Documentation

Release Notes

Ansible Tower Version 3.1.0

  • Added support for configuring most aspects of Ansible Tower directly from the Tower user interface (and Tower API), rather than editing Tower configuration files
  • Added support for “Scale-Out” Clusters, which replaces the HA/Redundancy method from prior Tower releases
  • Added support for Workflows, a chain of job templates executed in order
  • Added support for sending event and log messages to various logging services (Elastic, Splunk, Sumologic, Loggly, generic REST endpoint)
  • Added support for a new Tower Search feature which supports GitHub-style “key:value” searching
  • Added support for Ubuntu 16.04
  • Added support for a New Project Sync Architecture, where projects are now checked out at job runtime
  • Added support for setting timeouts on job runs
  • Added support for internationalization and localization (French and Japanese)
  • Added support for multi-playbook Workflows
  • Added /api/v1/settings for Tower managed settings. This corresponds to the in-Tower configuration UI
  • Added support for windows scan jobs
  • Added support so that the SCM Revision used is now stored on Job
  • Added support for API endpoints to now show __search filter fields for broader searching of objects
  • Added support so that system jobs are now shown in /api/v1/unified_jobs
  • Added support for the new Ansible vmware_inventory script
  • Added support for Job stdout downloads, which may generate and cache on the fly
  • Added support for /api/v1/inventory_updates and /api/v1/project_updates to view those specific job types
  • Added support for user_capabilities API elements in various places to allow API consumers to know if their user can perform the referenced actions on the object
  • Added support for set_stats for Workflow jobs to persist data between Workflow job runs, support added in ansible core also
  • Added support for Tower callbacks so that they can now resolve ansible_host as well as ansible_ssh_host
  • Added support for Tower callbacks so that they now filter out ansible_ variables on POST
  • Added support for notifications so that they are emitted on jobs marked as failed by the dead job detector
  • Added eu-west-2 and ca-central-1 to the list of supported EC2 regions
  • Added support for format=ansi_download when downloading stdout
  • Deprecated support for Rackspace inventories
  • Fixed an issue where manual projects could be launched/updated
  • Fixed various unicode issues
  • Fixed various issues dealing with self signed certificatesvalue.
  • Fixed Jobs so that they now show $encrypted for these variables, where they previously did not
  • Improved performance for viewing job and job template lists
  • Improved Tower virtualenv so that it is purged on upgrade
  • Improved setup playbook so that it is more tolerant of various iptables/firewalld configurations
  • Improved the optimization of PostgreSQL installation to improve overall performance
  • Improved database migrations through consolidation to make upgrades/installs faster
  • Improved hardening for web server configuration (SSL, HSTS)
  • Removed zeromq as a communications channel between dependent services in favor of rabbitmq
  • Removed /api/v1/jobs/n/job_plays and /api/v1/jobs/n/job_tasks
  • Removed proot in favor of bubblewrap for process isolation
  • Removed the ability to make POST requests on the /api/v1/jobs/ endpoint
  • Removed has_schedules from various endpoints, as it was never populated
  • Removed support for Red Hat Enterprise Linux 6/CentOS 6 and Ubuntu 12.04
  • Updated surveys so that a blank value for a survey question default value now passes an empty string as a value
  • Updated surveys so that previously existing surveys with blank default question values now pass empty strings as an extra variable
  • Updated Websockets, moving them from socket.io to django channels and are now served under port 443/80 along with the regular web service. Port 8080 is no longer needed.
  • Updated Job results so that they are now driven by job events and thus provides clickable context
  • Updated Tower so that it now uses the system time zone by default
  • Updated Tower requirements for Ansible–Tower now requires Ansible 2.1 or later
  • Updated Ansible inventory plugins to the latest versions
  • Updated Web server to NGINX from Apache
  • Updated survey passwords so that they are now encrypted when stored in the database
  • Updated request_tower_configuration.sh

