Refer to the latest Product Documentation for Red Hat Ansible Automation Platform for the complete Automation Platform documentation.
New Features
Added the ability for control nodes to peer out to remote execution nodes (on a Kubernetes deployment only)
Introduced peers detail tab for instances
Introduced the ability to create and remove instances in the controller UI
Updated nodes/links in the Topology Viewer of the controller UI to support new states
Enabled health checks to be run on remote execution nodes on a Kubernetes deployment
Added the ability for Kubernetes users to create instance groups
Added project/playbook signature verification functionality to the controller, enabling users to supply a GPG key and add a content signing credential to a project, automatically enabling content signing for that project
Introduced ansible-sign, a content signing and verification utility that provides a unified way to sign content across the Ansible eco-system
Support for schedules with the awx-cli import and awx-cli export features
Surfaced database connections in /api/v2/metrics
Additions
Topology viewer now shows new node and link states
Mesh topology shows directionality of links between nodes
The ability to pass variable value from a nested workflow job template to a job template or workflow job template using the set_stats module
Added Prompt on Launch options on all parameters of the job template and workflow job templates
Added Job and Skip tags on workflow job templates and accompanying Prompt on Launch options
Configurable timeout settings for the receptor
Added missing security headers to application URLs
Metrics added for Support Engineers and customers to analyze, problem solve performance-related issues with lags in job events
The controller now polls the job endpoint to determine exactly when events are done processing and the UI displays a message when it has finished processing events for the job
Include forks on job and/or job template data for Automation Analytics
Forks information no longer missing in running job details
Schedules now allow date exceptions
Optimized/cache information about preferred instance groups
Control for capacity decisions and task worker availability
Survey wizard now handles multiple choice/multi-select question-answers in both array and string form (formerly only strings were supported)
Surveys can now auto-complete in multiple choice input fields
Added options for setting the priority class on the control plane and PostgreSQL pods
Subscription Details indicating whether the customer is in or out-of-compliance with their subscriptions
Added the ability for Receptor Ansible collection to provision receptor node(s)
Added the ability to deprovision external execution nodes
Added playbook with all the required variables for provisioning new remote execution nodes
Pop-up help text added to Details fields of job templates, workflow job templates, credentials, projects, inventories, hosts, organizations, users, credential types, notifications, instance groups, applications, and execution environments
Extra variables added to workflow approval notifications
Updates or Fixes
Topology Viewer links, nodes, legend, list view “Status” updated to reflect new states
Updated the Topology viewer to show more node detail
Topology Viewer no longer fails to populate when launched
Updated the controller to handle asynchronous health checks on an instance
Nodes are now moved to a deprovisioning state when removing from the controller UI
Increased the number of allowed characters for the job_tags (Job Tags field) in a template
Job schedules are no longer missing from the Schedules view when sorting by type
Schedules now prompting for job or skip tags
Browser timezone automatically set as default when creating a schedule
Fixed issue with adding a schedule to an inventory source
LDAP / LDAPS connections no longer stay open after a user has logged out
Refactored LDAP backend to be more efficient, including reduced initial login time after increasing list of LDAP mappings
Job launch failure error now contains more succinct and informative messaging in the event that content signature validation fails
Users with Admin permissions on a workflow are able to assign an inventory to the workflow job template
Approval node toolbar buttons updated to improve the Workflow approval user experience
Workflow approval templates are now exportable
Admin users can now copy a workflow job template
Node rejoins cluster as expected after connection to PostgreSQL is lost
Workflow or sliced jobs no longer blocked or fails when ran
Sliced jobs no longer produce 500 errors when performing a GET operation while launching more than 500 slices
Jobs no longer fails if Job Slicing and Fact Storage are enabled together
Adhoc command jobs no longer result in error when ran
Fixed error that resulted from relaunching an adhoc command with password
Advanced search updated to only allow users to select valid or logical match types to avoid unnecessary 500 errors
Included updates and enhancements to improve performance associated with the Task Manager in the handling of scaling jobs, mesh and cluster sizes
Job output performance improvements
Job output screen user experience improvements
Job timeout details showing in the Job Output as expected
Job Settings page updated to no longer produce 404 errors and other various warnings
First Run / Next Run values of the job schedule fixed to no longer change to one day before the date entered in the Edit/Add page of the schedule settings
Job template with concurrent jobs launches as expected if capacity allows the controller to run more jobs
awx-cli import and awx-cli export now produce an error message and provide appropriate exit codes when an imported or exported operation fails
Default cleanup schedules no longer only run once
Updated SAML adapter to not remove System Administrator and System Auditor flags
Lookup modals refresh when opened
Twilio notifications can now be sent from the controller from behind a proxy
Custom credential type creation works as expected
Updated strings for translation
The Demo Project will now initially show a status of “successful” and will not update on launch, whereas before it showed “never updated” and updated on launch
Inventory updates based on an SCM source now provides the revision of the project it used
Removing hosts from inventories no longer fails with “Out of Shared Memory” error
Manually gathering analytics from CLI no longer results in a unicode error
Filter websockets related to sync jobs on jobs list(s) when refreshed, these jobs will be filtered again from the Jobs view
The GOOGLE_APPLICATION_CREDENTIALS environment variable is now being set from a Google Compute Engine (GCE) credential type
Fixes some stability issues with ansible-runner worker processes and related logging slowdowns in the Dispatcher task processing
Deprecations
None in this release.
