Release notes

GAMS Engine 23.01.27

Breaking Changes

  • When extracting ZIP files (both model data and data) on the worker, the file permissions are now preserved. This causes problems with MIRO versions < 2.2. Conversely, this means that this Engine version is only compatible with MIRO versions >= 2.2.

API Changes

  • New status field was added to the hypercube_job_usage object of the GET /usage/ endpoint.

Bug fixes

  • Fix issue with event manager hanging indefinitely when connection to queue is lost.
  • Fix issue that could cause workers to not properly respond to the cancellation of a job in rare cases, even if hard_kill was set to true.

GAMS Engine 23.01.09

Bug fixes

  • Important bug fix: RabbitMQ introduced a default value for delivery acknowledgement timeouts with a patch release, which caused any job longer than 30 minutes to fail. The migration provides an extended configuration file to not use the default value of 30 minutes, allowing longer jobs to run.

New features

  • Engine now supports external identity providers. You can invite users and log in using LDAP and OAuth2 identity providers. For more information, see the identity provider documentation.
  • For new installations of Engine, the JWT secret is generated lazily, rather than during the boot up. And JWT secrets are now more secure.

API Changes

  • The CONFIGURATION and AUTH scopes have been added. The CONFIGURATION scope controls access to the PATCH /configuration endpoint. The AUTH scope controls access to each endpoint in the auth namespace.
  • Now the inviters can change the passwords of the invitees via PUT /users/ endpoint.
  • Made the password field for the POST /users/ optional. If an external identity provider is used, this field must be left blank. If Engine is the identity provider, this field must be specified.
  • The GET /users/ endpoint now accepts everyone parameter. This parameter is optional and defaults to true if not specified. This allows using this endpoint to retrieve information about the logged in user by setting everyone to false.
  • The endpoint GET /users/ now also returns identity_provider_name, identity_provider_user_subject.
  • The fields identity_provider_name, identity_provider_user_subject, and invitable_identity_providers are added to POST /users/invitation endpoint. If the inviting user can invite with multiple identity providers or has a single identity provider that is not Engine, these fields must be filled in. invitable_identity_providers is relevant only if inviter role is attached to the invitation.
  • The endpoint GET /users/invitation now also returns identity_provider_name, identity_provider_user_subject and invitable_identity_providers.
  • hostname parameter added to PATCH /configuration endpoint. GET /configuration displays hostname as well. See Identity Provider documentation to see its usage.
  • scope parameter added to endpoint POST /auth/ to control the scopes in the generated JWT. Users who use an external identity provider cannot request an AUTH scope.
  • Added grant_type and scope parameters to enpoint POST /auth/login to follow Resource Owner Password Credentials grant from RFC6749. However, the grant_type parameter is optional for backward compatibility. The preferred method for providing scopes is now to use scope parameter instead of access_scopes. The former accepts space-separated scopes, while the latter accepts an array of scopes.
  • The following endpoints are added to auth namespace for the new identity provider feature:
    • GET /auth/providers and DELETE /auth/providers
    • GET /auth/providers/all
    • GET /auth/oauth2-providers, POST /auth/oauth2-providers, PUT /auth/oauth2-providers
    • POST /auth/oauth2-token
    • GET /auth/ldap-providers, POST /auth/ldap-providers, PUT /auth/ldap-providers
    • POST /auth/ldap-providers/<string:provider_name>/login
    The following endpoints are added to users namespace for the new identity provider feature:
    • PUT /users/identity-provider
    • PUT /users/inviters-providers/<string:username> and GET /users/inviters-providers/<string:username>
    • GET /users/invitation/<string:token>
    This section only summarizes their usage. For a more detailed explanation, see the identity provider's documentation.
  • GET /auth/providers endpoint does not require authentication and can be used to list non-hidden identity providers. This endpoint also accepts the name parameter, if specified, only the specified identity provider will be displayed, regardless of whether it is hidden or not.
  • DELETE /auth/providers is used to delete identity providers. Requires admin role.
  • GET /auth/providers/all is used to list all identity providers, whether they are hidden or not. Requires admin role.
  • GET /auth/oauth2-providers is used to list all the OAuth2 identity providers. Requires admin role as it displays web_ui_client_secret. Users can access the information of the OAuth2 providers except secrets via GET /auth/providers.
  • POST /auth/oauth2-providers is used to create an OAuth2 identity provider. Requires admin role. If web_ui_client_secret is specified, it is stored encrypted.
  • PUT /auth/oauth2-providers is used to update an OAuth2 identity provider. Requires admin role.
  • Engine UI is a single-page application and therefore cannot store secrets. If for some reason you cannot register a public OAuth2 client, you can use the API to create a token request on your behalf using the client secret. It is recommended to use a public client instead of using this endpoint. POST /auth/oauth2-token is used to exchange an authorization code with an access token.
  • GET /auth/ldap-providers is used to list LDAP identity providers. This endpoint requires an admin role because it also displays secrets. Normal users can list visible OAuth2 and LDAP identity providers with GET /auth/providers.
  • POST /auth/ldap-providers is to create an LDAP identity provider. Requires admin role. If password is specified, it is stored encrypted.
  • PUT /auth/ldap-providers is to update an LDAP identity provider. Requires admin role.
  • POST /auth/ldap-providers/<string:provider_name>/login is used to log in to the given LDAP provider with username and password.
  • PUT /users/identity-provider is used to update the identity provider that the user uses for login. Inviters can update their invitees' identity providers. Admins can update the identity provider of everyone.
  • PUT /users/inviters-providers/<string:username> is used to update the list of allowed identity providers that an inviter can use to invite. Requires admin or inviter role.
  • GET /users/inviters-providers/<string:username> is used to display the list of allowed identity providers that an inviter can use to invite. Requires admin or inviter role. If the listed user has no role, this endpoint returns an empty list.
  • GET /users/invitation/<string:token> is used to retrieve the metadata attached to the invitation. The invitation must be unused.

