v1.2.2

1.2.2 (November 24, 2021)

BUG FIXES:

• scheduler: Fix panic when system jobs are filtered by node class [GH-11565]

v1.2.1

1.2.1 (November 19, 2021)

SECURITY:

• Allow limiting QEMU arguments to reduce access to host resources. CVE-2021-43415 [GH-11542]

v1.2.0

1.2.0 (November 15, 2021)

FEATURES:

• System Batch scheduler: Run batch jobs cluster-wide with the new 'sysbatch' scheduler. [GH-9160]

BREAKING CHANGES:

• cli: Renamed folders in nomad operator debug bundle for clarity [GH-11307]
• device/nvidia: The Nvidia device plugin is no longer packaged with Nomad and is instead distributed separately. Further, the Nvidia device plugin codebase is now in a separate repository. If you are using Nvidia devices, please follow the 1.2.0 upgrade guide as you will have to install the Nvidia device plugin before conducting an in-place upgrade to Nomad 1.2.0 [GH-10796]

IMPROVEMENTS:

• agent: Added tls -> rpc_upgrade_mode to be reloaded on SIGHUP [GH-11144]
• agent: Log the cause of failure if agent failed to start [GH-11353]
• build: Updated to Go 1.17.1 [GH-11251]
• cli: Add -idempotency-token option for the nomad job dispatch command [GH-10930]
• cli: Add -show-url option for the nomad ui command. [GH-11213]
• cli: Add nomad job allocs command [GH-11242]
• cli: Added support for -force-color to the CLI to force colored output. [GH-10975]
• cli: Allow specifying namesapce and region in the nomad ui command [GH-11364]
• cli: Improve nomad job plan output for artifact and template changes [GH-11400]
• cli: Improve debug capture for Consul/Vault [GH-11466]
• cli: Improve debug namespace and region support [GH-11269]
• cli: Improved autocomplete support for job dispatch and operator debug [GH-11270]
• cli: Update nomad operator debug bundle to include sample of clients by default [GH-11398]
• cli: added hcl2-strict flag to control HCL2 parsing errors where variable passed without root [GH-11284]
• cli: added json and template flag opts to the acl bootstrap command [GH-11411]
• cli: the command node status now returns host_network information as well [GH-11432]
• client/plugins/drivermanager: log if there is an error in a driver event [GH-11280]
• client: Add network interface name to log output during fingerprint [GH-11184]
• client: Allow configuring minimum and maximum host ports used for dynamic ports [GH-11167]
• client: Never embed client.alloc_dir in chroots to prevent infinite recursion from misconfiguration. [GH-11334]
• consul/connect: Allow http2 and grpc protocols in ingress gateways [GH-11187]
• core: Elevated rejected node plan log lines to help diagnose #9506 [GH-11416]
• deps: Update hashicorp/go-discover to 20210818145131-c573d69da192 [GH-11249]
• deps: Update hashicorp/go-hclog to v1.0.0 [GH-11283]
• driver/docker: Added support for Docker's --init parameter [GH-11331]
• scheduler: Warn users when system and sysbatch evaluations fail to place an allocation [GH-11111]
• server: Allow tuning of node failover heartbeat TTL [GH-11127]
• ui: Add new chart for system and sysbatch job status per client [GH-11078]
• ui: Display client name as a tooltip where the client ID is used [GH-11358]
• ui: Display jobs from all namespaces by default [GH-11357]
• ui: Display the Nomad version in the Servers and Clients tables and allow filtering and sorting [GH-11366]
• ui: Persist node drain settings in the browser [GH-11368]
• ui: Update Nomad UI favicon [GH-11371]
• vault: Add JobID and TaskGroup to Vault Token metadata [GH-11397]

BUG FIXES:

