This is a list of high-level changes for each release of AWX. A full list of commits can be found at https://github.com/ansible/awx/releases/tag/<version>
.
- Inventory updates now use collection-based plugins by default (in Ansible 2.9+):
- amazon.aws.aws_ec2
- community.vmware.vmware_vm_inventory
- azure.azcollection.azure_rm
- google.cloud.gcp_compute
- theforeman.foreman.foreman
- openstack.cloud.openstack
- ovirt.ovirt_collection.ovirt
- awx.awx.tower
- Added support for Approle and LDAP/AD mechanisms to the Hashicorp Vault credential plugin (ansible#5076)
- Added Project (Domain Name) support for the OpenStack Keystone v3 API (ansible#6831)
- Added a new setting for raising log verbosity for rsyslogd (ansible#6818)
- Added the ability to monitor stdout in the CLI for running jobs and workflow jobs (ansible#6165)
- Fixed a bug which prevented the AWX CLI from properly installing with newer versions of pip (ansible#6870)
- Fixed a bug which broke AWX's external logging support when configured with HTTPS endpoints that utilize self-signed certificates (ansible#6851)
- Fixed a local docker installer bug that mistakenly attempted to upgrade PostgreSQL when an external pg_hostname is specified (ansible#5398)
- Fixed a race condition that caused task container crashes when pods are quickly brought down and back up (ansible#6750)
- Fixed a bug that caused 404 errors when attempting to view the second page of the workflow approvals view (ansible#6803)
- Fixed a bug that prevented the use of ANSIBLE_SSH_ARGS for ad-hoc-commands (ansible#6811)
- Fixed a bug that broke AWX installs/upgrades on Red Hat OpenShift (ansible#6791)
- Changed rsyslogd to persist queued events to disk (to prevent a risk of out-of-memory errors) (ansible#6746)
- Added the ability to configure the destination and maximum disk size of rsyslogd spool (in the event of a log aggregator outage) (ansible#6763)
- Added the ability to discover playbooks in project clones from symlinked directories (ansible#6773)
- Fixed a bug that caused certain log aggregator settings to break logging integration (ansible#6760)
- Fixed a bug that caused playbook execution in container groups to sometimes unexpectedly deadlock (ansible#6692)
- Improved stability of the new redis clustering implementation (ansible#6739 ansible#6720)
- Improved stability of the new rsyslogd-based logging implementation (ansible#6796)
- As of AWX 11.0.0, Kubernetes-based deployments use a Deployment rather than a StatefulSet.
- Reimplemented external logging support using rsyslogd to improve reliability and address a number of issues (ansible#5155)
- Changed activity stream logs to include summary fields for related objects (ansible#1761)
- Added code to more gracefully attempt to reconnect to redis if it restarts/becomes unavailable (ansible#6670)
- Fixed a bug that caused REFRESH_TOKEN_EXPIRE_SECONDS to not properly be respected for OAuth2.0 refresh tokens generated by AWX (ansible#6630)
- Fixed a bug that broke schedules containing RRULES with very old DTSTART dates (ansible#6550)
- Fixed a bug that broke installs on older versions of Ansible packaged with certain Linux distributions (ansible#5501)
- Fixed a bug that caused the activity stream to sometimes report the incorrect actor when associating user membership on SAML login (ansible#6525)
- Fixed a bug in AWX's Grafana notification support when annotation tags are omitted (ansible#6580)
- Fixed a bug that prevented some users from searching for Source Control credentials in the AWX user interface (ansible#6600)
- Fixed a bug that prevented disassociating orphaned users from credentials (ansible#6554)
- Updated Twisted to address CVE-2020-10108 and CVE-2020-10109.
- As of AWX 10.0.0, the official AWX CLI no longer supports Python 2 (it requires at least Python 3.6) (ansible#6327)
- AWX no longer relies on RabbitMQ; Redis is added as a new dependency (ansible#5443)
- Altered AWX's event tables to allow more than ~2 billion total events (ansible#6010)
- Improved the performance (time to execute, and memory consumption) of the periodic job cleanup system job (ansible#6166)
- Updated Job Templates so they now have an explicit Organization field (it is no longer inferred from the associated Project) (ansible#3903)
- Updated social-auth-core to address an upcoming GitHub API deprecation (ansible#5970)
- Updated to ansible-runner 1.4.6 to address various bugs.
