Skip to content

Latest commit

 

History

History
231 lines (204 loc) · 22.9 KB

CHANGELOG.md

File metadata and controls

231 lines (204 loc) · 22.9 KB
Raw

Changelog

This is a list of high-level changes for each release of AWX. A full list of commits can be found at https://github.com/ansible/awx/releases/tag/<version>.

11.2.0 (Apr 29, 2020)

  • Inventory updates now use collection-based plugins by default (in Ansible 2.9+):
    • amazon.aws.aws_ec2
    • community.vmware.vmware_vm_inventory
    • azure.azcollection.azure_rm
    • google.cloud.gcp_compute
    • theforeman.foreman.foreman
    • openstack.cloud.openstack
    • ovirt.ovirt_collection.ovirt
    • awx.awx.tower
  • Added support for Approle and LDAP/AD mechanisms to the Hashicorp Vault credential plugin (ansible#5076)
  • Added Project (Domain Name) support for the OpenStack Keystone v3 API (ansible#6831)
  • Added a new setting for raising log verbosity for rsyslogd (ansible#6818)
  • Added the ability to monitor stdout in the CLI for running jobs and workflow jobs (ansible#6165)
  • Fixed a bug which prevented the AWX CLI from properly installing with newer versions of pip (ansible#6870)
  • Fixed a bug which broke AWX's external logging support when configured with HTTPS endpoints that utilize self-signed certificates (ansible#6851)
  • Fixed a local docker installer bug that mistakenly attempted to upgrade PostgreSQL when an external pg_hostname is specified (ansible#5398)
  • Fixed a race condition that caused task container crashes when pods are quickly brought down and back up (ansible#6750)
  • Fixed a bug that caused 404 errors when attempting to view the second page of the workflow approvals view (ansible#6803)
  • Fixed a bug that prevented the use of ANSIBLE_SSH_ARGS for ad-hoc-commands (ansible#6811)
  • Fixed a bug that broke AWX installs/upgrades on Red Hat OpenShift (ansible#6791)

11.1.0 (Apr 22, 2020)

  • Changed rsyslogd to persist queued events to disk (to prevent a risk of out-of-memory errors) (ansible#6746)
  • Added the ability to configure the destination and maximum disk size of rsyslogd spool (in the event of a log aggregator outage) (ansible#6763)
  • Added the ability to discover playbooks in project clones from symlinked directories (ansible#6773)
  • Fixed a bug that caused certain log aggregator settings to break logging integration (ansible#6760)
  • Fixed a bug that caused playbook execution in container groups to sometimes unexpectedly deadlock (ansible#6692)
  • Improved stability of the new redis clustering implementation (ansible#6739 ansible#6720)
  • Improved stability of the new rsyslogd-based logging implementation (ansible#6796)

11.0.0 (Apr 16, 2020)

  • As of AWX 11.0.0, Kubernetes-based deployments use a Deployment rather than a StatefulSet.
  • Reimplemented external logging support using rsyslogd to improve reliability and address a number of issues (ansible#5155)
  • Changed activity stream logs to include summary fields for related objects (ansible#1761)
  • Added code to more gracefully attempt to reconnect to redis if it restarts/becomes unavailable (ansible#6670)
  • Fixed a bug that caused REFRESH_TOKEN_EXPIRE_SECONDS to not properly be respected for OAuth2.0 refresh tokens generated by AWX (ansible#6630)
  • Fixed a bug that broke schedules containing RRULES with very old DTSTART dates (ansible#6550)
  • Fixed a bug that broke installs on older versions of Ansible packaged with certain Linux distributions (ansible#5501)
  • Fixed a bug that caused the activity stream to sometimes report the incorrect actor when associating user membership on SAML login (ansible#6525)
  • Fixed a bug in AWX's Grafana notification support when annotation tags are omitted (ansible#6580)
  • Fixed a bug that prevented some users from searching for Source Control credentials in the AWX user interface (ansible#6600)
  • Fixed a bug that prevented disassociating orphaned users from credentials (ansible#6554)
  • Updated Twisted to address CVE-2020-10108 and CVE-2020-10109.