Removals
Removed the Update on Project Update field (update_on_project_update) in projects. This is intended to be replaced by ordinary “Update on Launch” behavior, because they chain from inventory to project. So if this option was previously set on the inventory source, it is recommended that both inventory and project are set to “Update on Launch”.
The Credential Permissions page no longer allows Credential Admin or Org Admins to manage access operations for a credential that does not belong to any organization
Fallback behavior removed when an instance group is defined on a job template or inventory
Automation Controller fixes:
Node alias is now saved when job template is changed in the workflow
Improved error messages in the API job_explanation field for specific error scenarios, (e.g., runner worker process is killed), or certain failure scenarios (e.g., shutdown)
Fixed the Task Manager to fully account for the job’s control process capacity for jobs running in container groups
JOB_WAITING_GRACE_PERIOD increases the threshold for marking jobs stuck in the “waiting” status as failed
CLUSTER_NODE_MISSED_HEARTBEAT_TOLERANCE to allow the heartbeat to be more tolerant to clock skew and other problems
K8S_POD_REAPER_GRACE_PERIOD to allow more time before pod cleanup executes its last attempt to delete pods used by jobs
TASK_MANAGER_TIMEOUT to allow more time in the unlikely event that the Task Manager fails to finish normally
Jobs no longer fail for nested submodules in an SCM (git) project and the .git folder will be omitted
Added more logs to help debug database connectivity problems and cluster resource limits
Removed the current_user cookie which was not used by the UI
Updated controller to send FQCN data for tasks to analytics
Fixed the metrics endpoint (/api/v2/metrics) to no longer produce erroneous 500 errors
Added remove_superuser and remove_system_auditors to the SAML user attribute map
Added the ability to allow multiple values in the SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR.is_*_[value|role] settings
Unwanted Galaxy credentials are no longer added to the Organization while logging in through SAML
awx-cli now allows for multiple --extra_vars parameters
Receptor no longer fails in FIPS mode
If an OCP node’s record is deleted (either by the awx-manage command or by the heartbeat task), it will re-register itself
Upgrading and changing node_type from execution to control or hybrid no longer causes cleanup errors
Execution Environment fixes:
None for this release
Automation Controller UI fixes:
The controller UI properly displays job output when strategy: free is set in the playbook
Fixed the pagination displays within the main lists, i.e., Resources (Job Templates, Projects, Inventory), Access (Organization, Users, Teams, Notifications), and Administration (Instance Groups, Execution Environments)
Fixed the Job Output to properly follow and scroll; and improved the Page Up/Page Down button behavior
Fixed the controller UI to now be able to filter by multiple labels
Large workflow templates no longer cause browsers to crash when linking nodes near the end of the template
Fixed the approval node “Deny” to no longer run the subsequent workflow nodes
Forks information no longer missing in running job details
Upon saving a schedule, the date chooser no longer changes to the day before the selected date
References to Ansible Tower are replaced with Automation Controller throughout the UI, including tooltips where documentation is referenced
Corrected translations for the Japanese Subscription settings screen
Installation fixes specific to Automation Controller:
None for this release
Introduced
Graphical visualization of the automation topology to show the types of nodes, the links between them and their statuses
Added
For VM-based installs, the controller will now automatically mount the system trust store in execution environments when jobs run
Log Format For API 4XX Errors field to the Logging settings form to allow customization of 4xx error messages that are produced when the API encounters an issue with a request
Ability to use labels with inventory
Ability to flag users as superusers and auditors in SAML integration
Support for expanding and collapsing plays and tasks in the job output UI
Filtering job output UI by multiple event types
Various default search filters to a number of list views
Top-level list of instances to now be visible in the UI
A pop-up message when a user copies a resource
Job Templates tab to Credentials and Inventories to view all the templates that use that particular credential or inventory
Updated
Controller to use Python 3.9
Django’s SESSION_COOKIE_NAME setting to a non-default value. Note, any external clients that previously used the sessionid cookie will need to change. Refer to Session Authentication for more detail.
