Scribd
Upload
313 views30 pages

Red Hat Ansible Automation Platform-2.4-Red Hat Ansible Automation Platform Release Notes-En-Us

Uploaded by

AJAY KUMAR
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
313 views30 pages

Red Hat Ansible Automation Platform-2.4-Red Hat Ansible Automation Platform Release Notes-En-Us

Uploaded by

AJAY KUMAR
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 30

Red Hat Ansible Automation Platform

2.4

Red Hat Ansible Automation Platform Release


Notes

New features, enhancements, and bug fix information

Last Updated: 2023-11-30


Red Hat Ansible Automation Platform 2.4 Red Hat Ansible Automation
Platform Release Notes
New features, enhancements, and bug fix information
Legal Notice
Copyright © 2023 Red Hat, Inc.

The text of and illustrations in this document are licensed by Red Hat under a Creative Commons
Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is
available at
http://creativecommons.org/licenses/by-sa/3.0/
. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must
provide the URL for the original version.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert,
Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift,
Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States
and other countries.

Linux ® is the registered trademark of Linus Torvalds in the United States and other countries.

Java ® is a registered trademark of Oracle and/or its affiliates.

XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States
and/or other countries.

MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and
other countries.

Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the
official Joyent Node.js open source or commercial project.

The OpenStack ® Word Mark and OpenStack logo are either registered trademarks/service marks
or trademarks/service marks of the OpenStack Foundation, in the United States and other
countries and are used with the OpenStack Foundation's permission. We are not affiliated with,
endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.

All other trademarks are the property of their respective owners.

Abstract
This guide provides a summary of new features, enhancements, and bug fix information for Red Hat
Ansible Automation Platform.
Table of Contents

Table of Contents
. . . . . . . . . .OPEN
MAKING . . . . . . SOURCE
. . . . . . . . . .MORE
. . . . . . .INCLUSIVE
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4. . . . . . . . . . . . .

. . . . . . . . . . . . . FEEDBACK
PROVIDING . . . . . . . . . . . . ON
. . . .RED
. . . . .HAT
. . . . .DOCUMENTATION
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5. . . . . . . . . . . . .

.CHAPTER
. . . . . . . . . . 1.. .OVERVIEW
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6. . . . . . . . . . . . .
1.1. WHAT’S INCLUDED IN ANSIBLE AUTOMATION PLATFORM 6
1.2. RED HAT ANSIBLE AUTOMATION PLATFORM LIFE CYCLE 6
1.3. UPGRADING ANSIBLE AUTOMATION PLATFORM 6

.CHAPTER
. . . . . . . . . . 2.
. . RED
. . . . . HAT
. . . . . ANSIBLE
. . . . . . . . . .AUTOMATION
. . . . . . . . . . . . . . . PLATFORM
. . . . . . . . . . . . .2.4
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7. . . . . . . . . . . . .
2.1. ANSIBLE AUTOMATION PLATFORM 2.4 7
2.1.1. New features and enhancements 7
2.1.2. Deprecated and removed features 8
2.1.3. Bug fixes 8
2.1.4. Technology Preview 9
2.2. AUTOMATION CONTROLLER 10
2.3. EVENT-DRIVEN ANSIBLE 10
2.4. AUTOMATION HUB 11
2.5. AUTOMATION PLATFORM OPERATOR 12
2.6. ANSIBLE AUTOMATION PLATFORM DOCUMENTATION 12
2.7. BUNDLE INSTALLER RELEASE 2.4-3 13
2.7.1. Ansible Automation Platform 13
2.7.2. Ansible Builder 13
2.7.3. Automation controller 13
2.7.4. Event-Driven Ansible 14
2.8. BUNDLE INSTALLER RELEASE 2.4-2.4 15
2.8.1. Ansible Automation Platform 16
2.8.2. Automation controller 16
2.9. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER RELEASE 2.4-2.3 16
2.9.1. Ansible Automation Platform 16
2.10. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER RELEASE 2.4-2.2 17
2.10.1. Ansible Automation Platform 17
2.10.2. Automation controller 17
2.11. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER RELEASE 2.4-2.1 17
2.11.1. Ansible Automation Platform 17
2.11.2. Automation controller 18
2.11.3. Automation hub 18
2.12. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER RELEASE 2.4-2 18
2.12.1. Ansible Automation Platform 18
2.12.2. Automation controller 19
2.12.3. Automation hub 20
2.13. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER RELEASE 2.4-1.4 21
2.13.1. Automation controller 21
2.14. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER RELEASE 2.4-1.3 21
2.14.1. Automation controller 21
2.14.2. Event-Driven Ansible 22
2.15. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER RELEASE 2.4-1.2 23
2.15.1. Automation controller 23
2.15.2. Creator Tools 24
2.15.3. Event-Driven Ansible 25
2.16. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER RELEASE 2.4-1.1 25
2.16.1. Ansible Automation Platform 25

1
Red Hat Ansible Automation Platform 2.4 Red Hat Ansible Automation Platform Release Notes

2.16.2. Automation hub 25

2
Table of Contents

3
Red Hat Ansible Automation Platform 2.4 Red Hat Ansible Automation Platform Release Notes

MAKING OPEN SOURCE MORE INCLUSIVE


Red Hat is committed to replacing problematic language in our code, documentation, and web
properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the
enormity of this endeavor, these changes will be implemented gradually over several upcoming releases.
For more details, see our CTO Chris Wright’s message .

