Chapter 2. Overview of the Ansible Automation Platform 2.4 release

• Previously, the execution environment container images were based on RHEL 8 only. With Ansible Automation Platform 2.4 onwards, the execution environment container images are now also available on RHEL 9. The execution environment includes the following container images:

  • ansible-python-base
  • ansible-python-toolkit
  • ansible-builder
  • ee-minimal
  • ee-supported

• The ansible-builder project recently released Ansible Builder version 3, a much-improved and simplified approach to creating execution environments. You can use the following configuration YAML keys with Ansible Builder version 3:

  • additional_build_files
  • additional_build_steps
  • build_arg_defaults
  • dependencies
  • images
  • options
  • version
• Ansible Automation Platform 2.4 and later versions can now run on ARM platforms, including both the control plane and the execution environments.
• Added an option to configure the SSO logout URL for automation hub if you need to change it from the default value.
• Updated the ansible-lint RPM package to version 6.14.3.
• Updated Django for potential denial-of-service vulnerability in file uploads (CVE-2023-24580).
• Updated sqlparse for ReDOS vulnerability (CVE-2023-30608).
• Updated Django for potential denial-of-service in Accept-Language headers (CVE-2023-23969).
• Ansible Automation Platform 2.4 adds the ability to install automation controller, automation hub, and Event-Driven Ansible on IBM Power (ppc64le), IBM Z (s390x), and IBM® LinuxONE (s390x) architectures.

Additional resources

• For more information about using Ansible Builder version 3, see Ansible Builder Documentation and Execution Environment Setup Reference.

• Starting with Ansible Automation Platform 2.4, the Platform Resource Operator can be used to create the following resources in automation controller by applying YAML to your OpenShift cluster:

  • Inventories
  • Projects
  • Instance Groups
  • Credentials
  • Schedules
  • Workflow Job Templates
  • Launch Workflows

• On-premise component automation services catalog is now removed from Ansible Automation Platform 2.4 onwards.
• With the Ansible Automation Platform 2.4 release, the execution environment container image for Ansible 2.9 (ee-29-rhel-8) is no longer loaded into the automation controller configuration by default.
• Although you can still synchronize content, the use of synclists is deprecated and will be removed in a later release. Instead, private automation hub administrators can upload manually-created requirements files from the rh-certified remote.
• You can now configure the Controller Access Token for each resource with the connection_secret parameter, rather than the tower_auth_secret parameter. This change is compatible with earlier versions, but the tower_auth_secret parameter is now deprecated and will be removed in a future release.
• Smart inventories have been deprecated in favor of constructed inventories and will be removed in a future release.

• Updated the installation program to ensure that collection auto signing cannot be enabled without enabling the collection signing service.
• Fixed an issue with restoring backups when the installed automation controller version is different from the backup version.
• Fixed an issue with not adding user defined galaxy-importer settings to galaxy-importer.cfg file.
• Added missing X-Forwarded-For header information to nginx logs.
• Removed unnecessary receptor peer name validation when IP address is used as the name.
• Updated the outdated base_packages.txt file that is included in the bundle installer.
• Fixed an issue where upgrading the Ansible Automation Platform did not update the nginx package by default.
• Fixed an issue where an awx user was created without creating an awx group on execution nodes.
• Fixed the assignment of package version variable to work with flat file inventories.
• Added a FQDN check for the automation hub hostname required to run the Skopeo commands.
• Fixed the front end URL for Red Hat Single Sign On (SSO) so it is now properly configured after you specify the sso_redirect_host variable.
• Fixed the variable precedence for all component nginx_tls_files_remote variables.
• Fixed the setup.sh script to escalate privileges if necessary for installing Ansible Automation Platform.
• Fixed an issue when restoring a backup to an automation hub with a different hostname.