• agent: Fixed an issue that caused some non-JSON log output when log_json was enabled [GH-11291]
• agent: Fixed an issue that could cause previous log lines to be overwritten [GH-11386]
• build: Update go toolchain to 1.17.3 [GH-11461]
• cli: Fix support for group.consul field in the HCLv1 parser [GH-11423]
• client: Added NOMAD_LICENSE to default environment variable deny list. [GH-11215]
• client: Fixed a bug where network speed fingerprint could fail on Windows [GH-11183]
• client: Removed spurious error log messages when tasks complete [GH-11273]
• core: Fix a bug to stop running system job allocations once their datacenters are removed from the job [GH-11391]
• core: Fixed an issue that created incorrect plan output for jobs with services with the same name. [GH-10965]
• csi: Fixed a bug where the client would incorrectly set an empty capacity range for CSI volume creation requests. [GH-11238]
• deps: Updated hashicorp/go-plugin to v1.4.3 to fix handles leakage on Windows platforms [GH-11143]
• driver/exec: Set CPU resource limits when cgroup-v2 is enabled [GH-11287]
• jobspec: ensure consistent error handling between var-file & cli vars [GH-11165]
• rpc: Set the job deregistration eval priority to the job priority [GH-11426]
• rpc: Set the job scale eval priority to the job priority [GH-11429]
• server: Fixed a panic on arm64 platform when dispatching a job with a payload [GH-11396]
• server: Fixed a panic that may occur when preempting multiple allocations on the same node [GH-11346]

v1.1.6

1.1.6 (October 5, 2021)

SECURITY:

• consul/connect: Fixed a bug causing the Nomad agent to panic if a mesh gateway was registered without a proxy block. [GH-11257]

IMPROVEMENTS:

• build: Updated to Go 1.16.8 [GH-11253]

BUG FIXES:

• client: Fixed a memory leak in log collector when tasks restart [GH-11261]
• events: Fixed wildcard namespace handling [GH-10935]

v1.1.5

1.1.5 (September 20, 2021)

IMPROVEMENTS:

• client: Allow Docker hostnames to be configured and interpolated in bridged networking mode [GH-11173]
• deps: Updated go-memdb to v1.3.2 [GH-11185]

BUG FIXES:

• audit (Enterprise): Don't timestamp active audit log file. [GH-11198]
• cli: Display all possible scores in the allocation status table [GH-11128]
• cli: Fixed a bug where the NOMAD_CLI_NO_COLOR environment variable was not always applied [GH-11168]
• client: Task vars should take precedence over host vars when performing interpolation. [GH-11206]
• ui: Fixed an issue that prevented periodic and dispatch jobs in a non-default namespace to be properly rendered [GH-11110]
• ui: Fixed an issue when dispatching jobs from a non-default namespace [GH-11141]

Binaries - https://releases.hashicorp.com/nomad/1.1.5/

v1.0.11

IMPROVEMENTS:

• deps: Updated go-memdb to v1.3.2 [GH-11185]

BUG FIXES:

• audit (Enterprise): Don't timestamp active audit log file. [GH-11198]
• cli: Display all possible scores in the allocation status table [GH-11128]
• cli: Fixed a bug where the NOMAD_CLI_NO_COLOR environment variable was not always applied [GH-11168]
• client: Task vars should take precedence over host vars when performing interpolation. [GH-11206]

Binaries - https://releases.hashicorp.com/nomad/1.0.11/

v1.1.4

1.1.4 (August 26, 2021)

SECURITY:

• Restricted access to the Raft RPC layer, so only servers within the region can issue Raft RPC requests. Previously, local clients and federated servers can issue Raft RPC requests directly. CVE-2021-37218 [GH-11084]

IMPROVEMENTS:

• build: Updated to Go 1.16.7 [GH-11083]
• client: Speed up client startup time [GH-11005]
• consul/connect: Reduced the noise of log messages emitted for connect native tasks [GH-10951]
• csi: add flag for providing secrets as a set of key/value pairs to list snapshots [GH-10848]
• deps: Updated x/sys to 20210818153620-00dd8d7831e7 [GH-11065]
• scheduler: Re-evaluate nodes for system jobs after attributes changes [GH-11007]
• ui: Add header separator between a child job priority and its parent [GH-11020]

BUG FIXES:

• core: Fixed a bug where system jobs with non-unique IDs may not be placed on new nodes [GH-11054]
• agent: Don't timestamp active log file. [GH-11070]
• deployments: Fixed a bug where multi-group deployments don't get auto-promoted when one group has no canaries. [GH-11013]
• driver/docker: Fixed a bug in the authentication config where not all fields were set [GH-10929]
• server: Fixed a bug where planning job update reports spurious in-place updates even if the update includes no changes [GH-10990]
• ui: Add ability to search across all namespaces [GH-10666]
• ui: Fixed a bug where the "Dispatch Job" button was displayed for non-parameterized jobs [GH-11019]
• ui: Fixed a bug where the job dispatch form is not displayed when the job doesn't have meta fields [GH-10934]

v1.1.3

1.1.3 (July 29, 2021)

BACKWARDS INCOMPATIBILITIES:

• api: The Job Run and Plan APIs now use the ?namespace= query parameter before the namespace from the job. This matches region's behavior. Users of api.Client should ensure their Config.Namespace is unset if they want to use the namespace in the job. [GH-10875]

IMPROVEMENTS:

• api: Added NewSystemJob helper function to create base system job object. [GH-10861]
• audit (Enterprise): allow configuring file mode for audit logs [GH-10916]
• build: no longer use vendor directory [GH-10898]
• cli: Added a -task flag to alloc restart and alloc signal for consistent UX with alloc exec and alloc logs [GH-10859]
• cli: Support recent job spec construct in the HCLv1 parser [GH-10931]
• consul/connect: automatically set CONSUL_TLS_SERVER_NAME for connect native tasks [GH-10804]
• dispatch jobs: Added optional idempotency token to WriteOptions which prevents Nomad from creating new dispatched jobs for retried requests. [GH-10806]
• ui: Added new screen to dispatch a parameterized batch job [GH-10675]
• ui: Handle ACL token when running behind a reverse proxy [GH-10563]

BUG FIXES:

• api: Reverted to using http/1 to fix a 1.1.2 regression in alloc exec sessions [GH-10958]
• cli: Fixed a bug where -namespace flag was not respected for job run and job plan commands. [GH-10875]
• cli: Fixed a panic when deployment monitor is invoked in some CI environments [GH-10926]
• cli: Fixed system commands, so they correctly use passed flags [GH-10822]
• cli: Fixed the help message for the nomad alloc signal command [GH-10917]
• client: Fixed a bug where a restarted client may start an already completed tasks in rare conditions [GH-10907]
• client: Fixed bug where meta blocks were not interpolated with task environment [GH-10876]
• cni: Fixed a bug where fingerprinting of CNI configuration failed with default cni_config_dir and cni_path [GH-10870]
• consul/connect: Avoid assumption of parent service when syncing connect proxies [GH-10872]
• consul/connect: Fixed a bug causing high CPU with multiple connect sidecars in one group [GH-10883]
• consul/connect: Fixed a bug where service deregistered before connect sidecar [GH-10873]
• consul: Fixed a bug where services may incorrectly fail conflicting name validation [GH-10868]
• consul: avoid extra sync operations when no action required [GH-10865]
• consul: remove ineffective edge case handling on service deregistration [GH-10842]
• core: Fixed a bug where affinity memoization may cause planning problems [GH-10897]
• core: Fixed a bug where internalized constraint strings broke job plan [GH-10896]
• core: Fixed a panic that may arise when upgrading pre-1.1.0 cluster to 1.1.x and may cause cluster outage [GH-10952]
• csi: Fixed a bug where volume secrets were not used for creating snapshots. [GH-10840]
• csi: fixed a CLI panic when formatting volume status with -verbose flag [GH-10818]
• deps: Update hashicorp/consul-template to v0.25.2 to fix panic reading Vault secrets [GH-10892]
• driver/docker: Moved the generated /etc/hosts file's mount source to the allocation directory so that it can be shared between tasks of an allocation. [GH-10823]
• drivers: Fixed bug where Nomad incorrectly reported tasks as recovered successfully even when they were not. [GH-10849]
• scheduler: Fixed a bug where updates to the datacenters field were not destructive. [GH-10864]
• ui: Fixes bug where UI was not detecting namespace-specific capabilities. [GH-10893]
• volumes: Fix a bug where the HTTP server would crash if a volume_mount block was empty [GH-10855]

v1.1.2

1.1.2 (June 22, 2021)

