 0.9.0 and 0.9.1, exec tasks by default run as