Documentation

Release Notes

Refer to the latest Product Documentation for Red Hat Ansible Automation Platform for the complete Automation Platform documentation.

Automation Controller Version 4.4.8

General Fixes

  • Excluded PostgreSQL storage limits if not specified to avoid operator reconciliation crash loop; and provided a way to configure custom volume mounts on the PostgreSQL StatefulSet for AutomationController (AAP-18017)

Automation Controller fixes:

  • Fixed wsrelay connection in IPv6 environments (OpenShift clusters) to no longer fail to make connections (AAP-17907)

  • Fixed a bug that prevented the dispatcher to exit when the database failed (AAP-17660)

  • Added the LOG_AGGREGATOR_ACTION_MAX_DISK_USAGE_GB setting to enable queuing for Rsyslog to handle higher work volumes (AAP-12726)

  • Updated API endpoints to only show the product version header when the requester is authenticated (AAP-8778)

Automation Controller Version 4.4.7

Automation Controller fixes:

  • Fixed the infra.controller_configuration collection (which uses ansible.controller collection) to no longer result in an HTTP 499 response when customers update their Ansible Automation Platform environment (AAP-17422)

Automation Controller Version 4.4.6

General Fixes

  • Updated python3-django/python39-django to 3.2.22

Automation Controller fixes:

  • Added a new subscription usage page to the controller UI to view historical usage of licenses (AAP-16983)

  • Upgraded Django to address CVE-2023-41164 automation-controller: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri() (AAP-16193)

Automation Controller Version 4.4.5

Automation Controller fixes:

  • Fixed settings lookup to no longer leave some services in a supervisord FATAL, unresponsive, state (AAP-16460)

  • Replaced the SQL commands for creating a partition with the use of ATTACH PARTITION to avoid exclusive table lock on event tables (AAP-16350)

  • Fixed settings to allow simultaneous use of SOCIAL_AUTH_SAML_ORGANIZATION_ATTR and SOCIAL_AUTH_SAML_ORGANIZATION_MAP for a given organization (AAP-16183)

  • Fixed CSP (Content Security Policy) to enable Pendo retrieval (AAP-16057)

  • Updated filtering to allow returned JSON to a field specified by a new secret_field input to the Thycotic DevOps Secrets Vault credential plugin (AAP-15695)

Automation Controller Version 4.4.4

General Fixes

  • Changed policy for supported OpenShift range to remove upper bound (AAP-16098)

  • Fixed data streaming timeout when backing up large databases during upgrades, backups and restores (AAP-15049)

Automation Controller fixes:

  • Fixed incorrect capacity for remote execution nodes when resource limits are set in OpenShift (AAP-15736)

  • Fixed the controller UI to no longer allow launching multiple jobs when rapidly clicking on the launch button in the preview step (AAP-15689)

  • Added views for a monthly summary of host metrics, added host metrics to exported analytics data, and introduced a periodic task and management command for cleaning up old host metrics (AAP-15677)

  • Fixed the Constructed Inventory edit form no longer hang indefinitely in the loading state for users with edit permissions (AAP-15099)

  • Fixed job error handling so that the controller correctly reports error text from ansible-runner or receptor that were previously shown “Job terminated due to error” (AAP-12917)

Automation Controller Version 4.4.3

Automation Controller fixes:

  • Addressed CVE-2023-23931 for python-cryptography dependency (AAP-9628)

  • Addressed CVE-2023-40267 for GitPython dependency (AAP-15345)

  • Removed support for auto-complete on the Password field of the API login page due to security concerns (AAP-15545)

  • Fixed the deadlock on shutdown when Redis is unavailable (AAP-14203)

Automation Controller Version 4.4.2

General Fixes

  • Using a license that is missing a “usage” attribute no longer returns a 400 error (AAP-14880)

  • Upgraded python dependencies which include an upgrade from Django 3.2 to 4.2.3, psycopg2 to psycopg3, additional libraries as needed (AAP-12345)

Automation Controller fixes:

  • Fixed Ansible facts to retry saving to hosts if there is a database deadlock (AAP-15021)

  • Updated the server to look for secrets if data exists under the “data” key in the response from HashiCorp Vault Secret Lookup. Otherwise, it looks for these secrets as top-level keys (AAP-14946)

  • Interrupted jobs (like canceled jobs) no longer clear facts from hosts, when the job ran on an execution node (AAP-14878)

  • Applied environment variables from the setting AWX_TASK_ENV when running credential lookup plugins (AAP-14683)

  • Fixed unexpected error with adding a new host while using a license manifest with size 10 (AAP-14675)

  • Fixed the Trial toggle when using a license manifest file (AAP-14675)

  • The Add button on credentials is now accessible for users with correct permissions (AAP-14525)

  • Turned off auto-complete on remaining controller UI forms that were missing that attribute (AAP-14442)

  • Fixed the broken User Guide link in the Edit Subscription Details page (AAP-14375)

  • Added rel="noopener noreferrer" to controller UI links that were missing it (AAP-14345)

  • Adding new labels to a job as a prompt now works as expected (AAP-14204)

  • Added a new setting in the UI exposing the CSRF_TRUSTED_ORIGIN settings (AAP-12345) See The CSRF_TRUSTED_ORIGIN setting for detail.

