Nomad v1.4.3 Release Notes

Release Date: 2022-11-21 // 3 months ago
  • ๐Ÿ‘Œ IMPROVEMENTS:

    • api: Added an API for counting evaluations that match a filter [GH-15147]
    • ๐ŸŽ cli: Improved performance of eval delete with large filter sets [GH-15117]
    • ๐ŸŒฒ consul: add trace logging around service registrations [GH-6115]
    • โšก๏ธ deps: Updated github.com/aws/aws-sdk-go from 1.44.84 to 1.44.126 [GH-15081]
    • โšก๏ธ deps: Updated github.com/docker/cli from 20.10.18+incompatible to 20.10.21+incompatible [GH-15078]
    • exec: Allow running commands from mounted host volumes [GH-14851]
    • โฑ scheduler: when multiple evaluations are pending for the same job, evaluate the latest and cancel the intermediaries on success [GH-14621]
    • server: Add a git revision tag to the serf tags gossiped between servers. [GH-9159]
    • template: Expose per-template configuration for error_on_missing_key. This allows jobspec authors to specify that a 0๏ธโƒฃ template should fail if it references a struct or map key that does not exist. The default value is false and should be fully backward compatible. [GH-14002]
    • ๐Ÿ‘ท ui: Adds a "Pack" tag and logo on the jobs list index when appropriate [GH-14833]
    • โšก๏ธ ui: add consul connect service upstream and on-update info to the service sidebar [GH-15324]
    • ๐Ÿ’ป ui: allow users to upload files by click or drag in the web ui [GH-14747]

    ๐Ÿ› BUG FIXES:

    • api: Ensure all request body decode errors return a 400 status code [GH-15252]
    • ๐Ÿ›  autopilot: Fixed a bug where autopilot would try to fetch raft stats from other regions [GH-15290]
    • ๐Ÿ›  cleanup: fixed missing timer.Reset for plan queue stat emitter [GH-15134]
    • ๐Ÿ›  client: Fixed a bug where tasks would restart without waiting for interval [GH-15215]
    • ๐Ÿณ client: fixed a bug where non-docker tasks with network isolation would leak network namespaces and iptables rules if the client was restarted while they were running [GH-15214]
    • client: prevent allocations from failing on client reconnect by retrying RPC requests when no servers are available yet [GH-15140]
    • ๐Ÿ›  csi: Fixed race condition that can cause a panic when volume is garbage collected [GH-15101]
    • ๐Ÿ”Œ device: Fixed a bug where device plugins would not fingerprint on startup [GH-15125]
    • ๐Ÿ›  drivers: Fixed a bug where one goroutine was leaked per task [GH-15180]
    • ๐Ÿ”ง drivers: pass missing propagation_mode configuration for volume mounts to external plugins [GH-15096]
    • ๐Ÿ›  event_stream: fixed a bug where dynamic port values would fail to serialize in the event stream [GH-12916]
    • ๐Ÿ–จ fingerprint: Ensure Nomad can correctly fingerprint Consul gRPC where the Consul agent is running v1.14.0 or greater [GH-15309]
    • ๐Ÿ›  keyring: Fixed a bug where a missing key would prevent any further replication. [GH-15092]
    • โช keyring: Fixed a bug where replication would stop after snapshot restores [GH-15227]
    • keyring: Re-enabled keyring garbage collection after fixing a bug where keys would be garbage collected even if they were used to sign a live allocation's workload identity. [GH-15092]
    • โšก๏ธ scheduler: Fixed a bug that prevented disconnected allocations to be updated after they reconnect. [GH-15068]
    • โฑ scheduler: Prevent unnecessary placements when disconnected allocations reconnect. [GH-15068]
    • ๐Ÿ›  template: Fixed a bug where template could cause agent panic on startup [GH-15192]
    • ๐Ÿ‘ท ui: Fixed a bug where the task log sidebar would close and re-open if the parent job state changed [GH-15146]
    • ๐Ÿ›  variables: Fixed a bug where a long-running rekey could hit the nack timeout [GH-15102]
    • โฌ†๏ธ wi: Fixed a bug where clients running pre-1.4.0 allocations would erase the token used to query service registrations after upgrade [GH-15121]

Previous changes from v1.4.2

  • ๐Ÿ”’ SECURITY:

    • ๐Ÿ›  event stream: Fixed a bug where ACL token expiration was not checked when emitting events [GH-15013]
    • ๐Ÿ“‡ variables: Fixed a bug where non-sensitive variable metadata (paths and raft indexes) was exposed via the template nomadVarList function to other jobs in the same namespace. [GH-15012]