Release Notes for 3.0.x

Ansible Tower Version 3.0.3

  • Added support for new AWS regions, including an update to the boto version included with Tower
  • Fixed various minor UI and API related bugs
  • Fixed a regression with authentication restrictions
  • Fixed an issue where restoring the database failed when using the RHEL6 bundled installation method
  • Fixed an issue where, when viewing a host, “extra vars” were not initially formatted properly
  • Fixed an issue where users were able to relaunch jobs they did not have permission to initially launch
  • Fixed an issue where, after editing a Job Template, retrieving Job Templates failed when filtered
  • Fixed an issue where Satellite 6 inventory marked all hosts as disabled
  • Fixed an issue where Inventory variables were displayed incorrectly when editing hosts
  • Fixed a rendering issue with the Host Event details window
  • Fixed an issue where, when launching an inventory update, users were navigated away from the inventory manage view
  • Fixed an issue where organization auditors could see the user permissions of other users in their organization
  • Fixed an issue where canceling a Windows job in Tower left an orphaned process running on the control machine
  • Fixed an issue where empty Host Variable Data produces a 500 error in the API browser after upgrading from 2.4.5
  • Fixed an issue when using an Azure Service Principal in conjunction with Microsoft Azure inventory
  • Fixed an issue where Inventory syncs fail against a resource group if it contains a non-standard virtual machine size when using Azure
  • Fixed an issue where navigating to the admin or users from the organizations view in Tower caused 404 errors
  • Fixed an issue where, when updating a Rackspace inventory, TypeError messages appeared
  • Improved the run time performance for playbooks in Tower
  • Improved support around how YAML is handled with Tower’s variable parser
  • Improved the population of manual projects in Tower
  • Improved Event Summary status badge counts
  • Improved PostgreSQL configuration with regard to authentication (CVE-2016-7070)
  • Updated PostgreSQL repository location for installation methods

Ansible Tower Version 3.0.2

  • Added support for IAM Roles when configuring an EC2 Inventory Sync
  • Added support for backing up and restoring Databases created when installing 3.0.x
  • Added the display of a “working” indicator when toggling Tower components on/off
  • Added the ability to toggle the view of job labels (view less/view more)
  • Added the ability to add skip tags to job templates (which may also be prompted for at launch time)
  • Added documentation around resetting the Tower URL provided in Notification links
  • Fixed an issue where users could not remove inventory or credentials from job template
  • Fixed an issue where admins were not properly allowed to copy or edit to Job Templates via the API
  • Fixed an issue where Home/Host column views were not sortable
  • Fixed the display of schedules to only show those with future activity
  • Fixed an error where clicking to a different page number while editing a resource and making a new selections indicated an item other than the one currently selected/being edited
  • Fixed an issue where relaunching a job ignored search filters
  • Fixed an issue where searching for a user on an inventory permission page queried a project access list URL instead of the inventory access list URL
  • Fixed an issue where pressing the Enter key (instead of clicking ‘Ok’ with your mouse) closes a pop up error message and, unexpectedly, navigates the user back to the Tower home page
  • Fixed an issue where system job templates were not being included when viewing unified job template results
  • Fixed an issue related to relaunching ad hoc commands
  • Fixed an issue preventing projects from being deleted during an SCM update
  • Fixed an issue where, when viewing the “Event Summary” field, filtering by task status summary dots returned incorrect tasks information
  • Fixed an issue where selecting a host on one page, then going to the next page and selecting another host, did not save the prior selection as expected
  • Fixed an issue where processing extra_vars in a survey caused errors
  • Fixed an issue regarding how passwords are stored with surveys
  • Fixed an issue where, when running a playbook with an ignored task, the ignored task was incorrectly marked as failing
  • Fixed an issue so that Webhook notifications properly display the host summary information
  • Fixed an issue where provisioning callbacks were running multiple times in a row
  • Fixed various minor issues related to RBAC permissions and credentials
  • Fixed various minor API bugs
  • Fixed various minor UI and tooltips bugs
  • Fixed an issue related to SAML logins hanging after multiple authorization attempts
  • Fixed an issue where the “start date” header and schedule preview do not match what is set by the browser locale
  • Fixed an issue where users could not properly edit their profile
  • Fixed an issue related to backup/restoring with the setup.sh script
  • Improved Tower installer compatibility with RHUI repos on RHEL non-AWS instances
  • Improved upon what the auditor role can view (organization auditors can view inventory script contents in their own organizations, view notification templates in the activity stream, team credentials views)
  • Improved the consistency of how scheduling is displayed within the Tower UI
  • Improved how credentials are handled in that they should only be shareable when the organization field is not “null”
  • Improved how teams are displayed for different organizations when viewing permissions
  • Improved support for CloudForms and Red Hat Satellite 6 with Tower 3.0.x
  • Reorganized activity stream views/access for organization admins and auditors
  • Removed the requirement of needing a password for the network credential when using an SSH key
  • Removed the requirement of needing AUTH with Email notifications using SMTP