4
PROVIDING FEEDBACK ON RED HAT DOCUMENTATION

PROVIDING FEEDBACK ON RED HAT DOCUMENTATION


If you have a suggestion to improve this documentation, or find an error, please contact technical
support at https://access.redhat.com to create an issue on the Ansible Automation Platform Jira
project using the docs-product component.

5
Red Hat Ansible Automation Platform 2.4 Red Hat Ansible Automation Platform Release Notes

CHAPTER 1. OVERVIEW
Red Hat Ansible Automation Platform simplifies the development and operation of automation
workloads for managing enterprise application infrastructure lifecycles. It works across multiple IT
domains including operations, networking, security, and development, as well as across diverse hybrid
environments. Simple to adopt, use, and understand, Red Hat Ansible Automation Platform provides the
tools needed to rapidly implement enterprise-wide automation, no matter where you are in your
automation journey.

1.1. WHAT’S INCLUDED IN ANSIBLE AUTOMATION PLATFORM

Ansible Automation Automation hub Event-Driven Insights for


Automation controller Ansible controller Ansible
Platform Automation
Platform

2.4 4.4 1.0 hosted service


4.7

hosted
service

1.2. RED HAT ANSIBLE AUTOMATION PLATFORM LIFE CYCLE


Red Hat publishes a product life cycle page that identifies the levels of maintenance for each Ansible
Automation Platform release. Refer to Red Hat Ansible Automation Platform Life Cycle .

1.3. UPGRADING ANSIBLE AUTOMATION PLATFORM


Use the installer to perform upgrades to maintenance versions of Ansible Automation Platform. The
installer performs all necessary actions required to upgrade to the latest versions of Ansible Automation
Platform, including automation controller and private automation hub.

IMPORTANT

Do not use yum update to run upgrades. Use the installer instead.

Additional resources

Refer to the table in What’s included in Ansible Automation Platform for information on
maintenance releases of Ansible Automation Platform.

For more information on upgrading your Ansible Automation Platform, see the Red Hat Ansible
Automation Platform Upgrade and Migration Guide.

For procedures related to using the Ansible Automation Platform installer, see the Ansible
Automation Platform Installation Guide.

6
CHAPTER 2. RED HAT ANSIBLE AUTOMATION PLATFORM 2.4

CHAPTER 2. RED HAT ANSIBLE AUTOMATION PLATFORM 2.4


This release includes several enhancements, additions, and fixes that have been implemented in the Red
Hat Ansible Automation Platform.

2.1. ANSIBLE AUTOMATION PLATFORM 2.4


Red Hat Ansible Automation Platform simplifies the development and operation of automation
workloads for managing enterprise application infrastructure lifecycles. It works across many IT domains
including operations, networking, security, development, and across diverse hybrid environments.
Simple to adopt, use, and understand, Red Hat Ansible Automation Platform provides the tools needed
to rapidly implement enterprise-wide automation, no matter where you are in your automation journey.

2.1.1. New features and enhancements


This release of Ansible Automation Platform features the following enhancements:

Before this update, the execution environment container images were based on RHEL 8 only.
With Ansible Automation Platform 2.4 onwards, the execution environment container images
are now also available on RHEL 9. The execution environment includes the following container
images:

ansible-python-base

ansible-python-toolkit

ansible-builder

ee-minimal

ee-supported

The ansible-builder project recently released Ansible Builder version 3, a much-improved and
simplified approach to creating execution environments. You can use the following
configuration YAML keys with Ansible Builder version 3:

additional_build_files

additional_build_steps

build_arg_defaults

dependencies

images

options

version

For more information about using Ansible Builder version 3, see Ansible Builder Documentation and
Execution Environment Setup Reference .

Ansible Automation Platform 2.4 and later versions can now be run on ARM platforms, including
both the control plane and the execution environments.

Added an option to configure the SSO logout URL for automation hub if you need to change it
7
Red Hat Ansible Automation Platform 2.4 Red Hat Ansible Automation Platform Release Notes

Added an option to configure the SSO logout URL for automation hub if you need to change it
from the default value.

Updated the ansible-lint RPM package to version 6.14.3.

Updated Django for potential denial-of-service vulnerability in file uploads (CVE-2023-24580).

Updated sqlparse for ReDOS vulnerability (CVE-2023-30608).

Updated Django for potential denial-of-service in Accept-Language headers (CVE-2023-


23969).

2.1.2. Deprecated and removed features


Some features available in earlier releases have been deprecated or removed. Deprecated functionality
is still included in Ansible Automation Platform and continues to be supported. However, it will be
removed in a future release of this product and is not recommended for new deployments.

The following is a list of major functionality deprecated and removed within Ansible Automation
Platform 2.4:

On-premise component automation services catalog is now removed from Ansible Automation
Platform 2.4 onwards.