Controller to support podman-style volume mount syntax in the Paths to expose to isolated jobs field of the Jobs Settings of the UI
Isolated path to be exposed in OCP/K8s as HostPath
Upgraded Django from version 2.2 to 3.2
Modified usage of ansible_facts on Advanced Search to add more flexibility to the usage of ansible_facts when creating a smart inventory
The controller node for a job running on an execution node now incurs a penalty of 1 unit of capacity to account for the system load that controlling a job incurs. This can be adjusted with the file-based setting AWX_CONTROL_NODE_TASK_IMPACT.
Project updates to always run in the controlplane instance group
Slack notifications to allow replying to a thread instead of just channels
UI performance to improve job output
Job status icons to be more accessible
Display of only usable inventories when launching a job
Browser tab to show more information about which page the user is currently viewing
Controller to now load variables after job template extra variables to prevent overriding the meta variables injected into each job run
Deprecated
The concept of “committed capacity” from Instance Groups due to the removal of RabbitMQ
Inventory source option to Update on project update - this field updates the inventory source if its project pulled a new revision. In the future, when updating an inventory source, the controller shall automatically run project updates if the project itself is set to Update on launch.
Removed
Case sensitivity around hostcount
Automation Controller fixes:
When setting the use role on a credential to more than 10 users, users are no longer added on different admin roles unexpectedly
Fixed the fallback cleanup task to not delete files in-use
Updated inventory hosts to allow editing when organization is at max host limit
Enabled job slicing with fact caching now correctly saves facts for hosts from the relevant slice
No longer validating hostnames when editing the hostname on an existing host
Execution Environment fixes:
Fixed jobs stuck in running when timing out during an image pull
Automation Controller UI fixes:
Fixed list search/pagination filters in place when clicking the Back to <N> button. Applies to all top-level list pages except the Schedules page.
Updated Subscription and inventory usage details, including a status indicating whether the customer is in or out-of-compliance with their subscriptions
Survey wizard now handles multiple choice/multi-select question-answers in both array and string form (formerly only strings were supported)
Fixed error that resulted from relaunching an adhoc command with password
Updated filter websockets related to sync jobs on jobs list(s) that when refreshed, these jobs will be filtered again from the Jobs view
Added validation for same start/end day different time schedules
Automation Controller fixes:
Receptor no longer fails in FIPS mode
Added the ability to exit gracefully and recover quickly when a service in the control plane crashes
The create_partition method will skip creating a table if it already exists
Having logging enabled no longer breaks migrations if the migration sends logs to an external aggregator
Fixed the metrics endpoint (/api/v2/metrics) to no longer produce erroneous 500 errors
Execution Environment fixes:
Enhanced the execution environment copy process to reduce required space in the /tmp directory
Allowed execution environment images to be pulled from automation controller only
Added the ansible-builder-rhel8 image to the setup bundle
Modified base execution environment images so that controller backups can run in the container
Automation Controller UI fixes:
Upon saving a schedule, the date chooser no longer changes to the day before the selected date
Fixed the ability to create manual projects in Japanese and other supported non-English languages
Forks information no longer missing in running job details
Project selected for deletion is now removed as expected when running a project sync
The Admin option in the Team Permissions is now disabled so that a user cannot select it when it is not applicable to the available organization(s)
Large workflow templates no longer cause browsers to crash when linking nodes near the end of the template
References to Ansible Tower are replaced with Automation Controller throughout the UI, including tooltips where documentation is referenced
Installation fixes specific to Automation Controller:
Updated the Receptor to 1.2.3 everywhere as needed
Automation Controller fixes:
Upgraded Django version to 3.2 LTS
System (management) jobs are now able to be canceled
Rsyslog no longer needs manual intervention to send out logs after hitting a 40x error
Credential lookup plugins now respect the AWX_TASK_ENV setting
Fixed the controller to list valid subscriptions from Satellite when having multiple quantities from the same SKU
Updated Receptor version to 1.2.1, which includes several fixes
Execution Environment fixes:
The host trusted cert store is now exposed to execution environments by default. See Isolation functionality and variables for detail.
