2023.1.0
Release Date: 06/13/2023
Primary focus of this release is updates to base components in the containers, bugfixes, and similar.
IMPORTANT:
This stack requires Docker 20. Docker 23 has not been tested by us and will likely not work.
This stack will not work with configuration from previous versions, requiring the following:
.env
file for the Base Stack now needsLFT_SALT
, which is a secret value used to sign LFT links. If you are upgrading, make sure that you do not destroy already existing keys, or you will break your existing installation.
Manual data upgrade is no longer required; Nucleus will do the following steps automatically:
Upgrade the DB (if required)
Verify the DB
If any errors are detected, attempt to repair them
Verify the DB post-repair, and not start in case any errors are still present.
All of the above steps preserve logs and DB snapshots in case support personnel will require them.
Progress can be observed in STDERR of
nucleus-api
container.Included Jinja templates for stack and env files
Note that with this release, Core versioning scheme was brought up in line with SemVer. Practically, this results in an extra “dot” between hundredths and tens of the version number, ie,
114.0
->1.14.0
, etc.LFT Compression now disabled by default
Resolver Cache is now based on NGINX
SSO Gateway is now renamed to Nucleus Auth Router. For now, keeping the external facing names the same not to cause confusion
generate-sample-insecure-secrets.sh now has a mode to add missing secrets to the existing set
Components updates:
Core 1.14.17
Discovery Service 1.4.9
Authentication Service 1.4.9
Search Service 3.2.5
Tagging Service 3.1.6
Thumbnail Service 1.5.6
Nucleus Navigator 3.3.2
Auth Router (former SSO Gateway) 1.3.0
View the detailed release notes
Core
1.14.17
SlowDown
Setting the default max_in_flight_requests_per_connection to 0 - which disables both SlowDown and DrainAndClose feature
1.14.16
Docker
improving logging in meta dumper
meta dumper memory usage optimization
1.14.15
Docker
New base images
1.14.14
API server
[meta-upgrade] converted some meta validation errors from error to warning
1.14.13
API server
bugfixes
1.14.12
Connection libraries
Fixing support of mTLS on Windows through OMNI_LFT_MTLS_CLIENT_CERTIFICATE/OMNI_LFT_MTLS_CLIENT_PRIVATE_KEY/OMNI_LFT_MTLS_CLIENT_CERTIFICATE_PASS environment variables. The client certificate is supposed to be set in PEM format through OMNI_MTLS_CLIENT_CERTIFICATE/OMNI_MTLS_CLIENT_PRIVATE_KEY and:
[Linux] in PEM format through OMNI_LFT_MTLS_CLIENT_CERTIFICATE/OMNI_LFT_MTLS_CLIENT_PRIVATE_KEY (note added _LFT_ suffix)
[Windows] in P12 format through OMNI_LFT_MTLS_CLIENT_CERTIFICATE/OMNI_LFT_MTLS_CLIENT_CERTIFICATE_PASS (note added _LFT_ suffix).
P12 certificate doesn’t need the private key to be specified separately, but might need a password to be specified (if the certificate was issued with the password)
1.14.11
API server
Fixed retry bug in omniverse_resolver and added new parameter
retry_interval
into resolver configadd setting to prevent listing child on mounts
1.14.10
API server
Add set_user_agent API to set the connection user agent field, in addition to being able to supply it in auth
Added OMNI_DELTA_APPLIER_PORT envvar for omni.delta-applier port
fix list2 .empty field for list2 call when listing a folder under a mount
subscribe_list supports notifications from mounts
change delete and rename to write ACL
disconnect_client service API call
fixing meta dumper hanging on the lock
added special handling in subscribeList for mounted paths
Allow operators to configure Resolver in k8s deployments
Connection libraries
Send proper close frame when closing connection
Support mTLS through OMNI_MTLS_CLIENT_CERTIFICATE/OMNI_MTLS_CLIENT_PRIVATE_KEY environment variables
LFT
Updated the python version to 3.10
1.14.9
API server
implementing user agent feature in auth/authorize_token
1.14.8
API server
list2/read_asset_version/stat2 on mounts, user & group management and pings are now executed concurrently
Docker
Resolver Cache is now based on NGINX rather than Nucleus Cache
1.14.7
Resolve a number of CVEs
1.14.6
VERSIONING CHANGE: beginning with this release, versioning of Nucleus Core is made compliant with SemVer. Effectively, an extra “dot” is added to separate hundredths from the rest of the version (ie, 114.6 -> 1.14.6).
