如需完整的 Automation Platform 文档,请参阅最新的 Product Documentation for Red Hat Ansible Automation Platform。
General Fixes
Receptor TLS errors when run with FIPS enforced in the Operator (AAP-10174)
Automation Controller 修复:
Automation controller now requires git-core instead of git (AAP-10133)
General Fixes
Nginx ssl_protocols
now defaults to TLSv1.2 and is configurable (AAP-6920)
Added supervisor_start_retry_count for supervisord (AAP-8476)
Increased the HSTS duration to 2 years and is now configurable (AAP-9487)
Made client_max_body_size
for controller nginx configurable at install time for the VM installer, and the Operator default value has been increased to 5 MB (AAP-9948)
Automation Controller 修复:
Manifest upload in the controller no longer fails when the manifest size is over 1MB (AAP-7169)
Fixed race condition with heartbeat and reaper logic (AAP-9828)
Fixed bug where users were unable to toggle variables between JSON and YAML in the UI (AAP-10541)
Reformatted the Backup CR and persistent volume claim (PVC) options on AutomationControllerRestore (AAP-9741)
Backup role now uses k8s_cp
module to write large files (AAP-10307)
Backups on AAP Operator no longer fails when filesystem is ext4 (AAP-9250)
Automation Controller 修复:
Allowed the CLI to export schedule fields when exporting job templates (AAP-8682)
Users logging in through LDAP are now properly mapped to teams based on their LDAP groups (AAP-9067)
Improved performance and properly updated job status for facts gathering to avoid missing facts (AAP-9144)
Automation Controller 修复:
LDAP login no longer adds or removes a user from any team in the system with the same name as the LDAP team being managed (AAP-8063)
Updated Django, GitPython and Wheel in virtual environments (AAP-8551)
LDAP Adapter now respects remove flag in configuration (AAP-8696)
Performance has been improved for SAML configuration (AAP-4671)
Automation Controller UI 的修复:
Fixed a bug where the date picker would select dates in the past and prevent saving (AAP-4499)
Workflow Approve/Deny bulk actions were added back to Workflow Approvals list (AAP-8384)
UI no longer shows 'TypeError' error message when a task in Job Output console is clicked on running jobs (AAP-8409)
Fixed duplicate key value errors to properly produce job stdout while launching a job template (AAP-8880)
Navigating to an instance in an instance group's list no longer produces a 404
error
Automation Controller 修复:
Starting the application no longer results in 'listener_port' not-null constraint violation error (AAP-8096)
Shell escaping no longer produces special characters in the Administrator password (AAP-7972)
Automation Controller 修复:
Accessing execution environments functions as expected when upgrading from Ansible Tower 3.x (AAP-2551)
Updated the receptor to 1.3.0-3 to avoid replacing receptor.conf
on upgrade (AAP-7938)
Automation Controller UI 的修复:
The Save button now responds appropriately on the Job Settings page (AAP-7757)
Automation Controller UI 的修复:
Fixed the Job Template Launch page to no longer result in a 'Not Found' error when choosing credentials (AAP-7507)
Automation Controller 修复:
Fixed issue upgrading to Ansible Automation Platform 2.3 (AAP-7353)
Automation Controller UI 的修复:
The Hosts Automated field on the Subscriptions Detail page is now correctly translated
New Features
Added the ability for control nodes to peer out to remote execution nodes (on a Kubernetes deployment only)
Introduced peers detail tab for instances
Introduced the ability to create and remove instances in the controller UI
Updated nodes/links in the Topology Viewer of the controller UI to support new states
Enabled health checks to be run on remote execution nodes on a Kubernetes deployment
Added the ability for Kubernetes users to create instance groups
Added project/playbook signature verification functionality to the controller, enabling users to supply a GPG key and add a content signing credential to a project, automatically enabling content signing for that project
Introduced ansible-sign
, a content signing and verification utility that provides a unified way to sign content across the Ansible eco-system
Support for schedules with the awx-cli import
and awx-cli export
features
Surfaced database connections in /api/v2/metrics
Additions
Topology viewer now shows new node and link states
Mesh topology shows directionality of links between nodes
The ability to pass variable value from a nested workflow job template to a job template or workflow job template using the set_stats
module
Added Prompt on Launch options on all parameters of the job template and workflow job templates
Added Job and Skip tags on workflow job templates and accompanying Prompt on Launch options
Configurable timeout settings for the receptor
Added missing security headers to application URLs
Metrics added for Support Engineers and customers to analyze, problem solve performance-related issues with lags in job events
The controller now polls the job endpoint to determine exactly when events are done processing and the UI displays a message when it has finished processing events for the job
Include forks on job and/or job template data for Automation Analytics
在运行作业详情中不再缺少 fork 信息