10.0.0 (Mar 30, 2020)

  • As of AWX 10.0.0, the official AWX CLI no longer supports Python 2 (it requires at least Python 3.6) (ansible#6327)
  • AWX no longer relies on RabbitMQ; Redis is added as a new dependency (ansible#5443)
  • Altered AWX's event tables to allow more than ~2 billion total events (ansible#6010)
  • Improved the performance (time to execute, and memory consumption) of the periodic job cleanup system job (ansible#6166)
  • Updated Job Templates so they now have an explicit Organization field (it is no longer inferred from the associated Project) (ansible#3903)
  • Updated social-auth-core to address an upcoming GitHub API deprecation (ansible#5970)
  • Updated to ansible-runner 1.4.6 to address various bugs.
  • Updated Django to address CVE-2020-9402
  • Updated pyyaml version to address CVE-2017-18342
  • Fixed a bug which prevented the new scm_branch field from being used in custom notification templates (ansible#6258)
  • Fixed a race condition that sometimes causes success/failure notifications to include an incomplete list of hosts (ansible#6290)
  • Fixed a bug that can cause certain setting pages to lose unsaved form edits when a playbook is launched (ansible#5265)
  • Fixed a bug that can prevent the "Use TLS/SSL" field from properly saving when editing email notification templates (ansible#6383)
  • Fixed a race condition that sometimes broke event/stdout processing for jobs launched in container groups (ansible#6280)

9.3.0 (Mar 12, 2020)

  • Added the ability to specify an OAuth2 token description in the AWX CLI (ansible#6122)
  • Added support for K8S service account annotations to the installer (ansible#6007)
  • Added support for K8S imagePullSecrets to the installer (ansible#5989)
  • Launching jobs (and workflows) using the --monitor flag in the AWX CLI now returns a non-zero exit code on job failure (ansible#5920)
  • Improved UI performance for various job views when many simultaneous users are logged into AWX (ansible#5883)
  • Updated to the latest version of Django to address a few open CVEs (ansible#6080)
  • Fixed a critical bug which can cause AWX to hang and stop launching playbooks after a periodic of time (ansible#5617)
  • Fixed a bug which caused delays in project update stdout for certain large SCM clones (as of Ansible 2.9+) (ansible#6254)
  • Fixed a bug which caused certain smart inventory filters to mistakenly return duplicate hosts (ansible#5972)
  • Fixed an unclear server error when creating smart inventories with the AWX collection (ansible#6250)
  • Fixed a bug that broke Grafana notification support (ansible#6137)
  • Fixed a UI bug which prevent users with read access to an organization from editing credentials for that organization (ansible#6241)
  • Fixed a bug which prevent workflow approval records from recording a started and elapsed date (ansible#6202)
  • Fixed a bug which caused workflow nodes to have a confusing option for verbosity (ansible#6196)
  • Fixed an RBAC bug which prevented projects and inventory schedules from being created by certain users in certain contexts (ansible#5717)
  • Fixed a bug that caused role_path in a project's config to not be respected due to an error processing /etc/ansible/ansible.cfg (ansible#6038)
  • Fixed a bug that broke inventory updates for installs with custom home directories for the awx user (ansible#6152)
  • Fixed a bug that broke fact data collection when AWX encounters invalid/unexpected fact data (ansible#5935)

9.2.0 (Feb 12, 2020)

  • Added the ability to configure the convergence behavior of workflow nodes ansible#3054
  • AWX now allows for a configurable global limit for fork count (per-job run). The default maximum is 200. ansible#5604
  • Added the ability to specify AZURE_PUBLIC_CLOUD (for e.g., Azure Government KeyVault support) for the Azure credential plugin ansible#5138
  • Added support for several additional parameters for Satellite dynamic inventory ansible#5598
  • Added a new field to jobs for tracking the date/time a job is cancelled ansible#5610
  • Made a series of additional optimizations to the callback receiver to further improve stdout write speed for running playbooks ansible#5677 ansible#5739
  • Updated AWX to be compatible with Helm 3.x (ansible#5776)
  • Optimized AWX's job dependency/scheduling code to drastically improve processing time in scenarios where there are many pending jobs scheduled simultaneously ansible#5154
  • Fixed a bug which could cause SCM authentication details (basic auth passwords) to be reported to external loggers in certain failure scenarios (e.g., when a git clone fails and ansible itself prints an error message to stdout) ansible#5812
  • Fixed a k8s installer bug that caused installs to fail in certain situations ansible#5574
  • Fixed a number of issues that caused analytics gathering and reporting to run more often than necessary ansible#5721
  • Fixed a bug in the AWX CLI that prevented JSON-type settings from saving properly ansible#5528
  • Improved support for fetching custom virtualenv dependencies when AWX is installed behind a proxy ansible#5805
  • Updated the bundled version of openstacksdk to address a known issue ansible#5821
  • Updated the bundled vmware_inventory plugin to the latest version to address a bug ansible#5668
  • Fixed a bug that can cause inventory updates to fail to properly save their output when run within a workflow ansible#5666
  • Removed a number of pre-computed fields from the Host and Group models to improve AWX performance. As part of this change, inventory group UIs throughout the interface no longer display status icons ansible#5448

9.1.1 (Jan 14, 2020)

