- Fixed threading bug that would sometimes cause jobs to randomly fail (ansible#10537)
- Fixed race where app would crash when postgres is not available (ansible#10583)
- Add support for workflow node aliasing via identifier field (ansible#10592)
- Add UI support for management jobs in workflows (ansible#10572)
- Show PAT as part of bulk delete list (ansible#10794)
- Return 404 for ad_hoc_command_events list api. Remove api endtpoint (ansible#10716)
- Fix multiple accessibility violations (ansible#10713)
- Fix ignoring --no-color for awx-manage list_instances command (ansible#10668)
- Fix to handle ask_* parameters correctly when set false (ansible#10108)
- Default source_project to organization for inventory source (ansible#10573)
- Fix headers missing in webhook notification request (ansible#10566)
- Avoid double LDAP updates (ansible#9703)
- introduced a pre-flight check for postgres 12 (ansible#10425)
- Fix Job Settings Page Break on Firefox (ansible#10523)
- bumped django version to 2.2.20 (ansible#10564)
- Add Thycotic SecretServer support (ansible#10632)
- Fixed bug where symlinks pointing to directories were not preserved (ansible/ansible-runner#736)
- Various bugfixes found during testing (ansible#10532)
- There are now 2 default Instance Groups: 'controlplane' and 'default' (ansible#10324)
- Removed deprecated modules:
tower_send
,tower_receive
,tower_workflow_template
(ansible#9980) - Improved UI performance when a large amount of events are being emitted by jobs (ansible#10053)
- Settings UI Revert All button now issues a DELETE instead of PATCHing all fields (ansible#10376)
- Fixed a bug with the schedule date/time picker in Firefox (ansible#10291)
- UI now preselects the system default Galaxy credential when creating a new organization (ansible#10395)
- Added favicon (ansible#10388)
- Removed
not
option from smart inventory host filter search as it's not supported by the API (ansible#10380) - Added button to allow user to refetch project revision after project sync has finished (ansible#10334)
- Fixed bug where extraneous CONFIG requests were made on logout (ansible#10379)
- Fixed bug where users were unable to cancel inventory syncs (ansible#10346)
- Added missing dashboard graph filters (ansible#10349)
- Added support for typing in to single select lookup form fields (ansible#10257)
- Fixed various bugs related to user sessions (ansible#9908)
- Fixed bug where sorting in modals would close the modal (ansible#10215)
- Added support for Red Hat Insights as an inventory source (ansible#8650)
- Fixed bugs when selecting items in a list then sorting/paginating (ansible#10329)
- Fixed race condition that would sometimes cause jobs to error out at the very end of an otherwise successful run (ansible/receptor#328)
- Fixes bug where users were unable to click on text next to checkboxes in modals (ansible#10279)
- Have the project update playbook warn if role/collection syncing is disabled. (ansible#10068)
- Move irc references to point to irc.libera.chat (ansible#10295)
- Fixes bug where activity stream changes were displaying as [object object] (ansible#10267)
- Update awxkit to enable export of Galaxy credentials associated to organizations (ansible#10271)
- Bump receptor and receptorctl versions to 1.0.0a2 (ansible#10261)
- Add the ability to disable local authentication (ansible#10102)
- Show error if no Execution Environment is found on project sync/job run (ansible#10183)
- Allow for editing and deleting managed_by_tower EEs from API/UI (ansible#10173)
- Custom inventory scripts have been removed from the API ansible#9822
- Old scripts can be exported via
awx-manage export_custom_scripts
- Old scripts can be exported via
- Fixed a bug where ad-hoc commands targeted against multiple hosts would run against only 1 host ansible#9973
- AWX will now look for a top-level requirements.yml when installing collections / roles in project updates ansible#9945
- Improved error handling when Container Group pods fail to launch ansible#10025
- Added ability to set server-side password policies using Django's AUTH_PASSWORD_VALIDATORS setting ansible#9999
- Bumped versions of Ansible Runner & AWX EE ansible#10013
- If you have built any custom EEs on top of awx-ee 0.1.0, you will need to rebuild on top of 0.2.0.
