- Added support for configuring most aspects of Ansible Tower directly from the Tower user interface (and Tower API), rather than editing Tower configuration files
- Added support for “Scale-Out” Clusters, which replaces the HA/Redundancy method from prior Tower releases
- Added support for Workflows, a chain of job templates executed in order
- Added support for sending event and log messages to various logging services (Elastic, Splunk, Sumologic, Loggly, generic REST endpoint)
- Added support for a new Tower Search feature which supports GitHub-style “key:value” searching
- Added support for Ubuntu 16.04
- Added support for a New Project Sync Architecture, where projects are now checked out at job runtime
- Added support for setting timeouts on job runs
- Added support for internationalization and localization (French and Japanese)
- Added support for multi-playbook Workflows
- Added
/api/v1/settings
for Tower managed settings. This corresponds to the in-Tower configuration UI- Added support for windows scan jobs
- Added support so that the SCM Revision used is now stored on Job
- Added support for API endpoints to now show
__search
filter fields for broader searching of objects- Added support so that system jobs are now shown in
/api/v1/unified_jobs
- Added support for the new Ansible vmware_inventory script
- Added support for Job stdout downloads, which may generate and cache on the fly
- Added support for
/api/v1/inventory_updates
and/api/v1/project_updates
to view those specific job types- Added support for user_capabilities API elements in various places to allow API consumers to know if their user can perform the referenced actions on the object
- Added support for
set_stats
for Workflow jobs to persist data between Workflow job runs, support added in ansible core also- Added support for Tower callbacks so that they can now resolve
ansible_host
as well asansible_ssh_host
- Added support for Tower callbacks so that they now filter out
ansible_
variables on POST- Added support for notifications so that they are emitted on jobs marked as failed by the dead job detector
- Added eu-west-2 and ca-central-1 to the list of supported EC2 regions
- Added support for
format=ansi_download
when downloading stdout- Deprecated support for Rackspace inventories
- Fixed an issue where manual projects could be launched/updated
- Fixed various unicode issues
- Fixed various issues dealing with self signed certificatesvalue.
- Fixed Jobs so that they now show
$encrypted
for these variables, where they previously did not- Improved performance for viewing job and job template lists
- Improved Tower virtualenv so that it is purged on upgrade
- Improved setup playbook so that it is more tolerant of various iptables/firewalld configurations
- Improved the optimization of PostgreSQL installation to improve overall performance
- Improved database migrations through consolidation to make upgrades/installs faster
- Improved hardening for web server configuration (SSL, HSTS)
- Removed zeromq as a communications channel between dependent services in favor of rabbitmq
- Removed
/api/v1/jobs/n/job_plays
and/api/v1/jobs/n/job_tasks
- Removed proot in favor of bubblewrap for process isolation
- Removed the ability to make POST requests on the
/api/v1/jobs/
endpoint- Removed has_schedules from various endpoints, as it was never populated
- Removed support for Red Hat Enterprise Linux 6/CentOS 6 and Ubuntu 12.04
- Updated surveys so that a blank value for a survey question default value now passes an empty string as a value
- Updated surveys so that previously existing surveys with blank default question values now pass empty strings as an extra variable
- Updated Websockets, moving them from socket.io to django channels and are now served under port 443/80 along with the regular web service. Port 8080 is no longer needed.
