Change failing PR to draft

.github/actions/awx_devel_image/action.yml

@@ -11,12 +11,6 @@ runs:
       shell: bash
       run: echo py_version=`make PYTHON_VERSION` >> $GITHUB_ENV
 
-    - name: Set lower case owner name
-      shell: bash
-      run: echo "OWNER_LC=${OWNER,,}" >> $GITHUB_ENV
-      env:
-        OWNER: '${{ github.repository_owner }}'
-
     - name: Log in to registry
       shell: bash
       run: |
@@ -24,11 +18,11 @@ runs:
 
     - name: Pre-pull latest devel image to warm cache
       shell: bash
-      run: docker pull ghcr.io/${OWNER_LC}/awx_devel:${{ github.base_ref }}
+      run: docker pull ghcr.io/${{ github.repository_owner }}/awx_devel:${{ github.base_ref }}
 
     - name: Build image for current source checkout
       shell: bash
       run: |
-        DEV_DOCKER_TAG_BASE=ghcr.io/${OWNER_LC} \
+        DEV_DOCKER_TAG_BASE=ghcr.io/${{ github.repository_owner }} \
         COMPOSE_TAG=${{ github.base_ref }} \
         make docker-compose-build

.github/actions/run_awx_devel/action.yml

@@ -35,7 +35,7 @@ runs:
     - name: Start AWX
       shell: bash
       run: |
-        DEV_DOCKER_OWNER=${{ github.repository_owner }} \
+        DEV_DOCKER_TAG_BASE=ghcr.io/${{ github.repository_owner }} \
         COMPOSE_TAG=${{ github.base_ref }} \
         COMPOSE_UP_OPTS="-d" \
         make docker-compose

.github/pr_labeler.yml

@@ -15,4 +15,5 @@
 
 "dependencies":
   - any: ["awx/ui/package.json"]
-  - any: ["requirements/*"]
+  - any: ["requirements/*.txt"]
+  - any: ["requirements/requirements.in"]

.github/workflows/devel_images.yml

@@ -9,43 +9,22 @@ on:
       - release_*
       - feature_*
 jobs:
-  push-development-images:
+  push:
+    if: endsWith(github.repository, '/awx') || startsWith(github.ref, 'refs/heads/release_')
     runs-on: ubuntu-latest
-    timeout-minutes: 120
+    timeout-minutes: 60
     permissions:
       packages: write
       contents: read
-    strategy:
-      fail-fast: false
-      matrix:
-        build-targets:
-          - image-name: awx_devel
-            make-target: docker-compose-buildx
-          - image-name: awx_kube_devel
-            make-target: awx-kube-dev-buildx
-          - image-name: awx
-            make-target: awx-kube-buildx
     steps:
-
-      - name: Skipping build of awx image for non-awx repository
-        run: |
-          echo "Skipping build of awx image for non-awx repository"
-          exit 0
-        if: matrix.build-targets.image-name == 'awx' && !endsWith(github.repository, '/awx')
-
       - uses: actions/checkout@v3
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+      - name: Get python version from Makefile
+        run: echo py_version=`make PYTHON_VERSION` >> $GITHUB_ENV
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Set GITHUB_ENV variables
+      - name: Set lower case owner name
         run: |
-          echo "DEV_DOCKER_TAG_BASE=ghcr.io/${OWNER,,}" >> $GITHUB_ENV
-          echo "COMPOSE_TAG=${GITHUB_REF##*/}" >> $GITHUB_ENV
-          echo py_version=`make PYTHON_VERSION` >> $GITHUB_ENV
+          echo "OWNER_LC=${OWNER,,}" >>${GITHUB_ENV}
         env:
           OWNER: '${{ github.repository_owner }}'
 
@@ -58,19 +37,23 @@ jobs:
         run: |
           echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
 
-      - name: Setup node and npm
-        uses: actions/setup-node@v2
-        with:
-          node-version: '16.13.1'
-        if: matrix.build-targets.image-name == 'awx'
-
-      - name: Prebuild UI for awx image (to speed up build process)
+      - name: Pre-pull image to warm build cache
         run: |
-          sudo apt-get install gettext
-          make ui-release
-          make ui-next
-        if: matrix.build-targets.image-name == 'awx'
+          docker pull ghcr.io/${OWNER_LC}/awx_devel:${GITHUB_REF##*/} || :
+          docker pull ghcr.io/${OWNER_LC}/awx_kube_devel:${GITHUB_REF##*/} || :
+          docker pull ghcr.io/${OWNER_LC}/awx:${GITHUB_REF##*/} || :
 
-      - name: Build and push AWX devel images
+      - name: Build images
         run: |
-          make ${{ matrix.build-targets.make-target }}
+          DEV_DOCKER_TAG_BASE=ghcr.io/${OWNER_LC} COMPOSE_TAG=${GITHUB_REF##*/} make docker-compose-build
+          DEV_DOCKER_TAG_BASE=ghcr.io/${OWNER_LC} COMPOSE_TAG=${GITHUB_REF##*/} make awx-kube-dev-build
+          DEV_DOCKER_TAG_BASE=ghcr.io/${OWNER_LC} COMPOSE_TAG=${GITHUB_REF##*/} make awx-kube-build
+
+      - name: Push development images
+        run: |
+          docker push ghcr.io/${OWNER_LC}/awx_devel:${GITHUB_REF##*/}
+          docker push ghcr.io/${OWNER_LC}/awx_kube_devel:${GITHUB_REF##*/}
+
+      - name: Push AWX k8s image, only for upstream and feature branches
+        run: docker push ghcr.io/${OWNER_LC}/awx:${GITHUB_REF##*/}
+        if: endsWith(github.repository, '/awx')