IMPROVEMENTS:

• cli: Added -monitor flag to deployment status command and automatically monitor deployments from job run command. [GH-10661]
• cli: Added remainder of available pprof profiles to nomad operator debug capture. [GH-10748]
• consul/connect: Validate Connect service upstream address uniqueness within task group [GH-7833]
• deps: Update gopsutil for multisocket cpuinfo detection performance fix [GH-10761]
• docker: Tasks using network.mode = "bridge" that don't set their network_mode will receive a /etc/hosts file that includes the pause container's hostname and any extra_hosts. [GH-10766]

BUG FIXES:

• artifact: Fixed support for 5 part vhosted-style AWS S3 buckets. [GH-10778]
• artifact: HTTP requests made for artifacts will default to trying HTTP2 first. [GH-10778]
• client/fingerprint/java: Fixed a bug where java fingerprinter would not detect some Java distributions [GH-10765]
• consul: Fixed a bug where consul check parameters missing in group services [GH-10764]
• consul/connect: Fixed an overly restrictive connect constraint [GH-10754]
• consul/connect: Fixed a bug where Connect upstreams would not be updated in-place [GH-10776]
• deployments: Fixed a bug where unnecessary goroutines were spawned whenever deployments were updated. [GH-10756]
• quotas (Enterprise): Fixed a bug where quotas were evaluated before constraints, resulting in quota capacity being used up by filtered nodes. [GH-10753]

v1.1.1

1.1.1 (June 9, 2021)

FEATURES:

• Connect Mesh Gateways: Adds built-in support for running Consul Connect Mesh Gateways [GH-10658]

IMPROVEMENTS:

• build: Updated to Go 1.16.5 [GH-10733]
• cli: Added success confirmation message for nomad volume delete and nomad volume deregister. [GH-10591]
• cli: Cross-namespace nomad job commands will now select exact matches if the selection is unambiguous. [GH-10648]
• client/fingerprint: Consul fingerprinter probes for additional enterprise and connect related attributes [GH-10699]
• consul/connect: Only schedule connect tasks on nodes where connect is enabled in Consul [GH-10702]
• csi: Validate that volume blocks for CSI volumes include the required attachment_mode and access_mode fields. [GH-10651]
• server: Make deployment rate limiting configurable for high volume loads [GH-10706]

BUG FIXES:

• api: Fixed event stream connection initialization when there are no events to send [GH-10637]
• cli: Fixed a bug where plugin status did not validate the passed type flag correctly [GH-10712]
• cli: Fixed a bug where quota status and namespace status commands may panic if the CLI targets a pre-1.1.0 cluster [GH-10620]
• cli: Fixed a bug where alloc exec may fail with "unexpected EOF" without returning the exit code after a command [GH-10657]
• consul: Fixed a bug where consul namespace API would be queried even when consul namespaces were not enabled [GH-10715]
• consul: Fixed a bug where connect jobs would always fail job submission when allow_unauthenticated was set to false [GH-10718]
• csi: Fixed a bug where mount_options were not passed to CSI controller plugins for validation during volume creation and mounting. [GH-10643]
• csi: Fixed a bug where capability blocks were not passed to CSI controller plugins for validation for nomad volume register commands. [GH-10703]
• client: Fixed a bug where alloc exec sessions may terminate abruptly after a few minutes [GH-10710]
• drivers/exec: Fixed a bug where exec and java tasks inherit the Nomad agent's oom_score_adj value [GH-10698]
• drivers/docker: Fixed a bug where short lived docker tasks may fail with obscure cpuset cgroup errors [GH-10416]
• quotas (Enterprise): Fixed a bug where stopped allocations for a failed deployment can be double-credited to quota limits, resulting in a quota limit bypass. [GH-10694]
• ui: Fixed a bug where exec would not work across regions. [GH-10539]
• ui: Fixed global-search shortcut for non-english keyboards. [GH-10714]