Ansible Tower Version 3.0.1

  • Added a stock schedule job for the ‘Cleanup Fact Details’ management job
  • Fixed an issue with inventory syncs using Red Hat Satellite 6 credentials
  • Fixed an issue which incorrectly allowed users assigned to a system auditor role to be able to escalate privileges to teams
  • Fixed an issue with Webhook notifications where the content-type was being set incorrectly
  • Fixed an issue where canceling a new job failed to change state from “new” to “canceled”
  • Fixed an upgrade and credential migration issue which involved null inventory fields in job templates
  • Fixed an upgrade and migration issue where hosts which had previously been deleted were not skipped during the upgrade process
  • Fixed an upgrade and migration issue where job templates linked to deleted inventories caused migrations to fail
  • Fixed an upgrade and migration issue where job templates without inventories caused migrations to fail
  • Fixed an error related to the logging of RBAC migration data which caused installations to fail
  • Fixed an issue related to license checks
  • Fixed other various issues related to upgrading and migration
  • Fixed the need for elevated permissions to make changes to job templates under some scenarios
  • Fixed an issue where Organization-level admins could not edit scan jobs that were created prior to upgrading to Tower 3.0
  • Fixed an issue regarding Software Collections (SCL) installation on EL6
  • Fixed a problem with subsequent logins after upgrading to Tower 3.0 when using Google OAuth or SAML authentication
  • Discovered an issue with MS Azure inventory imports using new-style credentials being unsupported on distributions that ship python-2.7 (e.g. not EL6)
  • Updated the UI to display new jobs in the Jobs overview screen and added a cancellation method for these new jobs

Ansible Tower Version 3.0

  • Added a notifications system for Tower which supports services like Slack, HipChat, IRC, etc.

  • Added support for the new Azure inventory system and the latest Ansible Azure modules (legacy Azure inventory and credentials are still supported)

    • Azure inventory imports using new-style credentials are only supported on distributions that ship python-2.7 (e.g. not EL6)
  • Added support for keystone v3 which supports the latest Openstack versions

  • Added counts and more detail to Organization endpoints (API)

  • Added prompting for Job Templates

  • Added labels for Job Templates

  • Added support for user customization as Ansible tasks now run in their own environment

  • Added support for new Ansible Network Credentials

  • Added inventory support for Red Hat Cloudforms and Red Hat Satellite 6

  • Added SUSE, OpenSuse, and Debian support for scan jobs

  • Added a link to the schedule in the job detail view if the job was started as a result of a schedule

  • Added survey spec management without requiring that surveys be enabled on job templates

  • Added additional strict extra_vars validation. extra_vars passed to the job launch API are only honored if one of the following is true:

    • they correspond to variables in an enabled survey
    • ask_variables_on_launch is set to True
  • Added a deprecation notice for Ubuntu 12 and RHEL 6

  • Changed how Projects are linked so that they now tie singularly to an Organization

  • Changed how system tracking and scan data are stored–now in postgres. MongoDB dependency removed.

  • Discovered an issue with ECDSA credentials–if your Tower server has a version of OpenSSH that predates 5.7, jobs will fail when launched jobs with ECDSA credentials

  • Fixed issues with scan jobs on RHEL5

  • Fixed an issue with the websocket service when Tower is run on CentOS or RHEL 7.2

  • Fixed issues with Ansible’s no_log causing errors or not hiding data when running jobs

  • Fixed the way setting a license is done so that it propagates to standby Tower nodes in an HA configuration

  • Fixed GCE credential handling and inventory filtering

  • Improved (through a complete rewrite to expand and simplify) the Role-Based Access Control system in Tower

