Skip to content

Releases: hashicorp/nomad

v0.10.4-rc1

12 Feb 23:44
@nickethier nickethier
v0.10.4-rc1
650d53f
Compare
Choose a tag to compare
v0.10.4-rc1 Pre-release
Pre-release

FEATURES:

  • api: Nomad now supports ability to remotely request /debug/pprof endpoints from a remote agent. [GH-6841]
  • consul/connect: Nomad may now register Consul Connect services when Consul is configured with ACLs enabled [GH-6701]
  • jobspec: Add shutdown_delay to task groups so task groups can delay shutdown after deregistering from Consul [GH-6746]

IMPROVEMENTS:

  • Our Windows 32-bit and 64-bit executables for this version and up will be signed with a HashiCorp cert. Windows users will no longer see a warning about an "unknown publisher" when running our software.
  • build: Updated to Go 1.12.16 [GH-7009]
  • cli: Included namespace in output when querying job status [GH-6912]
  • cli: Added option to change the name of the file created by the nomad init command [GH-6520]
  • client: Supported AWS EC2 Instance Metadata Service Version 2 (IMDSv2) [GH-6779]
  • consul: Add support for service canary_meta [GH-6690]
  • driver/docker: Added a disable_log_collection parameter to disable nomad log collection [GH-6820]
  • server: Introduced a default_scheduler_config config parameter to seed initial preemption configuration. [GH-6935]
  • scheduler: Removed penalty for allocation's previous node if the allocation did not fail. [GH-6781]
  • scheduler: Reduced logging verbosity during preemption [GH-6849]
  • ui: Updated Run Job button to be conditionally enabled according to ACLs [GH-5944]

BUG FIXES:

  • agent: Fixed a panic when using nomad monitor on a client node [GH-7053]
  • agent: Fixed race condition in logging when using nomad monitor command [GH-6872]
  • agent: Fixed a bug where nomad monitor -server-id only work for a server's name instead of uuid or name [GH-7015]
  • core: Addressed an inconsistency where allocations created prior to 0.9 had missing fields [GH-6922]
  • cli: Fixed a bug where error messages appeared interleaved with help text inconsistently [GH-6865]
  • cli: Fixed a bug where nomad monitor -node-id would cause a cli panic when no nodes where found [GH-6828]
  • config: Fixed a bug where agent startup would fail if the consul.timeout configuration was set [GH-6907]
  • consul: Fixed a bug where script-based health checks would fail if the service configuration included interpolation [GH-6916]
  • consul/connect: Fixed a bug where Connect-enabled jobs failed to validate when service names used interpolation [GH-6855]
  • drivers: Fixed a bug where exec, java, and raw_exec drivers collected and emited stats every second regardless of the telemetry config [GH-7043]
  • driver/exec: Fixed a bug where systemd cgroup wasn't removed upon a task completion [GH-6839]
  • server: Fixed a deadlock that may occur when server leadership flaps very quickly [GH-6977]
  • scheduler: Fixed a bug that caused evicted allocs on a lost node to be stuck in running [GH-6902]
  • scheduler: Fixed a bug where nomad job plan/apply returned errors instead of ignoring system job updates for ineligible nodes. [GH-6996]

SECURITY:

  • client: Nomad will no longer pass through the CONSUL_HTTP_TOKEN environment variable when launching a task. [GH-7131]
Loading

v0.10.3

30 Jan 18:50
@schmichael schmichael
v0.10.3
74e08d5
Compare
Choose a tag to compare
v0.10.3

SECURITY:

  • agent: Added unauthenticated connection timeouts and limits to prevent resource exhaustion. CVE-2020-7218 [GH-7002]
  • server: Fixed insufficient validation for role and region for RPC connections when TLS enabled. CVE-2020-7956 [GH-7003]

IMPROVEMENTS:

  • build: Updated to Go 1.12.16
Loading

v0.10.2

04 Dec 22:51
@schmichael schmichael
v0.10.2
40edb4d
Compare
Choose a tag to compare
v0.10.2

FEATURES:

  • Nomad Monitor: New nomad monitor command allows remotely following
    the logs of any Nomad Agent (clients or servers). See
    https://nomadproject.io/docs/commands/monitor.html
  • Docker Container Cleanup: Nomad will now automatically remove Docker
    containers for tasks leaked due to Nomad or Docker crashes or bugs.

