HashiCorp Nomad 0.5

HashiCorp Nomad 0.5

Nov 16 2016 Alex Dadgar

We are pleased to announce the release of Nomad 0.5. Nomad is a distributed, scalable, and highly available cluster manager and scheduler designed for both microservice and batch workloads.

Nomad 0.5 includes a number of new features focused on increasing cluster security and enabling new workloads to be run on Nomad. Highlights include:

Vault Integration

Nomad's integration with HashiCorp's Vault gives jobs a simple, declarative syntax for retrieving Vault tokens.

Nomad tasks are annotated with the set of Vault policies that are needed. When the job is submitted, Nomad will optionally validate that the submitting user has access to the requested policies. Once validated, Nomad schedules tasks across the cluster and through careful coordination between Nomad servers, clients, and Vault, a unique Vault token is generated for every instance of the task while never exposing the token to Nomad servers.

The following example shows all that is needed for a job to request a Vault token with access to multiple policies:

destination   = "local/config.json"

}

» ...

}

This simple block would materialize a configuration similar to the below and continue watching for changes to the data in both Consul and Vault.

$ cat local/config.json { "log_level": "TRACE", "api_key": "2f11c4a6-a15c-11e6-80f5-76304dec7eb7" }

Sticky Volumes

Nomad 0.5 introduces a new option for persisting data between versions of a task called sticky volumes.

Nomad provides all tasks an ephemeral location to write data. Historically, when a replacement task is created because the user submitted an update job or the node is being drained, the data written by the original task is lost.

With the newly introduced sticky

# Enable sticky for the ephemeral volume
sticky = true

# Enable migrations for the case Nomad could not place the updated
# allocation on the same node
migrate = true

}

» ...

}

Cluster Encryption

Nomad 0.5 brings the ability to encrypt all of its network traffic. There are two separate encryption systems: one for gossip traffic and for both RPC and HTTP communications.

Gossip traffic is encrypted using symmetric key encryption between Nomad servers and TLS is used to secure all other communication. See the Nomad Agent's Encryption page for more details.

Roadmap

Nomad 0.5 is a big release that adds lots of new features, improvements, stability, and bug fixes. As a result, we expect that there will be some new issues which will be addressed in point releases following.

Features that are currently planned for the next major release of Nomad are:

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×