Chapter 2. Overview of the Ansible Automation Platform 2.4 release
2.1. New features and enhancements
Ansible Automation Platform 2.4 includes the following enhancements:
Previously, the execution environment container images were based on RHEL 8 only. With Ansible Automation Platform 2.4 onwards, the execution environment container images are now also available on RHEL 9. The execution environment includes the following container images:
- ansible-python-base
- ansible-python-toolkit
- ansible-builder
- ee-minimal
- ee-supported
The ansible-builder project recently released Ansible Builder version 3, a much-improved and simplified approach to creating execution environments. You can use the following configuration YAML keys with Ansible Builder version 3:
- additional_build_files
- additional_build_steps
- build_arg_defaults
- dependencies
- images
- options
- version
- Ansible Automation Platform 2.4 and later versions can now run on ARM platforms, including both the control plane and the execution environments.
- Added an option to configure the SSO logout URL for automation hub if you need to change it from the default value.
- Updated the ansible-lint RPM package to version 6.14.3.
- Updated Django for potential denial-of-service vulnerability in file uploads (CVE-2023-24580).
- Updated sqlparse for ReDOS vulnerability (CVE-2023-30608).
- Updated Django for potential denial-of-service in Accept-Language headers (CVE-2023-23969).
- Ansible Automation Platform 2.4 adds the ability to install automation controller, automation hub, and Event-Driven Ansible on IBM Power (ppc64le), IBM Z (s390x), and IBM® LinuxONE (s390x) architectures.
Additional resources
- For more information about using Ansible Builder version 3, see Ansible Builder Documentation and Execution Environment Setup Reference.
2.2. Technology Preview
Technology Preview features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production.
For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.
The following are Technology Preview features:
Starting with Ansible Automation Platform 2.4, the Platform Resource Operator can be used to create the following resources in automation controller by applying YAML to your OpenShift cluster:
- Inventories
- Projects
- Instance Groups
- Credentials
- Schedules
- Workflow Job Templates
- Launch Workflows
You can now configure the Controller Access Token for each resource with the connection_secret
parameter, rather than the tower_auth_secret
parameter. This change is compatible with earlier versions, but the tower_auth_secret
parameter is now deprecated and will be removed in a future release.
Additional resources
- For the most recent list of Technology Preview features, see Ansible Automation Platform - Preview Features.
- For information about execution node enhancements on OpenShift deployments, see Managing Capacity With Instances.
2.3. Deprecated and removed features
Deprecated functionality is still included in Ansible Automation Platform and continues to be supported. However, the functionality will be removed in a future release of Ansible Automation Platform and is not recommended for new deployments.
The following functionality was deprecated and removed in Ansible Automation Platform 2.4:
- On-premise component automation services catalog is now removed from Ansible Automation Platform 2.4 onwards.
- With the Ansible Automation Platform 2.4 release, the execution environment container image for Ansible 2.9 (ee-29-rhel-8) is no longer loaded into the automation controller configuration by default.
-
Although you can still synchronize content, the use of synclists is deprecated and will be removed in a later release. Instead, private automation hub administrators can upload manually-created requirements files from the
rh-certified
remote. -
You can now configure the Controller Access Token for each resource with the
connection_secret
parameter, rather than thetower_auth_secret
parameter. This change is compatible with earlier versions, but thetower_auth_secret
parameter is now deprecated and will be removed in a future release. - Smart inventories have been deprecated in favor of constructed inventories and will be removed in a future release.
2.4. Bug fixes
Ansible Automation Platform 2.4 includes the following bug fixes:
- Updated the installation program to ensure that collection auto signing cannot be enabled without enabling the collection signing service.
- Fixed an issue with restoring backups when the installed automation controller version is different from the backup version.
-
Fixed an issue with not adding user defined galaxy-importer settings to
galaxy-importer.cfg
file. -
Added missing
X-Forwarded-For
header information to nginx logs. - Removed unnecessary receptor peer name validation when IP address is used as the name.
-
Updated the
outdated base_packages.txt
file that is included in the bundle installer. - Fixed an issue where upgrading the Ansible Automation Platform did not update the nginx package by default.
- Fixed an issue where an awx user was created without creating an awx group on execution nodes.
- Fixed the assignment of package version variable to work with flat file inventories.
- Added a FQDN check for the automation hub hostname required to run the Skopeo commands.
-
Fixed the front end URL for Red Hat Single Sign On (SSO) so it is now properly configured after you specify the
sso_redirect_host
variable. -
Fixed the variable precedence for all component
nginx_tls_files_remote
variables. - Fixed the setup.sh script to escalate privileges if necessary for installing Ansible Automation Platform.
- Fixed an issue when restoring a backup to an automation hub with a different hostname.