With the Ansible Automation Platform 2.4 release, the execution environment container image
for Ansible 2.9 (ee-29-rhel-8) is no longer loaded into the Automation Controller configuration
by default.

Although you can still synchronize content, the use of synclists is deprecated and will be
removed in a later release. Instead, private automation hub administrators can upload manually-
created requirements files from the rh-certified remote.

You can now configure the Controller Access Token for each resource with the
connection_secret parameter, rather than the old tower_auth_secret parameter. This change
is compatible with earlier versions, but the tower_auth_secret parameter is now deprecated
and will be removed in a future release.

Smart inventories have been deprecated in favor of constructed inventories and will be
removed in a future release.

2.1.3. Bug fixes


The following bugs were fixed in this release of Ansible Automation Platform:

The installer now ensures that collection auto signing cannot be enabled without enabling the
collection signing service.

Fixed an issue with restoring backups when the installed automation controller version is
different from the backup version.

Fixed an issue with not adding user defined galaxy-importer settings to galaxy-importer.cfg
file.

Added missing X-Forwarded-For header information to nginx logs.

Removed unnecessary receptor peer name validation when IP address is used as the name.

8
CHAPTER 2. RED HAT ANSIBLE AUTOMATION PLATFORM 2.4

Updated the outdated base_packages.txt file that is included in the bundle installer.

Fixed an issue where upgrading the Ansible Automation Platform did not update the nginx
package by default.

Fixed an issue where an awx user was created without creating an awx group on execution
nodes.

Fixed the assignment of package version variable to work with flat file inventories.

Added a FQDN check for the automation hub hostname required to run the Skopeo commands.

Fixed an issue such that the front end URL for Red Hat Single Sign On (SSO) is now properly
configured after you specify the sso_redirect_host variable.

Fixed the variable precedence for all component nginx_tls_files_remote variables.

Fixed the setup.sh script to escalate privileges if necessary for installing Ansible Automation
Platform.

Fixed an issue when restoring a backup to an automation hub with a different hostname.

2.1.4. Technology Preview


Some features in this release are currently classified as Technology Preview. Technology Preview
features offer early access to upcoming product features, enabling customers to test functionality and
give feedback during the development process. Note that Red Hat does not recommend using
Technology Preview features for production, and Red Hat SLAs do not support Technology Preview
functions.

The following are Technology Preview features:

Ansible Automation Platform 2.4 adds the ability to install the automation controller for IBM
Power (ppc64le), IBM Z (s390x), and IBM® LinuxONE (s390x) architectures.

Starting with Ansible Automation Platform 2.4, the Platform Resource Operator can be used to
create the following resources in automation controller by applying YAML to your OpenShift
cluster:

Inventories

Projects

Instance Groups

Credentials

Schedules

Workflow Job Templates

Launch Workflows

One notable change is that you can now configure the Controller Access Token for each resource with
the connection_secret parameter, rather than the old tower_auth_secret parameter. This change is
compatible with earlier versions, but the tower_auth_secret parameter is now deprecated and will be
removed in a future release.

9
Red Hat Ansible Automation Platform 2.4 Red Hat Ansible Automation Platform Release Notes

Additional resources

For the most recent list of Technology Preview features, see Ansible Automation Platform -
Preview Features.

For more information about support for Technology Preview features, see Red Hat Technology
Preview Features Support Scope.

For information regarding execution node enhancements on OpenShift deployments, see


Managing Capacity With Instances .

2.2. AUTOMATION CONTROLLER


Automation controller provides a standardized way to define, operate and delegate automation across
the enterprise. It also introduces new, exciting technologies and an enhanced architecture that enables
automation teams to scale and deliver automation rapidly to meet ever-growing business demand.

See Automation Controller Release Notes for 4.x for a full list of new features and enhancements.

2.3. EVENT-DRIVEN ANSIBLE


Event-Driven Ansible is the newest capability of Ansible Automation Platform that is designed to enable
automated response with user-defined, rules-based workflows. Event-Driven Ansible works by receiving
events from third party tools, deciding on the actions to take, and acting automatically.

Event-Driven Ansible is included in Ansible Automation Platform, making the platform even more
capable as a single enterprise automation solution. Using Event-Driven Ansible, domain experts can
easily create end-to-end fully automated Ops As Code scenarios for a broad array of use cases across
the IT landscape. By eliminating high-volume routine tasks and automatically responding to changing
conditions, teams are free to innovate more efficiently, and act consistently and accurately at scale.

Known issues

Both contributor and editor roles cannot set the AWX token. The AWX token can be set by
users with administrator roles only.

Activation-job pods do not have request limits.

The onboarding wizard does not request a controller token creation.

Users cannot filter through a list of tokens under the Controller Token tab.

Only the users with administrator rights can set or modify their passwords.

If there is a failure, an activation with restart policy set to Always is unable to restart the failed
activation.

Disabling and enabling an activation causes the restart count to increase by one count. This
behavior results in an incorrect restart count.

Podman pods must be executed with memory limits.

Long running activations with loads of events can cause an out of disk space issue.