- Updated Django to address CVE-2020-9402
- Updated pyyaml version to address CVE-2017-18342
- Fixed a bug which prevented the new
scm_branch
field from being used in custom notification templates (ansible#6258) - Fixed a race condition that sometimes causes success/failure notifications to include an incomplete list of hosts (ansible#6290)
- Fixed a bug that can cause certain setting pages to lose unsaved form edits when a playbook is launched (ansible#5265)
- Fixed a bug that can prevent the "Use TLS/SSL" field from properly saving when editing email notification templates (ansible#6383)
- Fixed a race condition that sometimes broke event/stdout processing for jobs launched in container groups (ansible#6280)
- Added the ability to specify an OAuth2 token description in the AWX CLI (ansible#6122)
- Added support for K8S service account annotations to the installer (ansible#6007)
- Added support for K8S imagePullSecrets to the installer (ansible#5989)
- Launching jobs (and workflows) using the --monitor flag in the AWX CLI now returns a non-zero exit code on job failure (ansible#5920)
- Improved UI performance for various job views when many simultaneous users are logged into AWX (ansible#5883)
- Updated to the latest version of Django to address a few open CVEs (ansible#6080)
- Fixed a critical bug which can cause AWX to hang and stop launching playbooks after a periodic of time (ansible#5617)
- Fixed a bug which caused delays in project update stdout for certain large SCM clones (as of Ansible 2.9+) (ansible#6254)
- Fixed a bug which caused certain smart inventory filters to mistakenly return duplicate hosts (ansible#5972)
- Fixed an unclear server error when creating smart inventories with the AWX collection (ansible#6250)
- Fixed a bug that broke Grafana notification support (ansible#6137)
- Fixed a UI bug which prevent users with read access to an organization from editing credentials for that organization (ansible#6241)
- Fixed a bug which prevent workflow approval records from recording a
started
andelapsed
date (ansible#6202) - Fixed a bug which caused workflow nodes to have a confusing option for
verbosity
(ansible#6196) - Fixed an RBAC bug which prevented projects and inventory schedules from being created by certain users in certain contexts (ansible#5717)
- Fixed a bug that caused
role_path
in a project's config to not be respected due to an error processing/etc/ansible/ansible.cfg
(ansible#6038) - Fixed a bug that broke inventory updates for installs with custom home directories for the awx user (ansible#6152)
- Fixed a bug that broke fact data collection when AWX encounters invalid/unexpected fact data (ansible#5935)
- Added the ability to configure the convergence behavior of workflow nodes ansible#3054
- AWX now allows for a configurable global limit for fork count (per-job run). The default maximum is 200. ansible#5604
- Added the ability to specify AZURE_PUBLIC_CLOUD (for e.g., Azure Government KeyVault support) for the Azure credential plugin ansible#5138
- Added support for several additional parameters for Satellite dynamic inventory ansible#5598
- Added a new field to jobs for tracking the date/time a job is cancelled ansible#5610
- Made a series of additional optimizations to the callback receiver to further improve stdout write speed for running playbooks ansible#5677 ansible#5739
- Updated AWX to be compatible with Helm 3.x (ansible#5776)
- Optimized AWX's job dependency/scheduling code to drastically improve processing time in scenarios where there are many pending jobs scheduled simultaneously ansible#5154
- Fixed a bug which could cause SCM authentication details (basic auth passwords) to be reported to external loggers in certain failure scenarios (e.g., when a git clone fails and ansible itself prints an error message to stdout) ansible#5812
- Fixed a k8s installer bug that caused installs to fail in certain situations ansible#5574
- Fixed a number of issues that caused analytics gathering and reporting to run more often than necessary ansible#5721
- Fixed a bug in the AWX CLI that prevented JSON-type settings from saving properly ansible#5528
- Improved support for fetching custom virtualenv dependencies when AWX is installed behind a proxy ansible#5805
- Updated the bundled version of openstacksdk to address a known issue ansible#5821
- Updated the bundled vmware_inventory plugin to the latest version to address a bug ansible#5668
- Fixed a bug that can cause inventory updates to fail to properly save their output when run within a workflow ansible#5666
- Removed a number of pre-computed fields from the Host and Group models to improve AWX performance. As part of this change, inventory group UIs throughout the interface no longer display status icons ansible#5448
- Fixed a bug that caused database migrations on Kubernetes installs to hang ansible#5579
- Upgraded Python-level app dependencies in AWX virtual environment ansible#5407
- Running jobs no longer block associated inventory updates ansible#5519
- Fixed invalid_response SAML error ansible#5577
- Optimized the callback receiver to drastically improve the write speed of stdout for parallel jobs (ansible#5618)
- Added a command to generate a new SECRET_KEY and rekey the secrets in the database
- Removed project update locking when jobs using it are running
- Fixed slow queries for /api/v2/instances and /api/v2/instance_groups when smart inventories are used
- Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342)
- Fixed hang in error handling for source control checkouts
- Fixed an error on subsequent job runs that override the branch of a project on an instance that did not have a prior project checkout
- Fixed an issue where jobs launched in isolated or container groups would incorrectly timeout
- Fixed an incorrect link to instance groups documentation in the user interface
- Fixed editing of inventory on Workflow templates
- Fixed multiple issues with OAuth2 token cleanup system jobs
- Fixed a bug that broke email notifications for workflow approval/deny ansible#5401
- Updated SAML implementation to automatically login if authorization already exists
- Updated AngularJS to 1.7.9 for CVE-2019-10768
- Fixed a bug in the installer that broke certain types of k8s installs ansible#5205
- Updated AWX images to use centos:8 as the parent image.