.github/workflows/feature_branch_deletion.yml

@@ -2,10 +2,12 @@
 name: Feature branch deletion cleanup
 env:
   LC_ALL: "C.UTF-8" # prevent ERROR: Ansible could not initialize the preferred locale: unsupported locale setting
-on: delete
+on:
+  delete:
+    branches:
+      - feature_**
 jobs:
-  branch_delete:
-    if: ${{ github.event.ref_type == 'branch' && startsWith(github.event.ref, 'feature_') }}
+  push:
     runs-on: ubuntu-latest
     timeout-minutes: 20
     permissions:
@@ -20,4 +22,6 @@ jobs:
         run: |
           ansible localhost -c local, -m command -a "{{ ansible_python_interpreter + ' -m pip install boto3'}}"
           ansible localhost -c local -m aws_s3 \
-            -a "bucket=awx-public-ci-files object=${GITHUB_REF##*/}/schema.json mode=delobj permission=public-read"
+            -a "bucket=awx-public-ci-files object=${GITHUB_REF##*/}/schema.json mode=delete permission=public-read"
+
+

.github/workflows/label_pr.yml

@@ -24,6 +24,38 @@ jobs:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
           configuration-path: .github/pr_labeler.yml
 
+  convert-to-draft:
+    runs-on: ubuntu-latest
+    name: Change failing PRS to draft
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - name: Set up Node.js
+      uses: actions/setup-node@v3
+      with:
+        node-version: 14
+
+    - name: Install dependencies
+      run: npm install -g github
+
+    - name: Check CI status
+      id: check-ci
+      run: |
+        status=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+                -H "Accept: application/vnd.github.v3+json" \
+                https://api.github.com/repos/${{ github.repository }}/commits/${{ github.sha }}/check-suites | \
+                jq -r '.check_suites[0].conclusion')
+        echo "CI Status: $status"
+        echo "::set-output name=ci_status::$status"
+
+    - name: Convert to Draft on CI Failure
+      if: steps.check-ci.outputs.ci_status == 'failure'
+      run: gh pr edit ${{ github.event.number }} --draft
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
   community:
     runs-on: ubuntu-latest
     timeout-minutes: 20

.github/workflows/promote.yml

@@ -83,15 +83,11 @@ jobs:
 
       - name: Re-tag and promote awx image
         run: |
-          docker buildx imagetools create \
-            ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} \
-            --tag quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
-          docker buildx imagetools create \
-            ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} \
-            --tag quay.io/${{ github.repository }}:latest
-
-      - name: Re-tag and promote awx-ee image
-        run: |
-          docker buildx imagetools create \
-            ghcr.io/${{ github.repository_owner }}/awx-ee:${{ github.event.release.tag_name }} \
-            --tag quay.io/${{ github.repository_owner }}/awx-ee:${{ github.event.release.tag_name }}
+          docker pull ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }}
+          docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
+          docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:latest
+          docker push quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
+          docker push quay.io/${{ github.repository }}:latest
+          docker pull ghcr.io/${{ github.repository_owner }}/awx-ee:${{ github.event.release.tag_name }}
+          docker tag ghcr.io/${{ github.repository_owner }}/awx-ee:${{ github.event.release.tag_name }} quay.io/${{ github.repository_owner }}/awx-ee:${{ github.event.release.tag_name }}
+          docker push quay.io/${{ github.repository_owner }}/awx-ee:${{ github.event.release.tag_name }}

.github/workflows/stage.yml

@@ -86,33 +86,27 @@ jobs:
             -e push=yes \
             -e awx_official=yes
 
-      - name: Log into registry ghcr.io
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d    # v3.0.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Log in to GHCR
+        run: |
+          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
 
-      - name: Log into registry quay.io
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d    # v3.0.0
-        with:
-          registry: quay.io
-          username: ${{ secrets.QUAY_USER }}
-          password: ${{ secrets.QUAY_TOKEN }}
+      - name: Log in to Quay
+        run: |
+          echo ${{ secrets.QUAY_TOKEN }} | docker login quay.io -u ${{ secrets.QUAY_USER }} --password-stdin
 
       - name: tag awx-ee:latest with version input
         run: |
-          docker buildx imagetools create \
-            quay.io/ansible/awx-ee:latest \
-            --tag ghcr.io/${{ github.repository_owner }}/awx-ee:${{ github.event.inputs.version }}
+          docker pull quay.io/ansible/awx-ee:latest
+          docker tag quay.io/ansible/awx-ee:latest ghcr.io/${{ github.repository_owner }}/awx-ee:${{ github.event.inputs.version }}
+          docker push ghcr.io/${{ github.repository_owner }}/awx-ee:${{ github.event.inputs.version }}
 
-      - name: Stage awx-operator image
+      - name: Build and stage awx-operator
         working-directory: awx-operator
         run: |
-          BUILD_ARGS="--build-arg DEFAULT_AWX_VERSION=${{ github.event.inputs.version}} \
-              --build-arg OPERATOR_VERSION=${{ github.event.inputs.operator_version }}" \
-          IMG=ghcr.io/${{ github.repository_owner }}/awx-operator:${{ github.event.inputs.operator_version }} \
-          make docker-buildx
+          BUILD_ARGS="--build-arg DEFAULT_AWX_VERSION=${{ github.event.inputs.version }} \
+                      --build-arg OPERATOR_VERSION=${{ github.event.inputs.operator_version }}" \
+          IMAGE_TAG_BASE=ghcr.io/${{ github.repository_owner }}/awx-operator \
+          VERSION=${{ github.event.inputs.operator_version }} make docker-build docker-push
 
       - name: Run test deployment with awx-operator
         working-directory: awx-operator

.gitignore

@@ -169,6 +169,3 @@ awx/ui_next/build
 # Docs build stuff
 docs/docsite/build/
 _readthedocs/
-
-# Pyenv
-.python-version