GAMS Engine 23.01.04

Update GAMS to version 41.5.0.

GAMS Engine 22.12.15

Update GAMS to version 41.4.0.

GAMS Engine 22.11.29

Update GAMS to version 41.3.0.

GAMS Engine 22.11.15

Update GAMS to version 41.2.0.

GAMS Engine 22.11.01

Update GAMS to version 41.1.0.

GAMS Engine 22.10.04

Update GAMS to version 40.4.0.

GAMS Engine 22.09.19

Update GAMS to version 40.3.0.

GAMS Engine 22.09.14

Bug fixes

  • Fix issue with Docker Engine version 20.10.18 that caused all model runs to be corrupted.

GAMS Engine 22.09.02

Update GAMS to version 40.2.0.

GAMS Engine 22.08.18

Update GAMS to version 40.1.1.

GAMS Engine 22.08.03

Update GAMS to version 40.1.0.

GAMS Engine 22.07.12

New features

  • Improved logging for worker subprocesses.
  • The /cleanup endpoint can now be accessed by all users. Inviters see the job/Hypercube job results from themselves and from all invitees. Normal users see only their own results.

Bug fixes

  • Fix issue where worker crashed if the GAMS output contained non-UTF8 characters.
  • UI: Fix issue where the job status on the job info page was incorrectly displayed as "Running" even though the job was in "Canceling" status.
  • UI: Fix issue where filtering a table did not reset the pagination module.

GAMS Engine 22.07.11

Update GAMS to version 39.3.0.

GAMS Engine 22.06.24

New features

  • UI: When a job is canceled on the job page, the user is now prompted to confirm the cancellation.
  • UI: When deleting a user/invitation, the username/invitation code is now mentioned in the confirmation dialog.
  • UI: Timing info is now also available on the job info page for Hypercube jobs.

Bug fixes

  • UI: Fix issue where the instance multiplier in usage charts was not considered.

API Changes

  • The maximum length for Hypercube job ids is now 255 characters. In addition, ids are now validated against the regular expression ^[0-9a-zA-Z_\-. ]+$. For more information, check the chapter on Hypercube jobs.

GAMS Engine 22.06.22

Update GAMS to version 39.2.1.

GAMS Engine 22.06.03

Update GAMS to version 39.2.0.

GAMS Engine 22.05.19

Update GAMS to version 39.1.1.

GAMS Engine 22.05.05

Update GAMS to version 39.1.0.

Bug fixes

  • Fix issue issue where the event manager could hang indefinitely when receiving a canceled job.

GAMS Engine 22.04.27

New features

  • UI: Add charts when viewing a user's usage data.
  • UI: Engine SaaS users can now select a default instance.
  • UI: Minor restructuring of job submission form.

Bug fixes

  • Fixed an issue in the GET /usage endpoint when recursively querying usage data for an inviter as root admin. In this case, the root admin usage data was also included.

GAMS Engine 22.04.12

API Changes

  • The maximum length for text entries is now 10 MB. It can be configured via the new /configuration endpoint.

