Automation Controller fixes:
Upgraded Django version to 3.2 LTS
System (management) jobs are now able to be canceled
Rsyslog no longer needs manual intervention to send out logs after hitting a 40x error
Credential lookup plugins now respect the AWX_TASK_ENV setting
Fixed the controller to list valid subscriptions from Satellite when having multiple quantities from the same SKU
Updated Receptor version to 1.2.1, which includes several fixes
Execution Environment fixes:
The host trusted cert store is now exposed to execution environments by default. See Isolation functionality and variables for detail.
Mounting the /etc/ssh or /etc/ to isolated jobs now works in podman
User customization of execution environment mount options and mount paths are now supported
Fixed SELinux context on /var/lib/awx/.local/share/containers and ensure awx as podman storage
Fixed failures to no longer occur when the semanage fcontext has been already set for the expected directory
Automation Controller UI fixes:
Fixed the ability to create manual projects in Japanese and other suppported non-English languages
Fixed the controller UI to list the roles for organizations when using non-English web browsers
Fixed the job output to display all job type events, including source control update events over websockets
Fixed the TypeError when running a command on a host in a smart inventory
Fixed the encrypted password in surveys to no longer show up as plaintext in the Edit Order page
Installation fixes specific to Automation Controller:
Fixed duplicate Galaxy credentials with no default organization
Running the ./setup.sh -b out of the installer directory no longer fails to load group vars
The installer no longer fails when IPV6 is disabled
Fixed unnecessary become_user:root entries in the installation
Modified database backup and restore logic to compress dump data
Creating default execution environments no longer fails when password has special characters
Fixed installations of execution environments when installing without internet access
Upgrading to AAP 2.1 no longer breaks when the Django superuser is missing
Rekey now allowed with existing key
Added the ability to specify additional nginx headers
Fixed analytics gathering to collect all the data the controller needed to collect
Fixed the controller to no longer break subsequent installer runs when deleting the demo organization
Introduced
Connected Receptor nodes to form a control plane and execution mesh configurations
The special controlplane instance group to allow for the task manager code to target an OpenShift Controller node to run the project update
The ability to render a configured mesh topology in a graph in the installer
Controller 4.1 execution nodes can be remote
Node types for Controller 4.1 (control, hybrid, execution, hop, control, hybrid, execution, hop) installed for different sets of services and provide different capabilities, allowing for scaling nodes that provide the desired capability such as job execution or serving of web requests to the API/UI.
Added
The ability for the platform installer to allow users to install execution nodes and express receptor mesh topology in the inventory file. The platform installer will also be responsible for deprovisioning nodes.
Work signing to the receptor mesh so that control plane nodes have the exclusive authority to submit receptor work to execution nodes over the mesh
Support for pre-population of execution environment name, description, and image from query parameters when adding a new execution environment in the Controller User Interface
Ability to trigger a reload of the topology configuration in Receptor without interrupting work execution
Using Public Key Infrastructure (PKI) for securing the Receptor mesh
Added importing execution environments from Automation Hub into the controller to improve the platform experience
Updated
The controller to support new controller control plane and execution mesh
Task manager will only run project updates and system jobs on nodes with node_type of “control” or “hybrid”
Task manager will only run jobs, inventory updates, and ad hoc commands on nodes with node_type of “hybrid” or “execution”
Heartbeat and capacity check to work with Receptor execution nodes
Reaper to work with the addition of execution nodes
Controller User Interface to not show control instances as an option to associate with instance groups
The Associate pop-up screen to display host names when adding an existing host to a group
Validators for editing miscellaneous authentication parameters
Advanced search key options to be grouped
SAML variables default values
Survey validation on Prompt on Launch
Login redirect
Deprecated
None
Removed
The ability to delete the default instance group through the User Interface
Upgraded Django version to 3.2 LTS
Updated receptor to version 1.2.1
Introduced
Support for automation execution environments. All automation now runs in execution environments via containers, either directly via OpenShift, or locally via podman
New PatternFly 4 based user-interface for increased performance, security, and consistency with other Ansible Automation Platform components
Added
Added identity provider support for GitHub Enterprise
Support for RHEL system crypto profiles to nginx configuration
The ability to disable local system users and only pull users from configured identity providers
Additional Prometheus metrics for tracking job event processing performance
New awx-manage command for dumping host automation information
Red Hat Insights as an inventory source
Ability to set server-side password policies using Django’s AUTH_PASSWORD_VALIDATORS setting
Support for Centrify Vault as a credential lookup plugin
Support for namespaces in Hashicorp Vault credential plugin
Updated
OpenShift deployment to be done via an Operator instead of a playbook
Python used by application to Python 3.8
Nginx used to version 1.18
PostgreSQL used to PostgreSQL 12, and moved to partitioned databases for performance
The “container groups” feature to general availability from Tech Preview; now fully utilizes execution environments
Insights remediation to use new Red Hat Insights inventory source rather than utilizing scan playbooks with arbitrary inventory
Subscriptions display to count hosts automated on instead of hosts imported
Inventory source, credential, and Ansible content collection to reference controller instead of tower
Deprecated
None
Removed
Support for isolated nodes
Support for deploying on CentOS (any version) and RHEL 7
Support for Mercurial projects
Support for custom inventory scripts stored in controller (use awx-manage export_custom_scripts to export them)
Resource profiling code (AWX_RESOURCE_PROFILING_*)
Support for custom Python virtual environments for execution. Use new awx-manage tools for assisting in migration
Top-level /api/v2/job_events/ API endpoint
The ability to disable job isolation