Makefile

@@ -10,7 +10,7 @@ KIND_BIN ?= $(shell which kind)
 CHROMIUM_BIN=/tmp/chrome-linux/chrome
 GIT_BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD)
 MANAGEMENT_COMMAND ?= awx-manage
-VERSION ?= $(shell $(PYTHON) tools/scripts/scm_version.py 2> /dev/null)
+VERSION ?= $(shell $(PYTHON) tools/scripts/scm_version.py)
 
 # ansible-test requires semver compatable version, so we allow overrides to hack it
 COLLECTION_VERSION ?= $(shell $(PYTHON) tools/scripts/scm_version.py | cut -d . -f 1-3)
@@ -75,9 +75,6 @@ SDIST_TAR_FILE ?= $(SDIST_TAR_NAME).tar.gz
 
 I18N_FLAG_FILE = .i18n_built
 
-## PLATFORMS defines the target platforms for  the manager image be build to provide support to multiple
-PLATFORMS ?= linux/amd64,linux/arm64  # linux/ppc64le,linux/s390x
-
 .PHONY: awx-link clean clean-tmp clean-venv requirements requirements_dev \
 	develop refresh adduser migrate dbchange \
 	receiver test test_unit test_coverage coverage_html \
@@ -535,7 +532,7 @@ docker-compose-sources: .git/hooks/pre-commit
 	    -e enable_vault=$(VAULT) \
 	    -e vault_tls=$(VAULT_TLS) \
 	    -e enable_tacacs=$(TACACS) \
-	    $(EXTRA_SOURCES_ANSIBLE_OPTS)
+            $(EXTRA_SOURCES_ANSIBLE_OPTS)
 
 docker-compose: awx/projects docker-compose-sources
 	ansible-galaxy install --ignore-certs -r tools/docker-compose/ansible/requirements.yml;
@@ -589,27 +586,12 @@ docker-compose-build: Dockerfile.dev
 		--build-arg BUILDKIT_INLINE_CACHE=1 \
 		--cache-from=$(DEV_DOCKER_TAG_BASE)/awx_devel:$(COMPOSE_TAG) .
 
-
-.PHONY: docker-compose-buildx
-## Build awx_devel image for docker compose development environment for multiple architectures
-docker-compose-buildx: Dockerfile.dev
-	- docker buildx create --name docker-compose-buildx
-	docker buildx use docker-compose-buildx
-	- docker buildx build \
-		--push \
-		--build-arg BUILDKIT_INLINE_CACHE=1 \
-		--cache-from=$(DEV_DOCKER_TAG_BASE)/awx_devel:$(COMPOSE_TAG) \
-		--platform=$(PLATFORMS) \
-		--tag $(DEVEL_IMAGE_NAME) \
-		-f Dockerfile.dev .
-	- docker buildx rm docker-compose-buildx
-
 docker-clean:
 	-$(foreach container_id,$(shell docker ps -f name=tools_awx -aq && docker ps -f name=tools_receptor -aq),docker stop $(container_id); docker rm -f $(container_id);)
 	-$(foreach image_id,$(shell docker images --filter=reference='*/*/*awx_devel*' --filter=reference='*/*awx_devel*' --filter=reference='*awx_devel*' -aq),docker rmi --force $(image_id);)
 
 docker-clean-volumes: docker-compose-clean docker-compose-container-group-clean
-	docker volume rm -f tools_awx_db tools_vault_1 tools_ldap_1 tools_grafana_storage tools_prometheus_storage $(docker volume ls --filter name=tools_redis_socket_ -q)
+	docker volume rm -f tools_awx_db tools_vault_1 tools_grafana_storage tools_prometheus_storage $(docker volume ls --filter name=tools_redis_socket_ -q)
 
 docker-refresh: docker-clean docker-compose
 
@@ -666,21 +648,6 @@ awx-kube-build: Dockerfile
 		--build-arg HEADLESS=$(HEADLESS) \
 		-t $(DEV_DOCKER_TAG_BASE)/awx:$(COMPOSE_TAG) .
 
-## Build multi-arch awx image for deployment on Kubernetes environment.
-awx-kube-buildx: Dockerfile
-	- docker buildx create --name awx-kube-buildx
-	docker buildx use awx-kube-buildx
-	- docker buildx build \
-		--push \
-		--build-arg VERSION=$(VERSION) \
-		--build-arg SETUPTOOLS_SCM_PRETEND_VERSION=$(VERSION) \
-		--build-arg HEADLESS=$(HEADLESS) \
-		--platform=$(PLATFORMS) \
-		--tag $(DEV_DOCKER_TAG_BASE)/awx:$(COMPOSE_TAG) \
-		-f Dockerfile .
-	- docker buildx rm awx-kube-buildx
-
-
 .PHONY: Dockerfile.kube-dev
 ## Generate Docker.kube-dev for awx_kube_devel image
 Dockerfile.kube-dev: tools/ansible/roles/dockerfile/templates/Dockerfile.j2
@@ -697,18 +664,6 @@ awx-kube-dev-build: Dockerfile.kube-dev
 	    --cache-from=$(DEV_DOCKER_TAG_BASE)/awx_kube_devel:$(COMPOSE_TAG) \
 	    -t $(DEV_DOCKER_TAG_BASE)/awx_kube_devel:$(COMPOSE_TAG) .
 