- Updated Job results so that they are now driven by job events and thus provides clickable context
- Updated Tower so that it now uses the system time zone by default
- Updated Tower requirements for Ansible–Tower now requires Ansible 2.1 or later
- Updated Ansible inventory plugins to the latest versions
- Updated Web server to NGINX from Apache
- Updated survey passwords so that they are now encrypted when stored in the database
- Updated
request_tower_configuration.sh
- Added support for new AWS regions, including an update to the boto version included with Tower
- Fixed various minor UI and API related bugs
- Fixed a regression with authentication restrictions
- Fixed an issue where restoring the database failed when using the RHEL6 bundled installation method
- Fixed an issue where, when viewing a host, “extra vars” were not initially formatted properly
- Fixed an issue where users were able to relaunch jobs they did not have permission to initially launch
- Fixed an issue where, after editing a Job Template, retrieving Job Templates failed when filtered
- Fixed an issue where Satellite 6 inventory marked all hosts as disabled
- Fixed an issue where Inventory variables were displayed incorrectly when editing hosts
- Fixed a rendering issue with the Host Event details window
- Fixed an issue where, when launching an inventory update, users were navigated away from the inventory manage view
- Fixed an issue where organization auditors could see the user permissions of other users in their organization
- Fixed an issue where canceling a Windows job in Tower left an orphaned process running on the control machine
- Fixed an issue where empty Host Variable Data produces a 500 error in the API browser after upgrading from 2.4.5
- Fixed an issue when using an Azure Service Principal in conjunction with Microsoft Azure inventory
- Fixed an issue where Inventory syncs fail against a resource group if it contains a non-standard virtual machine size when using Azure
- Fixed an issue where navigating to the admin or users from the organizations view in Tower caused 404 errors
- Fixed an issue where, when updating a Rackspace inventory, TypeError messages appeared
- Improved the run time performance for playbooks in Tower
- Improved support around how YAML is handled with Tower’s variable parser
- Improved the population of manual projects in Tower
- Improved Event Summary status badge counts
- Improved PostgreSQL configuration with regard to authentication (CVE-2016-7070)
- Updated PostgreSQL repository location for installation methods
- Added support for IAM Roles when configuring an EC2 Inventory Sync
- Added support for backing up and restoring Databases created when installing 3.0.x
- Added the display of a “working” indicator when toggling Tower components on/off
- Added the ability to toggle the view of job labels (view less/view more)
- Added the ability to add skip tags to job templates (which may also be prompted for at launch time)
- Added documentation around resetting the Tower URL provided in Notification links
- Fixed an issue where users could not remove inventory or credentials from job template
- Fixed an issue where admins were not properly allowed to copy or edit to Job Templates via the API
- Fixed an issue where Home/Host column views were not sortable
- Fixed the display of schedules to only show those with future activity
- Fixed an error where clicking to a different page number while editing a resource and making a new selections indicated an item other than the one currently selected/being edited
- Fixed an issue where relaunching a job ignored search filters
- Fixed an issue where searching for a user on an inventory permission page queried a project access list URL instead of the inventory access list URL
- Fixed an issue where pressing the Enter key (instead of clicking ‘Ok’ with your mouse) closes a pop up error message and, unexpectedly, navigates the user back to the Tower home page
- Fixed an issue where system job templates were not being included when viewing unified job template results
- Fixed an issue related to relaunching ad hoc commands
- Fixed an issue preventing projects from being deleted during an SCM update
- Fixed an issue where, when viewing the “Event Summary” field, filtering by task status summary dots returned incorrect tasks information
- Fixed an issue where selecting a host on one page, then going to the next page and selecting another host, did not save the prior selection as expected
- Fixed an issue where processing extra_vars in a survey caused errors
- Fixed an issue regarding how passwords are stored with surveys
- Fixed an issue where, when running a playbook with an ignored task, the ignored task was incorrectly marked as failing
- Fixed an issue so that Webhook notifications properly display the host summary information
- Fixed an issue where provisioning callbacks were running multiple times in a row
- Fixed various minor issues related to RBAC permissions and credentials
- Fixed various minor API bugs
- Fixed various minor UI and tooltips bugs
- Fixed an issue related to SAML logins hanging after multiple authorization attempts
- Fixed an issue where the “start date” header and schedule preview do not match what is set by the browser locale
- Fixed an issue where users could not properly edit their profile
- Fixed an issue related to backup/restoring with the setup.sh script
- Improved Tower installer compatibility with RHUI repos on RHEL non-AWS instances
- Improved upon what the auditor role can view (organization auditors can view inventory script contents in their own organizations, view notification templates in the activity stream, team credentials views)
- Improved the consistency of how scheduling is displayed within the Tower UI
- Improved how credentials are handled in that they should only be shareable when the organization field is not “null”
- Improved how teams are displayed for different organizations when viewing permissions
- Improved support for CloudForms and Red Hat Satellite 6 with Tower 3.0.x
- Reorganized activity stream views/access for organization admins and auditors
- Removed the requirement of needing a password for the network credential when using an SSH key
- Removed the requirement of needing AUTH with Email notifications using SMTP
- Added a stock schedule job for the ‘Cleanup Fact Details’ management job
- Fixed an issue with inventory syncs using Red Hat Satellite 6 credentials
- Fixed an issue which incorrectly allowed users assigned to a system auditor role to be able to escalate privileges to teams
- Fixed an issue with Webhook notifications where the content-type was being set incorrectly
- Fixed an issue where canceling a new job failed to change state from “new” to “canceled”
- Fixed an upgrade and credential migration issue which involved null inventory fields in job templates
- Fixed an upgrade and migration issue where hosts which had previously been deleted were not skipped during the upgrade process
- Fixed an upgrade and migration issue where job templates linked to deleted inventories caused migrations to fail
- Fixed an upgrade and migration issue where job templates without inventories caused migrations to fail
- Fixed an error related to the logging of RBAC migration data which caused installations to fail
- Fixed an issue related to license checks
- Fixed other various issues related to upgrading and migration
- Fixed the need for elevated permissions to make changes to job templates under some scenarios
- Fixed an issue where Organization-level admins could not edit scan jobs that were created prior to upgrading to Tower 3.0
- Fixed an issue regarding Software Collections (SCL) installation on EL6
- Fixed a problem with subsequent logins after upgrading to Tower 3.0 when using Google OAuth or SAML authentication
- Discovered an issue with MS Azure inventory imports using new-style credentials being unsupported on distributions that ship python-2.7 (e.g. not EL6)
- Updated the UI to display new jobs in the Jobs overview screen and added a cancellation method for these new jobs
Added a notifications system for Tower which supports services like Slack, HipChat, IRC, etc.