Schedules now allow date exceptions
Optimized/cache information about preferred instance groups
Control for capacity decisions and task worker availability
Survey wizard now handles multiple choice/multi-select question-answers in both array and string form (formerly only strings were supported)
Surveys can now auto-complete in multiple choice input fields
Added options for setting the priority class on the control plane and PostgreSQL pods
Subscription Details indicating whether the customer is in or out-of-compliance with their subscriptions
Added the ability for Receptor Ansible collection to provision receptor node(s)
Added the ability to deprovision external execution nodes
Added playbook with all the required variables for provisioning new remote execution nodes
Pop-up help text added to Details fields of job templates, workflow job templates, credentials, projects, inventories, hosts, organizations, users, credential types, notifications, instance groups, applications, and execution environments
Extra variables added to workflow approval notifications
Updates or Fixes
Topology Viewer links, nodes, legend, list view "Status" updated to reflect new states
Updated the Topology viewer to show more node detail
Topology Viewer no longer fails to populate when launched
Updated the controller to handle asynchronous health checks on an instance
Nodes are now moved to a deprovisioning state when removing from the controller UI
Increased the number of allowed characters for the job_tags
(Job Tags field) in a template
Job schedules are no longer missing from the Schedules view when sorting by type
Schedules now prompting for job or skip tags
Browser timezone automatically set as default when creating a schedule
Fixed issue with adding a schedule to an inventory source
LDAP / LDAPS connections no longer stay open after a user has logged out
Refactored LDAP backend to be more efficient, including reduced initial login time after increasing list of LDAP mappings
Job launch failure error now contains more succinct and informative messaging in the event that content signature validation fails
Users with Admin permissions on a workflow are able to assign an inventory to the workflow job template
Approval node toolbar buttons updated to improve the Workflow approval user experience
Workflow approval templates are now exportable
Admin users can now copy a workflow job template
Node rejoins cluster as expected after connection to PostgreSQL is lost
Workflow or sliced jobs no longer blocked or fails when ran
Sliced jobs no longer produce 500 errors when performing a GET
operation while launching more than 500 slices
Jobs no longer fails if Job Slicing and Fact Storage are enabled together
Adhoc command jobs no longer result in error when ran
Fixed error that resulted from relaunching an adhoc command with password
Advanced search updated to only allow users to select valid or logical match types to avoid unnecessary 500 errors
Included updates and enhancements to improve performance associated with the Task Manager in the handling of scaling jobs, mesh and cluster sizes
Job output performance improvements
Job output screen user experience improvements
Job timeout details showing in the Job Output as expected
Job Settings page updated to no longer produce 404 errors and other various warnings
First Run / Next Run values of the job schedule fixed to no longer change to one day before the date entered in the Edit/Add page of the schedule settings
Job template with concurrent jobs launches as expected if capacity allows the controller to run more jobs
awx-cli import
and awx-cli export
now produce an error message and provide appropriate exit codes when an imported or exported operation fails
Default cleanup schedules no longer only run once
Updated SAML adapter to not remove System Administrator and System Auditor flags
Lookup modals refresh when opened
Twilio notifications can now be sent from the controller from behind a proxy
Custom credential type creation works as expected
Updated strings for translation
The Demo Project will now initially show a status of "successful" and will not update on launch, whereas before it showed "never updated" and updated on launch
Inventory updates based on an SCM source now provides the revision of the project it used
Removing hosts from inventories no longer fails with "Out of Shared Memory" error
Manually gathering analytics from CLI no longer results in a unicode error
Filter websockets related to sync jobs on jobs list(s) when refreshed, these jobs will be filtered again from the Jobs view
The GOOGLE_APPLICATION_CREDENTIALS
environment variable is now being set from a Google Compute Engine (GCE) credential type
Fixes some stability issues with ansible-runner worker processes and related logging slowdowns in the Dispatcher task processing
Deprecations
None in this release.
Removals
Removed the Update on Project Update field (update_on_project_update
) in projects. This is intended to be replaced by ordinary "Update on Launch" behavior, because they chain from inventory to project. So if this option was previously set on the inventory source, it is recommended that both inventory and project are set to "Update on Launch".