-## Build and push multi-arch awx_kube_devel image for development on local Kubernetes environment.
-awx-kube-dev-buildx: Dockerfile.kube-dev
-	- docker buildx create --name awx-kube-dev-buildx
-	docker buildx use awx-kube-dev-buildx
-	- docker buildx build \
-		--push \
-		--build-arg BUILDKIT_INLINE_CACHE=1 \
-		--cache-from=$(DEV_DOCKER_TAG_BASE)/awx_kube_devel:$(COMPOSE_TAG) \
-		--platform=$(PLATFORMS) \
-		--tag $(DEV_DOCKER_TAG_BASE)/awx_kube_devel:$(COMPOSE_TAG) \
-		-f Dockerfile.kube-dev .
-	- docker buildx rm awx-kube-dev-buildx
 
 kind-dev-load: awx-kube-dev-build
 	$(KIND_BIN) load docker-image $(DEV_DOCKER_TAG_BASE)/awx_kube_devel:$(COMPOSE_TAG)

awx/api/serializers.py

@@ -5594,7 +5594,7 @@ class InstanceSerializer(BaseSerializer):
         res['jobs'] = self.reverse('api:instance_unified_jobs_list', kwargs={'pk': obj.pk})
         res['peers'] = self.reverse('api:instance_peers_list', kwargs={"pk": obj.pk})
         res['instance_groups'] = self.reverse('api:instance_instance_groups_list', kwargs={'pk': obj.pk})
-        if obj.node_type in [Instance.Types.EXECUTION, Instance.Types.HOP] and not obj.managed:
+        if obj.node_type in [Instance.Types.EXECUTION, Instance.Types.HOP]:
             res['install_bundle'] = self.reverse('api:instance_install_bundle', kwargs={'pk': obj.pk})
         if self.context['request'].user.is_superuser or self.context['request'].user.is_system_auditor:
             if obj.node_type == 'execution':

awx/api/views/__init__.py

@@ -272,24 +272,16 @@ class DashboardJobsGraphView(APIView):
 
         success_query = user_unified_jobs.filter(status='successful')
         failed_query = user_unified_jobs.filter(status='failed')
-        canceled_query = user_unified_jobs.filter(status='canceled')
-        error_query = user_unified_jobs.filter(status='error')
 
         if job_type == 'inv_sync':
             success_query = success_query.filter(instance_of=models.InventoryUpdate)
             failed_query = failed_query.filter(instance_of=models.InventoryUpdate)
-            canceled_query = canceled_query.filter(instance_of=models.InventoryUpdate)
-            error_query = error_query.filter(instance_of=models.InventoryUpdate)
         elif job_type == 'playbook_run':
             success_query = success_query.filter(instance_of=models.Job)
             failed_query = failed_query.filter(instance_of=models.Job)
-            canceled_query = canceled_query.filter(instance_of=models.Job)
-            error_query = error_query.filter(instance_of=models.Job)
         elif job_type == 'scm_update':
             success_query = success_query.filter(instance_of=models.ProjectUpdate)
             failed_query = failed_query.filter(instance_of=models.ProjectUpdate)
-            canceled_query = canceled_query.filter(instance_of=models.ProjectUpdate)
-            error_query = error_query.filter(instance_of=models.ProjectUpdate)
 
         end = now()
         interval = 'day'
@@ -305,12 +297,10 @@ class DashboardJobsGraphView(APIView):
         else:
             return Response({'error': _('Unknown period "%s"') % str(period)}, status=status.HTTP_400_BAD_REQUEST)
 
-        dashboard_data = {"jobs": {"successful": [], "failed": [], "canceled": [], "error": []}}
+        dashboard_data = {"jobs": {"successful": [], "failed": []}}
 
         succ_list = dashboard_data['jobs']['successful']
         fail_list = dashboard_data['jobs']['failed']
-        canceled_list = dashboard_data['jobs']['canceled']
-        error_list = dashboard_data['jobs']['error']
 
         qs_s = (
             success_query.filter(finished__range=(start, end))
@@ -328,22 +318,6 @@ class DashboardJobsGraphView(APIView):
             .annotate(agg=Count('id', distinct=True))
         )
         data_f = {item['d']: item['agg'] for item in qs_f}
-        qs_c = (
-            canceled_query.filter(finished__range=(start, end))
-            .annotate(d=Trunc('finished', interval, tzinfo=end.tzinfo))
-            .order_by()
-            .values('d')
-            .annotate(agg=Count('id', distinct=True))
-        )
-        data_c = {item['d']: item['agg'] for item in qs_c}
-        qs_e = (
-            error_query.filter(finished__range=(start, end))
-            .annotate(d=Trunc('finished', interval, tzinfo=end.tzinfo))
-            .order_by()
-            .values('d')
-            .annotate(agg=Count('id', distinct=True))
-        )
-        data_e = {item['d']: item['agg'] for item in qs_e}
 
         start_date = start.replace(hour=0, minute=0, second=0, microsecond=0)
         for d in itertools.count():
@@ -352,8 +326,6 @@ class DashboardJobsGraphView(APIView):
                 break
             succ_list.append([time.mktime(date.timetuple()), data_s.get(date, 0)])
             fail_list.append([time.mktime(date.timetuple()), data_f.get(date, 0)])
-            canceled_list.append([time.mktime(date.timetuple()), data_c.get(date, 0)])
-            error_list.append([time.mktime(date.timetuple()), data_e.get(date, 0)])
 
         return Response(dashboard_data)
 

awx/main/dispatch/__init__.py

@@ -105,11 +105,7 @@ def create_listener_connection():
     for k, v in settings.LISTENER_DATABASES.get('default', {}).get('OPTIONS', {}).items():
         conf['OPTIONS'][k] = v
 
-    # Allow password-less authentication
-    if 'PASSWORD' in conf:
-        conf['OPTIONS']['password'] = conf.pop('PASSWORD')
-
-    connection_data = f"dbname={conf['NAME']} host={conf['HOST']} user={conf['USER']} port={conf['PORT']}"
+    connection_data = f"dbname={conf['NAME']} host={conf['HOST']} user={conf['USER']} password={conf['PASSWORD']} port={conf['PORT']}"
     return psycopg.connect(connection_data, autocommit=True, **conf['OPTIONS'])
 
