Documentation

1. Release Notes for 3.3.x

1.1. Ansible Tower Version 3.3.3

  • Fixed a RabbitMQ misconfiguration that decreased cluster stability and could allow for unauthorized access (CVE-2018-16879)
  • Fixed RabbitMQ HA policy when deployed in OpenShift

1.2. Ansible Tower Version 3.3.2

  • Fixed external loggers to send activity stream to send changes as raw JSON, instead of JSON-ified string
  • Fixed MANAGE_ORGANIZATION_AUTH settings to allow superusers to make changes
  • Fixed an XSS issue when viewing application tokens
  • Fixed permissions to allow project admins to create projects
  • Fixed permissions to allow job template admins to delegate permissions to certain users/teams
  • Fixed Tower to allow selecting credential types when running in a non-English language
  • Fixed the Activity Stream to properly note credentials and custom credentials
  • Fixed an error resulting from a credential lookup where there are multiple custom credential types defined
  • Fixed certain certificate validation issues
  • Fixed templates to allow filtering by template type
  • Fixed events with no output to no longer render excess blank lines in the job display
  • Fixed detailed events to show hosts that were added during a playbook run
  • Fixed the inability to properly mark Tower nodes as disabled when rabbitmq was offline
  • Fixed the job output to correctly display certain job events
  • Fixed the job events to properly line-wrap in the job output
  • Fixed the pagination to no longer redirect to the dashboard when selecting multiple credentials
  • Fixed a potential deadlock on inventory deletion
  • Fixed the job relaunch operation to use the correct credentials when the defined credentials were changed
  • Improved the Schedules view to more clearly denote which resource was being scheduled
  • Updated Google Cloud credentials to be passed as GCE_PEM_FILE_PATH to GCE_CREDENTIALS_FILE_PATH in accordance with recent Ansible versions

1.3. Ansible Tower Version 3.3.1

  • Fixed event callback error when in-line vaulted variables are used with include_vars
  • Fixed HSTS and X-Frame-Options to properly be set in nginx configuration
  • Fixed isolated node setup to no longer fail when ansible_host is used
  • Fixed selection of custom virtual environments in job template creation
  • Fixed display of extra_vars for scheduled jobs
  • Fixed websockets for job details to properly work
  • Fixed the /api/v2/authtoken compatibility shim. See the compatibility shim for detail.
  • Fixed page size selection on the jobs screen
  • Fixed instances in an instance group to properly be disabled in the user interface
  • Fixed the job template selection in workflow creation to properly render
  • Fixed member_attr to properly set on some LDAP configurations during upgrade, preventing login
  • Fixed PosixUIDGroupType LDAP configurations
  • Improved the RAM requirement in the installer preflight check
  • Updated Tower to properly report an error when relaunch was used on a set of failed hosts that is too large
  • Updated sosreport configuration to gather more python environment, nginx, and supervisor configuration

1.4. Ansible Tower Version 3.3.0

  • Added support for container-based clusters using OpenShift
  • Added support for multiple or no credential assignment in Job Templates
  • Added support for multiple Vault credential assignment in Job Templates
  • Added support for multiple LDAP server configurations
  • Added support fact caching for isolated instances
  • Added the ability to schedule configurations of a job template using job template prompts
  • Added deprecation note to the Tower REST API for Version 1 (/api/v1/), which will be removed in a future release of Ansible Tower
  • Added the ability to make a copy of existing Tower objects (inventory, project, etc.) as a template for creating a new one
  • Added the ability to relaunch jobs on a subset of hosts by status
  • Added validation to prevent string "$encrypted$" from becoming a literal survey question default
  • Added support for more job template prompts at workflow node creation time
  • Added ask_variables_on_launch to workflow job templates (WFJT)
  • Added diff_mode and verbosity fields to WFJT nodes
  • Added Saved Launch-time configurations feature - added WFJT node promptable fields to schedules, added extra_data to WFJT nodes, and added “schedule this job” endpoint.
  • Added block creation of schedules when variables not allowed are given. Block similar cases for WFJT nodes.
  • Added the ability to create instance groups and associate instances at runtime via the user interface and API
  • Added the ability to group instances based on policy, such as such as “50% of instances” and “at least three instances”
  • Added additional organizational roles for administration of projects, job templates, inventories, workflows and more
  • Added support for custom virtual environments for customizing Ansible execution
  • Added OAuth2 support for token based authentication
  • Added support for OAuth2 applications and access token generation
  • Added the ability to forcibly expire sessions through awx-manage expire_sessions
  • Added support for making inventory parsing errors fatal, and only enable the script inventory plugin for job runs and vendored inventory updates
  • Added inventory field to inventory updates
  • Added related credentials endpoint for inventory updates to be more internally consistent with job templates, model changes
  • Added the ability to show all teams to organization admins if the ORG_ADMINS_CAN_SEE_ALL_USERS setting is enabled
  • Added the ability to create schedules and workflow nodes from job templates that use credentials which prompt for passwords if ask_credential_on_launch is set.
  • Deprecated the fact_versions and fact_view endpoints from the API, including OPTIONS
  • Deprecated fact tables
  • Deprecated the awx-manage cleanup_facts command for fact cleanup
  • Deprecated the /api/v2/authtoken/ endpoint in the API and replaced it with /api/v2/tokens/. See the compatibility shim for detail.
  • Fixed a conflict with Tower credential type by removing TOWER_HOST as a default environment variable in job running environments. Playbook authors should replace their use with AWX_HOST.
  • Fixed a behavior in Tower to prevent it from deleting jobs when event processing is still ongoing
  • Fixed a behavior in Tower to disallow relaunching jobs with execute_role if another user provided prompts
  • Improved project updates so that previously synced git projects do not attempt to contact the server if they are already at the proper revision
  • Improved WFJT node credential to many-to-many credentials
  • Improved stricter criteria to admin users where organization admin role now necessary for all organizations of which the target user is a member. Additionally, removed unused admin_role associated with users
  • Improved logs to consistently catch task exceptions
  • Improved external loggers to passively create handler from settings on every log emission, replacing server restart, allowing use in OpenShift deployments
  • Improved Tower to automatically run a project update if sensitive fields change like scm_url
  • Improved queuing logic through setting execution_node in task manager and submitting waiting jobs to only the queue for the specific instance job is targeted to run on
  • Updated the auth-token-timeout header name to Session-Timeout
  • Updated the AUTH_TOKEN_EXPIRATION setting name to change to SESSION_COOKIE_AGE and AUTH_TOKEN_PER_USER changed to SESSIONS_PER_USER
  • Updated source-control based inventory to allow for vaulted variable values
  • Updated the minimum required version of Red Hat Enterprise Linux to 7.4
  • Updated the minimum required RAM for standalone Tower to 4GB
  • Updated Ansible Tower to set ANSIBLE_DISPLAY_ARGS_TO_STDOUT to False by default for all playbook runs to match Ansible’s default behavior. See Jobs for more information.
  • Updated all job and tasks to generate consistent output events and make job output available on all cluster nodes
  • Updated external logging to default to HTTPS unless http:// is explicitly specified in the log aggregator hostname
  • Updated the behavior of a job template to prohibit configuring callbacks on job templates without an inventory
  • Updated the boolean fields for custom credential types to always default extra_vars and environment variables to False when a value is not provided
  • Updated to disallow using HTTP PUT/PATCH methods to modify existing jobs in Job Details API endpoint