Documentation

1. Release Notes for 3.3.x

1.1. Ansible Tower Version 3.3.0

  • Added support for container-based clusters using OpenShift

  • Added support for multiple or no credential assignment in Job Templates

  • Added support for multiple Vault credential assignment in Job Templates

  • Added support for multiple LDAP server configurations

  • Added support fact caching for isolated instances

  • Added the ability to schedule configurations of a job template using job template prompts

  • Added deprecation note to the Tower REST API for Version 1 (/api/v1/), which will be removed in a future release of Ansible Tower

  • Added the ability to make a copy of existing Tower objects (inventory, project, etc.) as a template for creating a new one

  • Added the ability to relaunch jobs on a subset of hosts by status

  • Added validation to prevent string "$encrypted$" from becoming a literal survey question default

  • Added support for more job template prompts at workflow node creation time

  • Added ask_variables_on_launch to workflow job templates (WFJT)

  • Added diff_mode and verbosity fields to WFJT nodes

  • Added Saved Launch-time configurations feature - added WFJT node promptable fields to schedules, added extra_data to WFJT nodes, and added “schedule this job” endpoint.

  • Added block creation of schedules when variables not allowed are given. Block similar cases for WFJT nodes.

  • Added the ability to create instance groups and associate instances at runtime via the user interface and API

  • Added the ability to group instances based on policy, such as such as “50% of instances” and “at least three instances”

  • Added additional organizational roles for administration of projects, job templates, inventories, workflows and more

  • Added support for custom virtual environments for customizing Ansible execution

  • Added OAuth2 support for token based authentication

  • Added support for OAuth2 applications and access token generation

  • Added the ability to forcibly expire sessions through awx-manage expire_sessions

  • Added support for making inventory parsing errors fatal, and only enable the script inventory plugin for job runs and vendored inventory updates

  • Added inventory field to inventory updates

  • Added related credentials endpoint for inventory updates to be more internally consistent with job templates, model changes

  • Added the ability to show all teams to organization admins if the ORG_ADMINS_CAN_SEE_ALL_USERS setting is enabled

  • Added the ability to create schedules and workflow nodes from job templates that use credentials which prompt for passwords if ask_credential_on_launch is set.

  • Deprecated the fact_versions and fact_view endpoints from the API, including OPTIONS

  • Deprecated fact tables

  • Deprecated the awx-manage cleanup_facts command for fact cleanup

  • Deprecated the /api/v2/authtoken/ endpoint in the API and replaced it with /api/v2/tokens/

  • Fixed a conflict with Tower credential type by removing TOWER_HOST as a default environment variable in job running environments. Playbook authors should replace their use with AWX_HOST.

  • Fixed a behavior in Tower to prevent it from deleting jobs when event processing is still ongoing

  • Fixed a behavior in Tower to prevent users from deleting any resources currently in use by Tower

  • Fixed a behavior in Tower to disallow relaunching jobs with execute_role if another user provided prompts

  • Improved project updates so that previously synced git projects do not attempt to contact the server if they are already at the proper revision

  • Improved WFJT node credential to many-to-many credentials

  • Improved stricter criteria to admin users where organization admin role now necessary for all organizations of which the target user is a member. Additionally, removed unused admin_role associated with users

  • Improved logs to consistently catch task exceptions

  • Improved external loggers to passively create handler from settings on every log emission, replacing server restart, allowing use in OpenShift deployments

  • Improved Tower to automatically run a project update if sensitive fields change like scm_url

  • Improved queuing logic through setting execution_node in task manager and submitting waiting jobs to only the queue for the specific instance job is targeted to run on

  • Updated the auth-token-timeout header name to Session-Timeout

  • Updated the AUTH_TOKEN_EXPIRATION setting name to change to SESSION_COOKIE_AGE and AUTH_TOKEN_PER_USER changed to SESSIONS_PER_USER

  • Updated source-control based inventory to allow for vaulted variable values

  • Updated the minimum required version of Red Hat Enterprise Linux to 7.4

  • Updated the minimum required RAM for standalone Tower to 4GB

  • Updated Ansible Tower to set ANSIBLE_DISPLAY_ARGS_TO_STDOUT to False by default for all playbook runs to match Ansible’s default behavior. See Jobs for more information.

  • Updated all job and tasks to generate consistent output events and make job output available on all cluster nodes

  • Updated external logging to default to HTTPS unless http:// is explicitly specified in the log aggregator hostname

  • Updated the behavior of a job template to prohibit configuring callbacks on job templates without an inventory

  • Updated the boolean fields for custom credential types to always default extra_vars and environment variables to False when a value is not provided

  • Updated to disallow using HTTP PUT/PATCH methods to modify existing jobs in Job Details API endpoint