 

awx/main/dispatch/worker/base.py

@@ -162,7 +162,7 @@ class AWXConsumerRedis(AWXConsumerBase):
 class AWXConsumerPG(AWXConsumerBase):
     def __init__(self, *args, schedule=None, **kwargs):
         super().__init__(*args, **kwargs)
-        self.pg_max_wait = getattr(settings, 'DISPATCHER_DB_DOWNTOWN_TOLLERANCE', settings.DISPATCHER_DB_DOWNTIME_TOLERANCE)
+        self.pg_max_wait = settings.DISPATCHER_DB_DOWNTIME_TOLERANCE
         # if no successful loops have ran since startup, then we should fail right away
         self.pg_is_down = True  # set so that we fail if we get database errors on startup
         init_time = time.time()
@@ -259,12 +259,6 @@ class AWXConsumerPG(AWXConsumerBase):
                 current_downtime = time.time() - self.pg_down_time
                 if current_downtime > self.pg_max_wait:
                     logger.exception(f"Postgres event consumer has not recovered in {current_downtime} s, exiting")
-                    # Sending QUIT to multiprocess queue to signal workers to exit
-                    for worker in self.pool.workers:
-                        try:
-                            worker.quit()
-                        except Exception:
-                            logger.exception(f"Error sending QUIT to worker {worker}")
                     raise
                 # Wait for a second before next attempt, but still listen for any shutdown signals
                 for i in range(10):
@@ -276,12 +270,6 @@ class AWXConsumerPG(AWXConsumerBase):
             except Exception:
                 # Log unanticipated exception in addition to writing to stderr to get timestamps and other metadata
                 logger.exception('Encountered unhandled error in dispatcher main loop')
-                # Sending QUIT to multiprocess queue to signal workers to exit
-                for worker in self.pool.workers:
-                    try:
-                        worker.quit()
-                    except Exception:
-                        logger.exception(f"Error sending QUIT to worker {worker}")
                 raise
 
 

awx/main/middleware.py

@@ -5,12 +5,11 @@ import logging
 import threading
 import time
 import urllib.parse
-from pathlib import Path
 
 from django.conf import settings
 from django.contrib.auth import logout
 from django.contrib.auth.models import User
-from django.db.migrations.recorder import MigrationRecorder
+from django.db.migrations.executor import MigrationExecutor
 from django.db import connection
 from django.shortcuts import redirect
 from django.apps import apps
@@ -18,11 +17,9 @@ from django.utils.deprecation import MiddlewareMixin
 from django.utils.translation import gettext_lazy as _
 from django.urls import reverse, resolve
 
-from awx.main import migrations
 from awx.main.utils.named_url_graph import generate_graph, GraphNode
 from awx.conf import fields, register
 from awx.main.utils.profiling import AWXProfiler
-from awx.main.utils.common import memoize
 
 
 logger = logging.getLogger('awx.main.middleware')
@@ -201,22 +198,9 @@ class URLModificationMiddleware(MiddlewareMixin):
             request.path_info = new_path
 
 
-@memoize(ttl=20)
-def is_migrating():
-    latest_number = 0
-    latest_name = ''
-    for migration_path in Path(migrations.__path__[0]).glob('[0-9]*.py'):
-        try:
-            migration_number = int(migration_path.name.split('_', 1)[0])
-        except ValueError:
-            continue
-        if migration_number > latest_number:
-            latest_number = migration_number
-            latest_name = migration_path.name[: -len('.py')]
-    return not MigrationRecorder(connection).migration_qs.filter(app='main', name=latest_name).exists()
-
-
 class MigrationRanCheckMiddleware(MiddlewareMixin):
     def process_request(self, request):
-        if is_migrating() and getattr(resolve(request.path), 'url_name', '') != 'migrations_notran':
+        executor = MigrationExecutor(connection)
+        plan = executor.migration_plan(executor.loader.graph.leaf_nodes())
+        if bool(plan) and getattr(resolve(request.path), 'url_name', '') != 'migrations_notran':
             return redirect(reverse("ui:migrations_notran"))

awx/main/models/notifications.py

@@ -5,7 +5,6 @@ from copy import deepcopy
 import datetime
 import logging
 import json
-import traceback
 
 from django.db import models
 from django.conf import settings
@@ -485,29 +484,14 @@ class JobNotificationMixin(object):
         if msg_template:
             try:
                 msg = env.from_string(msg_template).render(**context)
-            except (TemplateSyntaxError, UndefinedError, SecurityError) as e:
-                msg = '\r\n'.join([e.message, ''.join(traceback.format_exception(None, e, e.__traceback__).replace('\n', '\r\n'))])
+            except (TemplateSyntaxError, UndefinedError, SecurityError):
+                msg = ''
 
         if body_template:
             try:
                 body = env.from_string(body_template).render(**context)
-            except (TemplateSyntaxError, UndefinedError, SecurityError) as e:
-                body = '\r\n'.join([e.message, ''.join(traceback.format_exception(None, e, e.__traceback__).replace('\n', '\r\n'))])
-
-        # https://datatracker.ietf.org/doc/html/rfc2822#section-2.2
-        # Body should have at least 2 CRLF, some clients will interpret
-        # the email incorrectly with blank body.  So we will check that
-
-        if len(body.strip().splitlines()) <= 2:
-            # blank body
-            body = '\r\n'.join(
-                [
-                    "The template rendering return a blank body.",
-                    "Please check the template.",
-                    "Refer to https://github.com/ansible/awx/issues/13983",
-                    "for further information.",
-                ]
-            )
+            except (TemplateSyntaxError, UndefinedError, SecurityError):
+                body = ''
 
         return (msg, body)
 

awx/main/notifications/custom_notification_base.py

@@ -1,6 +1,5 @@
 # Copyright (c) 2019 Ansible, Inc.
 # All Rights Reserved.
-# -*-coding:utf-8-*-
 
 
 class CustomNotificationBase(object):

awx/main/routing.py

@@ -4,15 +4,13 @@ import logging
 from django.conf import settings
 from django.urls import re_path
 
+from channels.auth import AuthMiddlewareStack
 from channels.routing import ProtocolTypeRouter, URLRouter
 
