Chapter 2. Overview of the Ansible Automation Platform 2.4 release

2.1. New features and enhancements

Ansible Automation Platform 2.4 includes the following enhancements:

  • Previously, the execution environment container images were based on RHEL 8 only. With Ansible Automation Platform 2.4 onwards, the execution environment container images are now also available on RHEL 9. The execution environment includes the following container images:

    • ansible-python-base
    • ansible-python-toolkit
    • ansible-builder
    • ee-minimal
    • ee-supported
  • The ansible-builder project recently released Ansible Builder version 3, a much-improved and simplified approach to creating execution environments. You can use the following configuration YAML keys with Ansible Builder version 3:

    • additional_build_files
    • additional_build_steps
    • build_arg_defaults
    • dependencies
    • images
    • options
    • version
  • Ansible Automation Platform 2.4 and later versions can now run on ARM platforms, including both the control plane and the execution environments.
  • Added an option to configure the SSO logout URL for automation hub if you need to change it from the default value.
  • Updated the ansible-lint RPM package to version 6.14.3.
  • Updated Django for potential denial-of-service vulnerability in file uploads (CVE-2023-24580).
  • Updated sqlparse for ReDOS vulnerability (CVE-2023-30608).
  • Updated Django for potential denial-of-service in Accept-Language headers (CVE-2023-23969).
  • Ansible Automation Platform 2.4 adds the ability to install automation controller, automation hub, and Event-Driven Ansible on IBM Power (ppc64le), IBM Z (s390x), and IBM® LinuxONE (s390x) architectures.

Additional resources

2.2. Technology Preview

Technology Preview features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

The following are Technology Preview features:

  • Starting with Ansible Automation Platform 2.4, the Platform Resource Operator can be used to create the following resources in automation controller by applying YAML to your OpenShift cluster:

    • Inventories
    • Projects
    • Instance Groups
    • Credentials
    • Schedules
    • Workflow Job Templates
    • Launch Workflows

You can now configure the Controller Access Token for each resource with the connection_secret parameter, rather than the tower_auth_secret parameter. This change is compatible with earlier versions, but the tower_auth_secret parameter is now deprecated and will be removed in a future release.

Additional resources

2.3. Deprecated and removed features

Deprecated functionality is still included in Ansible Automation Platform and continues to be supported. However, the functionality will be removed in a future release of Ansible Automation Platform and is not recommended for new deployments.

The following functionality was deprecated and removed in Ansible Automation Platform 2.4:

  • On-premise component automation services catalog is now removed from Ansible Automation Platform 2.4 onwards.
  • With the Ansible Automation Platform 2.4 release, the execution environment container image for Ansible 2.9 (ee-29-rhel-8) is no longer loaded into the automation controller configuration by default.
  • Although you can still synchronize content, the use of synclists is deprecated and will be removed in a later release. Instead, private automation hub administrators can upload manually-created requirements files from the rh-certified remote.
  • You can now configure the Controller Access Token for each resource with the connection_secret parameter, rather than the tower_auth_secret parameter. This change is compatible with earlier versions, but the tower_auth_secret parameter is now deprecated and will be removed in a future release.
  • Smart inventories have been deprecated in favor of constructed inventories and will be removed in a future release.

2.4. Bug fixes

Ansible Automation Platform 2.4 includes the following bug fixes:

  • Updated the installation program to ensure that collection auto signing cannot be enabled without enabling the collection signing service.
  • Fixed an issue with restoring backups when the installed automation controller version is different from the backup version.
  • Fixed an issue with not adding user defined galaxy-importer settings to galaxy-importer.cfg file.
  • Added missing X-Forwarded-For header information to nginx logs.
  • Removed unnecessary receptor peer name validation when IP address is used as the name.
  • Updated the outdated base_packages.txt file that is included in the bundle installer.
  • Fixed an issue where upgrading the Ansible Automation Platform did not update the nginx package by default.
  • Fixed an issue where an awx user was created without creating an awx group on execution nodes.
  • Fixed the assignment of package version variable to work with flat file inventories.
  • Added a FQDN check for the automation hub hostname required to run the Skopeo commands.
  • Fixed the front end URL for Red Hat Single Sign On (SSO) so it is now properly configured after you specify the sso_redirect_host variable.
  • Fixed the variable precedence for all component nginx_tls_files_remote variables.
  • Fixed the setup.sh script to escalate privileges if necessary for installing Ansible Automation Platform.
  • Fixed an issue when restoring a backup to an automation hub with a different hostname.