1. Release Notes for 3.3.x¶

1.1. Ansible Tower Version 3.3.2¶

Fixed external loggers to send activity stream to send changes as raw JSON, instead of JSON-ified string
Fixed MANAGE_ORGANIZATION_AUTH settings to allow superusers to make changes
Fixed an XSS issue when viewing application tokens
Fixed permissions to allow project admins to create projects
Fixed permissions to allow job template admins to delegate permissions to certain users/teams
Fixed Tower to allow selecting credential types when running in a non-English language
Fixed the Activity Stream to properly note credentials and custom credentials
Fixed an error resulting from a credential lookup where there are multiple custom credential types defined
Fixed certain certificate validation issues
Fixed templates to allow filtering by template type
Fixed events with no output to no longer render excess blank lines in the job display
Fixed detailed events to show hosts that were added during a playbook run
Fixed the inability to properly mark Tower nodes as disabled when rabbitmq was offline
Fixed the job output to correctly display certain job events
Fixed the job events to properly line-wrap in the job output
Fixed the pagination to no longer redirect to the dashboard when selecting multiple credentials
Fixed a potential deadlock on inventory deletion
Fixed the job relaunch operation to use the correct credentials when the defined credentials were changed
Improved the Schedules view to more clearly denote which resource was being scheduled
Updated Google Cloud credentials to be passed as GCE_PEM_FILE_PATH to GCE_CREDENTIALS_FILE_PATH in accordance with recent Ansible versions

1.2. Ansible Tower Version 3.3.1¶

Fixed event callback error when in-line vaulted variables are used with include_vars
Fixed HSTS and X-Frame-Options to properly be set in nginx configuration
Fixed isolated node setup to no longer fail when ansible_host is used
Fixed selection of custom virtual environments in job template creation
Fixed display of extra_vars for scheduled jobs
Fixed websockets for job details to properly work
Fixed the /api/v2/authtoken compatibility shim
Fixed page size selection on the jobs screen
Fixed instances in an instance group to properly be disabled in the user interface
Fixed the job template selection in workflow creation to properly render
Fixed member_attr to properly set on some LDAP configurations during upgrade, preventing login
Fixed PosixUIDGroupType LDAP configurations
Improved the RAM requirement in the installer preflight check
Updated Tower to properly report an error when relaunch was used on a set of failed hosts that is too large
Updated sosreport configuration to gather more python environment, nginx, and supervisor configuration

1.3. Ansible Tower Version 3.3.0¶

Added support for container-based clusters using OpenShift
Added support for multiple or no credential assignment in Job Templates
Added support for multiple Vault credential assignment in Job Templates
Added support for multiple LDAP server configurations
Added support fact caching for isolated instances
Added the ability to schedule configurations of a job template using job template prompts
Added deprecation note to the Tower REST API for Version 1 (/api/v1/), which will be removed in a future release of Ansible Tower
Added the ability to make a copy of existing Tower objects (inventory, project, etc.) as a template for creating a new one
Added the ability to relaunch jobs on a subset of hosts by status
Added validation to prevent string "$encrypted$" from becoming a literal survey question default
Added support for more job template prompts at workflow node creation time
Added ask_variables_on_launch to workflow job templates (WFJT)
Added diff_mode and verbosity fields to WFJT nodes
Added Saved Launch-time configurations feature - added WFJT node promptable fields to schedules, added extra_data to WFJT nodes, and added “schedule this job” endpoint.
Added block creation of schedules when variables not allowed are given. Block similar cases for WFJT nodes.
Added the ability to create instance groups and associate instances at runtime via the user interface and API
Added the ability to group instances based on policy, such as such as “50% of instances” and “at least three instances”
Added additional organizational roles for administration of projects, job templates, inventories, workflows and more
Added support for custom virtual environments for customizing Ansible execution
Added OAuth2 support for token based authentication
Added support for OAuth2 applications and access token generation
Added the ability to forcibly expire sessions through awx-manage expire_sessions
Added support for making inventory parsing errors fatal, and only enable the script inventory plugin for job runs and vendored inventory updates
Added inventory field to inventory updates
Added related credentials endpoint for inventory updates to be more internally consistent with job templates, model changes
Added the ability to show all teams to organization admins if the ORG_ADMINS_CAN_SEE_ALL_USERS setting is enabled
Added the ability to create schedules and workflow nodes from job templates that use credentials which prompt for passwords if ask_credential_on_launch is set.
Deprecated the fact_versions and fact_view endpoints from the API, including OPTIONS
Deprecated fact tables
Deprecated the awx-manage cleanup_facts command for fact cleanup
Deprecated the /api/v2/authtoken/ endpoint in the API and replaced it with /api/v2/tokens/
Fixed a conflict with Tower credential type by removing TOWER_HOST as a default environment variable in job running environments. Playbook authors should replace their use with AWX_HOST.
Fixed a behavior in Tower to prevent it from deleting jobs when event processing is still ongoing
Fixed a behavior in Tower to disallow relaunching jobs with execute_role if another user provided prompts
Improved project updates so that previously synced git projects do not attempt to contact the server if they are already at the proper revision
Improved WFJT node credential to many-to-many credentials
Improved stricter criteria to admin users where organization admin role now necessary for all organizations of which the target user is a member. Additionally, removed unused admin_role associated with users
Improved logs to consistently catch task exceptions
Improved external loggers to passively create handler from settings on every log emission, replacing server restart, allowing use in OpenShift deployments
Improved Tower to automatically run a project update if sensitive fields change like scm_url
Improved queuing logic through setting execution_node in task manager and submitting waiting jobs to only the queue for the specific instance job is targeted to run on
Updated the auth-token-timeout header name to Session-Timeout
Updated the AUTH_TOKEN_EXPIRATION setting name to change to SESSION_COOKIE_AGE and AUTH_TOKEN_PER_USER changed to SESSIONS_PER_USER
Updated source-control based inventory to allow for vaulted variable values
Updated the minimum required version of Red Hat Enterprise Linux to 7.4
Updated the minimum required RAM for standalone Tower to 4GB
Updated Ansible Tower to set ANSIBLE_DISPLAY_ARGS_TO_STDOUT to False by default for all playbook runs to match Ansible’s default behavior. See Jobs for more information.
Updated all job and tasks to generate consistent output events and make job output available on all cluster nodes
Updated external logging to default to HTTPS unless http:// is explicitly specified in the log aggregator hostname
Updated the behavior of a job template to prohibit configuring callbacks on job templates without an inventory
Updated the boolean fields for custom credential types to always default extra_vars and environment variables to False when a value is not provided
Updated to disallow using HTTP PUT/PATCH methods to modify existing jobs in Job Details API endpoint