-from ansible_base.lib.channels.middleware import DrfAuthMiddlewareStack
-
 from . import consumers
 
 
 logger = logging.getLogger('awx.main.routing')
-_application = None
 
 
 class AWXProtocolTypeRouter(ProtocolTypeRouter):
@@ -28,91 +26,13 @@ class AWXProtocolTypeRouter(ProtocolTypeRouter):
         super().__init__(*args, **kwargs)
 
 
-class MultipleURLRouterAdapter:
-    """
-    Django channels doesn't nicely support Auth_1(urls_1), Auth_2(urls_2), ..., Auth_n(urls_n)
-    This class allows assocating a websocket url with an auth
-    Ordering matters. The first matching url will be used.
-    """
-
-    def __init__(self, *auths):
-        self._auths = [a for a in auths]
-
-    async def __call__(self, scope, receive, send):
-        """
-        Loop through the list of passed in URLRouter's (they may or may not be wrapped by auth).
-        We know we have exhausted the list of URLRouter patterns when we get a
-        ValueError('No route found for path %s'). When that happens, move onto the next
-        URLRouter.
-        If the final URLRouter raises an error, re-raise it in the end.
-
-        We know that we found a match when no error is raised, end the loop.
-        """
-        last_index = len(self._auths) - 1
-        for i, auth in enumerate(self._auths):
-            try:
-                return await auth.__call__(scope, receive, send)
-            except ValueError as e:
-                if str(e).startswith('No route found for path'):
-                    # Only surface the error if on the last URLRouter
-                    if i == last_index:
-                        raise
-
-
 websocket_urlpatterns = [
-    re_path(r'api/websocket/$', consumers.EventConsumer.as_asgi()),
     re_path(r'websocket/$', consumers.EventConsumer.as_asgi()),
-]
-websocket_relay_urlpatterns = [
     re_path(r'websocket/relay/$', consumers.RelayConsumer.as_asgi()),
 ]
 
-
-def application_func(cls=AWXProtocolTypeRouter) -> ProtocolTypeRouter:
-    return cls(
-        {
-            'websocket': MultipleURLRouterAdapter(
-                URLRouter(websocket_relay_urlpatterns),
-                DrfAuthMiddlewareStack(URLRouter(websocket_urlpatterns)),
-            )
-        }
-    )
-
-
-def __getattr__(name: str) -> ProtocolTypeRouter:
-    """
-    Defer instantiating application.
-    For testing, we just need it to NOT run on import.
-
-    https://peps.python.org/pep-0562/#specification
-
-    Normally, someone would get application from this module via:
-        from awx.main.routing import application
-
-    and do something with the application:
-        application.do_something()
-
-    What does the callstack look like when the import runs?
-    ...
-        awx.main.routing.__getattribute__(...)                              # <-- we don't define this so NOOP as far as we are concerned
-        if '__getattr__' in awx.main.routing.__dict__:                      # <-- this triggers the function we are in
-            return awx.main.routing.__dict__.__getattr__("application")
-
-    Why isn't this function simply implemented as:
-        def __getattr__(name):
-            if not _application:
-              _application = application_func()
-            return _application
-
-    It could. I manually tested it and it passes test_routing.py.
-
-    But my understanding after reading the PEP-0562 specification link above is that
-    performance would be a bit worse due to the extra __getattribute__ calls when
-    we reference non-global variables.
-    """
-    if name == "application":
-        globs = globals()
-        if not globs['_application']:
-            globs['_application'] = application_func()
-        return globs['_application']
-    raise AttributeError(f"module {__name__!r} has no attribute {name!r}")
+application = AWXProtocolTypeRouter(
+    {
+        'websocket': AuthMiddlewareStack(URLRouter(websocket_urlpatterns)),
+    }
+)

awx/main/tasks/callback.py

@@ -29,7 +29,7 @@ class RunnerCallback:
         self.safe_env = {}
         self.event_ct = 0
         self.model = model
-        self.update_attempts = int(getattr(settings, 'DISPATCHER_DB_DOWNTOWN_TOLLERANCE', settings.DISPATCHER_DB_DOWNTIME_TOLERANCE) / 5)
+        self.update_attempts = int(settings.DISPATCHER_DB_DOWNTIME_TOLERANCE / 5)
         self.wrapup_event_dispatched = False
         self.artifacts_processed = False
         self.extra_update_fields = {}

awx/main/tasks/jobs.py

@@ -114,7 +114,7 @@ class BaseTask(object):
 
     def __init__(self):
         self.cleanup_paths = []
-        self.update_attempts = int(getattr(settings, 'DISPATCHER_DB_DOWNTOWN_TOLLERANCE', settings.DISPATCHER_DB_DOWNTIME_TOLERANCE) / 5)
+        self.update_attempts = int(settings.DISPATCHER_DB_DOWNTIME_TOLERANCE / 5)
         self.runner_callback = self.callback_class(model=self.model)
 
     def update_model(self, pk, _attempt=0, **updates):