Automation Controller Version 4.4.1

General Fixes

  • Execution and hop nodes can now be added to VM-based Controller installations from the CLI (AAP-12849)

  • Added a new setting, LOG_AGGREGATOR_ACTION_MAX_DISK_USAGE_GB, to enable disk-assisted queuing of messages in rsyslog (AAP-12726)

Automation Controller fixes:

  • Organization administrators are now able to view any objects associated to the organization regardless of individual permissions (AAP-14057)

  • Added API reference documentation for new Bulk API endpoint (AAP-13980)

  • Fixed server error that happens when deleting workflow jobs ran before event partitioning migration (AAP-13806)

  • Weekly rrule string without a BYDAY no longer produces a TypeError in the controller UI (AAP-13670)

  • When assigning access to teams, it is now possible to filter teams using partial names when granting them access a resource (AAP-13557)

  • Re-enabled Pendo support by providing the correct Pendo API key (AAP-13415)

  • Added awx-manage command for creating future events table partitions (AAP-12907)

  • Fixed slow database UPDATE statements on job events table which could cause a task manager timeout (AAP-12586)

  • Topology view and Instances are only available as options on the left navigation menu options to System Administrators and System Auditors (AAP-11585)

  • Using the Back to list button now maintains previous search filters (AAP-11527)

  • Removed case-sensitive credential name search in ad-hoc commands prompts (AAP-11442)

  • Fixed incorrectly displayed workflow job within workflow approval details (AAP-11433)

  • Fixed an error that was shown to Org Admin users on the Instances list (AAP-11195)

Automation Controller Version 4.4

New Features

  • Administrative users can now enable a tech preview of the new controller UI, which includes some basic and limited functionality around creating and viewing the resources needed to launch a job template (AAP-9133)

  • A tech preview version of the Automation Calculator utility that shows a report that represents (possible) savings to the subscriber (AAP-7331) See Analytics Reports for more information.

  • IBM Z/Power support has been added as a tech preview feature for Ansible Automation Platform 2.4 and ARM support is added so you can now run automation controller on an ARM machine with or without using the bundle installer (AAP-7975)

  • Ability to launch multiple jobs at once via a new API endpoint, /api/v2/bulk/job_launch (AAP-7953)

  • Ability to add multiple hosts at once via a new API endpoint, /api/v2/bulk/host_create (AAP-5706)

  • Provided a new page for showing which hosts are consuming the subscription count and allowing users to delete hosts that are no longer used so they are not counted against the subscription consumption (AAP-9046) See Subscription compliance for more information.

  • Introduced the ability to scale web and task pods independently (AAP-6025)

  • Conjur Cloud support to CyberArk Conjur Secrets Lookup (AAP-6643) See CyberArk Conjur Secrets Manager Lookup for detail.

  • Added the ability to use host and groupvars in order to create Constructed Inventories from other inventories (AAP-3687)

  • Added the ability to run automation against Constructed Inventories (AAP-3687)

  • Added Max concurrent jobs and Max forks fields in the Instance Group and Container Groups Create and Edit screens of the controller UI to allow users to define an instance group maximum of jobs that will be run on an instance group or sum of forks of all jobs to be run an instance group, making this especially useful for container groups where there is no concept of capacity (AAP-6699) See Instance group capacity limits for more information.

Additions

  • Added the ability for automation controller to tolerate the restart of Kubernetes master node during job execution and as a result, jobs will no longer fail due to a master node restart (AAP-12590)

  • The Add button is now available for organization Admins to be able to add roles to the team (AAP-11618)

  • Missing API metrics related to task_manager, dependency_manager, and workflow_manager are added to the /api/v2/metrics/ endpoint to standalone scenarios (AAP-10795)

  • Added use of static Central Credential deployment for CyberArk on cloud (AAP-7272) See CyberArk Central Credential Provider (CCP) Lookup for more detail.

  • Expanded the Advanced search capability in the controller UI to support the lookup type of exact on related keys (AAP-6886)

Updates or Fixes

  • After database failover, the Dispatcher now recovers and resumes normal operation (AAP-12462)

  • Users can now specify an SCM branch override on the inventory source and inventory update, similar to how it is done for job templates (AAP-9150) See Inventory Sources for detail.

  • ‘Normal’ users now have the ability to select instance groups on job templates in the UI (AAP-5170)

  • Changed the Operator to split web and task into separate deployments (aka Web-Task split). Redis now runs as a separate container inside of the pod in the OpenShift Container Platform . Now that web/task are separate pods, they now both have their own dedicated redis containers and use another service to clear cache (clear_cache) and restart rsyslog (rsyslog_reconfigurer). (awx-operator#1182)

  • Requests to HashiCorp Vault clusters will be retried if an HTTP 412 error is received from the HashiCorp Vault server instead of failing (AAP-8503)

  • Updated the controller UI to pre-populate information from a credential and inventory when creating a job template from the context of a credential or inventory, respectively (AAP-7286)

  • Updated the Job Template form to allow the playbook filename to be manually entered even if those filenames are not present in the select list (AAP-5672)

  • Improved the speed of saving facts to hosts at the end of a job, and ensured that facts are saved before the status changes so that downstream workflow nodes can make use of host fact saved by the prior node (AAP-9144)

  • Removed validation check that was disallowing users from editing the hostname of a host attached to an inventory when the max_hosts limit was reached for a particular organization (AAP-4487)

  • “Related Groups” column added back to “Hosts” views in the controller UI (AAP-4538)

  • Re-added the Approve and Deny buttons to the list toolbar of the controller UI (AAP-8384)

  • Added a password field to the user serializer if a user is an internal user. This allows for the awx.awx.user module to respect the update_secrets parameter. This also changes the /api/v2/users endpoint by adding a password field to the returned payload on a GET which will have a value of "$encrypted$" (awx#13704)