The Credential Permissions page no longer allows Credential Admin or Org Admins to manage access operations for a credential that does not belong to any organization
Fallback behavior removed when an instance group is defined on a job template or inventory
Automation Controller 修复:
Node alias is now saved when job template is changed in the workflow
Improved error messages in the API job_explanation
field for specific error scenarios, (e.g., runner worker process is killed), or certain failure scenarios (e.g., shutdown)
Fixed the Task Manager to fully account for the job's control process capacity for jobs running in container groups
JOB_WAITING_GRACE_PERIOD
increases the threshold for marking jobs stuck in the "waiting" status as failed
CLUSTER_NODE_MISSED_HEARTBEAT_TOLERANCE
to allow the heartbeat to be more tolerant to clock skew and other problems
K8S_POD_REAPER_GRACE_PERIOD
to allow more time before pod cleanup executes its last attempt to delete pods used by jobs
TASK_MANAGER_TIMEOUT
to allow more time in the unlikely event that the Task Manager fails to finish normally
Jobs no longer fail for nested submodules in an SCM (git) project and the .git
folder will be omitted
Added more logs to help debug database connectivity problems and cluster resource limits
Removed the current_user
cookie which was not used by the UI
Updated controller to send FQCN data for tasks to analytics
修复了指标端点(/api/v2/metrics
),不再会产生有问题的 500
错误
Added remove_superuser
and remove_system_auditors
to the SAML user attribute map
Added the ability to allow multiple values in the SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR.is_*_[value|role]
settings
Unwanted Galaxy credentials are no longer added to the Organization while logging in through SAML
awx-cli now allows for multiple --extra_vars
parameters
Receptor 不再在 FIPS 模式中失败
If an OCP node's record is deleted (either by the awx-manage
command or by the heartbeat task), it will re-register itself
Upgrading and changing node_type
from execution
to control
or hybrid
no longer causes cleanup errors
执行环境的修复:
None for this release
Automation Controller UI 的修复:
The controller UI properly displays job output when strategy: free
is set in the playbook
Fixed the pagination displays within the main lists, i.e., Resources (Job Templates, Projects, Inventory), Access (Organization, Users, Teams, Notifications), and Administration (Instance Groups, Execution Environments)
Fixed the Job Output to properly follow and scroll; and improved the Page Up/Page Down button behavior
Fixed the controller UI to now be able to filter by multiple labels
大型工作流模板不再会在模板末尾附近连接节点时使浏览器崩溃
Fixed the approval node "Deny" to no longer run the subsequent workflow nodes
在运行作业详情中不再缺少 fork 信息
在保存调度后,日期选择者不会修改到所选日期的前一天
对 Ansible Tower 的引用在 UI 中被 Automation Controller 替换,包括本文档引用的内容
Corrected translations for the Japanese Subscription settings screen
特定于 Automation Controller 的安装修复:
None for this release
引进
自动化拓扑的图形视觉化显示了节点类型,它们之间的链接及其状态
添加
对于基于虚拟机的安装,控制器现在会在作业运行时会在 execution environments 中自动挂载系统信任存储
Logging 设置表单的 Log Format for API 4XX Errors 字段用于自定义 4xx 错误消息,它在 API 请求出现问题时被使用
将标签与清单搭配使用
在 SAML 集成中将用户标记为超级用户(superusers)和审核员(auditors)的功能
支持在作业输出 UI 中扩展和合并 play 和任务
根据多个事件类型过滤作业输出 UI
到多个列表视图的各种默认搜索过滤器
要在 UI 中可以看到实例的顶级列表
当用户复制资源时的弹出窗口信息
作业模板标签页到 Credentials 和 Inventories,以查看使用该特定凭证或清单的所有模板
更新
控制器使用 Python 3.9
Django 的 SESSION_COOKIE_NAME
设置为非默认值。注意,以前使用 sessionid
cookie 的任何外部客户端都需要更改。如需更多详情,请参阅 会话身份验证。
Controller 支持在 UI 的 Jobs Settings 的 Paths to expose to isolated jobs 字段中使用 podman 风格的卷挂载语法
在 OCP/K8s 中公开的作为 HostPath 的隔离路径
将 Django 从版本 2.2 升级到 3.2
在 Advanced Search 上修改了 ansible_facts
的使用,以在创建智能清单时为使用 ansible_facts
添加更多灵活性
现在,在执行节点上运行的作业的控制器节点出现 1 个容量单位,以便考虑控制作业发生的系统负载。这可使用基于文件的设置 AWX_CONTROL_NODE_TASK_IMPACT
进行调整。
总是在 controlplane
实例组中运行的项目更新
Slack 通知以允许回复线程而不是仅是频道
UI 性能以提高作业输出
作业状态图标更易访问
在启动一个作业时仅显示可用清单
浏览器选项卡可以显示有关用户当前查看哪些页面的更多信息
Controller 现在会在作业模板额外变量*后*加载变量以防止覆盖注入到每个作业运行中的元数据变量
弃用
由于删除了 RabbitMQ,来自实例组中的 "committed capacity" 概念
清单源选项 Update on project update - 如果项目拉取了新修订版本,则此字段会更新清单源。在以后,在更新清单源时,如果项目本身被设置为 Update on launch,则控制器会自动运行项目更新。
删除
hostcount 的 Case sensitivity
Automation Controller 修复:
When setting the use role on a credential to more than 10 users, users are no longer added on different admin roles unexpectedly
Fixed the fallback cleanup task to not delete files in-use
Updated inventory hosts to allow editing when organization is at max host limit
Enabled job slicing with fact caching now correctly saves facts for hosts from the relevant slice
No longer validating hostnames when editing the hostname on an existing host
执行环境的修复:
Fixed jobs stuck in running when timing out during an image pull
Automation Controller UI 的修复:
Fixed list search/pagination filters in place when clicking the Back to <N> button. Applies to all top-level list pages except the Schedules page.
