The following list summarizes the additions, changes, and modifications which were made to Ansible Tower 3.1.5.
- Fixed an issue where certain API endpoints were unreasonably slow when jobs contained large amounts of output
- Enhanced Tower to properly show stdout for ad-hoc commands run on other cluster nodes
- Fixed an issue where a user, who could modify playbooks, could potentially compromise Tower via an injection of git hooks in SCM repositories (CVE-2017-12148)
- Fixed an issue where a specially crafted ad-hoc command could compromise Tower (CVE-2017-12148)
- Upgraded the available and bundled versions of RabbitMQ to 3.6.9, which addresses various RabbitMQ CVEs (CVE-2017-4965, CVE-2017-4966, CVE-2017-4967)
- Updated the
job_events
payload for logging integrations to better mirror the API structure.- Added the ability to configure known proxies in order to allow certain load balancers and hosts when setting up proxy server support.
- Fixed an issue where the database restore playbook role could stop the Postgres service before restoring.
- Fixed deadlock on multiple launches of simultaneous jobs.
- Added Spanish translations for Ansible Tower
- Fixed a problem where survey password defaults of a certain length could prevent a job from launching
- Fixed truncation of long job run results causing an excessive number of blank lines
- Fixed a problem where running two different jobs in parallel from the same project could cause an error
- Fixed a problem where Splunk HTTP event collectors did not send job_event data
- Fixed a problem where email notifications could send survey password values in plain text in extra_vars
- Fixed handling of job output from certain modules
- Fixed a problem where setting “Required” for a Multiple Choice (Single Select) survey question could prevent changing the default
- Fixed a problem where provisioning callbacks configured to prompt for extra variables could return an error
- Fixed a problem where modifying team permissions when using a basic license would return an error
- Fixed a problem in LDAP configuration where adding values to the database caused users to lose permanent access to Tower
- Fixed an issue where a database restore could fail
- Fixed an issue where setup could fail if there was no firewall installed
- Fixed an issue where Insights projects could cause project syncs to fail
- Fixed an issue applying Tower configuration across cluster nodes
- Added the ability to disable SSL certificate verification for hosted Splunk logging
- Improved Ansible Tower to allow for passing extra_vars on ad_hoc commands
- Updated Ansible Tower so that it can process facts output from Ansible 2.3
- Added subpackaging for sever, UI, and setup packages
- Added support for Red Hat Insights project type
- Added support for explicitly specifying the host descriptor used for RabbitMQ config via rabbitmq_host
- Adjusted search on the Job Details screen to match the behavior across Tower
- Adjusted Tower logging to log asynchronously
- Fixed various and minor UI bugs
- Fixed a callback bug which was causing a task_args leak between job events
- Fixed an issue where jobs were not able to be sorted by descending ID
- Fixed an issue where, when working with Splunk, the log aggregator type shows as Logstash instead of Splunk
- Fixed an issue where, when a user has two groups in an inventory (one using a VMware script and one using a custom script), clicking sync on the custom script group caused the sync icon to link to the wrong inventory sync
- Fixed a problem where users were not able to put multi-line text in a Text Area-type field in a survey
- Fixed a problem where users who had admin access on Workflows, but were not Org level admins, could not add or remove job templates from Workflows
- Fixed a problem with job templates that include a multiple choice survey response, where, even when multiple selections are required, the job template ran with an empty array
- Fixed a problem where surveys were passing a variable as empty instead of null when they included text or a text area field that had a minimum length >0 and was not filled in
- Fixed a problem where Tower jobs hang and do not run when the Splunk server is unresponsive or unavailable
- Fixed a problem where users with admin level permissions on projects could not modify project details
- Fixed a problem in multiple choice survey inputs where, when selecting a string that had similar characters or words at the beginning or end of the string, a similar but smaller version of that string was rendered as the user’s selection (even though the correct value was still passed to extra-vars on launch)
- Fixed an issue around Git project updates failing when the username was specified
- Fixed a problem where job templates from mercurial project updates failed to run
- Fixed a problem with provisioning callbacks where they failed with ‘400’ responses when extra_vars were passed to the API through curl in the callback
- Fixed a problem where running the installer again anytime after successfully creating the rabbitmq user caused the installation program to fail
- Fixed an issue where Windows package scan jobs fail when targeting a Windows 2012R2 host
- Fixed an issue where users with admin access to Workflow Templates could not modify the workflow
- Fixed an issue where a warning was incorrectly displayed for the output of a canceled job
- Fixed an issue where Mercurial project revisions were not read correctly for Projects
- Fixed an issue where Tower upgrades would fail when applying rabbitmq_user in a cluster
- Fixed an issue where certain characters in a Project SCM URL would cause updates to fail