Users can add multiple tokens even when only the first AWX token is used.

10
CHAPTER 2. RED HAT ANSIBLE AUTOMATION PLATFORM 2.4

A race condition occurs when creating and rapidly deleting an activation causes multiple errors.

When users filter any list, only the items that are on the list get filtered.

When ongoing activations start multiple jobs, a few jobs are not recorded in the audit logs.

When a job template fails, a few key attributes are missing in the event payload.

Restart policy in a Kubernetes deployment does not restart successful activations that are
marked as failed.

An incorrect status is reported for activations that are disabled or enabled.

If the run_job_template action fails, the rule is not counted as executed.

RHEL 9.2 activations cannot connect to the host.

Restarting the Event-Driven Ansible server can cause activation states to become stale.

Bulk deletion of rulebook activation lists is not consistent, and the deletion can be either
successful or unsuccessful.

When users access the detail screen of a rule audit, the related rulebook activation link is
broken.

Certain characters, such as hyphen (-), forward slash (/), and period (.), are not supported in the
event keys. Resolved in bundle installer release 2.4-3.

When there are more activations than available workers, disabling the activations incorrectly
shows them in running state. Resolved in bundle installer release 2.4-3.

Event-Driven Ansible activation pods are running out of memory on RHEL 9. Resolved in bundle
installer release 2.4-3.

When all workers are busy with activation processes, other asynchronous tasks are not executed,
such as importing projects. Resolved in bundle installer release 2.4-3.

2.4. AUTOMATION HUB


Automation hub allows you to discover and use new certified automation content from Red Hat Ansible
and Certified Partners. On Ansible automation hub, you can discover and manage Ansible Collections,
which is supported automation content developed by both partners and Red Hat for use cases such as
cloud automation, network automation, security automation, and more.

New features and enhancements

This release of automation hub provides repository management functionality. With repository
management, you can create, edit, delete, and move content between repositories.

Bug fixes

Fixed an issue in the collection keyword search which was returning an incorrect number of
results.

Added the ability to set OPT_REFERRALS option for LDAP, so that users can now successfully
log in to the automation hub by using their LDAP credentials.

11
Red Hat Ansible Automation Platform 2.4 Red Hat Ansible Automation Platform Release Notes

Fixed an error on the UI when redhat.openshift collection’s core dependency was throwing a
404 Not Found error.

Fixed an error such that the deprecated execution environments are now skipped while syncing
with registry.redhat.io.

2.5. AUTOMATION PLATFORM OPERATOR


Ansible Automation Platform Operator provides cloud-native, push-button deployment of new Ansible
Automation Platform instances in your OpenShift environment.

Bug fixes

Enabled configuration of resource requirements for automation controller init containers.

Added securityContext for Event-Driven Ansible Operator deployments to be Pod Security


Admission compliant.

Resolved error Controller: Error 413 Entity too large when doing bulk updates.

Ansible token is now obfuscated in YAML job details.

2.6. ANSIBLE AUTOMATION PLATFORM DOCUMENTATION


The documentation set for Red Hat Ansible Automation Platform 2.4 has had significant updates to
improve the experience for our customers and the Ansible community.

New features and enhancements

With the removal of the on-premise component automation services catalog from Ansible
Automation Platform 2.4 onwards, all automation services catalog documentation is removed
from the Ansible Automation Platform 2.4 documentation.

The following documents are created to help you install and use Event-Driven Ansible, the
newest capability of Ansible Automation Platform:

Getting Started with Event-Driven Ansible

Event Driven Ansible User Guide

In addition, sections of the Ansible Automation Platform Planning Guide and the Ansible Automation
Platform Installation Guide are updated to include instructions for planning and installing Event-Driven
Ansible.

The automation hub documentation has had significant reorganization to combine the content
spread across 9 separate documents into the following documents:

Getting started with automation hub


Use this guide to perform the initial steps required to use Red Hat automation hub as the
default source for Ansible collections content.
Managing content in automation hub
Use this guide to understand how to create and manage collections, content and
repositories in automation hub.
Red Hat Ansible Automation Platform Installation Guide

Use this guide to learn how to install Ansible Automation Platform based on supported
12
CHAPTER 2. RED HAT ANSIBLE AUTOMATION PLATFORM 2.4

Use this guide to learn how to install Ansible Automation Platform based on supported
installation scenarios.

The Managing Red Hat Certified and Ansible Galaxy collections in automation hub guide has been
moved to the Red Hat Certified, validated, and Ansible Galaxy content in automation hub topic in
the Managing content in automation hub guide.

The Ansible Automation Platform 2.4 Release Notes are restructured to improve the experience
for our customers and the Ansible Community. Users can now view the latest updates based on
the Ansible Automation Platform versions, instead of their release timeline.

The topic Repository management with automation hub is created to help you create and
manage custom repositories in automation hub. This topic is found in the Managing content in
automation hub guide.

2.7. BUNDLE INSTALLER RELEASE 2.4-3


Red Hat Errata Advisory - Issued November 28, 2023

2.7.1. Ansible Automation Platform

Security fixes

receptor: golang: crypto/tls: panic when processing post-handshake message on QUIC


connections (CVE-2023-39321).

receptor: golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322).