Updated Subscription and inventory usage details, including a status indicating whether the customer is in or out-of-compliance with their subscriptions
Survey wizard now handles multiple choice/multi-select question-answers in both array and string form (formerly only strings were supported)
Fixed error that resulted from relaunching an adhoc command with password
Updated filter websockets related to sync jobs on jobs list(s) that when refreshed, these jobs will be filtered again from the Jobs view
Added validation for same start/end day different time schedules
Automation Controller 修复:
Receptor 不再在 FIPS 模式中失败
添加了当安全退出功能,当 control plane 中的服务崩溃时可以快速恢复
如果已存在,create_partition
会跳过创建表的步骤
如果迁移发送到外部聚合器,则启用日志不再会破坏迁移的过程
修复了指标端点(/api/v2/metrics
),不再会产生有问题的 500
错误
执行环境的修复:
改进了 execution environment 复制过程,以减少 /tmp
目录中所需的空间
允许只从 automation controller 拉取 execution environment 镜像
将 ansible-builder-rhel8 镜像添加到安装捆绑包中
修改了基础 execution environment 镜像,以便控制器备份可以在容器中运行
Automation Controller UI 的修复:
在保存调度后,日期选择者不会修改到所选日期的前一天
修复了以日语和其他非英语语言创建手动项目的功能
在运行作业详情中不再缺少 fork 信息
现在在运行项目同步时,为删除选择的项目会如预期删除
团队权限中的 Admin 选项现在被禁用,因此在不适用于可用机构时,用户无法选择它
大型工作流模板不再会在模板末尾附近连接节点时使浏览器崩溃
对 Ansible Tower 的引用在 UI 中被 Automation Controller 替换,包括本文档引用的内容
特定于 Automation Controller 的安装修复:
根据需要将 Receptor 更新至 1.2.3
Automation Controller 修复:
将 Django 版本升级到 3.2 LTS
系统(管理)作业现在可以取消
rsyslog 在达到 40x 错误后不再需要手动干预来发送日志
凭证查询插件现在会遵循 AWX_TASK_ENV
设置
修复了控制器,可以在同一 SKU 中有多个数量时,从 Satellite 中列出有效的订阅
将 Receptor 版本更新至 1.2.1,其中包括几个修复
执行环境的修复:
主机可信证书存储现在默认公开给 execution environments。详情请参阅 隔离功能和变量。
将 /etc/ssh
或 /etc/
挂载到隔离的作业现在可以在 podman 中正常工作
现在支持对 execution environment 挂载选项和挂载路径的用户自定义
修复了 /var/lib/awx/.local/share/containers
上的 SELinux 上下文,并确保 awx 作为 podman 存储
修复了一个错误,当 semanage fcontext
已为预期的目录设置时不再会发生问题
Automation Controller UI 的修复:
修复了以日语和其他非英语语言创建手动项目的功能
修复了控制器 UI,在使用非英语 Web 浏览器时可以正确列出机构的角色
修复了作业输出,以显示所有作业类型事件,包括源控制更新事件(通过 websocket)
修复了在智能清单的主机上运行命令时的 TypeError
修复了调查中的加密密码,在 Edit Order 页面中不再将密码显示为明文
特定于 Automation Controller 的安装修复:
修复了在没有默认机构时出现重复的 Galaxy 凭证的问题
在安装程序目录外运行 ./setup.sh -b
时不再会出现加载组变量失败的问题
当禁用 IPV6 时,安装程序不再会失败
修复了安装中的不必要的 become_user:root
条目
修改的数据库备份和恢复逻辑以压缩转储数据
当密码有特殊字符时,创建默认 execution environments 不再会失败