awx/main/tests/functional/test_routing.py

@@ -1,90 +0,0 @@
-import pytest
-
-from django.contrib.auth.models import AnonymousUser
-
-from channels.routing import ProtocolTypeRouter
-from channels.testing.websocket import WebsocketCommunicator
-
-
-from awx.main.consumers import WebsocketSecretAuthHelper
-
-
-@pytest.fixture
-def application():
-    # code in routing hits the db on import because .. settings cache
-    from awx.main.routing import application_func
-
-    yield application_func(ProtocolTypeRouter)
-
-
-@pytest.fixture
-def websocket_server_generator(application):
-    def fn(endpoint):
-        return WebsocketCommunicator(application, endpoint)
-
-    return fn
-
-
-@pytest.mark.asyncio
-@pytest.mark.django_db
-class TestWebsocketRelay:
-    @pytest.fixture
-    def websocket_relay_secret_generator(self, settings):
-        def fn(secret, set_broadcast_websocket_secret=False):
-            secret_backup = settings.BROADCAST_WEBSOCKET_SECRET
-            settings.BROADCAST_WEBSOCKET_SECRET = 'foobar'
-            res = ('secret'.encode('utf-8'), WebsocketSecretAuthHelper.construct_secret().encode('utf-8'))
-            if set_broadcast_websocket_secret is False:
-                settings.BROADCAST_WEBSOCKET_SECRET = secret_backup
-            return res
-
-        return fn
-
-    @pytest.fixture
-    def websocket_relay_secret(self, settings, websocket_relay_secret_generator):
-        return websocket_relay_secret_generator('foobar', set_broadcast_websocket_secret=True)
-
-    async def test_authorized(self, websocket_server_generator, websocket_relay_secret):
-        server = websocket_server_generator('/websocket/relay/')
-
-        server.scope['headers'] = (websocket_relay_secret,)
-        connected, _ = await server.connect()
-        assert connected is True
-
-    async def test_not_authorized(self, websocket_server_generator):
-        server = websocket_server_generator('/websocket/relay/')
-        connected, _ = await server.connect()
-        assert connected is False, "Connection to the relay websocket without auth. We expected the client to be denied."
-
-    async def test_wrong_secret(self, websocket_server_generator, websocket_relay_secret_generator):
-        server = websocket_server_generator('/websocket/relay/')
-
-        server.scope['headers'] = (websocket_relay_secret_generator('foobar', set_broadcast_websocket_secret=False),)
-        connected, _ = await server.connect()
-        assert connected is False
-
-
-@pytest.mark.asyncio
-@pytest.mark.django_db
-class TestWebsocketEventConsumer:
-    async def test_unauthorized_anonymous(self, websocket_server_generator):
-        server = websocket_server_generator('/websocket/')
-
-        server.scope['user'] = AnonymousUser()
-        connected, _ = await server.connect()
-        assert connected is False, "Anonymous user should NOT be allowed to login."
-
-    @pytest.mark.skip(reason="Ran out of coding time.")
-    async def test_authorized(self, websocket_server_generator, application, admin):
-        server = websocket_server_generator('/websocket/')
-
-        """
-        I ran out of time. Here is what I was thinking ...
-        Inject a valid session into the cookies in the header
-
-        server.scope['headers'] = (
-            (b'cookie', ...),
-        )
-        """
-        connected, _ = await server.connect()
-        assert connected is True, "User should be allowed in via cookies auth via a session key in the cookies"

awx/main/wsrelay.py

@@ -339,7 +339,7 @@ class WebSocketRelayManager(object):
 
             if deleted_remote_hosts:
                 logger.info(f"Removing {deleted_remote_hosts} from websocket broadcast list")
-                await asyncio.gather(*[self.cleanup_offline_host(h) for h in deleted_remote_hosts])
+                await asyncio.gather(self.cleanup_offline_host(h) for h in deleted_remote_hosts)
 
             if new_remote_hosts:
                 logger.info(f"Adding {new_remote_hosts} to websocket broadcast list")

awx/playbooks/project_update.yml

@@ -216,54 +216,42 @@
     - block:
         - name: Fetch galaxy roles from roles/requirements.(yml/yaml)
           ansible.builtin.command:
-            cmd: "ansible-galaxy role install -r {{ req_file }} {{ verbosity }}"
+            cmd: "ansible-galaxy role install -r {{ item }} {{ verbosity }}"
           register: galaxy_result
-          vars:
-            req_file: "{{ lookup('ansible.builtin.first_found', req_candidates, skip=True) }}"
-            req_candidates:
-              - "{{ project_path | quote }}/roles/requirements.yml"
-              - "{{ project_path | quote }}/roles/requirements.yaml"
+          with_fileglob:
+            - "{{ project_path | quote }}/roles/requirements.yaml"
+            - "{{ project_path | quote }}/roles/requirements.yml"
           changed_when: "'was installed successfully' in galaxy_result.stdout"
-          when:
-            - roles_enabled | bool
-            - req_file
+          when: roles_enabled | bool
           tags:
             - install_roles
 
         - name: Fetch galaxy collections from collections/requirements.(yml/yaml)
           ansible.builtin.command:
-            cmd: "ansible-galaxy collection install -r {{ req_file }} {{ verbosity }}"
+            cmd: "ansible-galaxy collection install -r {{ item }} {{ verbosity }}"
           register: galaxy_collection_result
-          vars:
-            req_file: "{{ lookup('ansible.builtin.first_found', req_candidates, skip=True) }}"
-            req_candidates:
-              - "{{ project_path | quote }}/collections/requirements.yml"
-              - "{{ project_path | quote }}/collections/requirements.yaml"
-              - "{{ project_path | quote }}/requirements.yml"
-              - "{{ project_path | quote }}/requirements.yaml"
+          with_fileglob:
+            - "{{ project_path | quote }}/collections/requirements.yaml"
+            - "{{ project_path | quote }}/collections/requirements.yml"
           changed_when: "'Nothing to do.' not in galaxy_collection_result.stdout"
           when:
             - "ansible_version.full is version_compare('2.9', '>=')"
             - collections_enabled | bool
-            - req_file
           tags:
             - install_collections
 
