Documentation

1. Release Notes for Ansible Tower Version 3.1.8

1.1. Ansible Tower Version 3.1.8

  • Fixed a minor XSS vulnerability in the scheduling page
  • Fixed potential information leakage via websocket
  • Fixed a CSRF vulnerability in Tower (CVE-2018-10884)

1.2. Ansible Tower Version 3.1.7

  • Fixed a RabbitMQ configuration issue that would affect cluster recovery on network interruptions

1.3. Ansible Tower Version 3.1.6

  • Fixed organization admins to no longer be able to modify users by adding them to their organization (CVE-2018-1101)
  • Fixed Tower to disable usage of Jinja templates in launch-time variables for security reasons (CVE-2018-1104). This release introduces the ALLOW_JINJA_IN_EXTRA_VARS configuration parameter for Tower. This parameter has three values: template to allow usage of Jinja saved directly on a job template definition (the default), never to disable all Jinja usage (recommended), and always to always allow Jinja (strongly discouraged, but an option for prior compatibility). Note that the always option is deprecated, and will be removed in a future Tower release.
  • Updated memcached to now listen on a local Unix socket instead of a TCP socket

1.4. Ansible Tower Version 3.1.5

  • Fixed an issue where certain API endpoints were unreasonably slow when jobs contained large amounts of output
  • Enhanced Tower to properly show stdout for ad-hoc commands run on other cluster nodes
  • Fixed an issue where a user, who could modify playbooks, could potentially compromise Tower via an injection of git hooks in SCM repositories (CVE-2017-12148)
  • Fixed an issue where a specially crafted ad-hoc command could compromise Tower (CVE-2017-12148)
  • Upgraded the available and bundled versions of RabbitMQ to 3.6.9, which addresses various RabbitMQ CVEs (CVE-2017-4965, CVE-2017-4966, CVE-2017-4967)

1.5. Ansible Tower Version 3.1.4

  • Updated the job_events payload for logging integrations to better mirror the API structure.
  • Added the ability to configure known proxies in order to allow certain load balancers and hosts when setting up proxy server support.
  • Fixed an issue where the database restore playbook role could stop the Postgres service before restoring.
  • Fixed deadlock on multiple launches of simultaneous jobs.

1.6. Ansible Tower Version 3.1.3

  • Added Spanish translations for Ansible Tower
  • Fixed a problem where survey password defaults of a certain length could prevent a job from launching
  • Fixed truncation of long job run results causing an excessive number of blank lines
  • Fixed a problem where running two different jobs in parallel from the same project could cause an error
  • Fixed a problem where Splunk HTTP event collectors did not send job_event data
  • Fixed a problem where email notifications could send survey password values in plain text in extra_vars
  • Fixed handling of job output from certain modules
  • Fixed a problem where setting “Required” for a Multiple Choice (Single Select) survey question could prevent changing the default
  • Fixed a problem where provisioning callbacks configured to prompt for extra variables could return an error
  • Fixed a problem where modifying team permissions when using a basic license would return an error
  • Fixed a problem in LDAP configuration where adding values to the database caused users to lose permanent access to Tower
  • Fixed an issue where a database restore could fail
  • Fixed an issue where setup could fail if there was no firewall installed
  • Fixed an issue where Insights projects could cause project syncs to fail
  • Fixed an issue applying Tower configuration across cluster nodes
  • Added the ability to disable SSL certificate verification for hosted Splunk logging
  • Improved Ansible Tower to allow for passing extra_vars on ad_hoc commands
  • Updated Ansible Tower so that it can process facts output from Ansible 2.3

1.7. Ansible Tower Version 3.1.2

  • Added subpackaging for sever, UI, and setup packages
  • Added support for Red Hat Insights project type
  • Added support for explicitly specifying the host descriptor used for RabbitMQ config via rabbitmq_host
  • Adjusted search on the Job Details screen to match the behavior across Tower
  • Adjusted Tower logging to log asynchronously
  • Fixed various and minor UI bugs
  • Fixed a callback bug which was causing a task_args leak between job events
  • Fixed an issue where jobs were not able to be sorted by descending ID
  • Fixed an issue where, when working with Splunk, the log aggregator type shows as Logstash instead of Splunk
  • Fixed an issue where, when a user has two groups in an inventory (one using a VMware script and one using a custom script), clicking sync on the custom script group caused the sync icon to link to the wrong inventory sync
  • Fixed a problem where users were not able to put multi-line text in a Text Area-type field in a survey
  • Fixed a problem where users who had admin access on Workflows, but were not Org level admins, could not add or remove job templates from Workflows
  • Fixed a problem with job templates that include a multiple choice survey response, where, even when multiple selections are required, the job template ran with an empty array
  • Fixed a problem where surveys were passing a variable as empty instead of null when they included text or a text area field that had a minimum length >0 and was not filled in
  • Fixed a problem where Tower jobs hang and do not run when the Splunk server is unresponsive or unavailable
  • Fixed a problem where users with admin level permissions on projects could not modify project details
  • Fixed a problem in multiple choice survey inputs where, when selecting a string that had similar characters or words at the beginning or end of the string, a similar but smaller version of that string was rendered as the user’s selection (even though the correct value was still passed to extra-vars on launch)
  • Fixed an issue around Git project updates failing when the username was specified
  • Fixed a problem where job templates from mercurial project updates failed to run
  • Fixed a problem with provisioning callbacks where they failed with ‘400’ responses when extra_vars were passed to the API through curl in the callback
  • Fixed a problem where running the installer again anytime after successfully creating the rabbitmq user caused the installation program to fail
  • Fixed an issue where Windows package scan jobs fail when targeting a Windows 2012R2 host
  • Fixed an issue where users with admin access to Workflow Templates could not modify the workflow
  • Fixed an issue where a warning was incorrectly displayed for the output of a canceled job
  • Fixed an issue where Mercurial project revisions were not read correctly for Projects
  • Fixed an issue where Tower upgrades would fail when applying rabbitmq_user in a cluster
  • Fixed an issue where certain characters in a Project SCM URL would cause updates to fail
  • Improved custom inventory scripts support by ensuring that newlines added to the script are not trimmed
  • Relaxed the SELinux policy dependency to allow Tower to be installed on older Enterprise Linux 7 releases
  • Updated Ansible Tower so that the host config key is marked as required when provisioning callbacks are selected
  • Updated Ansible Tower so that PostgreSQL Server is no longer installed on Tower nodes not hosting the database
  • Updated Ansible Tower so that Tower shows extra_vars for ad-hoc commands in the UI