- Remove legacy resource profiling code ansible#9883
- AWX now runs on Python 3.8 (ansible#8778)
- Fixed inventories-from-projects when running in Kubernetes (ansible#9741)
- Fixed a bug where a slash was appended to invetory file paths in UI dropdown (ansible#9713)
- Fix a bug with large file parsing in project sync (ansible#9627)
- Fix k8s credentials that use a custom ca cert (ansible#9744)
- Fix a bug that allowed a user to attempt deleting a running job (ansible#9758)
- Fixed the Kubernetes Pod reaper to properly delete Pods launched by Receptor (ansible#9819)
- AWX Collection Modules: added ability to set instance groups for organization, job templates, and inventories. (ansible#9804)
- Fixed CSP violation errors on job details and job settings views (ansible#9818)
- Added support for convergence any/all on workflow nodes (ansible#9737)
- Fixed race condition that causes InvalidGitRepositoryError (ansible#9754)
- Added support for Execution Environments to the Activity Stream (ansible#9308)
- Fixed a bug that improperly formats OpenSSH keys specified in custom Credential Types (ansible#9361)
- Fixed an HTTP 500 error for unauthenticated users (ansible#9725)
- Added subscription wizard: ansible#9496
IMPORTANT INSTALL AND UPGRADE NOTES
Starting in version 18.0, the AWX Operator is the preferred way to install AWX: https://github.com/ansible/awx/blob/devel/INSTALL.md#installing-awx
If you have a pre-existing installation of AWX that utilizes the Docker-based installation method, this install method has ** notably changed** from 17.x to 18.x. For details, please see:
- https://groups.google.com/g/awx-project/c/47MjWSUQaOc/m/bCjSDn0eBQAJ
- https://github.com/ansible/awx/blob/devel/tools/docker-compose
- https://github.com/ansible/awx/blob/devel/tools/docker-compose/docs/data_migration.md
After a herculean effort from a number of contributors, we're excited to announce that AWX 18.0.0 introduces a new concept called Execution Environments.
Execution Environments are container images which consist of everything necessary to run a playbook within AWX, and which drive the entire management and lifecycle of playbook execution runtime in AWX: ansible#5157. This means that going forward, AWX no longer utilizes the bubblewrap project for playbook isolation, but instead utilizes a container per playbook run.
Much like custom virtualenvs, custom Execution Environments can be crafted to specify additional Python or system-level dependencies. Ansible Builder outputs images you can upload to your registry which can then be defined in AWX and utilized for playbook runs.
To learn more about Ansible Builder and Execution Environments, see: https://www.ansible.com/blog/introduction-to-ansible-builder
- Removed
installer
directory.- The Kubernetes installer has been removed in favor of AWX Operator. Official images for Operator-based installs are no longer hosted on Docker Hub, but are instead available on Quay.
- The "Local Docker" install method has been removed in favor of the development environment. Details can be found at: https://github.com/ansible/awx/blob/devel/tools/docker-compose/README.md
- Removal of custom virtual environments ansible#9498
- Custom virtual environments have been replaced by Execution Environments ansible#9570
- The default Container Group Pod definition has changed. All custom Pod specs have been reset. https://github.com/ansible/awx/commit/05ef51f710dad8f8036bc5acee4097db4adc0d71
- Added user interface for the activity stream: ansible#9083
- Converted many of the top-level list views (Jobs, Teams, Hosts, Inventories, Projects, and more) to a new, permanent table component for substantially increased responsiveness, usability, maintainability, and other 'ility's: ansible#8970, ansible#9182 and many others!
- Added support for Centrify Vault (https://www.centrify.com) as a credential lookup plugin (ansible#9542)
- Added support for namespaces in Hashicorp Vault credential plugin (ansible#9590)
- Added click-to-expand details for job tables
- Added search filtering to job output ansible#9208
- Added the new migration, update, and "installation in progress" page ansible#9123
- Added the user interface for job settings ansible#8661
- Runtime errors from jobs are now displayed, along with an explanation for what went wrong, on the output page ansible#8726
- You can now cancel a running job from its output and details panel ansible#9199
- Fixed a bug where launch prompt inputs were unexpectedly deposited in the url: ansible#9231
- Playbook, credential type, and inventory file inputs now support type-ahead and manual type-in! ansible#9120
- Added ability to relaunch against failed hosts: ansible#9225
- Added pending workflow approval count to the application header ansible#9334
- Added user interface for management jobs: ansible#9224
- Added toast message to show notification template test result to notification templates list ansible#9318
- Replaced CodeMirror with AceEditor for editing template variables and notification templates ansible#9281
- Added support for filtering and pagination on job output ansible#9208
- Added support for html in custom login text ansible#9519
- Addressed a security issue in AWX (CVE-2021-20253)
- Fixed a bug permissions error related to redis in K8S-based deployments: ansible#9401
- Fixed pgdocker directory permissions issue with Local Docker installer: ansible#9152
- Fixed a bug in the UI which caused toggle settings to not be changed when clicked: ansible#9093
- AWX now requires PostgreSQL 12 by default: ansible#8943
Note: users who encounter permissions errors at upgrade time should
chown -R ~/.awx/pgdocker
to ensure it's owned by the user running the install playbook - Added support for region name for OpenStack inventory: ansible#5080