Mounting the /etc/ssh or /etc/ to isolated jobs now works in podman
User customization of execution environment mount options and mount paths are now supported
Fixed SELinux context on /var/lib/awx/.local/share/containers and ensure awx as podman storage
Fixed failures to no longer occur when the semanage fcontext has been already set for the expected directory
Automation Controller UI fixes:
Fixed the ability to create manual projects in Japanese and other suppported non-English languages
Fixed the controller UI to list the roles for organizations when using non-English web browsers
Fixed the job output to display all job type events, including source control update events over websockets
Fixed the TypeError when running a command on a host in a smart inventory
Fixed the encrypted password in surveys to no longer show up as plaintext in the Edit Order page
Installation fixes specific to Automation Controller:
Fixed duplicate Galaxy credentials with no default organization
Running the ./setup.sh -b out of the installer directory no longer fails to load group vars
The installer no longer fails when IPV6 is disabled
Fixed unnecessary become_user:root entries in the installation
Modified database backup and restore logic to compress dump data
Creating default execution environments no longer fails when password has special characters
Fixed installations of execution environments when installing without internet access
Upgrading to AAP 2.1 no longer breaks when the Django superuser is missing
Rekey now allowed with existing key
Added the ability to specify additional nginx headers
Fixed analytics gathering to collect all the data the controller needed to collect
Fixed the controller to no longer break subsequent installer runs when deleting the demo organization
Introduced
Connected Receptor nodes to form a control plane and execution mesh configurations
The special controlplane instance group to allow for the task manager code to target an OpenShift Controller node to run the project update
The ability to render a configured mesh topology in a graph in the installer
Controller 4.1 execution nodes can be remote
Node types for Controller 4.1 (control, hybrid, execution, hop, control, hybrid, execution, hop) installed for different sets of services and provide different capabilities, allowing for scaling nodes that provide the desired capability such as job execution or serving of web requests to the API/UI.
Added
The ability for the platform installer to allow users to install execution nodes and express receptor mesh topology in the inventory file. The platform installer will also be responsible for deprovisioning nodes.
Work signing to the receptor mesh so that control plane nodes have the exclusive authority to submit receptor work to execution nodes over the mesh
Support for pre-population of execution environment name, description, and image from query parameters when adding a new execution environment in the Controller User Interface
Ability to trigger a reload of the topology configuration in Receptor without interrupting work execution
Using Public Key Infrastructure (PKI) for securing the Receptor mesh
Added importing execution environments from Automation Hub into the controller to improve the platform experience
Updated
The controller to support new controller control plane and execution mesh
Task manager will only run project updates and system jobs on nodes with node_type of “control” or “hybrid”
Task manager will only run jobs, inventory updates, and ad hoc commands on nodes with node_type of “hybrid” or “execution”
Heartbeat and capacity check to work with Receptor execution nodes
Reaper to work with the addition of execution nodes
Controller User Interface to not show control instances as an option to associate with instance groups
The Associate pop-up screen to display host names when adding an existing host to a group
Validators for editing miscellaneous authentication parameters
Advanced search key options to be grouped
SAML variables default values
Survey validation on Prompt on Launch
Login redirect
Deprecated
None
Removed
The ability to delete the default instance group through the User Interface
Upgraded Django version to 3.2 LTS
Updated receptor to version 1.2.1
Introduced
Support for automation execution environments. All automation now runs in execution environments via containers, either directly via OpenShift, or locally via podman
New PatternFly 4 based user-interface for increased performance, security, and consistency with other Ansible Automation Platform components
Added
Added identity provider support for GitHub Enterprise
Support for RHEL system crypto profiles to nginx configuration
The ability to disable local system users and only pull users from configured identity providers
Additional Prometheus metrics for tracking job event processing performance
New awx-manage command for dumping host automation information
Red Hat Insights as an inventory source
Ability to set server-side password policies using Django’s AUTH_PASSWORD_VALIDATORS setting
Support for Centrify Vault as a credential lookup plugin
Support for namespaces in Hashicorp Vault credential plugin
Updated
OpenShift deployment to be done via an Operator instead of a playbook
Python used by application to Python 3.8
Nginx used to version 1.18
PostgreSQL used to PostgreSQL 12, and moved to partitioned databases for performance
The “container groups” feature to general availability from Tech Preview; now fully utilizes execution environments
Insights remediation to use new Red Hat Insights inventory source rather than utilizing scan playbooks with arbitrary inventory
Subscriptions display to count hosts automated on instead of hosts imported
Inventory source, credential, and Ansible content collection to reference controller instead of tower
Deprecated
None
Removed
Support for deploying on CentOS (any version) and RHEL 7
Support for Mercurial projects
Support for custom inventory scripts stored in controller (use awx-manage export_custom_scripts to export them)
Resource profiling code (AWX_RESOURCE_PROFILING_*)
Support for custom Python virtual environments for execution. Use new awx-manage tools for assisting in migration
Top-level /api/v2/job_events/ API endpoint
The ability to disable job isolation