    ๐Ÿ‘Œ IMPROVEMENTS:

    • ๐Ÿ‘ท cli: Added -id-prefix-template option to nomad job dispatch [GH-14631]
    • cli: add nomad fmt to the CLI [GH-14779]
    • โšก๏ธ deps: update go-memdb for goroutine leak fix [GH-14983]
    • ๐Ÿณ docker: improve memory usage for docker_logger [GH-14875]
    • event stream: Added ACL role topic with create and delete types [GH-14923]
    • โฑ scheduler: Allow jobs not requiring network resources even when no network is fingerprinted [GH-14300]
    • ๐Ÿ’ป ui: adds searching and filtering to the topology page [GH-14913]

    ๐Ÿ› BUG FIXES:

    • acl: Callers should be able to read policies linked via roles to the token used [GH-14982]
    • acl: Ensure all federated servers meet v.1.4.0 minimum before ACL roles can be written [GH-14908]
    • ๐Ÿ›  acl: Fixed a bug where Nomad version checking for one-time tokens was enforced across regions [GH-14912]
    • cli: prevent a panic when the Nomad API returns an error while collecting a debug bundle [GH-14992]
    • client: Check ACL token expiry when resolving token within ACL cache [GH-14922]
    • ๐Ÿ›  client: Fixed a bug where Nomad could not detect cores on recent RHEL systems [GH-15027]
    • ๐Ÿ”ง client: Fixed a bug where network fingerprinters were not reloaded when the client configuration was reloaded with SIGHUP [GH-14615]
    • client: Resolve ACL roles within client ACL cache [GH-14922]
    • ๐Ÿ›  consul: Fixed a bug where services continuously re-registered [GH-14917]
    • consul: atomically register checks on initial service registration [GH-14944]
    • โšก๏ธ deps: Update hashicorp/consul-template to 90370e07bf621811826b803fb633dadbfb4cf287; fixes template rerendering issues when only user or group set [GH-15045]
    • โšก๏ธ deps: Update hashicorp/raft to v1.3.11; fixes unstable leadership on server removal [GH-15021]
    • event stream: Check ACL token expiry when resolving tokens [GH-14923]
    • event stream: Resolve ACL roles within ACL tokens [GH-14923]
    • ๐Ÿ›  keyring: Fixed a bug where nomad system gc forced a root keyring rotation. [GH-15009]
    • ๐Ÿ›  keyring: Fixed a bug where if a key is rotated immediately following a leader election, plans that are in-flight may get signed before the new leader has the key. Allow for a short timeout-and-retry to avoid rejecting plans. [GH-14987]
    • โฌ†๏ธ keyring: Fixed a bug where keyring initialization is blocked by un-upgraded federated regions [GH-14901]
    • ๐Ÿ”ง keyring: Fixed a bug where root keyring garbage collection configuration values were not respected. [GH-15009]
    • ๐Ÿ›  keyring: Fixed a bug where root keyring initialization could occur before the raft FSM on the leader was verified to be up-to-date. [GH-14987]
    • ๐Ÿ›  keyring: Fixed a bug where root keyring replication could make incorrectly stale queries and exit early if those queries did not return the expected key. [GH-14987]
    • ๐Ÿ›  keyring: Fixed a bug where the root keyring replicator's rate limiting would be skipped if the keyring replication exceeded the burst rate. [GH-14987]
    • ๐Ÿšš keyring: Removed root key garbage collection to avoid orphaned workload identities [GH-15034]
    • nomad native service discovery: Ensure all local servers meet v.1.3.0 minimum before service registrations can be written [GH-14924]
    • โฑ scheduler: Fixed a bug where version checking for disconnected clients handling was enforced across regions [GH-14912]
    • ๐Ÿ‘ท servicedisco: Fixed a bug where job using checks could land on incompatible client [GH-14868]
    • ๐Ÿ”ง services: Fixed a regression where check task validation stopped allowing some configurations [GH-14864]
    • โšก๏ธ ui: Fixed line charts to update x-axis (time) where relevant [GH-14814]
    • ๐Ÿ’ป ui: Fixes an issue where service tags would bleed past the edge of the screen [GH-14832]
    • ๐Ÿ›  variables: Fixed a bug where Nomad version checking was not enforced for writing to variables [GH-14912]
    • ๐Ÿ›  variables: Fixed a bug where getting empty results from listing variables resulted in a permission denied error. [GH-15012]