  • Users logging in through LDAP are now properly being mapped into teams based on their LDAP groups (AAP-9067)

  • The LDAP adapter no longer removes users from admin roles (and others) for an organization even if the remove_* flag was set to False (AAP-8696)

  • The LDAP adapter no longer manages a team by name regardless of the organization the team was in, preventing users of a particular team from logging into the system through LDAP and being unnecessarily added to multiple organizations due to the same team name (AAP-8063)

  • Improved performance of the SAML login process (AAP-4671)

  • Jobs due to X509_V_FLAG_CB_ISSUER_CHECK attribute no longer produces an error (AAP-12618)

  • Saving a workflow in the controller UI will no longer save an empty string for scm_branch, which previously resulted in undesired changing of the branch jobs used (AAP-7638)

  • Editing a node no longer defaults to All Convergence in the Workflow Visualizer of the controller UI (AAP-7243)

  • Controller containers in an Openshift Container Platform now operate as expected when running 100 jobs or more (AAP-6406)

  • When executing a playbook that contains multiple credentials in the job template, the correct error displays (AAP-5951)

  • Triggered notifications perform a POST request during job template runs as expected (AAP-5785)

  • Accessing the globally available execution environments no longer produces a 500 error or a 400 error while assigning the “Execution Environment Admin” permission to a user (AAP-2551)

  • The frequency of the scheduler now run ons the correct day of the week as specified by the user (AAP-11776)

  • Management jobs scheduled with a “days” parameter can now be edited (AAP-10338)

  • Disabled schedules no longer lose access to encrypted survey values (AAP-4501)

  • Fixed the date picker to no longer select dates in the past and prevent saving (AAP-4499)

  • Thycotic Secret Server credential type can now handle secret types such as SSH key or Digital Certificate in addition to just Password templates (AAP-11711 and AAP-11795)

  • Changing credential types using the dropdown list in the Launch prompt window no longer causes the screen to disappear (AAP-11444)

  • Fixed broken name search in the credentials step of ad-hoc commands and updated adhoc credentials search queries to include icontains (AAP-9668)

  • Missing Vault ID in the credential edit form no longer prevents vault credential to update properly (AAP-11438)

  • Viewing job details of a job template that has been deleted no longer displays an error (AAP-7236)

  • Variables in the controller UI can now be edited in YAML format (AAP-5540)

  • The login form no longer supports auto-complete on the password field due to security concerns (AAP-5437)

  • Corrected the behavior of the controller UI to no longer display the “waiting” status while a job is running (AAP-5273)

  • The controller now tolerates resume streaming stdout from job execution container after being disconnected from Kubernetes API server (AAP-5116)

  • Corrected broken docs link in the controller UI during product registration (AAP-4903)

  • The job output in the controller UI is now updating correctly despite to gap between API-loaded job events and WS-streamed events (AAP-4730)

Deprecations

Removals

  • Removed auto-complete for fields in the controller UI to prevent exposing sensitive information (AAP-8543)

Automation Controller Version 4.3.19

Automation Controller fixes:

  • Provided a way to configure custom volume mounts on the PostgreSQL StatefulSet for AutomationController (AAP-18234)

  • Fixed a bug that prevented the dispatcher to exit when the database failed (AAP-17659)

Automation Controller Version 4.3.18

General fixes:

  • Operator no longer terminates the migrations when they take too long (AAP-17175)

  • Cleaned up SOS report passwords (AAP-17543)

Automation Controller Version 4.3.17

Automation Controller fixes:

  • Fixed the infra.controller_configuration collection (which uses ansible.controller collection) to no longer result in an HTTP 499 response when customers update their Ansible Automation Platform environment (AAP-17421)

Automation Controller Version 4.3.16

General Fixes

  • Added keepalive while doing pg_dump (AAP-17183)

  • Added background keepalive to awx-manage migrate (AAP-17175)

  • Added the pre-create event table partitions before database backup (AAP-12908)

  • Updated ansible-core to 2.14.11 (AAP-17008)

  • Updated receptor to 1.4.2 (AAP-17105)

Automation Controller fixes:

  • Updated Django version to address CVE-2023-41164 automation-controller: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri() (AAP-16194)

Automation Controller Version 4.3.15

Automation Controller fixes:

  • Fixed settings lookup to no longer leave some services in a supervisord FATAL, unresponsive, state (AAP-16461)

  • Replaced the SQL commands for creating a partition with the use of ATTACH PARTITION to avoid exclusive table lock on event tables (AAP-16349)

  • Fixed settings to allow simultaneous use of SOCIAL_AUTH_SAML_ORGANIZATION_ATTR and SOCIAL_AUTH_SAML_ORGANIZATION_MAP for a given organization (AAP-16184)

  • Updated filtering to allow returned JSON to a field specified by a new secret_field input to the Thycotic DevOps Secrets Vault credential plugin (AAP-15901)

Automation Controller Version 4.3.14

Automation Controller fixes:

  • Released Ansible Automation Platform 2.3 Component RPM for automation controller 4.3.14 (AAP-16020)

  • Fixed incorrect capacity for remote execution nodes when resource limits are set in OpenShift (AAP-15742)

Automation Controller Version 4.3.13

Automation Controller fixes:

  • Addressed CVE-2023-40267 for GitPython dependency (AAP-15504)

  • Fixed the deadlock on shutdown when Redis is unavailable (AAP-14217)

Automation Controller Version 4.3.12

Automation Controller fixes:

  • Fixed Ansible facts to retry saving to hosts if there is a database deadlock (AAP-15020)

