Red Hat SummitUpgrade from 2.4 to 2.6
It is possible for customers to upgrade directly from the latest 2.4 version to 2.6. On startup, 2.6 platform services rename their service-specific roles to platform-wide roles, as shown in the following table.
| 2.4 role | 2.6 equivalent |
|---|---|
| Automation controller auditor |
Platform auditor |
| Automation controller superuser/administrator (flag) |
Platform superuser/administrator (flag) |
| Automation controller organization admin |
Organization Administrator |
| Automation controller organization member |
Organization member |
| Automation controller team admin |
Team administrator |
| Automation hub administrator |
Team member (user) |
| Automation controller team member (user) |
Team member (user) |
| Automation hub team member (user) |
Team member (user) |
Additionally, note the following behavior when upgrading to 2.6:
- After upgrading, automation controller entity relationships, such as user associations with organizations, teams, or role sets, remain consistent in platform gateway. This applies to both existing entities moved during the upgrade and any new entities (users, teams, organizations) created in automation controller and subsequently moved in a 2.6 environment.
- Automation controller user types (normal, superuser and auditor) are mapped to platform gateway user types during the upgrade process.
- Where team names match between automation hub and platform gateway, for example, "Team A" exists in both, user memberships from automation hub are transferred to the corresponding team in platform gateway. This reduces the need to manually re-create memberships.
- If users exist only in automation hub, they are not moved to [Gateway]. You must manually re-create these users after upgrading. However, if a user has the same username in both automation controller and automation hub, the automation controller account is part of the regular data movement. Users who are not migrated need to have their passwords reset, but should keep the same permissions.
- Data movement also moves private automation hub but excludes Event-Driven Ansible data.
- Event-Driven Ansible users are not moved to platform gateway and must be recreated manually after upgrading.
- Automation hub users must be recreated if they cannot be moved as part of the upgrade. A user might not be migrated for the following reasons:
- The user’s account exists only in automation hub and not in automation controller.
- Duplicate usernames exist in both automation hub and automation controller, but they belong to different people.
- A discrepancy in the username, email, or other identifying attributes exists between the two services, which prevents the system from correctly merging the accounts.
- Automation hub admins are converted to normal users if they are able to be merged with automation controller users.
- The automation controller UI is updated to reflect the automation controller data moved as platform-level entities along with their roles.
- The automation controller setting Organization Admins Can Manage Users and Teams applies to organization admins in 2.6.
Nested team behavior changes
Ansible Automation Platform 2.5 and later versions no longer support nested team structures. This affects the UI, API, and collections.
In version 2.4, users could inherit permissions from multiple teams simultaneously through nested team structures created using REST APIs and collections. For example, a user on Team A could inherit permissions for Team B if Team B was nested under Team A (User
During an upgrade from Ansible Automation Platform 2.4 to 2.6, nested teams are converted to a direct user-to-teams mapping. This means that instead of inheriting permissions through a nested structure, users are directly assigned to each team they have permissions for. For instance, if a user previously had permissions through "User
Impact and planning
- Users can still belong to one or more teams and simultaneously inherit permissions from those teams.
- Organizations that use integrations or automations with nested teams in their 2.4 deployment must plan to change this structure to a direct user-to-teams mapping.
Before upgrading from Ansible Automation Platform 2.4, change any integrations or automations that implement nested teams to a direct user-to-teams mapping to avoid unexpected behavior in 2.5 and later.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}