IMPROVEMENTS:

  • agent: Added support for running under Windows Service Manager [GH-6220]
  • api: Added StartedAt field to Node.DrainStrategy [GH-6698]
  • api: Added JSON representation of rules to policy endpoint response [GH-6017]
  • api: Update policy endpoint to permit anonymous access [GH-6021]
  • build: Updated to Go 1.12.13 [GH-6606]
  • cli: Show full ID in node and alloc individual status views [GH-6425]
  • client: Enable setting tags on Consul Connect sidecar service [GH-6448]
  • client: Added support for downloading artifacts from Google Cloud Storage [GH-6692]
  • command: Added -tls-server-name flag [GH-6370]
  • command: Added nomad monitor command to stream logs at a specified level for debugging [GH-6499]
  • quota: Added support for network bandwidth quota limits in Nomad enterprise

BUG FIXES:

  • core: Ignore server config values if server is disabled [GH-6047]
  • core: Added semver constraint for strict Semver 2.0 version comparisons [GH-6699]
  • core: Fixed server panic caused by a plan evicting and preempting allocs on a node [GH-6792]
  • api: Return a 404 if endpoint not found instead of redirecting to /ui/ [GH-6658]
  • api: Decompress web socket response body if gzipped on error responses [GH-6650]
  • api: Fixed a bug where some FS/Allocation API endpoints didn't return error messages [GH-6427]
  • api: Return 40X status code for failing ACL requests, rather than 500 [GH-6421]
  • cli: Made scoring column orders consistent nomad alloc status [GH-6609]
  • cli: Fixed a bug where nomad alloc exec fails if stdout is being redirected and not a TTY [GH-6684]
  • cli: Fixed a bug where a cli user may fail to query FS/Allocation API endpoints if they lack node:read capability [GH-6423]
  • client: client: Return empty values when host stats fail [GH-6349]
  • client: Fixed a bug where a client may not restart dead internal processes upon client's restart on Windows [GH-6426]
  • drivers: Fixed a bug where client may panic if a restored task failed to shutdown cleanly [GH-6763]
  • driver/exec: Fixed a bug where exec tasks can spawn processes that live beyond task lifecycle [GH-6722]
  • driver/docker: Added mechanism for detecting running unexpectedly running docker containers [GH-6325]
  • nomad: Fixed registering multiple connect enabled services in the same task group [GH-6646]
  • scheduler: Changes to devices in resource stanza should cause rescheduling [GH-6644]
  • scheduler: Fixed a bug that allowed inplace updates after affinity or spread were changed [GH-6703]
  • vault: Allow overriding implicit Vault version constraint [GH-6687]
  • vault: Supported Vault auth role's new fields, token_period and token_explicit_max_ttl [GH-6574], [GH-6580]
Loading

v0.9.7

04 Dec 23:09
@schmichael schmichael
v0.9.7
73fbde8
Compare
Choose a tag to compare
v0.9.7

BUG FIXES:

  • core: Fixed server panic caused by a plan evicting and preempting allocs on a node [GH-6792]
Loading

v0.10.2-rc1

22 Nov 20:13
@schmichael schmichael
v0.10.2-rc1
b836271
Compare
Choose a tag to compare
v0.10.2-rc1 Pre-release
Pre-release

0.10.2 (November 22, 2019)

FEATURES:

  • Nomad Monitor: New nomad monitor command allows remotely following
    the logs of any Nomad Agent (clients or servers). See
    https://nomadproject.io/docs/commands/monitor.html
  • Docker Container Cleanup: Nomad will now automatically remove Docker
    containers for tasks leaked due to Nomad or Docker crashes or bugs.

IMPROVEMENTS:

  • agent: Added support for running under Windows Service Manager [GH-6220]
  • api: Added StartedAt field to Node.DrainStrategy [GH-6698]
  • api: Added JSON representation of rules to policy endpoint response [GH-6017]
  • api: Update policy endpoint to permit anonymous access [GH-6021]
  • build: Updated to Go 1.12.13 [GH-6606]
  • cli: Show full ID in node and alloc individual status views [GH-6425]
  • client: Enable setting tags on Consul Connect sidecar service [GH-6448]
  • client: Added support for downloading artifacts from Google Cloud Storage [GH-6692]
  • command: Added -tls-server-name flag [GH-6370]
  • command: Added nomad monitor command to stream logs at a specified level for debugging [GH-6499]
  • quota: Added support for network bandwidth quota limits in Nomad enterprise

BUG FIXES:

  • core: Ignore server config values if server is disabled [GH-6047]
  • core: Added semver constraint for strict Semver 2.0 version comparisons [GH-6699]
  • api: Return a 404 if endpoint not found instead of redirecting to /ui/ [GH-6658]
  • api: Decompress web socket response body if gzipped on error responses [GH-6650]
  • api: Fixed a bug where some FS/Allocation API endpoints didn't return error messages [GH-6427]
  • api: Return 40X status code for failing ACL requests, rather than 500 [GH-6421]
  • cli: Made scoring column orders consistent nomad alloc status [GH-6609]
  • cli: Fixed a bug where nomad alloc exec fails if stdout is being redirected and not a TTY [GH-6684]
  • cli: Fixed a bug where a cli user may fail to query FS/Allocation API endpoints if they lack node:read capability [GH-6423]
  • client: client: Return empty values when host stats fail [GH-6349]
  • client: Fixed a bug where a client may not restart dead internal processes upon client's restart on Windows [GH-6426]
  • drivers: Fixed a bug where client may panic if a restored task failed to shutdown cleanly [GH-6763]
  • driver/exec: Fixed a bug where exec tasks can spawn processes that live beyond task lifecycle [GH-6722]
  • driver/docker: Added mechanism for detecting running unexpectedly running docker containers [GH-6325]
  • nomad: Fixed registering multiple connect enabled services in the same task group [GH-6646]
  • scheduler: Changes to devices in resource stanza should cause rescheduling [GH-6644]
  • scheduler: Fixed a bug that allowed inplace updates after affinity or spread were changed [GH-6703]
  • vault: Allow overriding implicit Vault version constraint [GH-6687]
  • vault: Supported Vault auth role's new fields, token_period and token_explicit_max_ttl [GH-6574], [GH-6580]
Loading

v0.10.1

04 Nov 20:06
@schmichael schmichael
v0.10.1
8aab33b
Compare
Choose a tag to compare
v0.10.1

BUG FIXES:

  • core: Fixed server panic when upgrading from 0.8 -> 0.10 and performing an
    inplace update of an allocation. [GH-6541]
  • api: Fixed panic when submitting Connect-enabled job without using a bridge
    network [GH-6575]
  • client: Fixed client panic when upgrading from 0.8 -> 0.10 and performing an
    inplace update of an allocation. [GH-6605]
Loading

v0.10.0

22 Oct 16:57
@schmichael schmichael
v0.10.0
6a8b80b
Compare
Choose a tag to compare
v0.10.0

FEATURES:

  • Consul Connect: Nomad may now register Consul Connect services and
    manages an Envoy proxy sidecar to provide secured service-to-service
    communication.
  • Network Namespaces: Task Groups may now define a shared network
    namespace. Each allocation will receive its own network namespace and
    loopback interface. Ports may be forwarded from the host into the network
    namespace.
  • Host Volumes: Nomad expanded support of stateful workloads through locally mounted storage volumes.
  • UI Allocation File Explorer: Nomad UI enhanced operability with a visual file system explorer for allocations.

IMPROVEMENTS:

  • core: Added rolling deployments for service jobs by default and max_parallel=0 disables deployments [GH-6191]
  • agent: Allowed the job GC interval to be configured [GH-5978]
  • agent: Added log_level to be reloaded on SIGHUP [GH-5996]
  • api: Added follow parameter to file streaming endpoint to support older browsers [GH-6049]
  • client: Upgraded go-getter to support GCP links [GH-6215]
  • client: Remove consul service stanza from job init --short jobspec [GH-6179]
  • drivers: Exposed namespace as NOMAD_NAMESPACE environment variable in running tasks [GH-6192]
  • metrics: Added job status (pending, running, dead) metrics [GH-6003]
  • metrics: Added status and scheduling ability to client metrics [GH-6130]
  • server: Added an option to configure job GC interval [GH-5978]
  • ui: Added allocation filesystem explorer [GH-5871]
  • ui: Added creation time to evaluations table [GH-6050]

BUG FIXES:

  • cli: Fixed nomad run ... on Windows so it works with unprivileged accounts [GH-6009]
  • client: Fixed a bug in client fingerprinting on 32-bit nodes [GH-6239]
  • client: Fixed a bug where completed allocations may re-run after client restart [GH-6216]
  • client: Fixed failure to start if another client is already running with the same data directory [GH-6348]
  • devices: Fixed a bug causing CPU usage spike when a device is detected [GH-6201]
  • drivers/docker: Set gc image_delay default to 3 minutes [GH-6078]
  • ui: Fixed a bug where the allocation log viewer would render HTML or hide content that matched XML syntax [GH-6048]
  • ui: Fixed a bug where allocation log viewer doesn't show all content in Firefox [GH-6466]
  • ui: Fixed navigation via clicking recent allocation row [GH-6087]
Loading

Nomad 0.10.0-rc1

10 Oct 20:35
@schmichael schmichael
v0.10.0-rc1
0e6af10
Compare
Choose a tag to compare
Nomad 0.10.0-rc1 Pre-release
Pre-release

FEATURES:

  • Consul Connect: Nomad may now register Consul Connect services and
    manages an Envoy proxy sidecar to provide secured service-to-service
    communication.
  • Network Namespaces: Task Groups may now define a shared network
    namespace. Each allocation will receive its own network namespace and
    loopback interface. Ports may be forwarded from the host into the network
    namespace.
  • Host Volumes: Nomad expanded support of stateful workloads through locally mounted storage volumes.
  • UI Allocation File Explorer: Nomad UI enhanced operability with a visual file system explorer for allocations.

