2. Release Notes
The following list summarizes the additions, changes, and modifications which were made to Ansible Tower 3.3.4.
3. Ansible Tower Version 3.3.4
- Fixed an issue where X-Frame-Options was not set for OpenShift installations
- Fixed a potential deadlock when LDAP authentication backends are in use
- Fixed an issue where the callback receiver would crash with an InterfaceError
- Updated social-auth-core dependency to fix Google OAuth when Google+ is deactivated
- Updated asgi_amqp dependency to fix an issue with websockets
4. Ansible Tower Version 3.3.3
- Fixed a RabbitMQ misconfiguration that decreased cluster stability and could allow for unauthorized access (CVE-2018-16879)
- Fixed RabbitMQ HA policy when deployed in OpenShift
5. Ansible Tower Version 3.3.2
- Fixed external loggers to send activity stream to send changes as raw JSON, instead of JSON-ified string
- Fixed
MANAGE_ORGANIZATION_AUTH
settings to allow superusers to make changes
- Fixed an XSS issue when viewing application tokens
- Fixed permissions to allow project admins to create projects
- Fixed permissions to allow job template admins to delegate permissions to certain users/teams
- Fixed Tower to allow selecting credential types when running in a non-English language
- Fixed the Activity Stream to properly note credentials and custom credentials
- Fixed an error resulting from a credential lookup where there are multiple custom credential types defined
- Fixed certain certificate validation issues
- Fixed templates to allow filtering by template type
- Fixed events with no output to no longer render excess blank lines in the job display
- Fixed detailed events to show hosts that were added during a playbook run
- Fixed the inability to properly mark Tower nodes as disabled when rabbitmq was offline
- Fixed the job output to correctly display certain job events
- Fixed the job events to properly line-wrap in the job output
- Fixed the pagination to no longer redirect to the dashboard when selecting multiple credentials
- Fixed a potential deadlock on inventory deletion
- Fixed the job relaunch operation to use the correct credentials when the defined credentials were changed
- Improved the Schedules view to more clearly denote which resource was being scheduled
- Updated Google Cloud credentials to be passed as
GCE_PEM_FILE_PATH
to GCE_CREDENTIALS_FILE_PATH
in accordance with recent Ansible versions
6. Ansible Tower Version 3.3.1
- Fixed event callback error when in-line vaulted variables are used with
include_vars
- Fixed HSTS and X-Frame-Options to properly be set in nginx configuration
- Fixed isolated node setup to no longer fail when
ansible_host
is used
- Fixed selection of custom virtual environments in job template creation
- Fixed display of
extra_vars
for scheduled jobs
- Fixed websockets for job details to properly work
- Fixed the
/api/v2/authtoken
compatibility shim. See the compatibility shim for detail.
- Fixed page size selection on the jobs screen
- Fixed instances in an instance group to properly be disabled in the user interface
- Fixed the job template selection in workflow creation to properly render
- Fixed
member_attr
to properly set on some LDAP configurations during upgrade, preventing login
- Fixed
PosixUIDGroupType
LDAP configurations
- Improved the RAM requirement in the installer preflight check
- Updated Tower to properly report an error when relaunch was used on a set of failed hosts that is too large
- Updated sosreport configuration to gather more python environment, nginx, and supervisor configuration
7. Ansible Tower Version 3.3.0
- Added support for container-based clusters using OpenShift
- Added support for multiple or no credential assignment in Job Templates
- Added support for multiple Vault credential assignment in Job Templates
- Added support for multiple LDAP server configurations
- Added support fact caching for isolated instances
- Added the ability to schedule configurations of a job template using job template prompts
- Added deprecation note to the Tower REST API for Version 1 (
/api/v1/
), which will be removed in a future release of Ansible Tower
- Added the ability to make a copy of existing Tower objects (inventory, project, etc.) as a template for creating a new one
- Added the ability to relaunch jobs on a subset of hosts by status
- Added validation to prevent string
"$encrypted$"
from becoming a literal survey question default
- Added support for more job template prompts at workflow node creation time
- Added
ask_variables_on_launch
to workflow job templates (WFJT)
- Added
diff_mode
and verbosity
fields to WFJT nodes
- Added Saved Launch-time configurations feature - added WFJT node promptable fields to schedules, added
extra_data
to WFJT nodes, and added “schedule this job” endpoint.