- Added the ability to chain undefined attributes in custom notification templates: ansible#8677
- Dramatically simplified the
image_build
role: ansible#8980 - Fixed a bug which can cause schema migrations to fail at install time: ansible#9077
- Fixed a bug which caused the
is_superuser
user property to be out of date in certain circumstances: ansible#8833 - Fixed a bug which sometimes results in race conditions on setting access: ansible#8580
- Fixed a bug which sometimes causes an unexpected delay in stdout for some playbooks: ansible#9085
- (UI) Added support for credential password prompting on job launch: ansible#9028
- (UI) Added the ability to configure LDAP settings in the UI: ansible#8291
- (UI) Added a sync button to the Project detail view: ansible#8847
- (UI) Added a form for configuring Google Outh 2.0 settings: ansible#8762
- (UI) Added searchable keys and related keys to the Credentials list: ansible#8603
- (UI) Added support for advanced search and copying to Notification Templates: ansible#7879
- (UI) Added support for prompting on workflow nodes: ansible#5913
- (UI) Added support for session timeouts: ansible#8250
- (UI) Fixed a bug that broke websocket streaming for the insecure ws:// protocol: ansible#8877
- (UI) Fixed a bug in the user interface when a translation for the browser's preferred locale isn't available: ansible#8884
- (UI) Fixed bug where navigating from one survey question form directly to another wasn't reloading the form: ansible#7522
- (UI) Fixed a bug which can cause an uncaught error while launching a Job Template: ansible#8936
- Updated autobahn to address CVE-2020-35678
- AWX now ships with a reimagined user interface. Please read this before upgrading: https://groups.google.com/g/awx-project/c/KuT5Ao92HWo
- Removed support for syncing inventory from Red Hat CloudForms - https://github.com/ansible/awx/commit/0b701b3b2
- Removed support for Mercurial-based project updates - ansible#7932
- Upgraded NodeJS to actively maintained LTS 14.15.1 - ansible#8766
- Added Git-LFS to the default image build - ansible#8700
- Added the ability to specify
metadata.labels
in the podspec for container groups - ansible#8486 - Added support for Kubernetes pod annotations - ansible#8434
- Added the ability to label the web container in local Docker installs - ansible#8449
- Added additional metadata (as an extra var) to playbook runs to report the SCM branch name - ansible#8433
- Fixed a bug that caused k8s installations to fail due to an incorrect Helm repo - ansible#8715
- Fixed a bug that prevented certain Workflow Approval resources from being deleted - ansible#8612
- Fixed a bug that prevented the deletion of inventories stuck in "pending deletion" state - ansible#8525
- Fixed a display bug in webhook notifications with certain unicode characters - ansible#7400
- Improved support for exporting dependent objects (Inventory Hosts and Groups) in the
awx export
CLI tool - https://github.com/ansible/awx/commit/607bc0788
- Added several optimizations to improve performance for a variety of high-load simultaneous job launch use cases ansible#8403
- Added the ability to source roles and collections from requirements.yaml files (not just requirements.yml) - ansible#4540
- awx.awx collection modules now provide a clearer error message for incompatible versions of awxkit - ansible#8127
- Fixed a bug in notification messages that contain certain unicode characters - ansible#7400
- Fixed a bug that prevents the deletion of Workflow Approval records - ansible#8305
- Fixed a bug that broke the selection of webhook credentials - ansible#7892
- Fixed a bug which can cause confusing behavior for social auth logins across distinct browser tabs - ansible#8154
- Fixed several bugs in the output of Workflow Job Templates using the
awx export
tool - ansible#7798 ansible#7847 - Fixed a race condition that can lead to missing hosts when running parallel inventory syncs - ansible#5571
- Fixed an HTTP 500 error when certain LDAP group parameters aren't properly set - ansible#7622
- Updated a few dependencies in response to several CVEs:
- CVE-2020-7720
- CVE-2020-7743
- CVE-2020-7676
- Added improved support for fetching Ansible collections from private Galaxy content sources (such as https://github.com/ansible/galaxy_ng) - ansible#7813 Note: as part of this change, new Organizations created in the AWX API will no longer automatically synchronize roles and collections from galaxy.ansible.com by default. More details on this change can be found at: ansible#8341 (comment)
- AWX now utilizes a version of certifi that auto-discovers certificates in the system certificate store - ansible#8242
- Added support for arbitrary custom inventory plugin configuration: ansible#5150
- Added an optional setting to disable the auto-creation of organizations and teams on successful SAML login. - ansible#8069
- Added a number of optimizations to AWX's callback receiver to improve the speed of stdout processing for simultaneous playbooks runs - ansible#8193 ansible#8191
- Added the ability to use
!include
and!import
constructors when constructing YAML for use with the AWX CLI - ansible#8135 - Fixed a bug that prevented certain users from being able to edit approval nodes in Workflows - ansible#8253
- Fixed a bug that broke password prompting for credentials in certain cases - ansible#8202
- Fixed a bug which can cause PostgreSQL deadlocks when running many parallel playbooks against large shared inventories - ansible#8145
- Fixed a bug which can cause delays in AWX's task manager when large numbers of simultaneous jobs are scheduled - ansible#7655