  • Improved job templates so that multiple invocations of the same job template will only block if the job templates used the same inventory

  • Improved the setup playbook so that it now hides potentially sensitive information from stdout and the setup log

  • Improved the Setup process now supports installing and configuring postgres on a remote system

  • Removed MongoDB and changed view queries to use a Postgres implementation

  • Removed soft-deletes: Tower now permanently deletes removed objects and the utilities to manage the cleanup of those soft-deleted objects have been removed

  • Removed Munin monitoring

  • Updated the look and feel of the entire Tower UI for a more approachable and intuitive user experience

  • Updated and simplifed the Tower setup process so that new Tower installs are now preloaded with Organization, Inventory, Project, and Job Template demo data

  • Updated the setup process to support installing and configuring Postgres on a remote system

  • Updated dependencies

  • Updated Red Hat Enterprise Linux 6/CentOS 6 to use python 2.7 (for Tower only)

  • Updated the minimum open file descriptor check and configuration by raising it from 1024 to 4096

Release Notes for 2.4.x

Ansible Tower Version 2.4.5

  • Corrected an issue where inventory syncs using Rackspace credentials failed
  • Corrected an issue where the Host Events display provided different results depending on the version of Ansible used
  • Corrected an issue which caused an error when calling the Ansible yum module on ansible-1.9.4 (or newer)
  • Improved display for Ansible loops on the job detail page by recognizing new Ansible callback events (v2_runner_item_on_*)
  • Improved the efficiency of the stdout dump database migration for better memory handling
  • Updated the Boto release included with Tower to version 2.39.0

Ansible Tower Version 2.4.4

  • Corrected an issue related to Ansible 2.0.0.x job callback events
  • Corrected an issue where YAML extra_vars were ignored when launching a job template
  • Corrected an issue where running scan jobs against Red Hat Enterprise Linux 5 inventory failed
  • Corrected an issue where the Services tab was not populating in scan jobs on SLES 11 or RHEL 5
  • Corrected an issue with log output filtering
  • Corrected an issue where the Rackspace module had caching on by default
  • Corrected an issue where Tower was not working properly on Centos 7.2 with Python 2.7.5
  • Corrected an issue where OpenStack modules were not running correctly on systems with Python 2.7 (bumping shade and pyrax versions to allow Ansible 2.0 OpenStack modules to run correctly)
  • Corrected an issue where the setup/upgrade playbook failed if being run from Ansible 2.X

Note

Ansible 2.0 OpenStack modules will not work on Red Hat Enterprise Linux 6 or CentOS 6.

Ansible Tower Version 2.4.3

  • Added sample configurations for LDAP connection options and disable referrals by default, which corrects a problems with queries hanging with AD
  • Corrected an issue where the UI does not enable provisioning callbacks properly
  • Improved performance of user and group queries though better caching

Ansible Tower Version 2.4.2

  • Corrected a problem with EC2 inventories which were not working correctly when instance filters were in use
  • Corrected an issue when accessing Tower using IE11 web browsers
  • Corrected an issue where clicking on a job in the activities stream did not show the correct job detail page
  • Corrected an issue where custom login information was not properly displayed at login
  • Corrected an issue with scan jobs against Amazon Linux machines throwing error messages instead of warnings
  • Corrected an API-related problem dealing with sparkline data which corrects the ordering of recent jobs as associated with job templates
  • Corrected an issue in the UI where cloud credentials associated with an inventory source were not being properly displayed
  • Corrected an issue where org admins did not have the proper permissions to delete project updates
  • Corrected several small UI issues

Ansible Tower Version 2.4.1

  • Resolved a failure that, when not connected to the Internet (such as being behind a restrictive firewall), prevented Tower from functioning