Bug fixes

Fixed an ansible-lint compatibility issue with ansible-core.

Receptor now cleans up timed out connections.

2.7.2. Ansible Builder

New features and enhancements

Updated the default package manager to microdnf instead of dnf.

2.7.3. Automation controller

New features and enhancements

Added a setting to enable the queuing for Rsyslog to handle higher work volumes
(LOG_AGGREGATOR_ACTION_MAX_DISK_USAGE_GB).

Updated API endpoints to only show the product version header when the requester is
authenticated.

Bug fixes

Fixed wsrelay connection in IPv6 environments (OpenShift clusters) so that it no longer fails to
13
Red Hat Ansible Automation Platform 2.4 Red Hat Ansible Automation Platform Release Notes

Fixed wsrelay connection in IPv6 environments (OpenShift clusters) so that it no longer fails to
make connections.

Fixed a bug that prevented the dispatcher from exiting when the database failed.

2.7.4. Event-Driven Ansible

New features and enhancements

Enhanced the conditions to support non alpha numeric keys, using the square bracket syntax.

Added the ability to turn off autocomplete on the Event-Driven Ansible login screen.

Added support for running workflow templates in the Controller as one of the actions. The
action is run_workflow_template. For more information about the run_workflow_template
action, see Actions - run_workflow_template.

Added a separate worker queue for Event-Driven Ansible activations to not interfere with
application tasks such as project updates.

Improved the error messages received when an error occurs updating projects so they are
easier to understand.

Improved the management of workers with a standalone RQ scheduler.

Added a new field at the ruleset level called match_multiple_rules that is false by default (or
when the attribute is missing). This value can be set to true which will allow for multiple rule
matching.

Bug fixes

Fixed the automation controller URL check when installing Event-Driven Ansible without
controller.

Fixed a bug where the controller URL was not being set when running the workflow template.
The controller URL is now set for both the workflow template and job template.

Added the ability to skip SSL verification when syncing a Git project.

Updated the Controller job URL for the workflow template to point to the correct job.

Fixed a bug where sometimes an activation was set as failed when it should be stopped.

Fixed a bug where only the first event was displayed when a fact matches multiples rules.

Fixed a bug where Fired count and Number of rules had incorrect values.

Updated the help text on the Variables field.

Fixed a bug where ports for the source were not exposed correctly.

Fixed a bug where activations reported an incorrect state when the workers were not running.

Fixed an issue where background tasks were executed 60 seconds later than the scheduled
time.

Fixed a bug where audit event timestamps were incorrectly sorted.

14
CHAPTER 2. RED HAT ANSIBLE AUTOMATION PLATFORM 2.4

Fixed an unhandled exception that occurred when the request did not contain valid JSON.

Fixed a bug that occurred when a long-running activation on OpenShift Container Platform was
incorrectly marked as failed.

Fixed a 401 error response from AWX when port 443 was present in the controller URL.

Fixed a bug where ansible-rulebook would shutdown before it created an audit rule record.

Fixed a bug where editing a project to add a credential was not working.

Fixed a bug where the restarted_at field was missing in the activation view.

Fixed a bug where restarting a running activation in OpenShift Container Platform resulted in
unexpected behavior.

Added name and status filters to the /activations/{id}/instances endpoint.

Fixed a bug where deleting an activation caused an error.

Fixed a bug where the status of activations waiting for available workers was set to failed when
it should have been set to pending.

Fixed a bug where the activation’s status was set incorrectly in OpenShift Container Platform
when the activation workers were exhausted.

Fixed a bug where an audit rule with multiple actions was marked as successful when one of the
actions failed.

Fixed a bug where the rule’s Fire count would take 5 minutes to update.

Updated session stats to be sent when a rule fires in addition to being sent at timed intervals.

Fixed a bug that caused intermittent race conditions when deactivating activations.

Updated the welcome title in the Event-Driven Ansible UI.

Added a help message for the Image field in the Create Decision Environment form.

Added a check for a rulebook’s existence before running an activation.

Implemented bracket accessors for conditions to enable certain characters that are not
supported for event keys with dot notation.

Fixed a bug where Event-Driven Ansible activation pods were receiving out of memory errors on
RHEL 9.

Fixed a bug where activations got stuck in a running state after disabling the activation when
there were more activations than workers.

Fixed a bug where busy workers prevented other asynchronous tasks.

2.8. BUNDLE INSTALLER RELEASE 2.4-2.4


Red Hat Errata Advisory - Issued November 08, 2023

15
Red Hat Ansible Automation Platform 2.4 Red Hat Ansible Automation Platform Release Notes

2.8.1. Ansible Automation Platform

New features and enhancements

python3-urllib3/python39-urllib3 has been updated to 1.26.18.

Security fixes

python3-urllib3/python39-urllib3: Cookie request header is not stripped during cross-origin


redirects (CVE-2023-43804).

2.8.2. Automation controller

New features and enhancements

automation-controller has been updated to 4.4.7.