New features

  • It is now possible to tag a (Hypercube) job with a human-readable string to make it easier to identify.
  • Engine licences are now tied to a specific Engine installation. Old licences will continue to be accepted and work just as before. To learn more about how to activate new Engine licenses, read here.
  • Engine now supports webhooks as a way to be notified when a job is finished. Webhooks are disabled by default, but can be enabled via the new configuration API (either for administrators only or for everyone).
  • When registering models (POST/PATCH /namespaces/{namespace}/models/{model}), you can now specify that model files should be protected from being overwritten (protect_model_files parameter). Together with INEX files, you can thus protect the intellectual property of your models.
  • Jobs can now be shared with user groups. Any user with access to this group can then access the job (view the job details, cancel the job, download/delete the results, etc.).

Bug fixes

  • The query for usage data (GET /usage/) by the first admin with recursive=true did not contain any usage data of this admin.

GAMS Engine 22.04.06

Update GAMS to version 38.3.0.

GAMS Engine 22.02.20

Update GAMS to version 38.2.1.

GAMS Engine 22.02.18

Update GAMS to version 38.2.0.

GAMS Engine 22.02.03

Bug Fixes

  • Fix issue with sorting by username, model and namespace when listing jobs, listing hypercubes and listing cleanup entries.
  • Fix layout issue with Engine UI when many namespaces are present.

GAMS Engine 22.02.02

Update GAMS to version 38.1.0.

GAMS Engine 22.01.25

API Changes

  • The minimum length for passwords has been increased to 8 characters.
  • The maximum length for namespace names has been increased to 100 characters.

Bug fixes

  • Fix issue where deleting users did not work in certain situations.
  • Fix issue where retrieving user details of a specific user did not work in certain situations.

New features

  • The installation script now supports specifying the default admin password via the -a switch.
  • UI: String columns in tables rendered client-side (users, models) can now be filtered.

GAMS Engine 21.11.12

Update GAMS to version 37.1.0.

GAMS Engine 21.11.04

Breaking Changes

  • This release does not contain any breaking changes. In the next 3rd release stream entries and partial logs will return 410 instead of 308 when the stream is ended.

New features

  • The installation script now supports specifying the path where GAMS Engine is mounted via the -m switch.
  • The access scope of JWT can now be restricted.
  • The maximum expiration time of JWT was increased to 186 days.
  • JWT can now be invalidated via the new /auth/logout endpoint.
  • The worker container now marks the GAMS process as the first candidate for the Out-of-Memory killer.
  • The following containers accept the new GMS_RUNNER_LOG_SHOW_MSEC environment variable to add milliseconds to timestamps in log entries:
    • Broker*
    • Worker
    • Cleaner
    • Hypercube Unpacker
    • Hypercube Appender
    • Dependency Checker
    • Job Watcher
    • Job Spawner
    • Job Cleaner
    • Job Canceler
    Setting GMS_RUNNER_LOG_SHOW_MSEC environment variable to 'true' will change the logging format. Not setting it or setting it to anything else will have no effect. For example, a log from the worker container: [17/10/2021 14:58:47] INFO #: Start consuming on signal queue Would become: [17/10/2021 14:58:47.084] INFO #: Start consuming on signal queue
* Changing the logging format of the Broker(REST API) does not change logging format of nginx and the logs that come from uwsgi will have 000 in the milliseconds because it is not supported. However, the logs that come from REST API will have milliseconds.

API Changes

  • DELETE /jobs/{token}/stream-entry/{entry_name} now returns queue_finished which indicates whether the stream entry queue has been finished.
  • GET /hypercube/ labels field also includes resource_warning which can be "none", "memory" or "disk".
  • GET /jobs/{token} labels field also includes resource_warning which can be "none", "memory" or "disk".
  • GET /usage/ labels field also includes resource_warning which can be "none", "memory" or "disk".
  • POST /auth/, creating JWT token via basic auth, is not considered deprecated anymore since it might be used to create a new token using another token.
  • GET /users/ now returns the details of the logged in user if user is not admin or inviter. Previously a 403 Forbidden error was thrown if the username parameter was not explicitly set to the name of the logged in user.
  • Now it is possible to use stream/text entries to track files located in subdirectories.
    • New endpoint: GET /jobs/{token}/text-entry?entry_name={entry_name}. It does exactly what GET /jobs/{token}/text-entry/{entry_name} does but accepts the entry name in query string to allow querying inside the directories. Operation ID is: queryJobTextEntry
    • New endpoint: HEAD /jobs/{token}/text-entry?entry_name={entry_name}. It does exactly what HEAD /jobs/{token}/text-entry/{entry_name} does but accepts the entry name in query string to allow querying inside the directories. Operation ID is: queryJobTextEntryInfo
    • New endpoint: DELETE /jobs/{token}/stream-entry?entry_name={entry_name}. It does exactly what DELETE /jobs/{token}/stream-entry/{entry_name} does but accepts the entry name in query string to allow querying inside the directories. Operation ID is consumeStreamEntry

Bug fixes

  • Fix issue where sparse output of stream entries caused connection timeouts.
  • Introduced performance improvements for stream entries.
  • CRITICAL: Fix security issue that allowed an authorized attacker to leak system information.

