Nomad v1.1.4 Release Notes

Release Date: 2021-08-26 // 2 months ago
  • 🔒 SECURITY:

    • Restricted access to the Raft RPC layer, so only servers within the region can issue Raft RPC requests. Previously, local clients and federated servers can issue Raft RPC requests directly. CVE-2021-37218 [GH-11084]

    👌 IMPROVEMENTS:

    • ⚡️ build: Updated to Go 1.16.7 [GH-11083]
    • client: Speed up client startup time [GH-11005]
    • 🌲 consul/connect: Reduced the noise of log messages emitted for connect native tasks [GH-10951]
    • csi: add flag for providing secrets as a set of key/value pairs to list snapshots [GH-10848]
    • ⚡️ deps: Updated x/sys to 20210818153620-00dd8d7831e7 [GH-11065]
    • ⏱ scheduler: Re-evaluate nodes for system jobs after attributes changes [GH-11007]
    • 👷 ui: Add header separator between a child job priority and its parent [GH-11020]

    🐛 BUG FIXES:

    • 👷 core: Fixed a bug where system jobs with non-unique IDs may not be placed on new nodes [GH-11054]
    • 🌲 agent: Don't timestamp active log file. [GH-11070]
    • 🚀 deployments: Fixed a bug where multi-group deployments don't get auto-promoted when one group has no canaries. [GH-11013]
    • 🐳 driver/docker: Fixed a bug in the authentication config where not all fields were set [GH-10929]
    • ⚡️ server: Fixed a bug where planning job update reports spurious in-place updates even if the update includes no changes [GH-10990]
    • 💻 ui: Add ability to search across all namespaces [GH-10666]
    • 👷 ui: Fixed a bug where the "Dispatch Job" button was displayed for non-parameterized jobs [GH-11019]
    • 👷 ui: Fixed a bug where the job dispatch form is not displayed when the job doesn't have meta fields [GH-10934]

Previous changes from v1.1.3

  • BACKWARDS INCOMPATIBILITIES:

    • 👷 api: The Job Run and Plan APIs now use the ?namespace= query parameter before the namespace from the job. This matches region's behavior. Users of api.Client should ensure their Config.Namespace is unset if they want to use the namespace in the job. [GH-10875]

    👌 IMPROVEMENTS:

    • 👷 api: Added NewSystemJob helper function to create base system job object. [GH-10861]
    • 🔧 audit (Enterprise): allow configuring file mode for audit logs [GH-10916]
    • 🏗 build: no longer use vendor directory [GH-10898]
    • 🚦 cli: Added a -task flag to alloc restart and alloc signal for consistent UX with alloc exec and alloc logs [GH-10859]
    • 👷 cli: Support recent job spec construct in the HCLv1 parser [GH-10931]
    • consul/connect: automatically set CONSUL_TLS_SERVER_NAME for connect native tasks [GH-10804]
    • 👷 dispatch jobs: Added optional idempotency token to WriteOptions which prevents Nomad from creating new dispatched jobs for retried requests. [GH-10806]
    • 👷 ui: Added new screen to dispatch a parameterized batch job [GH-10675]
    • 💻 ui: Handle ACL token when running behind a reverse proxy [GH-10563]

    🐛 BUG FIXES:

    • ⏪ api: Reverted to using http/1 to fix a 1.1.2 regression in alloc exec sessions [GH-10958]
    • 👷 cli: Fixed a bug where -namespace flag was not respected for job run and job plan commands. [GH-10875]
    • 🚀 cli: Fixed a panic when deployment monitor is invoked in some CI environments [GH-10926]
    • 🛠 cli: Fixed system commands, so they correctly use passed flags [GH-10822]
    • 🚦 cli: Fixed the help message for the nomad alloc signal command [GH-10917]
    • 🛠 client: Fixed a bug where a restarted client may start an already completed tasks in rare conditions [GH-10907]
    • 🛠 client: Fixed bug where meta blocks were not interpolated with task environment [GH-10876]
    • cni: Fixed a bug where fingerprinting of CNI configuration failed with default cni_config_dir and cni_path [GH-10870]
    • 🔀 consul/connect: Avoid assumption of parent service when syncing connect proxies [GH-10872]
    • 🛠 consul/connect: Fixed a bug causing high CPU with multiple connect sidecars in one group [GH-10883]
    • 🛠 consul/connect: Fixed a bug where service deregistered before connect sidecar [GH-10873]
    • 🛠 consul: Fixed a bug where services may incorrectly fail conflicting name validation [GH-10868]
    • 🔀 consul: avoid extra sync operations when no action required [GH-10865]
    • 🚚 consul: remove ineffective edge case handling on service deregistration [GH-10842]
    • 🛠 core: Fixed a bug where affinity memoization may cause planning problems [GH-10897]
    • 👷 core: Fixed a bug where internalized constraint strings broke job plan [GH-10896]
    • ⬆️ core: Fixed a panic that may arise when upgrading pre-1.1.0 cluster to 1.1.x and may cause cluster outage [GH-10952]
    • 🛠 csi: Fixed a bug where volume secrets were not used for creating snapshots. [GH-10840]
    • 🛠 csi: fixed a CLI panic when formatting volume status with -verbose flag [GH-10818]
    • ⚡️ deps: Update hashicorp/consul-template to v0.25.2 to fix panic reading Vault secrets [GH-10892]
    • 🐳 driver/docker: Moved the generated /etc/hosts file's mount source to the allocation directory so that it can be shared between tasks of an allocation. [GH-10823]
    • 🛠 drivers: Fixed bug where Nomad incorrectly reported tasks as recovered successfully even when they were not. [GH-10849]
    • ⚡️ scheduler: Fixed a bug where updates to the datacenters field were not destructive. [GH-10864]
    • 💻 ui: Fixes bug where UI was not detecting namespace-specific capabilities. [GH-10893]
    • volumes: Fix a bug where the HTTP server would crash if a volume_mount block was empty [GH-10855]