- Fixed a bug which can cause certain scheduled jobs - those that run every X minute(s) or hour(s) - to fail to run at the proper time - ansible#8071
- Fixed a performance issue for playbooks that store large amounts of data using the
set_stats
module - ansible#8006 - Fixed a bug related to AWX's handling of the auth_path argument for the HashiVault KeyValue credential plugin - ansible#7991
- Fixed a bug that broke support for Remote Archive SCM Type project syncs on platforms that utilize Python2 - ansible#8057
- Updated to the latest version of Django Rest Framework to address CVE-2020-25626
- Updated to the latest version of Django to address CVE-2020-24583 and CVE-2020-24584
- Updated to the latest verson of channels_redis to address a bug that slowly causes Daphne processes to leak memory over time - django/channels_redis#212
- AWX images can now be built on ARM64 - ansible#7607
- Added the Remote Archive SCM Type to support using immutable artifacts and releases (such as tarballs and zip files) as projects - ansible#7954
- Deprecated official support for Mercurial-based project updates - ansible#7932
- Added resource import/export support to the official AWX collection - ansible#7329
- Added the ability to import YAML-based resources (instead of just JSON) when using the AWX CLI - ansible#7808
- Users upgrading from older versions of AWX may encounter an issue that causes their postgres container to restart in a loop (ansible#7854) - if you encounter this, bring your containers down and then back up (e.g.,
docker-compose down && docker-compose up -d
) after upgrading to 14.1.0. - Updated the AWX CLI to export labels associated with Workflow Job Templates - ansible#7847
- Updated to the latest python-ldap to address a bug - ansible#7868
- Upgraded git-python to fix a bug that caused workflows to sometimes fail - ansible#6119
- Worked around a bug in the channels_redis library that slowly causes Daphne processes to leak memory over time - django/channels_redis#212
- Fixed a bug in the AWX CLI that prevented Workflow nodes from importing properly - ansible#7793
- Fixed a bug in the awx.awx collection release process that templated the wrong version - ansible#7870
- Fixed a bug that caused errors rendering stdout that contained UTF-16 surrogate pairs - ansible#7918
- As part of our commitment to inclusivity in open source, we recently took some time to audit AWX's source code and user interface and replace certain terminology with more inclusive language. Strictly speaking, this isn't a bug or a feature, but we think it's important and worth calling attention to:
- Installing roles and collections via requirements.yml as part of Project Updates now requires at least Ansible 2.9 - ansible#7769
- Deprecated the use of the
PRIMARY_GALAXY_USERNAME
andPRIMARY_GALAXY_PASSWORD
settings. We recommend using tokens to access Galaxy or Automation Hub. - Added local caching for downloaded roles and collections so they are not re-downloaded on nodes where they are up to date with the project - ansible#5518
- Added the ability to associate K8S/OpenShift credentials to Job Template for playbook interaction with the
community.kubernetes
collection - ansible#5735 - Added the ability to include HTML in the Custom Login Info presented on the login page - ansible#7600
- Fixed https://access.redhat.com/security/cve/cve-2020-14327 - Server-side request forgery on credentials
- Fixed https://access.redhat.com/security/cve/cve-2020-14328 - Server-side request forgery on webhooks
- Fixed https://access.redhat.com/security/cve/cve-2020-14329 - Sensitive data exposure on labels
- Fixed https://access.redhat.com/security/cve/cve-2020-14337 - Named URLs allow for testing the presence or absence of objects
- Fixed a number of bugs in the user interface related to an upgrade of jQuery:
- Fixed a bug that caused the
-f yaml
flag of the AWX CLI to not print properly formatted YAML - ansible#7795 - Fixed a bug in the installer that caused errors when
docker_registry_password
was set - ansible#7695 - Fixed a permissions error that prevented certain users from starting AWX services - ansible#7545
- Fixed a bug that allows superusers to run unsafe Jinja code when defining custom Credential Types - ansible#7584
- Fixed a bug that prevented users from creating (or editing) custom Credential Types containing boolean fields - ansible#7483
- Fixed a bug that prevented users with postgres usernames containing uppercase letters from restoring backups succesfully - ansible#7519
- Fixed a bug which allowed the creation (in the Tower API) of Groups and Hosts with the same name - ansible#4680
- Added import and export commands to the official AWX CLI, replacing send and receive from the old tower-cli (ansible#6125).
- Removed scripts as a means of running inventory updates of built-in types (ansible#6911)
- Ansible 2.8 is now partially unsupported; some inventory source types are known to no longer work.
- Fixed an issue where the vmware inventory source ssl_verify source variable was not recognized (ansible#7360)
- Fixed a bug that caused redis' listen socket to have too-permissive file permissions (ansible#7317)
- Fixed a bug that caused rsyslogd's configuration file to have world-readable file permissions, potentially leaking secrets (CVE-2020-10782)
- Removed memcached as a dependency of AWX (ansible#7240)
- Moved to a single container image build instead of separate awx_web and awx_task images. The container image is just
awx
(ansible#7228) - Official AWX container image builds now use a two-stage container build process that notably reduces the size of our published images (ansible#7017)
- Removed support for HipChat notifications (EoL announcement); all previously-created HipChat notification templates will be deleted due to this removal.