GAMS Engine 21.09.14

Breaking changes

  • The log file is no longer automatically appended to the array of text entries. GAMS log files can get quite large and storing them can consume significant resources. Therefore, this is now opt-in: To save log files, you must explicitly add them to the text_entries array.

New features

  • Models can now be assigned to user groups to limit the visibility of the model.
  • New string interface for INEX files.
  • The results of GET /cleanup/results can now be filtered by namespace.
  • Text entries and stream entries can now be specified when creating/updating a model.

Bug fixes

  • CRITICAL: Fix a security issue that can lead to privilege escalation if an attacker has access to an inviter account.
  • Fix issue with updating models via Python client.

API Changes

  • POST /jobs/ accepts query parameter inex_string
  • that can be used instead of inex_file
  • POST /hypercube/ accepts query parameter inex_string that can be used instead of inex_file
  • POST /namespaces/{namespace}/models/{model} accepts query parameter inex_string that can be used instead of inex_file
  • PATCH /namespaces/{namespace}/models/{model} accepts form parameter inex_string that can be used instead of inex_file
  • Admins can no longer make a user an admin if their inviter is not also an admin.

GAMS Engine 21.09.06

Update GAMS to version 36.2.0.

GAMS Engine 21.08.09

Bug fixes

  • Fix issue with updating models via Engine UI.

GAMS Engine 21.08.06

New features

  • When inviting users, Engine now supports assigning a GAMS license when invited by an admin.
  • Now, admins can change usernames. Changing username invalidates previously generated JWT tokens.
  • Now, changing password invalidates previously generated JWT tokens.
  • Significantly reduced image size of Engine components.

Bug fixes

  • Fix issue with inheriting licenses from admins.
  • Fix issue where license inheritance did not work in certain situations.

API Changes

  • When listing invitations, quotas, user groups, and GAMS license attached to the invitation are also listed.
  • All the endpoints that return datetimes ensure that the datetimes have timezone info. For example, if an old return value were 2021-08-04T17:10:15.000000, which did not indicate the timezone, the new return value would be 2021-08-04T17:10:15.000000+00:00.

GAMS Engine 21.08.04

Update GAMS to version 36.1.0.

GAMS Engine 21.07.20

New features

  • Engine UI is updated
  • When inviting users, Engine now supports assigning quotas and user groups.
  • Speed up uploading temporary models

Bug fixes

  • Fix issue with assigning disk quota larger than 2,147,483,647 bytes to users.
  • Fix issue with leftover files if the database is down while sending a job/hypercube.

API Changes

  • Switched to a new JWT library as the old one is deprecated. Already existing unexpired tokens will be invalidated.
  • Defined caching options for endpoints
  • Namespace name length must be between 3-16 chars and it must consist of alphanumeric chars - and _. This change does not affect existing namespaces.
  • Model name length must be between 1-260 chars and it cannot contain / and \. This change does not affect existing models.
  • Jobs are limited to maximum of:
    • 100 text entries
    • 5 stream entries
    • 255 arguments
    • 2 labels
    • 100 dependent jobs
    • 5 MB inex file
  • Cleanup endpoint accepts 10 thousand files at once at most.
  • Registered models are limited to have 255 arguments at most.
  • Now invitations can have instances, user groups and quotas assigned Invitations are limited to maximum of:
    • 2 roles
    • 50 instances
    • 50 namespace permissions
    • 50 user groups
  • Now GET /usage/ endpoint is accessible by each user group.
  • Now GET /usage/ endpoint's return model's labels is changed to return a dictionary instead of an array
  • Now GET /usage/ endpoint also returns tolerations and node_selectors in labels.
  • Now users can specify token and hypercube_token to GET /usage/ endpoint in order to further limit the results.
  • Instances now have workspace_request, tolerations and node_selectors fields to have a better control over pod node assignment (related to Kubernetes version).
  • Jobs and Hypercubes accept workspace_request=n, tolerations=key=value, and node_selectors=key=value (related to Kubernetes version).
  • When querying a single job or Hypercube, information about workspace_request, tolerances and node_selectors assigned to that job is now provided (related to Kubernetes version).