- Added block creation of schedules when variables not allowed are given. Block similar cases for WFJT nodes.
- Added the ability to create instance groups and associate instances at runtime via the user interface and API
- Added the ability to group instances based on policy, such as such as “50% of instances” and “at least three instances”
- Added additional organizational roles for administration of projects, job templates, inventories, workflows and more
- Added support for custom virtual environments for customizing Ansible execution
- Added OAuth2 support for token based authentication
- Added support for OAuth2 applications and access token generation
- Added the ability to forcibly expire sessions through
awx-manage expire_sessions
- Added support for making inventory parsing errors fatal, and only enable the
script
inventory plugin for job runs and vendored inventory updates
- Added
inventory
field to inventory updates
- Added related credentials endpoint for inventory updates to be more internally consistent with job templates, model changes
- Added the ability to show all teams to organization admins if the
ORG_ADMINS_CAN_SEE_ALL_USERS
setting is enabled
- Added the ability to create schedules and workflow nodes from job templates that use credentials which prompt for passwords if
ask_credential_on_launch
is set.
- Deprecated the
fact_versions
and fact_view
endpoints from the API, including OPTIONS
- Deprecated fact tables
- Deprecated the
awx-manage cleanup_facts
command for fact cleanup
- Deprecated the
/api/v2/authtoken/
endpoint in the API and replaced it with /api/v2/tokens/
. See the compatibility shim for detail.
- Fixed a conflict with Tower credential type by removing
TOWER_HOST
as a default environment variable in job running environments. Playbook authors should replace their use with AWX_HOST
.
- Fixed a behavior in Tower to prevent it from deleting jobs when event processing is still ongoing
- Fixed a behavior in Tower to disallow relaunching jobs with
execute_role
if another user provided prompts
- Improved project updates so that previously synced git projects do not attempt to contact the server if they are already at the proper revision
- Improved WFJT node
credential
to many-to-many credentials
- Improved stricter criteria to admin users where organization admin role now necessary for all organizations of which the target user is a member. Additionally, removed unused
admin_role
associated with users
- Improved logs to consistently catch task exceptions
- Improved external loggers to passively create handler from settings on every log emission, replacing server restart, allowing use in OpenShift deployments
- Improved Tower to automatically run a project update if sensitive fields change like
scm_url
- Improved queuing logic through setting
execution_node
in task manager and submitting waiting jobs to only the queue for the specific instance job is targeted to run on
- Updated the
auth-token-timeout
header name to Session-Timeout
- Updated the
AUTH_TOKEN_EXPIRATION
setting name to change to SESSION_COOKIE_AGE
and AUTH_TOKEN_PER_USER
changed to SESSIONS_PER_USER
- Updated source-control based inventory to allow for vaulted variable values
- Updated the minimum required version of Red Hat Enterprise Linux to 7.4
- Updated the minimum required RAM for standalone Tower to 4GB
- Updated Ansible Tower to set
ANSIBLE_DISPLAY_ARGS_TO_STDOUT
to False
by default for all playbook runs to match Ansible’s default behavior. See Jobs for more information.
- Updated all job and tasks to generate consistent output events and make job output available on all cluster nodes
- Updated external logging to default to HTTPS unless http:// is explicitly specified in the log aggregator hostname
- Updated the behavior of a job template to prohibit configuring callbacks on job templates without an inventory
- Updated the boolean fields for custom credential types to always default
extra_vars
and environment variables to False
when a value is not provided
- Updated to disallow using HTTP PUT/PATCH methods to modify existing jobs in Job Details API endpoint
For older version of the release notes, as well as other reference materials, refer to the Ansible Tower Release Notes.