- Fixed a bug which broke AWX installations with oc version 4.3 (ansible#6948)
- Fixed a performance issue that caused notable delay of stdout processing for playbooks run against large numbers of hosts (ansible#6991)
- Fixed a bug that caused CyberArk AIM credential plugin looks to hang forever in some environments (ansible#6986)
- Fixed a bug that caused ANY/ALL converage settings not to properly save when editing approval nodes in the UI (ansible#6998)
- Fixed a bug that broke support for the satellite6_group_prefix source variable (ansible#7031)
- Fixed a bug that prevented changes to workflow node convergence settings when approval nodes were in use (ansible#7063)
- Fixed a bug that caused notifications to fail on newer version of Mattermost (ansible#7264)
- Fixed a bug (by upgrading to 0.8.1 of the foreman collection) that prevented host_filters from working properly with Foreman-based inventory (ansible#7225)
- Fixed a bug that prevented the usage of the Conjur credential plugin with secrets that contain spaces (ansible#7191)
- Fixed a bug in awx-manage run_wsbroadcast --status in kubernetes (ansible#7009)
- Fixed a bug that broke notification toggles for system jobs in the UI (ansible#7042)
- Fixed a bug that broke local pip installs of awxkit (ansible#7107)
- Fixed a bug that prevented PagerDuty notifications from sending for workflow job template approvals (ansible#7094)
- Fixed a bug that broke external log aggregation support for URL paths that include the = character (such as the tokens for SumoLogic) (ansible#7139)
- Fixed a bug that prevented organization admins from removing labels from workflow job templates (ansible#7143)
- Inventory updates now use collection-based plugins by default (in Ansible 2.9+):
- amazon.aws.aws_ec2
- community.vmware.vmware_vm_inventory
- azure.azcollection.azure_rm
- google.cloud.gcp_compute
- theforeman.foreman.foreman
- openstack.cloud.openstack
- ovirt.ovirt_collection.ovirt
- awx.awx.tower
- Added support for Approle and LDAP/AD mechanisms to the Hashicorp Vault credential plugin (ansible#5076)
- Added Project (Domain Name) support for the OpenStack Keystone v3 API (ansible#6831)
- Added a new setting for raising log verbosity for rsyslogd (ansible#6818)
- Added the ability to monitor stdout in the CLI for running jobs and workflow jobs (ansible#6165)
- Fixed a bug which prevented the AWX CLI from properly installing with newer versions of pip (ansible#6870)
- Fixed a bug which broke AWX's external logging support when configured with HTTPS endpoints that utilize self-signed certificates (ansible#6851)
- Fixed a local docker installer bug that mistakenly attempted to upgrade PostgreSQL when an external pg_hostname is specified (ansible#5398)
- Fixed a race condition that caused task container crashes when pods are quickly brought down and back up (ansible#6750)
- Fixed a bug that caused 404 errors when attempting to view the second page of the workflow approvals view (ansible#6803)
- Fixed a bug that prevented the use of ANSIBLE_SSH_ARGS for ad-hoc-commands (ansible#6811)
- Fixed a bug that broke AWX installs/upgrades on Red Hat OpenShift (ansible#6791)
- Changed rsyslogd to persist queued events to disk (to prevent a risk of out-of-memory errors) (ansible#6746)
- Added the ability to configure the destination and maximum disk size of rsyslogd spool (in the event of a log aggregator outage) (ansible#6763)
- Added the ability to discover playbooks in project clones from symlinked directories (ansible#6773)
- Fixed a bug that caused certain log aggregator settings to break logging integration (ansible#6760)
- Fixed a bug that caused playbook execution in container groups to sometimes unexpectedly deadlock (ansible#6692)
- Improved stability of the new redis clustering implementation (ansible#6739 ansible#6720)
- Improved stability of the new rsyslogd-based logging implementation (ansible#6796)
- As of AWX 11.0.0, Kubernetes-based deployments use a Deployment rather than a StatefulSet.
- Reimplemented external logging support using rsyslogd to improve reliability and address a number of issues (ansible#5155)
- Changed activity stream logs to include summary fields for related objects (ansible#1761)
- Added code to more gracefully attempt to reconnect to redis if it restarts/becomes unavailable (ansible#6670)
- Fixed a bug that caused REFRESH_TOKEN_EXPIRE_SECONDS to not properly be respected for OAuth2.0 refresh tokens generated by AWX (ansible#6630)
- Fixed a bug that broke schedules containing RRULES with very old DTSTART dates (ansible#6550)
- Fixed a bug that broke installs on older versions of Ansible packaged with certain Linux distributions (ansible#5501)
- Fixed a bug that caused the activity stream to sometimes report the incorrect actor when associating user membership on SAML login (ansible#6525)
- Fixed a bug in AWX's Grafana notification support when annotation tags are omitted (ansible#6580)
- Fixed a bug that prevented some users from searching for Source Control credentials in the AWX user interface (ansible#6600)
- Fixed a bug that prevented disassociating orphaned users from credentials (ansible#6554)
- Updated Twisted to address CVE-2020-10108 and CVE-2020-10109.