Security fixes

automation-controller: Django: Denial-of-service possibility in django.utils.text.Truncator (CVE-


2023-43665).

Bug fixes

Customers using the infra.controller_configuration collection (which uses ansible.controller


collection) to update their Ansible Automation Platform environment no longer receive an HTTP
499 response.

2.9. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER


RELEASE 2.4-2.3
Red Hat Errata Advisory - Issued October 19, 2023

2.9.1. Ansible Automation Platform

New features and enhancements

receptor has been updated to 1.4.2.

Security fixes

receptor: golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-
2023-44487] (CVE-2023-39325)

receptor: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid
Reset Attack) (CVE-2023-44487)

receptor: golang: crypto/tls: slow verification of certificate chains containing large RSA keys
(CVE-2023-29409)

2.10. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER


16
CHAPTER 2. RED HAT ANSIBLE AUTOMATION PLATFORM 2.4

2.10. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER


RELEASE 2.4-2.2
Red Hat Errata Advisory - Issued October 17, 2023

2.10.1. Ansible Automation Platform

New features and enhancements

ansible-core has been updated to 2.15.5.

python3-django/python39-django has been updated to 3.2.22.

galaxy-importer has been updated to 0.4.13.

Updated amazon.aws collection to 6.4.0 in ee-supported.

Security fixes

ansible-core: malicious role archive can cause ansible-galaxy to overwrite arbitrary files (CVE-
2023-5115)

python3-django/python39-django: Denial-of-service possibility in django.utils.text.Truncator


(CVE-2023-43665)

Bug fixes

Fixed ansible-compat dependency issue with ansible-lint.

2.10.2. Automation controller

New features and enhancements

automation-controller has been updated to 4.4.6.

Added a new Subscription Usage page to the controller UI to view historical usage of licenses.

Security fixes

automation-controller: Django: Potential denial of service vulnerability in


django.utils.encoding.uri_to_iri() (CVE-2023-41164)

2.11. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER


RELEASE 2.4-2.1
Red Hat Errata Advisory - Issued October 10, 2023

2.11.1. Ansible Automation Platform

New features and enhancements

Updated amazon.aws certified collection to 6.4.0.

17
Red Hat Ansible Automation Platform 2.4 Red Hat Ansible Automation Platform Release Notes

Bug fixes

Fixed ansible-compat dependency issue with ansible-lint.

2.11.2. Automation controller

New features and enhancements

automation-controller has been updated to 4.4.5.

Bug fixes

Fixed settings lookup to no longer leave some services in a supervisord FATAL unresponsive
state.

Replaced the SQL commands for creating a partition with the use of ATTACH PARTITION to
avoid exclusive table lock on event tables.

Fixed settings to allow simultaneous use of SOCIAL_AUTH_SAML_ORGANIZATION_ATTR


and SOCIAL_AUTH_SAML_ORGANIZATION_MAP for a given organization.

Fixed Content Security Policy (CSP) to enable Pendo retrieval.

Updated the Thycotic DevOps Secrets Vault credential plugin to allow for filtering based on
secret_field.

2.11.3. Automation hub

New features and enhancements

python3-galaxy-importer/python39-galaxy-importer has been updated to 0.4.13.

Added Event-Driven Ansible Content to the list of predefined tags.

python3-pulp-ansible/python39-pulp-ansible has been updated to 0.17.5.

Bug fixes

Updated ansible-lint to include an offline mode, which is enabled by default, to prevent


outbound network calls.

The users field in namespace data is now ignored during sync.

2.12. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER


RELEASE 2.4-2
Red Hat Errata Advisory - Issued September 25, 2023

2.12.1. Ansible Automation Platform

Bug fixes

Podman configurations are now correctly aligned to the Event-Driven Ansible home directory.

18
CHAPTER 2. RED HAT ANSIBLE AUTOMATION PLATFORM 2.4

Fixed an issue where the restore process failed to stop pulpcore-worker services on RHEL 9.

Fixed an issue with the awx-rsyslogd process where it starts with the wrong user.

Updated the inventory file to include SSL key and cert parameters for provided SSL web
certificates.

Fixed postgres sslmode for verify-full that affected external postgres and postgres signed for
127.0.0.1 for internally managed postgres.

Subject alt names for component hosts will now only be checked for signing certificates when
https is enabled.

Fixed the values used for signing installer managed certificates for internal postgres
installations.

Fixed the linger configuration for an Event-Driven Ansible user.

You can now mount the /var/lib/awx directory as a separate filesystem on execution nodes.

awx user configuration now supports rootless Podman.

You are now able to sync execution environment images in automation hub to automation
controller on upgrade.

The installer now correctly enforces only 1 Event-Driven Ansible host per Ansible Automation
Platform installation.

Added new variables for additional nginx configurations per component.

Added temporary file cleanup for Podman to prevent cannot re-exec process error during job
execution.

The installer will now properly generate a new SECRET_KEY for controller when running
setup.sh with the -k option.

2.12.2. Automation controller

New features and enhancements

automation-controller has been updated to 4.4.4.