  • Updated the server to look for secrets if data exists under the “data” key in the response from HashiCorp Vault Secret Lookup. Otherwise, it looks for these secrets as top-level keys (AAP-14947)

  • Interrupted jobs (like canceled jobs) no longer clear facts from hosts, when the job ran on an execution node (AAP-14879)

  • Applied environment variables from the setting AWX_TASK_ENV when running credential lookup plugins (AAP-14685)

  • Fixed unexpected error with adding a new host while using a license manifest with size 10 (AAP-14674)

  • Fixed the Trial toggle when using a license manifest file (AAP-14674)

  • The Add button on credentials is now accessible for users with correct permissions (AAP-14526)

  • Included stdout from health check in instance error text if available (AAP-10941)

Automation Controller Version 4.3.11

General Fixes

  • The Receptor has been updated to 1.4.1 (AAP-14641)

Automation Controller fixes:

  • Fixed an HTML injection flaw in the custom login info of the controller UI (CVE-2023-3971)

  • Fixed server error that occurs when deleting workflow jobs ran before event partitioning migration (AAP-7965)

  • Disabling or enabling a schedule no longer results in an erroneous 400 error (AAP-10943)

  • Changing credential types using the drop-down list in the Launch Prompt window no longer causes the screen to disappear (AAP-11443)

  • Fixed slow database UPDATE statements on job events table which could cause a task manager timeout (AAP-12585)

  • Adding new labels to a job through prompting now work as expected (AAP-14205)

  • Re-enabled Pendo support by providing the correct Pendo API key (AAP-14214)

  • Added rel="noopener noreferrer" to controller UI links that were missing it (AAP-14346)

  • Updated links to docs from the Subscriptions page to reflect only major version being used (AAP-14376)

  • Turned off auto-complete on remaining controller UI forms that were missing that attribute (AAP-14443)

Automation Controller Version 4.3.10

General Fixes

  • Added a new setting LOG_AGGREGATOR_ACTION_MAX_DISK_USAGE_GB to enable disk-assisted queuing of messages in rsyslog (AAP-12725)

  • Requests to HashiCorp Vault clusters will be retried if an HTTP 412 error is received from the HashiCorp Vault server instead of failing (AAP-13462)

  • Prevented project scm_type, along with other fields to revert back to default when not specified in a module of the ansible.controller collection (AAP-14100)

Automation Controller fixes:

  • Missing Vault ID in the credential edit form no longer prevents vault credential to update properly (AAP-11436)

  • The frequency of the scheduler now run ons the correct day of the week as specified by the user (AAP-11775)

  • Added awx-manage command to pre-create event table partitions to be used before backup (AAP-12906)

  • Improved filter experience in the controller UI for granting teams to access a resource by allowing by filtering of teams using partial names (AAP-13556)

  • Fixed the weekly rrule string without a BYDAY to no longer result in a TypeError in UI (AAP-13671)

Automation Controller Version 4.3.9

General Fixes

  • Added the ability to configure PostgreSQL keepalives settings to allow the dispatcher to reconnect and able to handle database failovers

  • Allow configuration of resource requirements for init containers (AAP-11896)

  • Added postgres_storage_class to the OpenShift UI and fixed PostgreSQL Storage requirements display (AAP-9040)

  • PGPASSWORD no longer displays in the process output when performing a backup (AAP-6041)

Automation Controller fixes:

  • The Days parameter in management jobs schedules can now be edited (AAP-10702)

  • Fixed an error message in the Host Event window when job event stdout is an array (AAP-10786)

  • Turned off login password auto-complete (AAP-10919)

  • Fixed an error that was shown to Org Admin users on the Instances list (AAP-11197)

  • Fixed incorrectly displayed workflow job within workflow approval details (AAP-11435)

  • Removed case-sensitive credential name search in ad-hoc commands prompts (AAP-11441)

  • Using the Back to list button now maintains previous search filters (AAP-11528)

  • Topology view and Instances are only available as options on the left navigation menu options to System Administrators and System Auditors (AAP-11586)

Automation Controller Version 4.3.8

General Fixes

  • Receptor TLS errors when run with FIPS enforced in the Operator (AAP-10174)

Automation Controller fixes:

  • Automation controller now requires git-core instead of git (AAP-10133)

Automation Controller Version 4.3.7

General Fixes

  • Nginx ssl_protocols now defaults to TLSv1.2 and is configurable (AAP-6920)

  • Added supervisor_start_retry_count for supervisord (AAP-8476)

  • Increased the HSTS duration to 2 years and is now configurable (AAP-9487)

  • Made client_max_body_size for controller nginx configurable at install time for the VM installer, and the Operator default value has been increased to 5 MB (AAP-9948)

Automation Controller fixes:

  • Manifest upload in the controller no longer fails when the manifest size is over 1MB (AAP-7169)

  • Fixed race condition with heartbeat and reaper logic (AAP-9828)

  • Fixed bug where users were unable to toggle variables between JSON and YAML in the UI (AAP-10541)

  • Reformatted the Backup CR and persistent volume claim (PVC) options on AutomationControllerRestore (AAP-9741)

  • Backup role now uses k8s_cp module to write large files (AAP-10307)

  • Backups on AAP Operator no longer fails when filesystem is ext4 (AAP-9250)

Automation Controller Version 4.3.6

Automation Controller fixes:

  • Allowed the CLI to export schedule fields when exporting job templates (AAP-8682)

  • Users logging in through LDAP are now properly mapped to teams based on their LDAP groups (AAP-9067)

