Documentation

2. Release Notes

The following list summarizes the additions, changes, and modifications which were made to Ansible Tower 3.1.5.

2.1. Ansible Tower Version 3.1.5

  • Fixed an issue where certain API endpoints were unreasonably slow when jobs contained large amounts of output
  • Enhanced Tower to properly show stdout for ad-hoc commands run on other cluster nodes
  • Fixed an issue where a user, who could modify playbooks, could potentially compromise Tower via an injection of git hooks in SCM repositories (CVE-2017-12148)
  • Fixed an issue where a specially crafted ad-hoc command could compromise Tower (CVE-2017-12148)
  • Upgraded the available and bundled versions of RabbitMQ to 3.6.9, which addresses various RabbitMQ CVEs (CVE-2017-4965, CVE-2017-4966, CVE-2017-4967)

2.2. Ansible Tower Version 3.1.4

  • Updated the job_events payload for logging integrations to better mirror the API structure.
  • Added the ability to configure known proxies in order to allow certain load balancers and hosts when setting up proxy server support.
  • Fixed an issue where the database restore playbook role could stop the Postgres service before restoring.
  • Fixed deadlock on multiple launches of simultaneous jobs.

2.3. Ansible Tower Version 3.1.3

  • Added Spanish translations for Ansible Tower
  • Fixed a problem where survey password defaults of a certain length could prevent a job from launching
  • Fixed truncation of long job run results causing an excessive number of blank lines
  • Fixed a problem where running two different jobs in parallel from the same project could cause an error
  • Fixed a problem where Splunk HTTP event collectors did not send job_event data
  • Fixed a problem where email notifications could send survey password values in plain text in extra_vars
  • Fixed handling of job output from certain modules
  • Fixed a problem where setting “Required” for a Multiple Choice (Single Select) survey question could prevent changing the default
  • Fixed a problem where provisioning callbacks configured to prompt for extra variables could return an error
  • Fixed a problem where modifying team permissions when using a basic license would return an error
  • Fixed a problem in LDAP configuration where adding values to the database caused users to lose permanent access to Tower
  • Fixed an issue where a database restore could fail
  • Fixed an issue where setup could fail if there was no firewall installed
  • Fixed an issue where Insights projects could cause project syncs to fail
  • Fixed an issue applying Tower configuration across cluster nodes
  • Added the ability to disable SSL certificate verification for hosted Splunk logging
  • Improved Ansible Tower to allow for passing extra_vars on ad_hoc commands
  • Updated Ansible Tower so that it can process facts output from Ansible 2.3

2.4. Ansible Tower Version 3.1.2

  • Added subpackaging for sever, UI, and setup packages
  • Added support for Red Hat Insights project type
  • Added support for explicitly specifying the host descriptor used for RabbitMQ config via rabbitmq_host
  • Adjusted search on the Job Details screen to match the behavior across Tower
  • Adjusted Tower logging to log asynchronously
  • Fixed various and minor UI bugs
  • Fixed a callback bug which was causing a task_args leak between job events
  • Fixed an issue where jobs were not able to be sorted by descending ID
  • Fixed an issue where, when working with Splunk, the log aggregator type shows as Logstash instead of Splunk
  • Fixed an issue where, when a user has two groups in an inventory (one using a VMware script and one using a custom script), clicking sync on the custom script group caused the sync icon to link to the wrong inventory sync
  • Fixed a problem where users were not able to put multi-line text in a Text Area-type field in a survey
  • Fixed a problem where users who had admin access on Workflows, but were not Org level admins, could not add or remove job templates from Workflows
  • Fixed a problem with job templates that include a multiple choice survey response, where, even when multiple selections are required, the job template ran with an empty array
  • Fixed a problem where surveys were passing a variable as empty instead of null when they included text or a text area field that had a minimum length >0 and was not filled in
  • Fixed a problem where Tower jobs hang and do not run when the Splunk server is unresponsive or unavailable
  • Fixed a problem where users with admin level permissions on projects could not modify project details
  • Fixed a problem in multiple choice survey inputs where, when selecting a string that had similar characters or words at the beginning or end of the string, a similar but smaller version of that string was rendered as the user’s selection (even though the correct value was still passed to extra-vars on launch)
  • Fixed an issue around Git project updates failing when the username was specified
  • Fixed a problem where job templates from mercurial project updates failed to run
  • Fixed a problem with provisioning callbacks where they failed with ‘400’ responses when extra_vars were passed to the API through curl in the callback
  • Fixed a problem where running the installer again anytime after successfully creating the rabbitmq user caused the installation program to fail
  • Fixed an issue where Windows package scan jobs fail when targeting a Windows 2012R2 host
  • Fixed an issue where users with admin access to Workflow Templates could not modify the workflow
  • Fixed an issue where a warning was incorrectly displayed for the output of a canceled job
  • Fixed an issue where Mercurial project revisions were not read correctly for Projects
  • Fixed an issue where Tower upgrades would fail when applying rabbitmq_user in a cluster
  • Fixed an issue where certain characters in a Project SCM URL would cause updates to fail
  • Improved custom inventory scripts support by ensuring that newlines added to the script are not trimmed
  • Relaxed the SELinux policy dependency to allow Tower to be installed on older Enterprise Linux 7 releases
  • Updated Ansible Tower so that the host config key is marked as required when provisioning callbacks are selected
  • Updated Ansible Tower so that PostgreSQL Server is no longer installed on Tower nodes not hosting the database
  • Updated Ansible Tower so that Tower shows extra_vars for ad-hoc commands in the UI