1.8. Ansible Tower Version 3.1.1

  • Added a preflight check for password and pre-3.1.0 active/passive (HA) inventory setups prior to installation
  • Fixed a problem where, while running a clustered Tower deployment configuration, there were some instances where realtime job event data did not flow through the channel layer
  • Fixed a problem with searching where an invalid search term was entered and the error dialog continued to persist
  • Fixed a problem with Slack notifications where they were not emitted if only ‘Failure’ was selected
  • Fixed a problem where logging out via Tower logout button caused subsequent login attempts to fail
  • Fixed an issue where, when logging was enabled, a missing logging UUID setting would cause a startup error, making the system unresponsive

1.9. Ansible Tower Version 3.1.0

  • Added support for configuring most aspects of Ansible Tower directly from the Tower user interface (and Tower API), rather than editing Tower configuration files
  • Added support for “Scale-Out” Clusters, which replaces the HA/Redundancy method from prior Tower releases
  • Added support for Workflows, a chain of job templates executed in order
  • Added support for sending event and log messages to various logging services (Elastic, Splunk, Sumologic, Loggly, generic REST endpoint)
  • Added support for a new Tower Search feature which supports GitHub-style “key:value” searching
  • Added support for Ubuntu 16.04
  • Added support for a New Project Sync Architecture, where projects are now checked out at job runtime
  • Added support for setting timeouts on job runs
  • Added support for internationalization and localization (French and Japanese)
  • Added support for multi-playbook Workflows
  • Added /api/v1/settings for Tower managed settings. This corresponds to the in-Tower configuration UI
  • Added support for windows scan jobs
  • Added support so that the SCM Revision used is now stored on Job
  • Added support for API endpoints to now show __search filter fields for broader searching of objects
  • Added support so that system jobs are now shown in /api/v1/unified_jobs
  • Added support for the new Ansible vmware_inventory script
  • Added support for Job stdout downloads, which may generate and cache on the fly
  • Added support for /api/v1/inventory_updates and /api/v1/project_updates to view those specific job types
  • Added support for user_capabilities API elements in various places to allow API consumers to know if their user can perform the referenced actions on the object
  • Added support for set_stats for Workflow jobs to persist data between Workflow job runs, support added in ansible core also
  • Added support for Tower callbacks so that they can now resolve ansible_host as well as ansible_ssh_host
  • Added support for Tower callbacks so that they now filter out ansible_ variables on POST
  • Added support for notifications so that they are emitted on jobs marked as failed by the dead job detector
  • Added eu-west-2 and ca-central-1 to the list of supported EC2 regions
  • Added support for format=ansi_download when downloading stdout
  • Deprecated support for Rackspace inventories
  • Fixed an issue where manual projects could be launched/updated
  • Fixed various unicode issues
  • Fixed various issues dealing with self signed certificates value.
  • Fixed Jobs so that they now show $encrypted for these variables, where they previously did not
  • Improved performance for viewing job and job template lists
  • Improved Tower virtualenv so that it is purged on upgrade
  • Improved setup playbook so that it is more tolerant of various iptables/firewalld configurations
  • Improved the optimization of PostgreSQL installation to improve overall performance
  • Improved database migrations through consolidation to make upgrades/installs faster
  • Improved hardening for web server configuration (SSL, HSTS)
  • Removed ZeroMQ and Redis as a communications channel between dependent services in favor of RabbitMQ
  • Removed /api/v1/jobs/n/job_plays and /api/v1/jobs/n/job_tasks
  • Removed proot in favor of bubblewrap for process isolation
  • Removed the ability to make POST requests on the /api/v1/jobs/ endpoint
  • Removed has_schedules from various endpoints, as it was never populated
  • Removed support for Red Hat Enterprise Linux 6/CentOS 6 and Ubuntu 12.04
  • Updated surveys so that a blank value for a survey question default value now passes an empty string as a value
  • Updated surveys so that previously existing surveys with blank default question values now pass empty strings as an extra variable
  • Updated Websockets, moving them from socket.io to django channels and are now served under port 443/80 along with the regular web service. Port 8080 is no longer needed.
  • Updated Job results so that they are now driven by job events and thus provides clickable context
  • Updated Tower so that it now uses the system time zone by default
  • Updated Tower requirements for Ansible–Tower now requires Ansible 2.1 or later
  • Updated Ansible inventory plugins to the latest versions
  • Updated Web server to NGINX from Apache
  • Updated survey passwords so that they are now encrypted when stored in the database
  • Updated request_tower_configuration.sh