IMPROVEMENTS:

  • core: Added rolling deployments for service jobs by default and max_parallel=0 disables deployments [GH-6191]
  • agent: Allowed the job GC interval to be configured [GH-5978]
  • agent: Added log_level to be reloaded on SIGHUP [GH-5996]
  • api: Added follow parameter to file streaming endpoint to support older browsers [GH-6049]
  • client: Upgraded go-getter to support GCP links [GH-6215]
  • client: Remove consul service stanza from job init --short jobspec [GH-6179]
  • drivers: Exposed namespace as NOMAD_NAMESPACE environment variable in running tasks [GH-6192]
  • metrics: Added job status (pending, running, dead) metrics [GH-6003]
  • metrics: Added status and scheduling ability to client metrics [GH-6130]
  • server: Added an option to configure job GC interval [GH-5978]
  • ui: Added allocation filesystem explorer [GH-5871]
  • ui: Added creation time to evaluations table [GH-6050]

BUG FIXES:

  • cli: Fixed nomad run ... on Windows so it works with unprivileged accounts [GH-6009]
  • client: Fixed a bug in client fingerprinting on 32-bit nodes [GH-6239]
  • client: Fixed a bug where completed allocations may re-run after client restart [GH-6216]
  • client: Fixed failure to start if another client is already running with the same data directory [GH-6348]
  • devices: Fixed a bug causing CPU usage spike when a device is detected [GH-6201]
  • drivers/docker: Set gc image_delay default to 3 minutes [GH-6078]
  • ui: Fixed navigation via clicking recent allocation row [GH-6087]
Loading

Nomad 0.9.6

09 Oct 18:11
@cgbaker cgbaker
v0.9.6
496e158
Compare
Choose a tag to compare
Nomad 0.9.6

SECURITY:

  • core: Redacted replication token in agent/self API endpoint. The replication token is a management token that can be used for further privilege escalation. CVE-2019-12741 [GH-6430]
  • core: Fixed a bug where a user may start raw_exec task on clients despite driver being disabled. CVE-2019-15928 [GH-6227] [GH-6431]
  • enterprise/acl: Fix ACL access checks in Nomad Enterprise where users may query allocation information and perform lifecycle actions in namespaces they are not authorized to. CVE-2019-16742 [GH-6432]

IMPROVEMENTS:

  • client: Reduced memory footprint of nomad logging and executor processes [GH-6341]

BUG FIXES:

  • core: Fixed a bug where scheduler may schedule an allocation on a node without required drivers [GH-6227]
  • client: Fixed a bug where completed allocations may re-run after client restart [GH-6216] [GH-6207]
  • client: Fixed a panic that may occur when an nomad alloc exec is initiated while process is terminating [GH-6065]
  • devices: Fixed a bug causing CPU usage spike when a device is detected [GH-6201]
  • drivers: Fixed port mapping for docker and qemu drivers [GH-6251]
  • drivers/docker: Fixed a case where a nomad alloc exec would never time out [GH-6144]
  • ui: Fixed a bug where allocation log viewer doesn't show all content. [GH-6048]
Loading

Nomad 0.9.5

22 Aug 22:54
@preetapan preetapan
v0.9.5
a5c3aaf
Compare
Choose a tag to compare
Nomad 0.9.5

SECURITY:

client/template: Fix security vulnerabilities associated with task template rendering (CVE-2019-14802), introduced in Nomad 0.5.0 [GH-6055] [GH-6075]
client/artifact: Fix a privilege escalation in the exec driver exploitable by artifacts with setuid permissions (CVE-2019-14803) [GH-6176]

BACKWARDS INCOMPATIBILITIES:

client/template: When rendering a task template, only task environment variables are included by default. [GH-6055]
client/template: When rendering a task template, the plugin function is no longer permitted by default and will raise an error. [GH-6075]
client/template: When rendering a task template, path parameters for the file function will be restricted to the task directory by default. Relative paths or symlinks that point outside the task directory will raise an error. [GH-6075]

IMPROVEMENTS:

core: Added create and modify timestamps to evaluations [GH-5881]

BUG FIXES:

api: Fixed job region to default to client node region if none provided [GH-6064]
ui: Fixed links containing IPv6 addresses to include required square brackets [GH-6007]
vault: Fix deadlock when reloading server Vault configuration [GH-6082]

Loading