2.5. Ansible Tower Version 3.1.1

  • Added a preflight check for password and pre-3.1.0 active/passive (HA) inventory setups prior to installation
  • Fixed a problem where, while running a clustered Tower deployment configuration, there were some instances where realtime job event data did not flow through the channel layer
  • Fixed a problem with searching where an invalid search term was entered and the error dialog continued to persist
  • Fixed a problem with Slack notifications where they were not emitted if only ‘Failure’ was selected
  • Fixed a problem where logging out via Tower logout button caused subsequent login attempts to fail
  • Fixed an issue where, when logging was enabled, a missing logging UUID setting would cause a startup error, making the system unresponsive

2.6. Ansible Tower Version 3.1.0

  • Added support for configuring most aspects of Ansible Tower directly from the Tower user interface (and Tower API), rather than editing Tower configuration files
  • Added support for “Scale-Out” Clusters, which replaces the HA/Redundancy method from prior Tower releases
  • Added support for Workflows, a chain of job templates executed in order
  • Added support for sending event and log messages to various logging services (Elastic, Splunk, Sumologic, Loggly, generic REST endpoint)
  • Added support for a new Tower Search feature which supports GitHub-style “key:value” searching
  • Added support for Ubuntu 16.04
  • Added support for a New Project Sync Architecture, where projects are now checked out at job runtime
  • Added support for setting timeouts on job runs
  • Added support for internationalization and localization (French and Japanese)
  • Added support for multi-playbook Workflows
  • Added /api/v1/settings for Tower managed settings. This corresponds to the in-Tower configuration UI
  • Added support for windows scan jobs
  • Added support so that the SCM Revision used is now stored on Job
  • Added support for API endpoints to now show __search filter fields for broader searching of objects
  • Added support so that system jobs are now shown in /api/v1/unified_jobs
  • Added support for the new Ansible vmware_inventory script
  • Added support for Job stdout downloads, which may generate and cache on the fly
  • Added support for /api/v1/inventory_updates and /api/v1/project_updates to view those specific job types
  • Added support for user_capabilities API elements in various places to allow API consumers to know if their user can perform the referenced actions on the object
  • Added support for set_stats for Workflow jobs to persist data between Workflow job runs, support added in ansible core also
  • Added support for Tower callbacks so that they can now resolve ansible_host as well as ansible_ssh_host
  • Added support for Tower callbacks so that they now filter out ansible_ variables on POST
  • Added support for notifications so that they are emitted on jobs marked as failed by the dead job detector
  • Added eu-west-2 and ca-central-1 to the list of supported EC2 regions
  • Added support for format=ansi_download when downloading stdout
  • Deprecated support for Rackspace inventories
  • Fixed an issue where manual projects could be launched/updated
  • Fixed various unicode issues
  • Fixed various issues dealing with self signed certificates value.
  • Fixed Jobs so that they now show $encrypted for these variables, where they previously did not
  • Improved performance for viewing job and job template lists
  • Improved Tower virtualenv so that it is purged on upgrade
  • Improved setup playbook so that it is more tolerant of various iptables/firewalld configurations
  • Improved the optimization of PostgreSQL installation to improve overall performance
  • Improved database migrations through consolidation to make upgrades/installs faster
  • Improved hardening for web server configuration (SSL, HSTS)
  • Removed ZeroMQ and Redis as a communications channel between dependent services in favor of RabbitMQ
  • Removed /api/v1/jobs/n/job_plays and /api/v1/jobs/n/job_tasks
  • Removed proot in favor of bubblewrap for process isolation
  • Removed the ability to make POST requests on the /api/v1/jobs/ endpoint
  • Removed has_schedules from various endpoints, as it was never populated
  • Removed support for Red Hat Enterprise Linux 6/CentOS 6 and Ubuntu 12.04
  • Updated surveys so that a blank value for a survey question default value now passes an empty string as a value
  • Updated surveys so that previously existing surveys with blank default question values now pass empty strings as an extra variable
  • Updated Websockets, moving them from socket.io to django channels and are now served under port 443/80 along with the regular web service. Port 8080 is no longer needed.
  • Updated Job results so that they are now driven by job events and thus provides clickable context
  • Updated Tower so that it now uses the system time zone by default
  • Updated Tower requirements for Ansible–Tower now requires Ansible 2.1 or later
  • Updated Ansible inventory plugins to the latest versions
  • Updated Web server to NGINX from Apache
  • Updated survey passwords so that they are now encrypted when stored in the database
  • Updated request_tower_configuration.sh

For older version of the release notes, as well as other reference materials, refer to the Ansible Tower Release Notes.