1
0
mirror of https://github.com/ansible/awx.git synced 2024-10-30 22:21:13 +03:00

Merge branch 'devel' into devel

This commit is contained in:
Yanis Guenane 2018-10-18 18:00:16 +02:00 committed by GitHub
commit b185c1e0a2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 63 additions and 143 deletions

View File

@ -14,7 +14,7 @@ from awx.main.models import (JobEvent, AdHocCommandEvent, ProjectUpdateEvent,
from .base import BaseWorker
logger = logging.getLogger('awx.main.dispatch')
logger = logging.getLogger('awx.main.commands.run_callback_receiver')
class CallbackBrokerWorker(BaseWorker):

View File

@ -41,10 +41,10 @@ if social_django.__version__ != '2.1.0':
still works".format(social_django.__version__))
if django.__version__ != '1.11.11':
raise RuntimeError("Django version other than 1.11.11 detected {}. \
if django.__version__ != '1.11.16':
raise RuntimeError("Django version other than 1.11.16 detected {}. \
Inherit from WSGIHandler to support short-circuit Django Middleware. \
This is known to work for Django 1.11.11 and may not work with other, \
This is known to work for Django 1.11.16 and may not work with other, \
even minor, versions.".format(django.__version__))

View File

@ -1,133 +0,0 @@
3.3.0
=====
* Allow relaunching jobs on a subset of hosts, by status.[[#219](https://github.com/ansible/awx/issues/219)]
* Added `ask_variables_on_launch` to workflow JTs.[[#497](https://github.com/ansible/awx/issues/497)]
* Added `diff_mode` and `verbosity` fields to WFJT nodes.[[#555](https://github.com/ansible/awx/issues/555)]
* Block creation of schedules when variables not allowed are given.
Block similar cases for WFJT nodes.[[#478](https://github.com/ansible/awx/issues/478)]
* Changed WFJT node `credential` to many-to-many `credentials`.
* Saved Launch-time configurations feature - added WFJT node promptable fields to schedules,
added `extra_data` to WFJT nodes, added "schedule this job" endpoint.
[[#169](https://github.com/ansible/awx/issues/169)]
* Switch from `credential`, `vault_credential`, and `extra_credentials` fields to
single `credentials` relationship, allow multiple vault credentials [[#352](https://github.com/ansible/awx/issues/352)].
* Make inventory parsing errors fatal, and only enable the `script`
inventory plugin for job runs and vendored inventory
updates[[#864](https://github.com/ansible/awx/issues/864)]
* Add related `credentials` endpoint for inventory updates to be more internally
consistent with job templates, model changes for [[#277](https://github.com/ansible/awx/issues/277)]
* Removed `TOWER_HOST` as a default environment variable in job running environment
due to conflict with tower credential type. Playbook authors should replace their
use with `AWX_HOST`. [[#1727](https://github.com/ansible/awx/issues/1727)]
* Boolean fields for custom credential types will now always default extra_vars and
environment variables to `False` when a value is not provided. [[#2038](https://github.com/ansible/tower/issues/2038)]
* Add validation to prevent string "$encrypted$" from becoming a literal
survey question default [[#518](https://github.com/ansible/awx/issues/518)].
* Enable the `--export` option for `ansible-inventory` via the environment
variable [[#1253](https://github.com/ansible/awx/pull/1253)] so that
group `variables` are imported to the group model.
* Prevent unwanted entries in activity stream due to `modified` time changes.
* API based deep copy feature via related `/api/v2/resources/N/copy/` endpoint
[[#283](https://github.com/ansible/awx/issues/283)].
* Container Cluster-based dynamic scaling provisioning / deprovisioning instances,
allow creating / modifying instance groups from the API, introduce instance
group policies, consider both memory and CPU constraints, add the ability
to disable nodes without removing them from the cluster
[[#196](https://github.com/ansible/awx/issues/196)].
* Add additional organization roles [[#166](https://github.com/ansible/awx/issues/166)].
* Support fact caching for isolated instances [[#198](https://github.com/ansible/awx/issues/198)].
* Graphical UI for network inventory [[#611](https://github.com/ansible/awx/issues/611)].
* Restrict viewing and editing network UI canvas to users with inventory `admin_role`.
* Implement per-template, project, organization `custom_virtualenv`, a field that
allows users to select one of multiple virtual environments set up on the filesystem
[[#34](https://github.com/ansible/awx/issues/34)].
* Use events for running inventory updates, project updates, and other unified job
types [[#200](https://github.com/ansible/awx/issues/200)].
* Prevent deletion of jobs when event processing is still ongoing.
* Prohibit job template callback when `inventory` is null
[[#644](https://github.com/ansible/awx/issues/644)].
* Impose stricter criteria to admin users - organization admin role now
necessary for all organizations target user is member of.
* Remove unused `admin_role` associated with users.
* Enforce max value for `SESSION_COOKIE_AGE`
[[#1651](https://github.com/ansible/awx/issues/1651)].
* Add stricter validation to `order_by` query params
[[#776](https://github.com/ansible/awx/issues/776)].
* Consistently log uncaught task exceptions [[#1257](https://github.com/ansible/awx/issues/1257)].
* Do not show value of variable of `with_items` iteration when `no_log` is set.