Ansible Tower Version 2.4.0

  • Added custom rebranding support
  • Added the ability to enable and disable basic authentication
  • Added support for authentication via SAML 2.0 servers, Google Apps, GitHub, and RADIUS
  • Added support for session limits
  • Added support for EC2 STS tokens
  • Added default schedules for system jobs on new installs
  • Added support to allow multiple scheduled system jobs
  • Added an example “request_tower_configuration.ps1” PowerShell for use with Tower’s provisioning callbacks
  • Added analytics and data collection for improving the UI experience of Ansible Tower
  • Changed the behavior of config.js handling and introduced support for the local_settings.json file for specific variable changes
  • Changed the way Job Templates work so that they launch using an extra variables hierarchy
  • Changed session timeout to be set in session.py and no longer in the UI local_config.js file
  • Changed the local_config.js file to local_settings.json and made it more flexible to override configuration settings
  • Corrected some Tower features when using Ansible 2.0
  • Corrected an issue where ‘Overwrite’ in an inventory update would imply ‘Overwrite Variables’
  • Corrected an issue where Tower-cli ignored default answers when trying to launch a job with a survey
  • Corrected an issue that prevented LDAP logging from working correctly
  • Corrected an issue where Null errors were returned after deleting an Organization associated with a Custom Inventory Script with an Inventory
  • Incorporated a feature which adds an Auth-Token-Timeout to every responses that include a valid user-supplied token
  • Noted a known issue where using the strategies feature of Ansible 2.0 in Ansible Tower causes jobs to not display properly (support for the strategies feature will be added in a future release of Tower)
  • Removed the ability to delete the default set Organization for Basic-level license users

Release Notes for 2.3.x

Ansible Tower Version 2.3.1

  • Corrected an issue where PRoot being enabled caused jobs to fail on systems using SSH ControlPersist.

Caution

If Ansible’s Customer Support recommended that you disable PRoot to solve the failing jobs problem (setting AWX_PROOT_ENABLED=False), consult with Support to determine if re-enabling PRoot is appropriate for your particular use case.

Ansible Tower Version 2.3.0

  • Added support for bundled installations
  • Added improvements for preflight free disk space check
  • Added Ansible installation support where the Ansible Tower installer now attempts to install Ansible as part of the installation process
  • Corrected an issue where launching a JT with a Survey attached failed if you had survey data types other than “text” or “text area”
  • Corrected an issue where scan jobs fail on large file scans
  • Corrected an issue where projects were not included in system backups
  • Corrected an issue where downloading stdout in text format would return JSON instead
  • Corrected an issue where downloading stdout in text format would incorrectly escape characters
  • Corrected a performance issue when accessing jobs and job_templates

Release Notes for 2.2.x

Ansible Tower Version 2.2.2

  • Corrected an issue where unicode credential passwords caused migrations to fail
  • Corrected a performance issue when Tower redacts sensitive data from job output

Ansible Tower Version 2.2.1

  • Fixed performance issues when job stdout was very large
  • Corrected an issue where stdout display in Tower would fail on some unicode output
  • Corrected an issue where EC2 inventory sync would fail if instances had blank tags
  • Corrected an issue where jobs would not cancel properly on user cancellation (applies to EL6 platforms where PRoot was enabled by default)
  • Corrected an issue when restoring a Tower database backup to a remote PostgreSQL database
  • Added support for newer OpenSSH private key format
  • Fixed display of Tower version in ‘About Tower’
  • Fixed links to Ansible Github repository in dynamic inventory online help

Ansible Tower Version 2.2.0

  • Added System Tracking job scan (available for Enterprise and Premium licenses only)
  • Simplified Dashboard and Interface with new Setup Menu
  • Added inventory support for OpenStack
  • Added data cleanup and snapshot retention scheduling
  • Added Ansible Galaxy integration
  • Added support for Remote Command Execution
  • Added Status widget for easily viewing the 10 most recent jobs run on a job template
  • Added integration for easier backups and restorations into the Tower setup playbook
  • Adjusted dates to display in the user’s locale format
  • Simplified password/passphrase entry
  • Added more configurable verbosity levels for job templates
  • Assorted other bugfixes and enhancements
  • API change: Formatting of extra_vars attached to Job Template records is preserved. Previously, YAML would be converted to JSON and returned as JSON. In 2.2.0 and newer, YAML is returned as YAML with formatting and comments preserved, and JSON is returned as JSON.

Release Notes for 2.1.x

Ansible Tower Version 2.1.4

  • Corrected Tower’s Live Events feature, again. Really.