- As of AWX 10.0.0, the official AWX CLI no longer supports Python 2 (it requires at least Python 3.6) (ansible#6327)
- AWX no longer relies on RabbitMQ; Redis is added as a new dependency (ansible#5443)
- Altered AWX's event tables to allow more than ~2 billion total events (ansible#6010)
- Improved the performance (time to execute, and memory consumption) of the periodic job cleanup system job (ansible#6166)
- Updated Job Templates so they now have an explicit Organization field (it is no longer inferred from the associated Project) (ansible#3903)
- Updated social-auth-core to address an upcoming GitHub API deprecation (ansible#5970)
- Updated to ansible-runner 1.4.6 to address various bugs.
- Updated Django to address CVE-2020-9402
- Updated pyyaml version to address CVE-2017-18342
- Fixed a bug which prevented the new
scm_branch
field from being used in custom notification templates (ansible#6258) - Fixed a race condition that sometimes causes success/failure notifications to include an incomplete list of hosts (ansible#6290)
- Fixed a bug that can cause certain setting pages to lose unsaved form edits when a playbook is launched (ansible#5265)
- Fixed a bug that can prevent the "Use TLS/SSL" field from properly saving when editing email notification templates (ansible#6383)
- Fixed a race condition that sometimes broke event/stdout processing for jobs launched in container groups (ansible#6280)
- Added the ability to specify an OAuth2 token description in the AWX CLI (ansible#6122)
- Added support for K8S service account annotations to the installer (ansible#6007)
- Added support for K8S imagePullSecrets to the installer (ansible#5989)
- Launching jobs (and workflows) using the --monitor flag in the AWX CLI now returns a non-zero exit code on job failure (ansible#5920)
- Improved UI performance for various job views when many simultaneous users are logged into AWX (ansible#5883)
- Updated to the latest version of Django to address a few open CVEs (ansible#6080)
- Fixed a critical bug which can cause AWX to hang and stop launching playbooks after a periodic of time (ansible#5617)
- Fixed a bug which caused delays in project update stdout for certain large SCM clones (as of Ansible 2.9+) (ansible#6254)
- Fixed a bug which caused certain smart inventory filters to mistakenly return duplicate hosts (ansible#5972)
- Fixed an unclear server error when creating smart inventories with the AWX collection (ansible#6250)
- Fixed a bug that broke Grafana notification support (ansible#6137)
- Fixed a UI bug which prevent users with read access to an organization from editing credentials for that organization (ansible#6241)
- Fixed a bug which prevent workflow approval records from recording a
started
andelapsed
date (ansible#6202) - Fixed a bug which caused workflow nodes to have a confusing option for
verbosity
(ansible#6196) - Fixed an RBAC bug which prevented projects and inventory schedules from being created by certain users in certain contexts (ansible#5717)
- Fixed a bug that caused
role_path
in a project's config to not be respected due to an error processing/etc/ansible/ansible.cfg
(ansible#6038) - Fixed a bug that broke inventory updates for installs with custom home directories for the awx user (ansible#6152)
- Fixed a bug that broke fact data collection when AWX encounters invalid/unexpected fact data (ansible#5935)
- Added the ability to configure the convergence behavior of workflow nodes ansible#3054
- AWX now allows for a configurable global limit for fork count (per-job run). The default maximum is 200. ansible#5604
- Added the ability to specify AZURE_PUBLIC_CLOUD (for e.g., Azure Government KeyVault support) for the Azure credential plugin ansible#5138
- Added support for several additional parameters for Satellite dynamic inventory ansible#5598
- Added a new field to jobs for tracking the date/time a job is cancelled ansible#5610
- Made a series of additional optimizations to the callback receiver to further improve stdout write speed for running playbooks ansible#5677 ansible#5739
- Updated AWX to be compatible with Helm 3.x (ansible#5776)
- Optimized AWX's job dependency/scheduling code to drastically improve processing time in scenarios where there are many pending jobs scheduled simultaneously ansible#5154
- Fixed a bug which could cause SCM authentication details (basic auth passwords) to be reported to external loggers in certain failure scenarios (e.g., when a git clone fails and ansible itself prints an error message to stdout) ansible#5812
- Fixed a k8s installer bug that caused installs to fail in certain situations ansible#5574
- Fixed a number of issues that caused analytics gathering and reporting to run more often than necessary ansible#5721
- Fixed a bug in the AWX CLI that prevented JSON-type settings from saving properly ansible#5528
- Improved support for fetching custom virtualenv dependencies when AWX is installed behind a proxy ansible#5805
- Updated the bundled version of openstacksdk to address a known issue ansible#5821