  • Improved performance and properly updated job status for facts gathering to avoid missing facts (AAP-9144)

Automation Controller Version 4.3.5

Automation Controller fixes:

  • LDAP login no longer adds or removes a user from any team in the system with the same name as the LDAP team being managed (AAP-8063)

  • Updated Django, GitPython and Wheel in virtual environments (AAP-8551)

  • LDAP Adapter now respects remove flag in configuration (AAP-8696)

  • Performance has been improved for SAML configuration (AAP-4671)

Automation Controller UI fixes:

  • Fixed a bug where the date picker would select dates in the past and prevent saving (AAP-4499)

  • Workflow Approve/Deny bulk actions were added back to Workflow Approvals list (AAP-8384)

  • UI no longer shows ‘TypeError’ error message when a task in Job Output console is clicked on running jobs (AAP-8409)

  • Fixed duplicate key value errors to properly produce job stdout while launching a job template (AAP-8880)

  • Navigating to an instance in an instance group’s list no longer produces a 404 error

Automation Controller Version 4.3.4

Automation Controller fixes:

  • Starting the application no longer results in ‘listener_port’ not-null constraint violation error (AAP-8096)

  • Shell escaping no longer produces special characters in the Administrator password (AAP-7972)

Automation Controller Version 4.3.3

Automation Controller fixes:

  • Accessing execution environments functions as expected when upgrading from Ansible Tower 3.x (AAP-2551)

  • Updated the receptor to 1.3.0-3 to avoid replacing receptor.conf on upgrade (AAP-7938)

Automation Controller UI fixes:

  • The Save button now responds appropriately on the Job Settings page (AAP-7757)

Automation Controller Version 4.3.2

Automation Controller UI fixes:

  • Fixed the Job Template Launch page to no longer result in a ‘Not Found’ error when choosing credentials (AAP-7507)

Automation Controller Version 4.3.1

Automation Controller fixes:

  • Fixed issue upgrading to Ansible Automation Platform 2.3 (AAP-7353)

Automation Controller UI fixes:

  • The Hosts Automated field on the Subscriptions Detail page is now correctly translated

Automation Controller Version 4.3

New Features

  • Added the ability for control nodes to peer out to remote execution nodes (on a Kubernetes deployment only)

  • Introduced peers detail tab for instances

  • Introduced the ability to create and remove instances in the controller UI

  • Updated nodes/links in the Topology Viewer of the controller UI to support new states

  • Enabled health checks to be run on remote execution nodes on a Kubernetes deployment

  • Added the ability for Kubernetes users to create instance groups

  • Added project/playbook signature verification functionality to the controller, enabling users to supply a GPG key and add a content signing credential to a project, automatically enabling content signing for that project

  • Introduced ansible-sign, a content signing and verification utility that provides a unified way to sign content across the Ansible eco-system

  • Support for schedules with the awx-cli import and awx-cli export features

  • Surfaced database connections in /api/v2/metrics

Additions

  • Topology viewer now shows new node and link states

  • Mesh topology shows directionality of links between nodes

  • The ability to pass variable value from a nested workflow job template to a job template or workflow job template using the set_stats module

  • Added Prompt on Launch options on all parameters of the job template and workflow job templates

  • Added Job and Skip tags on workflow job templates and accompanying Prompt on Launch options

  • Configurable timeout settings for the receptor

  • Added missing security headers to application URLs

  • Metrics added for Support Engineers and customers to analyze, problem solve performance-related issues with lags in job events

  • The controller now polls the job endpoint to determine exactly when events are done processing and the UI displays a message when it has finished processing events for the job

  • Include forks on job and/or job template data for Automation Analytics

  • Forks information no longer missing in running job details

  • Schedules now allow date exceptions

  • Optimized/cache information about preferred instance groups

  • Control for capacity decisions and task worker availability

  • Survey wizard now handles multiple choice/multi-select question-answers in both array and string form (formerly only strings were supported)

  • Surveys can now auto-complete in multiple choice input fields

  • Added options for setting the priority class on the control plane and PostgreSQL pods

  • Subscription Details indicating whether the customer is in or out-of-compliance with their subscriptions

  • Added the ability for Receptor Ansible collection to provision receptor node(s)

  • Added the ability to deprovision external execution nodes

  • Added playbook with all the required variables for provisioning new remote execution nodes

  • Pop-up help text added to Details fields of job templates, workflow job templates, credentials, projects, inventories, hosts, organizations, users, credential types, notifications, instance groups, applications, and execution environments

  • Extra variables added to workflow approval notifications

Updates or Fixes

  • Topology Viewer links, nodes, legend, list view “Status” updated to reflect new states

  • Updated the Topology viewer to show more node detail

  • Topology Viewer no longer fails to populate when launched

  • Updated the controller to handle asynchronous health checks on an instance

  • Nodes are now moved to a deprovisioning state when removing from the controller UI

  • Increased the number of allowed characters for the job_tags (Job Tags field) in a template

  • Job schedules are no longer missing from the Schedules view when sorting by type

  • Schedules now prompting for job or skip tags

  • Browser timezone automatically set as default when creating a schedule

  • Fixed issue with adding a schedule to an inventory source

  • LDAP / LDAPS connections no longer stay open after a user has logged out

  • Refactored LDAP backend to be more efficient, including reduced initial login time after increasing list of LDAP mappings

  • Job launch failure error now contains more succinct and informative messaging in the event that content signature validation fails

  • Users with Admin permissions on a workflow are able to assign an inventory to the workflow job template