Added support for the new Azure inventory system and the latest Ansible Azure modules (legacy Azure inventory and credentials are still supported)
- Azure inventory imports using new-style credentials are only supported on distributions that ship python-2.7 (e.g. not EL6)
Added support for keystone v3 which supports the latest Openstack versions
Added counts and more detail to Organization endpoints (API)
Added prompting for Job Templates
Added labels for Job Templates
Added support for user customization as Ansible tasks now run in their own environment
Added support for new Ansible Network Credentials
Added inventory support for Red Hat Cloudforms and Red Hat Satellite 6
Added SUSE, OpenSuse, and Debian support for scan jobs
Added a link to the schedule in the job detail view if the job was started as a result of a schedule
Added survey spec management without requiring that surveys be enabled on job templates
Added additional strict extra_vars validation. extra_vars passed to the job launch API are only honored if one of the following is true:
- they correspond to variables in an enabled survey
- ask_variables_on_launch is set to True
Added a deprecation notice for Ubuntu 12 and RHEL 6
Changed how Projects are linked so that they now tie singularly to an Organization
Changed how system tracking and scan data are stored–now in postgres. MongoDB dependency removed.
Discovered an issue with ECDSA credentials–if your Tower server has a version of OpenSSH that predates 5.7, jobs will fail when launched jobs with ECDSA credentials
Fixed issues with scan jobs on RHEL5
Fixed an issue with the websocket service when Tower is run on CentOS or RHEL 7.2
Fixed issues with Ansible’s no_log causing errors or not hiding data when running jobs
Fixed the way setting a license is done so that it propagates to standby Tower nodes in an HA configuration
Fixed GCE credential handling and inventory filtering
Improved (through a complete rewrite to expand and simplify) the Role-Based Access Control system in Tower
Improved job templates so that multiple invocations of the same job template will only block if the job templates used the same inventory
Improved the setup playbook so that it now hides potentially sensitive information from stdout and the setup log
Improved the Setup process now supports installing and configuring postgres on a remote system
Removed MongoDB and changed view queries to use a Postgres implementation
Removed soft-deletes: Tower now permanently deletes removed objects and the utilities to manage the cleanup of those soft-deleted objects have been removed
Removed Munin monitoring
Updated the look and feel of the entire Tower UI for a more approachable and intuitive user experience
Updated and simplifed the Tower setup process so that new Tower installs are now preloaded with Organization, Inventory, Project, and Job Template demo data
Updated the setup process to support installing and configuring Postgres on a remote system
Updated dependencies
Updated Red Hat Enterprise Linux 6/CentOS 6 to use python 2.7 (for Tower only)
Updated the minimum open file descriptor check and configuration by raising it from 1024 to 4096
yum
module on ansible-1.9.4 (or newer)v2_runner_item_on_*
)Note
Ansible 2.0 OpenStack modules will not work on Red Hat Enterprise Linux 6 or CentOS 6.
Caution
If Ansible’s Customer Support recommended that you disable PRoot to solve the failing jobs problem (setting AWX_PROOT_ENABLED=False
), consult with Support to determine if re-enabling PRoot is appropriate for your particular use case.
extra_vars
attached to Job Template records is preserved. Previously, YAML would be converted to JSON and returned as JSON. In 2.2.0 and newer, YAML is returned as YAML with formatting and comments preserved, and JSON is returned as JSON.https://<Tower server name>/portal/
group\_vars/all
of setup playbook
- Groups UI under inventory tab is now paginated
- Updated UI options for moving and copying groups (and host contents)
- The jobs page has been overhauled to show completed, active, queued, and scheduled jobs.
- Inventory and project synchronization jobs are now also shown on the jobs page.