- Updated the bundled vmware_inventory plugin to the latest version to address a bug ansible#5668
- Fixed a bug that can cause inventory updates to fail to properly save their output when run within a workflow ansible#5666
- Removed a number of pre-computed fields from the Host and Group models to improve AWX performance. As part of this change, inventory group UIs throughout the interface no longer display status icons ansible#5448
- Fixed a bug that caused database migrations on Kubernetes installs to hang ansible#5579
- Upgraded Python-level app dependencies in AWX virtual environment ansible#5407
- Running jobs no longer block associated inventory updates ansible#5519
- Fixed invalid_response SAML error ansible#5577
- Optimized the callback receiver to drastically improve the write speed of stdout for parallel jobs (ansible#5618)
- Added a command to generate a new SECRET_KEY and rekey the secrets in the database
- Removed project update locking when jobs using it are running
- Fixed slow queries for /api/v2/instances and /api/v2/instance_groups when smart inventories are used
- Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342)
- Fixed hang in error handling for source control checkouts
- Fixed an error on subsequent job runs that override the branch of a project on an instance that did not have a prior project checkout
- Fixed an issue where jobs launched in isolated or container groups would incorrectly timeout
- Fixed an incorrect link to instance groups documentation in the user interface
- Fixed editing of inventory on Workflow templates
- Fixed multiple issues with OAuth2 token cleanup system jobs
- Fixed a bug that broke email notifications for workflow approval/deny ansible#5401
- Updated SAML implementation to automatically login if authorization already exists
- Updated AngularJS to 1.7.9 for CVE-2019-10768
- Fixed a bug in the installer that broke certain types of k8s installs ansible#5205
- Updated AWX images to use centos:8 as the parent image.
- Updated to ansible-runner 1.4.4 to address various bugs.
- Added oc and kubectl to the AWX images to support new container-based execution introduced in 8.0.0.
- Added some optimizations to speed up the deletion of large Inventory Groups.
- Fixed a bug that broke webhook launches for Job Templates that define a survey (ansible#5062).
- Fixed a bug in the CLI which incorrectly parsed launch time arguments for
awx job_templates launch
andawx workflow_job_templates launch
(ansible#5093). - Fixed a bug that caused inventory updates using "sourced from a project" to stop working (ansible#4750).
- Fixed a bug that caused Slack notifications to sometimes show the wrong bot avatar (ansible#5125).
- Fixed a bug that prevented the use of digits in AWX's URL settings (ansible#5081).
- The Ansible Tower Ansible modules have been migrated to a new official Ansible AWX collection: https://galaxy.ansible.com/awx/AWX Please note that this functionality is only supported in Ansible 2.9+
- AWX now supports the ability to launch jobs from external webhooks (GitHub and GitLab integration are supported).
- AWX now supports Container Groups, a new feature that allows you to schedule and run playbooks on single-use kubernetes pods on-demand.
- AWX now supports sending notifications when Workflow steps are approved, denied, or time out.
- AWX now records the user who approved or denied Workflow steps.
- AWX now supports fetching Ansible Collections from private galaxy servers.
- AWX now checks the user's ansible.cfg for paths where role/collections may live when running project updates.
- AWX now uses PostgreSQL 10 by default.
- AWX now warns more loudly about underlying AMQP connectivity issues (ansible#4857).
- Added a few optimizations to drastically improve dashboard performance for larger AWX installs (installs with several hundred thousand jobs or more).
- Updated to the latest version of Ansible's VMWare inventory script (which adds support for vmware_guest_facts).
- Deprecated /api/v2/inventory_scripts/ (this endpoint - and the Custom Inventory Script feature - will be removed in a future release of AWX).
- Fixed a bug which prevented Organization Admins from removing users from their own Organization (ansible#2979)
- Fixed a bug which sometimes caused cluster nodes to fail to re-join with a cryptic error, "No instance found with the current cluster host id" (ansible#4294)
- Fixed a bug that prevented the use of launch-time passphrases when using credential plugins (ansible#4807)
- Fixed a bug that caused notifications assigned at the Organization level not to take effect for Workflows in that Organization (ansible#4712)
- Fixed a bug which caused a notable amount of CPU overhead on RabbitMQ health checks (ansible#5009)
- Fixed a bug which sometimes caused the key to stop functioning in <textarea> elements (ansible#4192)
- Fixed a bug which caused request contention when the same OAuth2.0 token was used in multiple simultaneous requests (ansible#4694)
- Fixed a bug related to parsing multiple choice survey options (ansible#4452).