  • Fixed a bug that caused database migrations on Kubernetes installs to hang ansible#5579
  • Upgraded Python-level app dependencies in AWX virtual environment ansible#5407
  • Running jobs no longer block associated inventory updates ansible#5519
  • Fixed invalid_response SAML error ansible#5577
  • Optimized the callback receiver to drastically improve the write speed of stdout for parallel jobs (ansible#5618)

9.1.0 (Dec 17, 2019)

  • Added a command to generate a new SECRET_KEY and rekey the secrets in the database
  • Removed project update locking when jobs using it are running
  • Fixed slow queries for /api/v2/instances and /api/v2/instance_groups when smart inventories are used
  • Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342)
  • Fixed hang in error handling for source control checkouts
  • Fixed an error on subsequent job runs that override the branch of a project on an instance that did not have a prior project checkout
  • Fixed an issue where jobs launched in isolated or container groups would incorrectly timeout
  • Fixed an incorrect link to instance groups documentation in the user interface
  • Fixed editing of inventory on Workflow templates
  • Fixed multiple issues with OAuth2 token cleanup system jobs
  • Fixed a bug that broke email notifications for workflow approval/deny ansible#5401
  • Updated SAML implementation to automatically login if authorization already exists
  • Updated AngularJS to 1.7.9 for CVE-2019-10768

9.0.1 (Nov 4, 2019)

  • Fixed a bug in the installer that broke certain types of k8s installs ansible#5205

9.0.0 (Oct 31, 2019)

  • Updated AWX images to use centos:8 as the parent image.
  • Updated to ansible-runner 1.4.4 to address various bugs.
  • Added oc and kubectl to the AWX images to support new container-based execution introduced in 8.0.0.
  • Added some optimizations to speed up the deletion of large Inventory Groups.
  • Fixed a bug that broke webhook launches for Job Templates that define a survey (ansible#5062).
  • Fixed a bug in the CLI which incorrectly parsed launch time arguments for awx job_templates launch and awx workflow_job_templates launch (ansible#5093).
  • Fixed a bug that caused inventory updates using "sourced from a project" to stop working (ansible#4750).
  • Fixed a bug that caused Slack notifications to sometimes show the wrong bot avatar (ansible#5125).
  • Fixed a bug that prevented the use of digits in AWX's URL settings (ansible#5081).

8.0.0 (Oct 21, 2019)

  • The Ansible Tower Ansible modules have been migrated to a new official Ansible AWX collection: https://galaxy.ansible.com/awx/AWX Please note that this functionality is only supported in Ansible 2.9+
  • AWX now supports the ability to launch jobs from external webhooks (GitHub and GitLab integration are supported).
  • AWX now supports Container Groups, a new feature that allows you to schedule and run playbooks on single-use kubernetes pods on-demand.
  • AWX now supports sending notifications when Workflow steps are approved, denied, or time out.
  • AWX now records the user who approved or denied Workflow steps.
  • AWX now supports fetching Ansible Collections from private galaxy servers.
  • AWX now checks the user's ansible.cfg for paths where role/collections may live when running project updates.
  • AWX now uses PostgreSQL 10 by default.
  • AWX now warns more loudly about underlying AMQP connectivity issues (ansible#4857).
  • Added a few optimizations to drastically improve dashboard performance for larger AWX installs (installs with several hundred thousand jobs or more).
  • Updated to the latest version of Ansible's VMWare inventory script (which adds support for vmware_guest_facts).
  • Deprecated /api/v2/inventory_scripts/ (this endpoint - and the Custom Inventory Script feature - will be removed in a future release of AWX).
  • Fixed a bug which prevented Organization Admins from removing users from their own Organization (ansible#2979)
  • Fixed a bug which sometimes caused cluster nodes to fail to re-join with a cryptic error, "No instance found with the current cluster host id" (ansible#4294)
  • Fixed a bug that prevented the use of launch-time passphrases when using credential plugins (ansible#4807)
  • Fixed a bug that caused notifications assigned at the Organization level not to take effect for Workflows in that Organization (ansible#4712)
  • Fixed a bug which caused a notable amount of CPU overhead on RabbitMQ health checks (ansible#5009)
  • Fixed a bug which sometimes caused the key to stop functioning in <textarea> elements (ansible#4192)
  • Fixed a bug which caused request contention when the same OAuth2.0 token was used in multiple simultaneous requests (ansible#4694)
  • Fixed a bug related to parsing multiple choice survey options (ansible#4452).
  • Fixed a bug that caused single-sign-on icons on the login page to fail to render in certain Windows browsers (ansible#3924)
  • Fixed a number of bugs that caused certain OAuth2 settings to not be properly respected, such as REFRESH_TOKEN_EXPIRE_SECONDS.
  • Fixed a number of bugs in the AWX CLI, including a bug which sometimes caused long lines of stdout output to be unexpectedly truncated.
  • Fixed a number of bugs on the job details UI which sometimes caused auto-scrolling stdout to become stuck.
  • Fixed a bug which caused LDAP authentication to fail if the TLD of the server URL contained digits (ansible#3646)
  • Fixed a bug which broke HashiCorp Vault integration on older versions of HashiCorp Vault.