  • Approval node toolbar buttons updated to improve the Workflow approval user experience

  • Workflow approval templates are now exportable

  • Admin users can now copy a workflow job template

  • Node rejoins cluster as expected after connection to PostgreSQL is lost

  • Workflow or sliced jobs no longer blocked or fails when ran

  • Sliced jobs no longer produce 500 errors when performing a GET operation while launching more than 500 slices

  • Jobs no longer fails if Job Slicing and Fact Storage are enabled together

  • Adhoc command jobs no longer result in error when ran

  • Fixed error that resulted from relaunching an adhoc command with password

  • Advanced search updated to only allow users to select valid or logical match types to avoid unnecessary 500 errors

  • Included updates and enhancements to improve performance associated with the Task Manager in the handling of scaling jobs, mesh and cluster sizes

  • Job output performance improvements

  • Job output screen user experience improvements

  • Job timeout details showing in the Job Output as expected

  • Job Settings page updated to no longer produce 404 errors and other various warnings

  • First Run / Next Run values of the job schedule fixed to no longer change to one day before the date entered in the Edit/Add page of the schedule settings

  • Job template with concurrent jobs launches as expected if capacity allows the controller to run more jobs

  • awx-cli import and awx-cli export now produce an error message and provide appropriate exit codes when an imported or exported operation fails

  • Default cleanup schedules no longer only run once

  • Updated SAML adapter to not remove System Administrator and System Auditor flags

  • Lookup modals refresh when opened

  • Twilio notifications can now be sent from the controller from behind a proxy

  • Custom credential type creation works as expected

  • Updated strings for translation

  • The Demo Project will now initially show a status of “successful” and will not update on launch, whereas before it showed “never updated” and updated on launch

  • Inventory updates based on an SCM source now provides the revision of the project it used

  • Removing hosts from inventories no longer fails with “Out of Shared Memory” error

  • Manually gathering analytics from CLI no longer results in a unicode error

  • Filter websockets related to sync jobs on jobs list(s) when refreshed, these jobs will be filtered again from the Jobs view

  • The GOOGLE_APPLICATION_CREDENTIALS environment variable is now being set from a Google Compute Engine (GCE) credential type

  • Fixes some stability issues with ansible-runner worker processes and related logging slowdowns in the Dispatcher task processing

Deprecations

None in this release.

Removals

  • Removed the Update on Project Update field (update_on_project_update) in projects. This is intended to be replaced by ordinary “Update on Launch” behavior, because they chain from inventory to project. So if this option was previously set on the inventory source, it is recommended that both inventory and project are set to “Update on Launch”.

  • The Credential Permissions page no longer allows Credential Admin or Org Admins to manage access operations for a credential that does not belong to any organization

  • Fallback behavior removed when an instance group is defined on a job template or inventory

Automation Controller Version 4.2.1

Automation Controller fixes:

  • Node alias is now saved when job template is changed in the workflow

  • Improved error messages in the API job_explanation field for specific error scenarios, (e.g., runner worker process is killed), or certain failure scenarios (e.g., shutdown)

  • Fixed the Task Manager to fully account for the job’s control process capacity for jobs running in container groups

  • Fixed a few bugs that caused delays in task processing by adding the following file-based settings:
    • JOB_WAITING_GRACE_PERIOD increases the threshold for marking jobs stuck in the “waiting” status as failed

    • CLUSTER_NODE_MISSED_HEARTBEAT_TOLERANCE to allow the heartbeat to be more tolerant to clock skew and other problems

    • K8S_POD_REAPER_GRACE_PERIOD to allow more time before pod cleanup executes its last attempt to delete pods used by jobs

    • TASK_MANAGER_TIMEOUT to allow more time in the unlikely event that the Task Manager fails to finish normally

  • Jobs no longer fail for nested submodules in an SCM (git) project and the .git folder will be omitted

  • Added more logs to help debug database connectivity problems and cluster resource limits

  • Removed the current_user cookie which was not used by the UI

  • Updated controller to send FQCN data for tasks to analytics

  • Fixed the metrics endpoint (/api/v2/metrics) to no longer produce erroneous 500 errors

  • Added remove_superuser and remove_system_auditors to the SAML user attribute map

  • Added the ability to allow multiple values in the SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR.is_*_[value|role] settings

  • Unwanted Galaxy credentials are no longer added to the Organization while logging in through SAML

  • awx-cli now allows for multiple --extra_vars parameters

  • Receptor no longer fails in FIPS mode

  • If an OCP node’s record is deleted (either by the awx-manage command or by the heartbeat task), it will re-register itself

  • Upgrading and changing node_type from execution to control or hybrid no longer causes cleanup errors

Execution Environment fixes:

None for this release

Automation Controller UI fixes:

  • The controller UI properly displays job output when strategy: free is set in the playbook

  • Fixed the pagination displays within the main lists, i.e., Resources (Job Templates, Projects, Inventory), Access (Organization, Users, Teams, Notifications), and Administration (Instance Groups, Execution Environments)

  • Fixed the Job Output to properly follow and scroll; and improved the Page Up/Page Down button behavior

  • Fixed the controller UI to now be able to filter by multiple labels

  • Large workflow templates no longer cause browsers to crash when linking nodes near the end of the template

  • Fixed the approval node “Deny” to no longer run the subsequent workflow nodes

  • Forks information no longer missing in running job details

  • Upon saving a schedule, the date chooser no longer changes to the day before the selected date

  • References to Ansible Tower are replaced with Automation Controller throughout the UI, including tooltips where documentation is referenced