* Change external logger to lazily create handler from settings on every log
emission, replacing server restart. Allows use in OpenShift deployments.
* Allow job templates using previously-synced git projects to run without network
access to source control [[#287](https://github.com/ansible/awx/issues/287)].
* Automatically run a project update if sensitive fields change like `scm_url`.
* Disallow relaunching jobs with `execute_role` if another user provided prompts.
* Show all teams to organization admins if setting `ORG_ADMINS_CAN_SEE_ALL_USERS` is enabled.
* Allow creating schedules and workflow nodes from job templates that use
credentials which prompt for passwords if `ask_credential_on_launch` is set.
* Set `execution_node` in task manager and submit `waiting` jobs to only the
queue for the specific instance job is targeted to run on
[[#1873](https://github.com/ansible/awx/issues/1873)].
* Switched authentication to Django sessions.
* Implemented OAuth2 support for token based authentication [[#21](https://github.com/ansible/awx/issues/21)].
* Added the ability to forcibly expire sessions through `awx-manage expire_sessions`.
* Disallowed using HTTP PUT/PATCH methods to modify existing jobs in Job Details API endpoint.
* Changed the name of the session length setting from `AUTH_TOKEN_EXPIRATION` to `SESSION_COOKIE_AGE`.
* Changed the name of the session length setting from `AUTH_TOKEN_PER_USER` to `SESSIONS_PER_USER`.
* External logging now defaults to HTTPS (instead of HTTP) *unless* http:// is explicitly specified in the log aggregator hostname [[#2048](https://github.com/ansible/awx/issues/2048)]
* Added `inventory` field to inventory updates
3.2.0
=====
* added a new API endpoint - `/api/v1/settings/logging/test/` - for testing
external log aggregrator connectivity
[[#5164](https://github.com/ansible/ansible-tower/issues/5164)]
* allow passing `-e create_preload_data=False` to skip creating default
organization/project/inventory/credential/job_template during Tower
installation
[[#5746](https://github.com/ansible/ansible-tower/issues/5746)]
* removed links from group to `inventory_source` including the field and
related links, removed `start` and `schedule` capabilities from
group serializer and added `user_capabilities` to inventory source
serializer, allow user creation and naming of inventory sources
[[#5741](https://github.com/ansible/ansible-tower/issues/5741)]
* support sourcing inventory from a file inside of a project's source
tree [[#2477](https://github.com/ansible/ansible-tower/issues/2477)]
* added support for custom cloud and network credential types, which give the
customer the ability to modify environment variables, extra vars, and
generate file-based credentials (such as file-based certificates or .ini
files) at `ansible-playbook` runtime
[[#5876](https://github.com/ansible/ansible-tower/issues/5876)]
* added support for assigning multiple cloud and network credential types on
`JobTemplates`. ``JobTemplates`` can prompt for "extra credentials" at
launch time in the same manner as promptable machine credentials
[[#5807](https://github.com/ansible/ansible-tower/issues/5807)]
[[#2913](https://github.com/ansible/ansible-tower/issues/2913)]
* custom inventory sources can now specify a ``Credential``; you
can store third-party credentials encrypted within Tower and use their
values from within your custom inventory script (by - for example - reading
an environment variable or a file's contents)
[[#5879](https://github.com/ansible/ansible-tower/issues/5879)]
* Added support for configuring groups of instance nodes to run tower
jobs [[#5898](https://github.com/ansible/ansible-tower/issues/5898)]
* Fixed an issue installing Tower on multiple nodes where cluster
internal node references are used
[[#6231](https://github.com/ansible/ansible-tower/pull/6231)]
* Tower now uses a modified version of [Fernet](https://github.com/fernet/spec/blob/master/Spec.md).
Our `Fernet256` class uses `AES-256-CBC` instead of `AES-128-CBC` for all encrypted fields.
[[#826](https://github.com/ansible/ansible-tower/issues/826)]
* Added the ability to set custom environment variables set for playbook runs,
inventory updates, project updates, and notification sending.
[[#3508](https://github.com/ansible/ansible-tower/issues/3508)]
* Added --diff mode to Job Templates and Ad-Hoc Commands. The diff can be found in the
standard out when diff mode is enabled. [[#4525](https://github.com/ansible/ansible-tower/issues/4325)]
* Support accessing some Tower resources via their name-related unique identifiers apart from primary keys.
(named URL) [[#3362](https://github.com/ansible/ansible-tower/issues/3362)]
* Support TACACS+ authentication. [[#3400](https://github.com/ansible/ansible-tower/issues/3400)]
* Support sending system logs to external log aggregators via direct TCP/UDP connection.
[[#5783](https://github.com/ansible/ansible-tower/pull/5783)]
* Remove Rackspace as a supported inventory source type and credential type.
[[#6117](https://github.com/ansible/ansible-tower/pull/6117)]
* Changed names of tower-mange commands `register_instance` -> `provision_instance`,
`deprovision_node` -> `deprovision_instance`, and `instance_group_remove` -> `remove_from_queue`,
which backward compatibility support for 3.1 use pattern
[[#6915](https://github.com/ansible/ansible-tower/issues/6915)]

