Documentation

1. Release Notes for Ansible Tower Version 3.2.1

1.1. Ansible Tower Version 3.2.1

  • Added support to enforce Tower software version consistency across clustered environments
  • Fixed an issue where, when using Tower 3.2.0 + Ansible 2.4.0, creating a Job Template that used an inventory with fact caching enabled could cause the job to run against a host which should have been removed
  • Fixed a problem where ad-hoc permissions could be used to run commands against the Tower server
  • Fixed an issue where the migration of scan jobs failed due to an organization having a unicode character in the name
  • Fixed an issue where database migrations failed for upgrades

1.2. Ansible Tower Version 3.2.0

Warning

Ansible 2.4.0 + Ansible Tower 3.2.0 jobs with fact caching enabled can result in running against a host which may not be included in the associated inventory. Creating a Job Template that uses an inventory with fact caching enabled can cause a job to run against a host which should have been removed. This will be fixed in upcoming releases by upgrading Ansible Tower to version 3.2.1 and/or upgrading Ansible to version 2.4.1.

  • Deprecated the group field for InventorySource, which has been renamed to deprecated_group and will be removed from InventorySource completely in Tower 3.3. As a result, the related field on Group, inventory_source has been renamed deprecated_inventory_source and will also be removed in Ansible Tower 3.3.
  • Deprecated system tracking data (historical facts) feature starting with Ansible Tower 3.2. However, you can collect facts by using the fact caching feature. Refer to Fact Caching for more detail.
  • Added support for connecting to external log aggregators via direct TCP and UDP connections.
  • Added the ability to test logging configurations through the Configure Tower UI.
  • Updated the Ansible Tower Rest API to version 2 which include added endpoints: instances, instance_groups, credential_types, and inventory_sources.
  • Added ability to create inventory sources and create Smart Inventories.
  • Added the ability to access Tower resources via resource-specific human-readable identifiers.
  • Added the ability to create and modify credential types.
  • Added ability to create and modify instance groups and isolated nodes.
  • Added the ability to enable and disable SSL certification verification through the Configure Tower UI. You no longer have to manually set an environment variable in your local settings.py file to achieve this.
  • Updated upstream Azure libraries will require users who use Ansible Tower with Azure to use Ansible 2.4 or later.
  • Fixed an outstanding issue regarding variable precedence so that the variable value is derived from the survey (survey variables take precedence over Job Template variables).
  • Added Insights project remediation, which allows you to run the Insights maintenance plan associated with an inventory.
  • Added a new API endpoint - /api/v2/settings/logging/test/ - for testing external log aggregrator connectivity.
  • Updated passing -e create_preload_data=False to skip creating default organization/project/inventory/credential/job_template during Tower installation.
  • Deprecated requirement that inventory sources be associated with a group.
  • Added support for sourcing inventory from a file inside of a source control project.
  • Added support for custom cloud and network credential types, which give you the ability to modify environment variables, extra vars, and generate file-based credentials (such as file-based certificates or .ini files) at ansible-playbook runtime.
  • Added support for assigning multiple cloud and network credential types on job templates. Job templates can now prompt for “extra credentials” at launch time in the same manner as promptable machine credentials.
  • Updated custom inventory sources to now specify a Credential; you can store third-party credentials encrypted within Tower and use their values from within your custom inventory script (for example - by reading an environment variable or a file’s contents).
  • Added support for configuring groups of instance nodes to run tower jobs. Instance groups can be assigned to an organization, inventory, or job template.
  • Fixed an issue installing Tower on multiple nodes where cluster internal node references are used.
  • Updated Tower to now use a modified version of [Fernet](https://github.com/fernet/spec/blob/master/Spec.md) for encrypting sensitive fields such as credentials. Our Fernet256 class uses AES-256-CBC instead of AES-128-CBC for all encrypted fields.
  • Added the ability to set custom environment variables globally for all playbook runs, inventory updates, project updates, and notification sending, via AWX_TASK_ENV configuration setting.
  • Added –diff mode to Job Templates and Ad-Hoc Commands. The diff can be found in the standard out when diff mode is enabled.
  • Added support for accessing some Tower resources via their name-related unique identifiers apart from primary keys.
  • Added support for authentication to Tower via TACACS+.
  • Deprecated Rackspace as a supported inventory source type and credential type.
  • Updated names of tower-mange commands register_instance -> provision_instance, deprovision_node -> deprovision_instance, and instance_group_remove -> remove_from_queue, with backward compatibility support for 3.1 command names.
  • Improved handling of workflow logic errors.
  • Updated Azure bindings, and therefore, removed support for the old Azure classic modules.
  • Fixed system auditor permissions.
  • Updated Tower to explicitly prevent non-json bodies from being accepted in the API.
  • Improved handling of default values in Tower Configuration.
  • Deprecated the storing of ansible_env in job event data.
  • Improved handling of sensitive environment variables in job details.
  • Added the ability to set the system auditor with AUTH_LDAP_USER_FLAGS_BY_GROUP.
  • Fixed some minor UTF-8 handling issues.
  • Fixed the system to no longer allow using password fields with the order_by query parameter in the API.
  • Improved censoring of Ansible no_log in job output.
  • Fixed handling project repository URLs with spaces and special characters.
  • Improved explanation when canceling jobs that are dependencies of other jobs.
  • Updated the ansible-playbook parameters to pass through the setup.sh script.
  • Added translations for Dutch; updated translations for Japanese, French, and Spanish.
  • Improved ability to update org admin/member roles on the user detail page.
  • Added force shutdown of cluster nodes that are not at the same version as the rest of the cluster.
  • Added configuration options in Tower Configuration UI.
  • Updated Postgres to 9.6.
  • Updated Tower by separating Vault credentials from machine credentials.
  • Added more prompting options to job templates.
  • Added the ability to prevent IDP user from assuming a local admin role.
  • Improved the display of SCM revision hashes by abbreviating them, and added ability to easily copy revision to clipboard.
  • Fixed a potential issue showing encrypted values in the activity stream instead of obfuscation characters.
  • Added the ability to set an enabled/disabled flag on all supported cloud inventory sources.
  • Added support for vmware host_filters and groupby_patterns.
  • Deprecated system tracking views in favor of directly viewing facts on hosts. Comparisons are best done with external data analytics systems.
  • Fixed an issue where Tower wouldn’t redirect the user to the right URL after clicking a link and logging in.
  • Fixed tower to preserve stderr from custom inventory scripts.
  • Updated Tower to now act as a fact cache source for jobs.
  • Improved handling of related resources when inventories are deleted.
  • Added the ability to show an indicator during background inventory delete.
  • Updated supported cloud regions for some inventories.
  • Improved SAML configurations.
  • Improved LDAP settings validation.
  • Added support for providing SSL cert for log aggregator service.
  • Added the ability to set proxy IP whitelists for trusted vs. untrusted load balancers.
  • Improved the efficiency in generating entries in the activity stream.
  • Added support for upgrading Ansible during setup playbook run (-e upgrade_ansible_with_tower=1).
  • Fixed downloading ad-hoc command stdout.
  • Fixed job launch dependency handling.
  • Fixed some xss vulnerabilities.
  • Added runas privilege escalation support.
  • Improved handling of instance capacity calculation.
  • Fixed SSL certificate handling for LDAP.
  • Updated the Job detail event modals to now be resizeable.
  • Deprecated Job launching capability from /api/v2/jobs. Job template launching and job relaunching are the only support launch options.
  • Improved yaml/json editor views.
  • Improved job list performance.