114.5
API server
Fixing Memory Leak in omnitrace (with update to 1.2 and improving integration)
make LFT ticket salt configurable
change delete and rename to write ACL
do not parse environment variables into the settings dictionary
fixing a bug in rename2
Connection libraries
send close reason, log close reason received from the server
Docker
OpenTelemetry: enabled exporting of collectors’ metrics.
Fixing docker build
Helm
CI pipeline and HELM Chart refactored
Pulse Docker Image Scan is failing. Changed ubuntu images to refer to ubuntu-18-04-20230208
114.4
API server
[fixing a bug] do not expose metrics on workstation
114.3
API server
do not expose metrics on workstation
114.2
API server
fixing stat2 not reporting correct mtime for mounted paths
adding database snapshotting support
Discovery Service
1.4.9
Updated base docker image
1.4.8
Fixed incorrect discovery metadata registration
1.4.7
Set CANONICAL_NAME environment variable for nucleus-discovery Docker service
Helm chart re-factored
Now properly handling SIGINT and SIGTERM
Authentication Service
1.4.9
Updated base docker image
1.4.8
Update CI/CD pipeline to fix Pulse and nSpect scans
1.4.7
Support putting http(s) and omniverse URLs to the server form.
Hide text overflow and wrapping in the login form.
1.4.6
Helm chart re-factored for ease of development, CI pipeline for Helm chart updated
Use API tokens for resetting user passwords.
Search Service
3.2.5
Updated base Docker image
3.2.4
Fixed returning tags if they are specified both in prefixes and in the query.
3.2.3
Pulse container and source scans enabled
Enable database vacuuming
Re-factored Helm charts
Tagging Service
3.1.6
Updated base Docker images
3.1.5
Updated Pulse Scanner to 1.0.0
Updated to Python 3.10.11
Updated to Ubuntu 22.04 base image for Docker builds.
Fixed: Child process will detect when parent process was killed. (Workstation builds)
Service reports a more verbose version string.
3.1.4
Updated repoman tool versions to fix duplicates and cut-off file names in tagging.client.js package.
Updated idl.py to 0.18 (support to add copyright note to generated headers).
Updated idl transpiler to 0.10.
Updated Python to 3.8.16+nv1
Updated docker base image to __NV_ubuntu-18-04-20230208.
Updated prometheus-client to 0.16.0
Updated psutil to 5.9.4
Updated websockets to 10.4
Updated PyYAML to 6.0
Updated aiohttp to 3.8.3
Updated toml to 0.10.2
Updated aiosqlite to 0.18.0
Updated asyncpg to 0.27.0
Updated PyJWT to 2.6.0
Updated cryptography to 39.0.1
Helm chart refactored
3.1.3
New version to fix and whitelist new CVEs.
3.1.2
Updated Python to 3.8.14+nv2
Send service version to discovery service.
nSpect source and Pulse Container Image scans enabled
Updated the idl.py package version to 0.16
Updated the websockets package version to 10.3
3.1.1
Updated the idl.py package to idl.py@0.13+master.
Updated PYJWT to 2.4.0.
Updated base Docker images
Thumbnail Service
1.5.6
Updated base Docker images
1.5.5
Updated Pulse scanner to version 1.0.0
Updated to Python 3.10.11
Updated to Ubuntu 22.04 base image for Docker builds.
Fixed: Child process will detect when parent process was killed. (Workstation builds)
Service reports a more verbose version string.
1.5.4
Updated Pillow to 9.4.0 (fix CVE-2022-45198, CVE-2022-45199).
Helm Chart refactored
Updated Python to 3.8.16+nv1
Updated websockets to 10.4
Updated aiohttp to 3.8.3
Nucleus Auth Router
1.3.0
Service was renamed to Nucleus Auth Router
Implemented OpenID Support
Misc cleanups