Security fixes

python3-django/python39-django: Potential denial of service vulnerability in


django.utils.encoding.uri_to_iri() (CVE-2023-41164)

Bug fixes

Fixed job error handling so that error text from ansible-runner or Receptor is correctly
reported in cases that were previously shown as Job terminated due to error.

The constructed inventory edit form no longer hangs indefinitely in the loading state for users
with edit permissions.

Added views for a monthly summary of host metrics.

19
Red Hat Ansible Automation Platform 2.4 Red Hat Ansible Automation Platform Release Notes

Added host metrics to exported analytics data.

Introduced a periodic task and management command for cleaning up old host metrics.

Fixed a bug where rapidly clicking the launch button in the preview step would start many jobs.

Fixed incorrect capacity allocation for remote execution nodes when resource limits are set in
OpenShift.

2.12.3. Automation hub

New features and enhancements

automation-hub has been updated to 4.7.3.

python3-galaxy-ng/python39-galaxy-ng has been updated to 4.7.3.

python3-pulp-ansible/python39-pulp-ansible has been updated to 0.17.4.

Bug fixes

Fixed an issue where the default remote URL for the rh-certified repository would not work.

Added a legacy role download count to the UI.

Added a collection upload modal.

Added repository-related actions to the collection detail screen.

Added the ability to delete a collection and a collection version from the current repository only.

Enhanced the Repository List page with several UI updates:

Combined the sync status and last sync columns into a single column.

Added Labels and Private columns.

Added Pipeline, Private, and Remote filters.

Added Mirror and Optimize sync options when performing a repository sync.

Resolved an issue in community mode where the token page handled null expiration incorrectly.

Resolved an issue with the filter in the Repository list where it would partially reset when loading.

Resolved an issue on the approval dashboard where a Repository name not found error
occurred when the origin repository was not listed in the first page of results.

Resolved an issue on the Collections page where using the filter and resetting it would cause all
collection versions to display instead of just the latest collection version.

Improved the logic to select the most suitable distribution to use when uploading a collection to
staging.

2.13. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER


20
CHAPTER 2. RED HAT ANSIBLE AUTOMATION PLATFORM 2.4

2.13. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER


RELEASE 2.4-1.4
Red Hat Errata Advisory - Issued September 12, 2023

2.13.1. Automation controller

New features and enhancements

automation-controller has been updated to 4.4.3.

Security fixes

automation-controller: cryptography: memory corruption via immutable objects (CVE-2023-


23931)

automation-controller: GitPython: Insecure non-multi options in clone and clone_from is not


blocked (CVE-2023-40267)

python3-gitpython/python39-gitpython: Insecure non-multi options in clone and clone_from is


not blocked (CVE-2023-40267)

Bug fixes

Fixed a bug that caused a deadlock on shutdown when Redis was unavailable.

The login form no longer supports autocomplete on the password field due to security concerns.

2.14. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER


RELEASE 2.4-1.3
Red Hat Errata Advisory - Issued August 28, 2023

2.14.1. Automation controller

New features and enhancements

automation-controller has been updated to 4.4.2.

Security fixes

automation-controller: python-django: Potential regular expression denial of service


vulnerability in EmailValidator/URLValidator (CVE-2023-36053)

automation-controller: python-django: Potential denial-of-service vulnerability in file uploads


(CVE-2023-24580)

Bug fixes

Changing credential types by using the drop-down list in the Launch prompt window no longer
causes the screen to disappear.

Upgraded python dependencies which include upgrades from Django 3.2 to 4.2.3, psycopg2 to

21
Red Hat Ansible Automation Platform 2.4 Red Hat Ansible Automation Platform Release Notes

Upgraded python dependencies which include upgrades from Django 3.2 to 4.2.3, psycopg2 to
psycopg3, and additional libraries as needed. Also added a new setting in the UI exposing the
CSRF_TRUSTED_ORIGIN settings.

Fixed slow database UPDATE statements on the job events table which could cause a task
manager timeout.

Fixed an issue where adding a new label to a job through the Prompt On Launch option would
not add the label to the job details.

Added noopener and noreferrer attributes to controller UI links that were missing these
attributes.

Fixed the broken User Guide link in the Edit Subscription Details page.

Turned off auto-complete on the remaining controller UI forms that were missing that attribute.

The Add button on the credentials page is now accessible for users with the correct
permissions.

Fixed an unexpected error that occurred when adding a new host while using a manifest with size
10.

Fixed the Trial toggle when using a manifest file.

Applied environment variables from the AWX_TASK_ENV setting when running credential
lookup plugins.

Interrupted jobs (such as canceled jobs) no longer clear facts from hosts if the job ran on an
execution node.

Using a license that is missing a usage attribute no longer returns a 400 error.

Fixed sub-keys under data from HashiCorp Vault Secret Lookup responses to check for secrets,
if found.

Fixed Ansible facts to retry saving to hosts if there is a database deadlock.

2.14.2. Event-Driven Ansible

New features and enhancements

automation-eda-controller has been updated to 1.0.1.