  • Corrected translations for the Japanese Subscription settings screen

Installation fixes specific to Automation Controller:

None for this release

Automation Controller Version 4.2

Introduced

  • Graphical visualization of the automation topology to show the types of nodes, the links between them and their statuses

Added

  • For VM-based installs, the controller will now automatically mount the system trust store in execution environments when jobs run

  • Log Format For API 4XX Errors field to the Logging settings form to allow customization of 4xx error messages that are produced when the API encounters an issue with a request

  • Ability to use labels with inventory

  • Ability to flag users as superusers and auditors in SAML integration

  • Support for expanding and collapsing plays and tasks in the job output UI

  • Filtering job output UI by multiple event types

  • Various default search filters to a number of list views

  • Top-level list of instances to now be visible in the UI

  • A pop-up message when a user copies a resource

  • Job Templates tab to Credentials and Inventories to view all the templates that use that particular credential or inventory

Updated

  • Controller to use Python 3.9

  • Django’s SESSION_COOKIE_NAME setting to a non-default value. Note, any external clients that previously used the sessionid cookie will need to change. Refer to Session Authentication for more detail.

  • Controller to support podman-style volume mount syntax in the Paths to expose to isolated jobs field of the Jobs Settings of the UI

  • Isolated path to be exposed in OCP/K8s as HostPath

  • Upgraded Django from version 2.2 to 3.2

  • Modified usage of ansible_facts on Advanced Search to add more flexibility to the usage of ansible_facts when creating a smart inventory

  • The controller node for a job running on an execution node now incurs a penalty of 1 unit of capacity to account for the system load that controlling a job incurs. This can be adjusted with the file-based setting AWX_CONTROL_NODE_TASK_IMPACT.

  • Project updates to always run in the controlplane instance group

  • Slack notifications to allow replying to a thread instead of just channels

  • UI performance to improve job output

  • Job status icons to be more accessible

  • Display of only usable inventories when launching a job

  • Browser tab to show more information about which page the user is currently viewing

  • Controller to now load variables after job template extra variables to prevent overriding the meta variables injected into each job run

Deprecated

  • The concept of “committed capacity” from Instance Groups due to the removal of RabbitMQ

  • Inventory source option to Update on project update - this field updates the inventory source if its project pulled a new revision. In the future, when updating an inventory source, the controller shall automatically run project updates if the project itself is set to Update on launch.

Removed

  • Case sensitivity around hostcount

Automation Controller fixes:

  • When setting the use role on a credential to more than 10 users, users are no longer added on different admin roles unexpectedly

  • Fixed the fallback cleanup task to not delete files in-use

  • Updated inventory hosts to allow editing when organization is at max host limit

  • Enabled job slicing with fact caching now correctly saves facts for hosts from the relevant slice

  • No longer validating hostnames when editing the hostname on an existing host

Execution Environment fixes:

  • Fixed jobs stuck in running when timing out during an image pull

Automation Controller UI fixes:

  • Fixed list search/pagination filters in place when clicking the Back to <N> button. Applies to all top-level list pages except the Schedules page.

  • Updated Subscription and inventory usage details, including a status indicating whether the customer is in or out-of-compliance with their subscriptions

  • Survey wizard now handles multiple choice/multi-select question-answers in both array and string form (formerly only strings were supported)

  • Fixed error that resulted from relaunching an adhoc command with password

  • Updated filter websockets related to sync jobs on jobs list(s) that when refreshed, these jobs will be filtered again from the Jobs view

  • Added validation for same start/end day different time schedules

Automation Controller Version 4.1.3

Automation Controller fixes:

  • Receptor no longer fails in FIPS mode

  • Added the ability to exit gracefully and recover quickly when a service in the control plane crashes

  • The create_partition method will skip creating a table if it already exists

  • Having logging enabled no longer breaks migrations if the migration sends logs to an external aggregator

  • Fixed the metrics endpoint (/api/v2/metrics) to no longer produce erroneous 500 errors

Execution Environment fixes:

  • Enhanced the execution environment copy process to reduce required space in the /tmp directory

  • Allowed execution environment images to be pulled from automation controller only

  • Added the ansible-builder-rhel8 image to the setup bundle

  • Modified base execution environment images so that controller backups can run in the container

Automation Controller UI fixes:

  • Upon saving a schedule, the date chooser no longer changes to the day before the selected date

  • Fixed the ability to create manual projects in Japanese and other supported non-English languages

  • Forks information no longer missing in running job details

  • Project selected for deletion is now removed as expected when running a project sync

  • The Admin option in the Team Permissions is now disabled so that a user cannot select it when it is not applicable to the available organization(s)

  • Large workflow templates no longer cause browsers to crash when linking nodes near the end of the template

  • References to Ansible Tower are replaced with Automation Controller throughout the UI, including tooltips where documentation is referenced

Installation fixes specific to Automation Controller:

  • Updated the Receptor to 1.2.3 everywhere as needed

Automation Controller Version 4.1.2

Automation Controller fixes:

  • Upgraded Django version to 3.2 LTS

  • System (management) jobs are now able to be canceled

  • Rsyslog no longer needs manual intervention to send out logs after hitting a 40x error

  • Credential lookup plugins now respect the AWX_TASK_ENV setting

  • Fixed the controller to list valid subscriptions from Satellite when having multiple quantities from the same SKU

  • Updated Receptor version to 1.2.1, which includes several fixes

Execution Environment fixes:

  • The host trusted cert store is now exposed to execution environments by default. See Isolation functionality and variables for detail.