- Fixed a bug that caused single-sign-on icons on the login page to fail to render in certain Windows browsers (ansible#3924)
- Fixed a number of bugs that caused certain OAuth2 settings to not be properly respected, such as REFRESH_TOKEN_EXPIRE_SECONDS.
- Fixed a number of bugs in the AWX CLI, including a bug which sometimes caused long lines of stdout output to be unexpectedly truncated.
- Fixed a number of bugs on the job details UI which sometimes caused auto-scrolling stdout to become stuck.
- Fixed a bug which caused LDAP authentication to fail if the TLD of the server URL contained digits (ansible#3646)
- Fixed a bug which broke HashiCorp Vault integration on older versions of HashiCorp Vault.
- AWX now detects and installs Ansible Collections defined in your project (note - this feature only works in Ansible 2.9+) (ansible#2534)
- AWX now includes an official command line client. Keep an eye out for a follow-up email on this mailing list for information on how to install it and try it out.
- Added the ability to provide a specific SCM branch on jobs (ansible#282)
- Added support for Workflow Approval Nodes, a new feature which allows you to add "pause and wait for approval" steps into your workflows (ansible#1206)
- Added the ability to specify a specific HTTP method for webhook notifications (POST vs PUT) (ansible#4124)
- Added the ability to specify a username and password for HTTP Basic Authorization for webhook notifications (ansible#4124)
- Added support for customizing the text content of notifications (ansible#79)
- Added the ability to enable and disable hosts in dynamic inventory (ansible#4420)
- Added the description (if any) to the Job Template list (ansible#4359)
- Added new metrics for instance hostnames and pending jobs to the /api/v2/metrics/ endpoint (ansible#4375)
- Changed AWX's on/off toggle buttons to a non-text based style to simplify internationalization (ansible#4425)
- Events emitted by ansible for adhoc commands are now sent to the external log aggregrator (ansible#4545)
- Fixed a bug which allowed a user to make an organization credential in another organization without permissions to that organization (ansible#4483)
- Fixed a bug that caused
extra_vars
on workflows to break when edited (ansible#4293) - Fixed a slow SQL query that caused performance issues when large numbers of groups exist (ansible#4461)
- Fixed a few minor bugs in survey field validation (ansible#4509) (ansible#4479)
- Fixed a bug that sometimes resulted in orphaned
ansible_runner_pi
directories in/tmp
after playbook execution (ansible#4409) - Fixed a bug that caused the
is_system_auditor
flag in LDAP configuration to not work (ansible#4396) - Fixed a bug which caused schedules to disappear from the UI when toggled off (ansible#4378)
- Fixed a bug that sometimes caused stdout content to contain extraneous blank lines in newer versions of Ansible (ansible#4391)
- Updated to the latest Django security release, 2.2.4 (ansible#4410) (https://www.djangoproject.com/weblog/2019/aug/01/security-releases/)
- Updated the default version of git to a version that includes support for x509 certificates (ansible#4362)
- Removed the deprecated
credential
field from/api/v2/workflow_job_templates/N/
(as part of the/api/v1/
removal in prior AWX versions - ansible#4490).
- Updated AWX to use Django 2.2.2.
- Updated the provided openstacksdk version to support new functionality (such as Nova scheduler_hints)
- Added the ability to specify a custom cacert for the HashiCorp Vault credential plugin
- Fixed a number of bugs related to path lookups for the HashiCorp Vault credential plugin
- Fixed a bug which prevented signed SSH certificates from working, including the HashiCorp Vault Signed SSH backend
- Fixed a bug which prevented custom logos from displaying on the login page (as a result of a new Content Security Policy in 6.0.0)
- Fixed a bug which broke websocket connectivity in Apple Safari (as a result of a new Content Security Policy in 6.0.0)
- Fixed a bug on the job output page that occasionally caused the "up" and "down" buttons to not load additional output
- Fixed a bug on the job output page that caused quoted task names to display incorrectly
- Removed support for "Any" notification templates and their API endpoints e.g., /api/v2/job_templates/N/notification_templates/any/ (ansible#4022)
- Fixed a bug which prevented credentials from properly being applied to inventory sources (ansible#4059)
- Fixed a bug which can cause the task dispatcher to hang indefinitely when external logging support (e.g., Splunk, Logstash) is enabled (ansible#4181)
- Fixed a bug which causes slow stdout display when running jobs against smart inventories. (ansible#3106)
- Fixed a bug that caused SSL verification flags to fail to be respected for LDAP authentication in certain environments. (ansible#4190)
- Added a simple Content Security Policy (https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) to restrict access to third-party resources in the browser. (ansible#4167)
- Updated ovirt4 library dependencies to work with newer versions of oVirt (ansible#4138)
- Bump Django Rest Framework from 3.7.7 to 3.9.4
- Bump setuptools / pip dependencies
- Fixed bug where Recent Notification list would not appear
- Added notifications on job start
- Default to Ansible 2.8