Security fixes

automation-eda-controller: token exposed at importing project (CVE-2023-4380)

python3-cryptography/python39-cryptography: memory corruption via immutable objects


(CVE-2023-23931)

python3-django/python39-django: Potential regular expression denial of service vulnerability in


EmailValidator/URLValidator (CVE-2023-36053)

python3-requests/python39-requests: Unintended leak of Proxy-Authorization header (CVE-


2023-32681)

22
CHAPTER 2. RED HAT ANSIBLE AUTOMATION PLATFORM 2.4

Bug fixes

Contributor and editor roles now have permissions to access users and set the AWX token.

The onboarding wizard now requests controller token creation.

Corrected the filtering capability of the Rule Audit screens so that a search yields results with
the starts with function.

Enabling or disabling rulebook activation no longer increases the restarts counter by 1.

Filtering by a text string now displays all applicable items in the UI, including those that are not
visible in the list at that time.

Audit records are no longer missing when running activations with multiple jobs.

The event payload is no longer missing key attributes when a job template fails.

Fixed the Git token leak that occurs when importing a project fails.

The restart policy in Kubernetes (k8s) now restarts a successful activation that is incorrectly
marked as failed.

Activation statuses are now reported correctly, whether you are disabling or enabling them.

When the run_job_template action fails, ansible-rulebook prints an error log in the activation
output and creates an entry in rule audit so the user is alerted that the rule has failed.

When a user tries to bulk delete rulebook activations from the list, the request now completes
successfully and consistently.

The Rulebook Activation link now functions correctly in the Rule Audit Detail UI.

The ansible-rulebook now only connects to the controller if the rulebook being processed has a
run_job_template action.

Fixed a bug where some audit rule records had the wrong rulebook link.

Fixed a bug where only the first 10 audit rules had the right link.

Before this update, project credentials could not be updated if there was a change to the
credential used in the project. With this update credentials can be updated in a project with a
new or different credential.

The User Access section of the navigation panel no longer disappears after creating a decision
environment.

Fixed a bug where filtering for audit rules did not work properly on OpenShift Container
Platform.

2.15. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER


RELEASE 2.4-1.2
Red Hat Errata Advisory - Issued August 10, 2023

2.15.1. Automation controller

23
Red Hat Ansible Automation Platform 2.4 Red Hat Ansible Automation Platform Release Notes

New features and enhancements

automation-controller has been updated to 4.4.1.

Security fixes

automation controller: Html injection in custom login info (CVE-2023-3971)

Bug fixes

Organization admin users are no longer shown an error on the Instances list.

Fixed the workflow job within workflow approval to display the correct details.

Credential name search in the ad hoc commands prompt no longer requires case-sensitive
input.

The Back to list button in the controller UI now maintains previous search filters.

Topology view and Instances are only available as sidebar menu options to System
Administrators and System Auditors.

Fixed the frequency of the scheduler to run on the correct day of the week as specified by the
user.

Fixed an issue with slow database UPDATE statements when using nested tasks (include_tasks)
causing task manager timeout.

Added a setting to enable the queuing for Rsyslog to handle higher work volumes
(LOG_AGGREGATOR_ACTION_MAX_DISK_USAGE_GB).

Added the ability to add execution and hop nodes to VM-based controller installations from the
UI.

Added the awx-manage command for creating future events table partitions.

Re-enabled Pendo support by providing the correct Pendo API key.

Added the ability to filter teams by using partial names in the dialog for granting teams access
to a resource.

Fixed a bug where a weekly rrule string without a BYDAY value would result in the UI throwing a
TypeError.

Fixed a server error that happened when deleting workflow jobs ran before event partitioning
migration.

Added API reference documentation for the new bulk API endpoint.

Fixed a bug where forms provided in the custom login information would render and run.

Fixed an issue where related items were not visible in some cases. For example, job template
instance groups, organization galaxy credentials, and organization instance groups.

2.15.2. Creator Tools

24
CHAPTER 2. RED HAT ANSIBLE AUTOMATION PLATFORM 2.4

New features and enhancements

ansible-navigator has been updated to 3.4.1.

Bug fixes

Removed the introspect script from image_manager directory.

Fixed image introspect for long python metadata.

Fixed logging dependencies.

Fixed collections in stdout mode.

2.15.3. Event-Driven Ansible

New features and enhancements

ansible-rulebook has been updated to 1.0.1.

Bug fixes

Fixed an issue where the rule_run_at field was not sent to the websocket.

Do not try to connect with AWX when the no run_job_template action is used.

The number of simultaneously open connections to controller is now limited to 30.

2.16. ANSIBLE AUTOMATION PLATFORM 2.4 - BUNDLE INSTALLER


RELEASE 2.4-1.1
Red Hat Errata Advisory - Issued July 26, 2023

2.16.1. Ansible Automation Platform

New features and enhancements

Initial release of aap-metrics-utility.

Bug fixes

Fixed file permissions in setup bundle.

2.16.2. Automation hub

New features and enhancements

automation-hub has been updated to 4.7.1-2.

Bug fixes

Fixed issue using gpg key with passphrase for signing services.

25
Red Hat Ansible Automation Platform 2.4 Red Hat Ansible Automation Platform Release Notes

26

You might also like