  • Mounting the /etc/ssh or /etc/ to isolated jobs now works in podman

  • User customization of execution environment mount options and mount paths are now supported

  • Fixed SELinux context on /var/lib/awx/.local/share/containers and ensure awx as podman storage

  • Fixed failures to no longer occur when the semanage fcontext has been already set for the expected directory

Automation Controller UI fixes:

  • Fixed the ability to create manual projects in Japanese and other suppported non-English languages

  • Fixed the controller UI to list the roles for organizations when using non-English web browsers

  • Fixed the job output to display all job type events, including source control update events over websockets

  • Fixed the TypeError when running a command on a host in a smart inventory

  • Fixed the encrypted password in surveys to no longer show up as plaintext in the Edit Order page

Installation fixes specific to Automation Controller:

  • Fixed duplicate Galaxy credentials with no default organization

  • Running the ./setup.sh -b out of the installer directory no longer fails to load group vars

  • The installer no longer fails when IPV6 is disabled

  • Fixed unnecessary become_user:root entries in the installation

  • Modified database backup and restore logic to compress dump data

  • Creating default execution environments no longer fails when password has special characters

  • Fixed installations of execution environments when installing without internet access

  • Upgrading to AAP 2.1 no longer breaks when the Django superuser is missing

  • Rekey now allowed with existing key

Automation Controller Version 4.1.1

  • Added the ability to specify additional nginx headers

  • Fixed analytics gathering to collect all the data the controller needed to collect

  • Fixed the controller to no longer break subsequent installer runs when deleting the demo organization

Automation Controller Version 4.1

Introduced

  • Connected Receptor nodes to form a control plane and execution mesh configurations

  • The special controlplane instance group to allow for the task manager code to target an OpenShift Controller node to run the project update

  • The ability to render a configured mesh topology in a graph in the installer

  • Controller 4.1 execution nodes can be remote

  • Node types for Controller 4.1 (control, hybrid, execution, hop, control, hybrid, execution, hop) installed for different sets of services and provide different capabilities, allowing for scaling nodes that provide the desired capability such as job execution or serving of web requests to the API/UI.

Added

  • The ability for the platform installer to allow users to install execution nodes and express receptor mesh topology in the inventory file. The platform installer will also be responsible for deprovisioning nodes.

  • Work signing to the receptor mesh so that control plane nodes have the exclusive authority to submit receptor work to execution nodes over the mesh

  • Support for pre-population of execution environment name, description, and image from query parameters when adding a new execution environment in the Controller User Interface

  • Ability to trigger a reload of the topology configuration in Receptor without interrupting work execution

  • Using Public Key Infrastructure (PKI) for securing the Receptor mesh

  • Added importing execution environments from Automation Hub into the controller to improve the platform experience

Updated

  • The controller to support new controller control plane and execution mesh

  • Task manager will only run project updates and system jobs on nodes with node_type of “control” or “hybrid”

  • Task manager will only run jobs, inventory updates, and ad hoc commands on nodes with node_type of “hybrid” or “execution”

  • Heartbeat and capacity check to work with Receptor execution nodes

  • Reaper to work with the addition of execution nodes

  • Controller User Interface to not show control instances as an option to associate with instance groups

  • The Associate pop-up screen to display host names when adding an existing host to a group

  • Validators for editing miscellaneous authentication parameters

  • Advanced search key options to be grouped

  • SAML variables default values

  • Survey validation on Prompt on Launch

  • Login redirect

Deprecated

  • None

Removed

  • The ability to delete the default instance group through the User Interface

Automation Controller Version 4.0.1

  • Upgraded Django version to 3.2 LTS

  • Updated receptor to version 1.2.1

Automation Controller Version 4.0

Introduced

  • Support for automation execution environments. All automation now runs in execution environments via containers, either directly via OpenShift, or locally via podman

  • New PatternFly 4 based user-interface for increased performance, security, and consistency with other Ansible Automation Platform components

Added

  • Added identity provider support for GitHub Enterprise

  • Support for RHEL system crypto profiles to nginx configuration

  • The ability to disable local system users and only pull users from configured identity providers

  • Additional Prometheus metrics for tracking job event processing performance

  • New awx-manage command for dumping host automation information

  • Red Hat Insights as an inventory source

  • Ability to set server-side password policies using Django’s AUTH_PASSWORD_VALIDATORS setting

  • Support for Centrify Vault as a credential lookup plugin

  • Support for namespaces in Hashicorp Vault credential plugin

Updated

  • OpenShift deployment to be done via an Operator instead of a playbook

  • Python used by application to Python 3.8

  • Nginx used to version 1.18

  • PostgreSQL used to PostgreSQL 12, and moved to partitioned databases for performance

  • The “container groups” feature to general availability from Tech Preview; now fully utilizes execution environments

  • Insights remediation to use new Red Hat Insights inventory source rather than utilizing scan playbooks with arbitrary inventory

  • Subscriptions display to count hosts automated on instead of hosts imported

  • Inventory source, credential, and Ansible content collection to reference controller instead of tower

Deprecated

  • None

Removed

  • Support for isolated nodes

  • Support for deploying on CentOS (any version) and RHEL 7

  • Support for Mercurial projects

  • Support for custom inventory scripts stored in controller (use awx-manage export_custom_scripts to export them)

  • Resource profiling code (AWX_RESOURCE_PROFILING_*)

  • Support for custom Python virtual environments for execution. Use new awx-manage tools for assisting in migration

  • Top-level /api/v2/job_events/ API endpoint

  • The ability to disable job isolation