GAMS Engine 21.06.09

New features

  • Quotas introduced. Quotas allow limiting the solve time and disk usage of users or groups of users.
  • Users can now be assigned to user groups. User groups allow you to see all other Engine users within your groups.
  • Admins can now get a disk usage report via the sigusr1 signal.
  • Admins can now manually trigger housekeeping via the sigusr2 signal.

Bug fixes

  • Improve performance when listing jobs with stream entries and when retrieving a single job with text entries
  • Fix issue that caused the accumulation of intermediate files.
  • Fix issue related to canceling dependent Hypercube jobs.
  • Containers connecting to PostgresSQL have been made more robust against connection failures.
  • API Documentation updated to solve issues in the auto-generated Python Client.
  • /cleanup/results enpoints: Operation ids added for auto-generated clients: listResults and removeResults.

API changes

  • DEPRECATED endpoint: GET /namespaces/permissions/me, use GET /namespaces/ instead.
  • DEPRECATED endpoint: DELETE/GET/PATCH/POST /namespaces/{namespace}/{model}, use /namespaces/{namespace}/models/{model} instead.
  • DEPRECATED endpoint: GET /namespaces/{namespace}/permissions/me, use GET /namespaces/{namespace}/permissions instead.
  • New endpoint: DELETE/GET/PUT /usage/quota available to modify user quotas.
  • New endpoint: DELETE/GET/PUT /namespaces/{namespace}/disk-quota available to modify namespace disk quotas.
  • New endpoint: DELETE/GET/POST /namespaces/{namespace}/user-groups available to delete/get/create user groups.
  • New endpoint: DELETE/POST /namespaces/{namespace}/user-groups/{label} available to change user groups of users.
  • New endpoint: GET /namespaces/{namespace}/permissions added to get permissions of a user on a namespace.
  • GET /namespaces/ is now accessible by inviters and users as well (not just admins).
  • Operation id for endpoint: POST /auth/login added: createJWTTokenJSON.
  • Updates in models
    • GET /version endpoint returns a new field in_kubernetes to indicate that Engine is running in Kubernetes (Kubernetes version is not released yet).
    • GET /cleanup/results has old_username field added to user object.
    • GET /hypercube/ returns a new field labels that returns the labels assigned to the job.
    • GET /usage/ now also returns new field labels of (Hypercube) jobs.
    • POST /hypercube/ returns new field quota_warning that lists the quotas that are at least 80% used.
    • POST /jobs/ returns new field quota_warning that lists the quotas that are at least 80% used.
    • GET /namespaces/permissions/me returns a new field disk_quota for the namespaces.
    • GET /namespaces/ returns a new field disk_quota for the namespaces.
    • GET /namespaces/{namespace} also returns length (size) of the models now.
  • Updates in request parsers
    • Admins can set quotas for namespaces while creating them: POST /namespaces/{namespace} accepts query parameter disk_quota.
  • Updates in responses
    • (Hypercube) job creation may fail with status code 402 to indicate that at least 1 quota has been exceeded.
    • Download/delete job result documentation model for 404 was incorrect, and changed to correct ones.
    • Uploading a new model may fail with 402 to indicate that namespace quota has been exceeded.
    • Patching an existing model may fail with 402 to indicate that namespace quota has been exceeded.

GAMS Engine 21.06.03

Update GAMS to version 35.2.0.

GAMS Engine 21.05.04

Update GAMS to version 35.1.0.

GAMS Engine 21.03.19

  • Fix issue that caused jobs to not get canceled when the GAMS process creates another GAMS process.

GAMS Engine 21.03.12

  • listJobs with show_only_active set now also returns jobs that are waiting for dependencies.
  • Inviters now have access to jobs submitted by invitees.
  • The Engine UI now has the option to display only jobs that are currently active.
  • Users can change registered models' files, arguments, inex file, run filename via PATCH /namespaces/{namespace}/{model}
  • Listing models provides run filename information as well
  • Deprecated creating JWT token via basic auth, use the other option instead
  • Users now can specify expiration time for JWT token, defaults to 4 hours
  • Dependency checker, hcube appender, hcube unpacker logging format changed
  • Restarting worker now handled by Container Runtime in connection error

GAMS Engine 21.02.03

First official release of GAMS Engine.