Documentation

1. Release Notes for 3.3.x

1.1. Ansible Tower Version 3.3.1

  • Fixed event callback error when in-line vaulted variables are used with include_vars
  • Fixed HSTS and X-Frame-Options to properly be set in nginx configuration
  • Fixed isolated node setup to no longer fail when ansible_host is used
  • Fixed selection of custom virtual environments in job template creation
  • Fixed display of extra_vars for scheduled jobs
  • Fixed websockets for job details to properly work
  • Fixed the /api/v2/authtoken compatibility shim
  • Fixed page size selection on the jobs screen
  • Fixed instances in an instance group to properly be disabled in the user interface
  • Fixed the job template selection in workflow creation to properly render
  • Fixed member_attr to properly set on some LDAP configurations during upgrade, preventing login
  • Fixed PosixUIDGroupType LDAP configurations
  • Improved the RAM requirement in the installer preflight check
  • Updated Tower to properly report an error when relaunch was used on a set of failed hosts that is too large
  • Updated sosreport configuration to gather more python environment, nginx, and supervisor configuration

1.2. Ansible Tower Version 3.3.0

  • Added support for container-based clusters using OpenShift
  • Added support for multiple or no credential assignment in Job Templates
  • Added support for multiple Vault credential assignment in Job Templates
  • Added support for multiple LDAP server configurations
  • Added support fact caching for isolated instances
  • Added the ability to schedule configurations of a job template using job template prompts
  • Added deprecation note to the Tower REST API for Version 1 (/api/v1/), which will be removed in a future release of Ansible Tower
  • Added the ability to make a copy of existing Tower objects (inventory, project, etc.) as a template for creating a new one
  • Added the ability to relaunch jobs on a subset of hosts by status
  • Added validation to prevent string "$encrypted$" from becoming a literal survey question default
  • Added support for more job template prompts at workflow node creation time
  • Added ask_variables_on_launch to workflow job templates (WFJT)
  • Added diff_mode and verbosity fields to WFJT nodes
  • Added Saved Launch-time configurations feature - added WFJT node promptable fields to schedules, added extra_data to WFJT nodes, and added “schedule this job” endpoint.
  • Added block creation of schedules when variables not allowed are given. Block similar cases for WFJT nodes.
  • Added the ability to create instance groups and associate instances at runtime via the user interface and API
  • Added the ability to group instances based on policy, such as such as “50% of instances” and “at least three instances”
  • Added additional organizational roles for administration of projects, job templates, inventories, workflows and more
  • Added support for custom virtual environments for customizing Ansible execution
  • Added OAuth2 support for token based authentication
  • Added support for OAuth2 applications and access token generation
  • Added the ability to forcibly expire sessions through awx-manage expire_sessions
  • Added support for making inventory parsing errors fatal, and only enable the script inventory plugin for job runs and vendored inventory updates
  • Added inventory field to inventory updates
  • Added related credentials endpoint for inventory updates to be more internally consistent with job templates, model changes
  • Added the ability to show all teams to organization admins if the ORG_ADMINS_CAN_SEE_ALL_USERS setting is enabled
  • Added the ability to create schedules and workflow nodes from job templates that use credentials which prompt for passwords if ask_credential_on_launch is set.
  • Deprecated the fact_versions and fact_view endpoints from the API, including OPTIONS
  • Deprecated fact tables
  • Deprecated the awx-manage cleanup_facts command for fact cleanup
  • Deprecated the /api/v2/authtoken/ endpoint in the API and replaced it with /api/v2/tokens/
  • Fixed a conflict with Tower credential type by removing TOWER_HOST as a default environment variable in job running environments. Playbook authors should replace their use with AWX_HOST.
  • Fixed a behavior in Tower to prevent it from deleting jobs when event processing is still ongoing
  • Fixed a behavior in Tower to disallow relaunching jobs with execute_role if another user provided prompts
  • Improved project updates so that previously synced git projects do not attempt to contact the server if they are already at the proper revision
  • Improved WFJT node credential to many-to-many credentials
  • Improved stricter criteria to admin users where organization admin role now necessary for all organizations of which the target user is a member. Additionally, removed unused admin_role associated with users
  • Improved logs to consistently catch task exceptions
  • Improved external loggers to passively create handler from settings on every log emission, replacing server restart, allowing use in OpenShift deployments
  • Improved Tower to automatically run a project update if sensitive fields change like scm_url
  • Improved queuing logic through setting execution_node in task manager and submitting waiting jobs to only the queue for the specific instance job is targeted to run on
  • Updated the auth-token-timeout header name to Session-Timeout
  • Updated the AUTH_TOKEN_EXPIRATION setting name to change to SESSION_COOKIE_AGE and AUTH_TOKEN_PER_USER changed to SESSIONS_PER_USER
  • Updated source-control based inventory to allow for vaulted variable values
  • Updated the minimum required version of Red Hat Enterprise Linux to 7.4
  • Updated the minimum required RAM for standalone Tower to 4GB
  • Updated Ansible Tower to set ANSIBLE_DISPLAY_ARGS_TO_STDOUT to False by default for all playbook runs to match Ansible’s default behavior. See Jobs for more information.
  • Updated all job and tasks to generate consistent output events and make job output available on all cluster nodes
  • Updated external logging to default to HTTPS unless http:// is explicitly specified in the log aggregator hostname
  • Updated the behavior of a job template to prohibit configuring callbacks on job templates without an inventory
  • Updated the boolean fields for custom credential types to always default extra_vars and environment variables to False when a value is not provided
  • Updated to disallow using HTTP PUT/PATCH methods to modify existing jobs in Job Details API endpoint