7.0.0 (Sept 4, 2019)

  • AWX now detects and installs Ansible Collections defined in your project (note - this feature only works in Ansible 2.9+) (ansible#2534)
  • AWX now includes an official command line client. Keep an eye out for a follow-up email on this mailing list for information on how to install it and try it out.
  • Added the ability to provide a specific SCM branch on jobs (ansible#282)
  • Added support for Workflow Approval Nodes, a new feature which allows you to add "pause and wait for approval" steps into your workflows (ansible#1206)
  • Added the ability to specify a specific HTTP method for webhook notifications (POST vs PUT) (ansible#4124)
  • Added the ability to specify a username and password for HTTP Basic Authorization for webhook notifications (ansible#4124)
  • Added support for customizing the text content of notifications (ansible#79)
  • Added the ability to enable and disable hosts in dynamic inventory (ansible#4420)
  • Added the description (if any) to the Job Template list (ansible#4359)
  • Added new metrics for instance hostnames and pending jobs to the /api/v2/metrics/ endpoint (ansible#4375)
  • Changed AWX's on/off toggle buttons to a non-text based style to simplify internationalization (ansible#4425)
  • Events emitted by ansible for adhoc commands are now sent to the external log aggregrator (ansible#4545)
  • Fixed a bug which allowed a user to make an organization credential in another organization without permissions to that organization (ansible#4483)
  • Fixed a bug that caused extra_vars on workflows to break when edited (ansible#4293)
  • Fixed a slow SQL query that caused performance issues when large numbers of groups exist (ansible#4461)
  • Fixed a few minor bugs in survey field validation (ansible#4509) (ansible#4479)
  • Fixed a bug that sometimes resulted in orphaned ansible_runner_pi directories in /tmp after playbook execution (ansible#4409)
  • Fixed a bug that caused the is_system_auditor flag in LDAP configuration to not work (ansible#4396)
  • Fixed a bug which caused schedules to disappear from the UI when toggled off (ansible#4378)
  • Fixed a bug that sometimes caused stdout content to contain extraneous blank lines in newer versions of Ansible (ansible#4391)
  • Updated to the latest Django security release, 2.2.4 (ansible#4410) (https://www.djangoproject.com/weblog/2019/aug/01/security-releases/)
  • Updated the default version of git to a version that includes support for x509 certificates (ansible#4362)
  • Removed the deprecated credential field from /api/v2/workflow_job_templates/N/ (as part of the /api/v1/ removal in prior AWX versions - ansible#4490).

6.1.0 (Jul 18, 2019)

  • Updated AWX to use Django 2.2.2.
  • Updated the provided openstacksdk version to support new functionality (such as Nova scheduler_hints)
  • Added the ability to specify a custom cacert for the HashiCorp Vault credential plugin
  • Fixed a number of bugs related to path lookups for the HashiCorp Vault credential plugin
  • Fixed a bug which prevented signed SSH certificates from working, including the HashiCorp Vault Signed SSH backend
  • Fixed a bug which prevented custom logos from displaying on the login page (as a result of a new Content Security Policy in 6.0.0)
  • Fixed a bug which broke websocket connectivity in Apple Safari (as a result of a new Content Security Policy in 6.0.0)
  • Fixed a bug on the job output page that occasionally caused the "up" and "down" buttons to not load additional output
  • Fixed a bug on the job output page that caused quoted task names to display incorrectly

6.0.0 (Jul 1, 2019)

  • Removed support for "Any" notification templates and their API endpoints e.g., /api/v2/job_templates/N/notification_templates/any/ (ansible#4022)
  • Fixed a bug which prevented credentials from properly being applied to inventory sources (ansible#4059)
  • Fixed a bug which can cause the task dispatcher to hang indefinitely when external logging support (e.g., Splunk, Logstash) is enabled (ansible#4181)
  • Fixed a bug which causes slow stdout display when running jobs against smart inventories. (ansible#3106)
  • Fixed a bug that caused SSL verification flags to fail to be respected for LDAP authentication in certain environments. (ansible#4190)
  • Added a simple Content Security Policy (https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) to restrict access to third-party resources in the browser. (ansible#4167)
  • Updated ovirt4 library dependencies to work with newer versions of oVirt (ansible#4138)

5.0.0 (Jun 21, 2019)

  • Bump Django Rest Framework from 3.7.7 to 3.9.4
  • Bump setuptools / pip dependencies
  • Fixed bug where Recent Notification list would not appear
  • Added notifications on job start
  • Default to Ansible 2.8