View File

@ -2,11 +2,64 @@
The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network.
# Configure LDAP Authentication
Please see the Tower documentation as well as Ansible blog posts for basic LDAP configuration.
Please see the Tower documentation as well as Ansible blog posts for basic LDAP configuration.
LDAP Authentication provides duplicate sets of configuration fields for authentication with up to six different LDAP servers.
LDAP Authentication provides duplicate sets of configuration fields for authentication with up to six different LDAP servers.
The default set of configuration fields take the form `AUTH_LDAP_<field name>`. Configuration fields for additional ldap servers are numbered `AUTH_LDAP_<n>_<field name>`.
## Test environment setup
Please see README.md of this repository: https://github.com/jangsutsr/deploy_ldap.git.
# Basic setup for FreeIPA
LDAP Server URI (append if you have multiple LDAPs)
`ldaps://{{serverip1}}:636`
LDAP BIND DN (How to create a bind account in [FreeIPA](https://www.freeipa.org/page/Creating_a_binddn_for_Foreman)
`uid=awx-bind,cn=sysaccounts,cn=etc,dc=example,dc=com`
LDAP BIND PASSWORD
`{{yourbindaccountpassword}}`
LDAP USER DN TEMPLATE
`uid=%(user)s,cn=users,cn=accounts,dc=example,dc=com`
LDAP GROUP TYPE
`NestedMemberDNGroupType`
LDAP GROUP SEARCH
```
[
"cn=groups,cn=accounts,dc=example,dc=com",
"SCOPE_SUBTREE",
"(objectClass=groupOfNames)"
]
```
LDAP USER ATTRIBUTE MAP
```
{
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
```
LDAP USER FLAGS BY GROUP
```
{
"is_superuser": "cn={{superusergroupname}},cn=groups,cn=accounts,dc=example,dc=com"
}
```
LDAP ORGANIZATION MAP
```
{
"{{yourorganizationname}}": {
"admins": "cn={{admingroupname}},cn=groups,cn=accounts,dc=example,dc=com",
"remove_admins": false
}
}
```

View File

@ -83,7 +83,7 @@
restart_policy: unless-stopped
image: "{{ awx_web_docker_actual_image }}"
volumes:
- "{{ project_data_dir + ':/var/lib/awx/projects:rw' if project_data_dir is defined else [] }}"
- "{{ project_data_dir + ':/var/lib/awx/projects:z' if project_data_dir is defined else [] }}"
- "{{ ca_trust_dir + ':/etc/pki/ca-trust/source/anchors:ro' if ca_trust_dir is defined else [] }}"
user: root
ports:
@ -125,7 +125,7 @@
image: "{{ awx_task_docker_actual_image }}"
volumes: >
{{
[project_data_dir + ':/var/lib/awx/projects:rw'] if project_data_dir is defined else []
[project_data_dir + ':/var/lib/awx/projects:z'] if project_data_dir is defined else []
+ [ca_trust_dir + ':/etc/pki/ca-trust/source/anchors:ro'] if ca_trust_dir is defined else []
}}
links: "{{ awx_task_container_links|list }}"

View File

@ -7,7 +7,7 @@ channels==1.1.8
celery==4.2.1
daphne==1.3.0 # Last before backwards-incompatible channels 2 upgrade
decorator==4.2.1
Django==1.11.11
Django==1.11.16
django-auth-ldap==1.2.8
django-crum==0.7.2
django-extensions==2.0.0

View File

@ -37,7 +37,7 @@ django-radius==1.1.0
django-solo==1.1.3
django-split-settings==0.3.0
django-taggit==0.22.2
django==1.11.11
django==1.11.16
djangorestframework-yaml==1.0.3
djangorestframework==3.7.7
enum34==1.1.6 # via cryptography