- Updated to ansible-runner 1.4.4 to address various bugs.
- Added oc and kubectl to the AWX images to support new container-based execution introduced in 8.0.0.
- Added some optimizations to speed up the deletion of large Inventory Groups.
- Fixed a bug that broke webhook launches for Job Templates that define a survey (ansible#5062).
- Fixed a bug in the CLI which incorrectly parsed launch time arguments for
awx job_templates launch
andawx workflow_job_templates launch
(ansible#5093). - Fixed a bug that caused inventory updates using "sourced from a project" to stop working (ansible#4750).
- Fixed a bug that caused Slack notifications to sometimes show the wrong bot avatar (ansible#5125).
- Fixed a bug that prevented the use of digits in AWX's URL settings (ansible#5081).
- The Ansible Tower Ansible modules have been migrated to a new official Ansible AWX collection: https://galaxy.ansible.com/awx/AWX Please note that this functionality is only supported in Ansible 2.9+
- AWX now supports the ability to launch jobs from external webhooks (GitHub and GitLab integration are supported).
- AWX now supports Container Groups, a new feature that allows you to schedule and run playbooks on single-use kubernetes pods on-demand.
- AWX now supports sending notifications when Workflow steps are approved, denied, or time out.
- AWX now records the user who approved or denied Workflow steps.
- AWX now supports fetching Ansible Collections from private galaxy servers.
- AWX now checks the user's ansible.cfg for paths where role/collections may live when running project updates.
- AWX now uses PostgreSQL 10 by default.
- AWX now warns more loudly about underlying AMQP connectivity issues (ansible#4857).
- Added a few optimizations to drastically improve dashboard performance for larger AWX installs (installs with several hundred thousand jobs or more).
- Updated to the latest version of Ansible's VMWare inventory script (which adds support for vmware_guest_facts).
- Deprecated /api/v2/inventory_scripts/ (this endpoint - and the Custom Inventory Script feature - will be removed in a future release of AWX).
- Fixed a bug which prevented Organization Admins from removing users from their own Organization (ansible#2979)
- Fixed a bug which sometimes caused cluster nodes to fail to re-join with a cryptic error, "No instance found with the current cluster host id" (ansible#4294)
- Fixed a bug that prevented the use of launch-time passphrases when using credential plugins (ansible#4807)
- Fixed a bug that caused notifications assigned at the Organization level not to take effect for Workflows in that Organization (ansible#4712)
- Fixed a bug which caused a notable amount of CPU overhead on RabbitMQ health checks (ansible#5009)
- Fixed a bug which sometimes caused the key to stop functioning in <textarea> elements (ansible#4192)
- Fixed a bug which caused request contention when the same OAuth2.0 token was used in multiple simultaneous requests (ansible#4694)
- Fixed a bug related to parsing multiple choice survey options (ansible#4452).
- Fixed a bug that caused single-sign-on icons on the login page to fail to render in certain Windows browsers (ansible#3924)
- Fixed a number of bugs that caused certain OAuth2 settings to not be properly respected, such as REFRESH_TOKEN_EXPIRE_SECONDS.
- Fixed a number of bugs in the AWX CLI, including a bug which sometimes caused long lines of stdout output to be unexpectedly truncated.
- Fixed a number of bugs on the job details UI which sometimes caused auto-scrolling stdout to become stuck.