修复了在在没有互联网访问的情况下安装 execution environments 的问题
当没有 Django 超级用户时,升级到 AAP 2.1 不会被中断
现在允许对现有的密钥进行重新生成密钥(rekey)操作
添加了指定额外 nginx 标头的功能
修复了分析收集功能,以收集控制器收集所需的所有数据
修复了控制器,在删除演示机构时不再会破坏后续安装程序运行
引进
连接的接收器 (Receptor) 节点组成 control plane 和执行 mesh 配置
允许任务管理器代码以 OpenShift 控制器节点运行项目更新的特殊 controlplane
实例组
在安装程序的图形中呈现配置的网格拓扑的功能
controller 4.1 执行节点可以是远程的
为不同的服务集合安装了 Controller 4.1 的节点类型(control, hybrid, execution, hop
、control
、hybrid
、execution
、hop
),并提供不同的功能,允许扩展提供所需功能的节点,如作业执行或向 API/UI 提供 Web 请求。
添加
平台安装程序允许用户在清单文件中安装执行节点和表达接收器网格拓扑的功能。平台安装程序还将负责取消置备节点。
工作签名到接收方网格,以便 control plane 节点具有提交接收器工作以通过网格执行节点的权限
在 Controller 用户界面中添加新 execution environment 时,支持从查询参数预先填充 execution environment 名称、描述和镜像
在 Receptor 中触发拓扑配置的重新加载而不中断工作执行
使用公钥基础架构(PKI)保护接收器网格
添加了从 Automation Hub 导入 execution environments 到控制器以提高平台体验
更新
支持新的控制器 control plane 和执行网格的控制器
任务管理器将仅在带有 node_type
"control" 或 "hybrid" 的节点上运行项目更新和系统作业
任务管理器将仅在带有 node_type
"hybrid" 或 "execution" 的的节点上运行作业、清单更新和临时命令
心跳和容量检查,以用于接收器执行节点
使用增加执行节点的 Reaper
控制器用户界面,不将控制实例显示为与实例组关联的选项
将现有主机添加到组中时,用于显示主机名的关联弹出屏幕
用于编辑各种验证参数的验证器
要分组的高级搜索密钥选项
SAML 变量默认值
启动时调查验证
登录重定向
弃用
无
删除
通过用户界面删除默认实例组的功能
将 Django 版本升级到 3.2 LTS
将 receptor 更新至 1.2.1 版本
引进
支持自动化 execution environments。现在,所有自动化都通过容器(直接通过 OpenShift)或本地通过 podman 在执行环境中运行
新的基于 PatternFly 4 的用户界面以提高与其他 Ansible Automation Platform 组件的性能、安全性和一致性
添加
添加了对 GitHub Enterprise 的身份供应商支持
支持对 nginx 配置的 RHEL 系统加密配置集
可以禁用本地系统用户,并仅从配置的身份提供程序中提取用户
其他用于跟踪作业事件处理性能的 Prometheus 指标
新的 awx-manage
命令用于转储主机自动化信息
使用 Red Hat Insights 作为清单源
使用 Django 的 AUTH_PASSWORD_VALIDATORS
设置设置服务器端密码策略的功能
支持将 Vault 作为凭证查找插件
支持 Hashicorp Vault 凭证插件中的命名空间
更新
OpenShift 部署通过 Operator 而不是 playbook 进行
应用使用的 Python 为 Python 3.8
Nginx 用于版本 1.18
PostgreSQL 用于 PostgreSQL 12,并移到分区数据库以提高性能
"容器组"功能从技术预览中正式发布,现在可以充分利用执行环境
Insights 修复为使用新的 Red Hat Insights 清单源,而不是利用带有任意清单的扫描 playbook
订阅显示以统计自动化的主机而不是导入的主机
清单源、凭证和 Ansible 内容集合使用 controller 而不是 tower
弃用
无
删除
Support for isolated nodes
在 CentOS(任何版本)和 RHEL 7 上部署的支持
支持 Mercurial 项目
支持存储在控制器中的自定义清单脚本(使用 awx-manage export_custom_scripts
导出它们)
资源 profiling 代码 (AWX_RESOURCE_PROFILING_*
)
支持用于执行的自定义 Python 虚拟环境。使用新的 awx-manage
工具协助迁移
顶级 /api/v2/job_events/ API 端点
禁用作业隔离的功能