Ansible Tower Version 2.1.3

  • Corrected an issue where Tower Live Events would attempt to endlessly reconnect
  • Corrected issues when running with Ansible 1.9.0.1

Ansible Tower Version 2.1.2

  • Corrected multiple issues with Tower’s Live Events feature
  • Corrected an issue where Tower would become stuck if a job was killed due to memory exhaustion
  • Improved the response time of Project queries
  • Corrected an error that caused users to be unable to relaunch jobs

Ansible Tower Version 2.1.1

  • Multi-tenancy security enabled by default for new installs
  • Added support for setting VPC id for RDS instances to EC2 dynamic inventory
  • Added the ability for organization admins to create surveys
  • Added support for scheduling of custom inventory scripts
  • Corrected an error when parsing extra_vars as YAML
  • Corrected an error when configuring a remote database
  • Added EULA agreement when updating license
  • Corrected the sending of live events in some cases
  • Corrected a potential XSS issue

Ansible Tower Version 2.1.0

  • New simplified Portal Mode view for users, access at https://<Tower server name>/portal/
  • New surveys on job templates allow easy prompting of users for job parameters
  • Tower can now use an external PostgreSQL instance as the Tower database, including Amazon’s RDS
  • Added support for active/passive High Availability Tower deployments
  • Custom dynamic inventory scripts can be pasted in using the admin user menu
  • Limit Amazon EC2 inventory imports into Tower based on tags, keys, and more
  • Tower data cleanup jobs can now be scheduled and run directly from the Tower interface versus logging into the Tower instance
  • The /etc/awx Tower configuration directory has moved to /etc/tower
  • Non-admin api users must now use the /launch endpoint for a job template and can no longer call a job’s /start endpoint directly.
  • Many assorted improvements and fixes

Release Notes for 2.0.x

Ansible Tower Version 2.0.5

  • Ensured websocket connection uses user’s RBAC credentials
  • Corrected a potential CSRF issue when using the REST API graphical browser

Ansible Tower Version 2.0.4

  • Corrected a privilege escalation related to user account levels

Ansible Tower Version 2.0.2

  • Further corrections for job execution with certain 0mq library versions
  • Changes to AMI license logic to allow bring-your-own-license usage

Ansible Tower Version 2.0.1

  • Corrected a job execution issue due to 0mq library versions on certain platforms
  • Reduced logfile verbosity and retention for some Tower subcomponents
  • Adjusted setup playbook for the release of EPEL 7

Ansible Tower Version 2.0

  • New dashboard that provides at-a-glance status of your Ansible deployment
  • Completely redesigned job status page featuring real-time playbook output and progress updates
  • Added support for multiple new cloud providers - Azure, Google Compute Engine, and VMware vSphere
  • New user interface look and feel
  • Integrated monitoring support for checking the health of your Tower install
  • Tower now requires a license to run. 10 machine free licenses, as well as free large trial licenses, are available at http://ansible.com/license
  • Support added for Red Hat Enterprise Linux 7 and CentOS 7
  • Upgrades will reuse password information, not requiring reentry in group\_vars/all of setup playbook
  • Many assorted improvements and fixes

Release Notes for 1.4.x

Ansible Tower Version 1.4.12

  • Corrected an issue handling Unicode output from ansible-playbook
  • Corrected an issue displaying job details for some jobs

Ansible Tower Version 1.4.11

  • Performance improvements to inventory import and deletion
  • Groups UI under inventory tab is now paginated
  • Updated UI options for moving and copying groups (and host contents)
  • Added the ability to optionally prompt for job variables when launching jobs to the job template detail pages

Ansible Tower Version 1.4.10

  • Correctly handle schedule creation when browser timezone cannot be detected.
  • Corrected pagination on job_events page.

Ansible Tower Version 1.4.9

  • Corrected a provisioning callback issue on Enterprise Linux.
  • Added a sample provisioning callback script.
  • Various backend and UI improvements.

Ansible Tower Version 1.4.8

  • Scheduling for Jobs, SCM updates, and Inventory synchronization has been added. The UI for each of these objects has changed to accommodate this new scheduling feature.
  • The jobs page has been overhauled to show completed, active, queued, and scheduled jobs.
  • Inventory and project synchronization jobs are now also shown on the jobs page.