- Fixed a bug which caused LDAP authentication to fail if the TLD of the server URL contained digits (ansible#3646)
- Fixed a bug which broke HashiCorp Vault integration on older versions of HashiCorp Vault.
- AWX now detects and installs Ansible Collections defined in your project (note - this feature only works in Ansible 2.9+) (ansible#2534)
- AWX now includes an official command line client. Keep an eye out for a follow-up email on this mailing list for information on how to install it and try it out.
- Added the ability to provide a specific SCM branch on jobs (ansible#282)
- Added support for Workflow Approval Nodes, a new feature which allows you to add "pause and wait for approval" steps into your workflows (ansible#1206)
- Added the ability to specify a specific HTTP method for webhook notifications (POST vs PUT) (ansible#4124)
- Added the ability to specify a username and password for HTTP Basic Authorization for webhook notifications (ansible#4124)
- Added support for customizing the text content of notifications (ansible#79)
- Added the ability to enable and disable hosts in dynamic inventory (ansible#4420)
- Added the description (if any) to the Job Template list (ansible#4359)
- Added new metrics for instance hostnames and pending jobs to the /api/v2/metrics/ endpoint (ansible#4375)
- Changed AWX's on/off toggle buttons to a non-text based style to simplify internationalization (ansible#4425)
- Events emitted by ansible for adhoc commands are now sent to the external log aggregrator (ansible#4545)
- Fixed a bug which allowed a user to make an organization credential in another organization without permissions to that organization (ansible#4483)
- Fixed a bug that caused
extra_vars
on workflows to break when edited (ansible#4293) - Fixed a slow SQL query that caused performance issues when large numbers of groups exist (ansible#4461)
- Fixed a few minor bugs in survey field validation (ansible#4509) (ansible#4479)
- Fixed a bug that sometimes resulted in orphaned
ansible_runner_pi
directories in/tmp
after playbook execution (ansible#4409) - Fixed a bug that caused the
is_system_auditor
flag in LDAP configuration to not work (ansible#4396) - Fixed a bug which caused schedules to disappear from the UI when toggled off (ansible#4378)
- Fixed a bug that sometimes caused stdout content to contain extraneous blank lines in newer versions of Ansible (ansible#4391)
- Updated to the latest Django security release, 2.2.4 (ansible#4410) (https://www.djangoproject.com/weblog/2019/aug/01/security-releases/)
- Updated the default version of git to a version that includes support for x509 certificates (ansible#4362)
- Removed the deprecated
credential
field from/api/v2/workflow_job_templates/N/
(as part of the/api/v1/
removal in prior AWX versions - ansible#4490).
- Updated AWX to use Django 2.2.2.
- Updated the provided openstacksdk version to support new functionality (such as Nova scheduler_hints)
- Added the ability to specify a custom cacert for the HashiCorp Vault credential plugin
- Fixed a number of bugs related to path lookups for the HashiCorp Vault credential plugin
- Fixed a bug which prevented signed SSH certificates from working, including the HashiCorp Vault Signed SSH backend
- Fixed a bug which prevented custom logos from displaying on the login page (as a result of a new Content Security Policy in 6.0.0)
- Fixed a bug which broke websocket connectivity in Apple Safari (as a result of a new Content Security Policy in 6.0.0)
- Fixed a bug on the job output page that occasionally caused the "up" and "down" buttons to not load additional output
- Fixed a bug on the job output page that caused quoted task names to display incorrectly
- Removed support for "Any" notification templates and their API endpoints e.g., /api/v2/job_templates/N/notification_templates/any/ (ansible#4022)
- Fixed a bug which prevented credentials from properly being applied to inventory sources (ansible#4059)
- Fixed a bug which can cause the task dispatcher to hang indefinitely when external logging support (e.g., Splunk, Logstash) is enabled (ansible#4181)
- Fixed a bug which causes slow stdout display when running jobs against smart inventories. (ansible#3106)
- Fixed a bug that caused SSL verification flags to fail to be respected for LDAP authentication in certain environments. (ansible#4190)
- Added a simple Content Security Policy (https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) to restrict access to third-party resources in the browser. (ansible#4167)
- Updated ovirt4 library dependencies to work with newer versions of oVirt (ansible#4138)
- Bump Django Rest Framework from 3.7.7 to 3.9.4
- Bump setuptools / pip dependencies
- Fixed bug where Recent Notification list would not appear
- Added notifications on job start
- Default to Ansible 2.8