- Improved custom inventory scripts support by ensuring that newlines added to the script are not trimmed
- Relaxed the SELinux policy dependency to allow Tower to be installed on older Enterprise Linux 7 releases
- Updated Ansible Tower so that the host config key is marked as required when provisioning callbacks are selected
- Updated Ansible Tower so that PostgreSQL Server is no longer installed on Tower nodes not hosting the database
- Updated Ansible Tower so that Tower shows extra_vars for ad-hoc commands in the UI
- Added a preflight check for password and pre-3.1.0 active/passive (HA) inventory setups prior to installation
- Fixed a problem where, while running a clustered Tower deployment configuration, there were some instances where realtime job event data did not flow through the channel layer
- Fixed a problem with searching where an invalid search term was entered and the error dialog continued to persist
- Fixed a problem with Slack notifications where they were not emitted if only ‘Failure’ was selected
- Fixed a problem where logging out via Tower logout button caused subsequent login attempts to fail
- Fixed an issue where, when logging was enabled, a missing logging UUID setting would cause a startup error, making the system unresponsive
- Added support for configuring most aspects of Ansible Tower directly from the Tower user interface (and Tower API), rather than editing Tower configuration files
- Added support for “Scale-Out” Clusters, which replaces the HA/Redundancy method from prior Tower releases
- Added support for Workflows, a chain of job templates executed in order
- Added support for sending event and log messages to various logging services (Elastic, Splunk, Sumologic, Loggly, generic REST endpoint)
- Added support for a new Tower Search feature which supports GitHub-style “key:value” searching
- Added support for Ubuntu 16.04
- Added support for a New Project Sync Architecture, where projects are now checked out at job runtime
- Added support for setting timeouts on job runs
- Added support for internationalization and localization (French and Japanese)
- Added support for multi-playbook Workflows
- Added
/api/v1/settings
for Tower managed settings. This corresponds to the in-Tower configuration UI- Added support for windows scan jobs
- Added support so that the SCM Revision used is now stored on Job
- Added support for API endpoints to now show
__search
filter fields for broader searching of objects- Added support so that system jobs are now shown in
/api/v1/unified_jobs
- Added support for the new Ansible vmware_inventory script
- Added support for Job stdout downloads, which may generate and cache on the fly
- Added support for
/api/v1/inventory_updates
and/api/v1/project_updates
to view those specific job types- Added support for user_capabilities API elements in various places to allow API consumers to know if their user can perform the referenced actions on the object
- Added support for
set_stats
for Workflow jobs to persist data between Workflow job runs, support added in ansible core also- Added support for Tower callbacks so that they can now resolve
ansible_host
as well asansible_ssh_host
- Added support for Tower callbacks so that they now filter out
ansible_
variables on POST- Added support for notifications so that they are emitted on jobs marked as failed by the dead job detector
- Added eu-west-2 and ca-central-1 to the list of supported EC2 regions
- Added support for
format=ansi_download
when downloading stdout- Deprecated support for Rackspace inventories
- Fixed an issue where manual projects could be launched/updated
- Fixed various unicode issues
- Fixed various issues dealing with self signed certificates value.
- Fixed Jobs so that they now show
$encrypted
for these variables, where they previously did not- Improved performance for viewing job and job template lists
- Improved Tower virtualenv so that it is purged on upgrade
- Improved setup playbook so that it is more tolerant of various iptables/firewalld configurations
- Improved the optimization of PostgreSQL installation to improve overall performance
- Improved database migrations through consolidation to make upgrades/installs faster
- Improved hardening for web server configuration (SSL, HSTS)
- Removed ZeroMQ and Redis as a communications channel between dependent services in favor of RabbitMQ
- Removed
/api/v1/jobs/n/job_plays
and/api/v1/jobs/n/job_tasks
- Removed proot in favor of bubblewrap for process isolation
- Removed the ability to make POST requests on the
/api/v1/jobs/
endpoint- Removed has_schedules from various endpoints, as it was never populated
- Removed support for Red Hat Enterprise Linux 6/CentOS 6 and Ubuntu 12.04
- Updated surveys so that a blank value for a survey question default value now passes an empty string as a value
- Updated surveys so that previously existing surveys with blank default question values now pass empty strings as an extra variable
- Updated Websockets, moving them from socket.io to django channels and are now served under port 443/80 along with the regular web service. Port 8080 is no longer needed.
- Updated Job results so that they are now driven by job events and thus provides clickable context
- Updated Tower so that it now uses the system time zone by default
- Updated Tower requirements for Ansible–Tower now requires Ansible 2.1 or later
- Updated Ansible inventory plugins to the latest versions
- Updated Web server to NGINX from Apache
- Updated survey passwords so that they are now encrypted when stored in the database
- Updated
request_tower_configuration.sh
For older version of the release notes, as well as other reference materials, refer to the Ansible Tower Release Notes.