         - name: Fetch galaxy roles and collections from requirements.(yml/yaml)
           ansible.builtin.command:
-            cmd: "ansible-galaxy install -r {{ req_file }} {{ verbosity }}"
+            cmd: "ansible-galaxy install -r {{ item }} {{ verbosity }}"
           register: galaxy_combined_result
-          vars:
-            req_file: "{{ lookup('ansible.builtin.first_found', req_candidates, skip=True) }}"
-            req_candidates:
-              - "{{ project_path | quote }}/requirements.yaml"
-              - "{{ project_path | quote }}/requirements.yml"
+          with_fileglob:
+            - "{{ project_path | quote }}/requirements.yaml"
+            - "{{ project_path | quote }}/requirements.yml"
           changed_when: "'Nothing to do.' not in galaxy_combined_result.stdout"
           when:
             - "ansible_version.full is version_compare('2.10', '>=')"
             - collections_enabled | bool
             - roles_enabled | bool
-            - req_file
           tags:
             - install_collections
             - install_roles

awx/ui/src/components/PromptDetail/PromptDetail.js

@@ -257,17 +257,12 @@ function PromptDetail({
                       numChips={5}
                       ouiaId="prompt-job-tag-chips"
                       totalChips={
-                        overrides.job_tags === undefined ||
-                        overrides.job_tags === null ||
-                        overrides.job_tags === ''
+                        !overrides.job_tags || overrides.job_tags === ''
                           ? 0
                           : overrides.job_tags.split(',').length
                       }
                     >
-                      {overrides.job_tags !== undefined &&
-                        overrides.job_tags !== null &&
-                        overrides.job_tags !== '' &&
-                        overrides.job_tags.length > 0 &&
+                      {overrides.job_tags.length > 0 &&
                         overrides.job_tags.split(',').map((jobTag) => (
                           <Chip
                             key={jobTag}
@@ -289,18 +284,13 @@ function PromptDetail({
                     <ChipGroup
                       numChips={5}
                       totalChips={
-                        overrides.skip_tags === undefined ||
-                        overrides.skip_tags === null ||
-                        overrides.skip_tags === ''
+                        !overrides.skip_tags || overrides.skip_tags === ''
                           ? 0
                           : overrides.skip_tags.split(',').length
                       }
                       ouiaId="prompt-skip-tag-chips"
                     >
-                      {overrides.skip_tags !== undefined &&
-                        overrides.skip_tags !== null &&
-                        overrides.skip_tags !== '' &&
-                        overrides.skip_tags.length > 0 &&
+                      {overrides.skip_tags.length > 0 &&
                         overrides.skip_tags.split(',').map((skipTag) => (
                           <Chip
                             key={skipTag}

awx/ui/src/contexts/Session.js

@@ -115,11 +115,8 @@ function SessionProvider({ children }) {
   }, [setSessionTimeout, setSessionCountdown]);
 
   useEffect(() => {
-    const isRedirectCondition = (location, histLength) =>
-      location.pathname === '/login' && histLength === 2;
-
     const unlisten = history.listen((location, action) => {
-      if (action === 'POP' || isRedirectCondition(location, history.length)) {
+      if (action === 'POP') {
         setIsRedirectLinkReceived(true);
       }
     });

awx/ui/src/locales/fr/messages.po

@@ -784,7 +784,7 @@ msgstr "Branche à utiliser dans l’exécution de la tâche. Projet par défaut
 
 #: screens/Inventory/shared/Inventory.helptext.js:155
 msgid "Branch to use on inventory sync. Project default used if blank. Only allowed if project allow_override field is set to true."
-msgstr "Branche à utiliser pour la synchronisation de l'inventaire. La valeur par défaut du projet est utilisée si elle est vide. Cette option n'est autorisée que si le champ allow_override du projet est défini sur vrai."
+msgstr ""
 
 #: components/About/About.js:45
 msgid "Brand Image"
@@ -2832,7 +2832,7 @@ msgstr "Entrez les variables avec la syntaxe JSON ou YAML.  Consultez la documen
 
 #: screens/Inventory/shared/SmartInventoryForm.js:94
 msgid "Enter inventory variables using either JSON or YAML syntax. Use the radio button to toggle between the two. Refer to the Ansible Controller documentation for example syntax."
-msgstr "Entrez les variables d'inventaire en utilisant la syntaxe JSON ou YAML. Utilisez le bouton d'option pour basculer entre les deux. Référez-vous à la documentation du contrôleur Ansible pour les exemples de syntaxe."
+msgstr ""
 
 #: screens/CredentialType/CredentialTypeDetails/CredentialTypeDetails.js:87
 msgid "Environment variables or extra variables that specify the values a credential type can inject."
@@ -3015,7 +3015,7 @@ msgstr "Recherche exacte sur le champ d'identification."
 
 #: components/Search/RelatedLookupTypeInput.js:38
 msgid "Exact search on name field."
-msgstr "Recherche exacte sur le champ nom."
+msgstr ""
 
 #: screens/Project/shared/Project.helptext.js:23
 msgid "Example URLs for GIT Source Control include:"
@@ -3242,7 +3242,7 @@ msgstr "Jobs ayant échoué"
 
 #: screens/WorkflowApproval/WorkflowApprovalList/WorkflowApprovalList.js:262
 msgid "Failed to approve one or more workflow approval."
-msgstr "Échec de l'approbation d'une ou plusieurs validations de flux de travail."
+msgstr ""
 
 #: screens/WorkflowApproval/shared/WorkflowApprovalButton.js:56
 msgid "Failed to approve {0}."
@@ -3474,7 +3474,7 @@ msgstr "N'a pas réussi à supprimer {name}."
 
 #: screens/WorkflowApproval/WorkflowApprovalList/WorkflowApprovalList.js:263
 msgid "Failed to deny one or more workflow approval."
-msgstr "Échec du refus d'une ou plusieurs validations de flux de travail."
+msgstr ""
 
 #: screens/WorkflowApproval/shared/WorkflowDenyButton.js:51
 msgid "Failed to deny {0}."
@@ -3520,7 +3520,7 @@ msgstr "Echec du lancement du Job."
 
 #: screens/Inventory/InventoryHosts/InventoryHostItem.js:121
 msgid "Failed to load related groups."
-msgstr "Impossible de charger les groupes associés."
+msgstr ""
 
 #: screens/Instances/InstanceDetail/InstanceDetail.js:388
 #: screens/Instances/InstanceList/InstanceList.js:266
@@ -3972,12 +3972,12 @@ msgstr "Demande(s) de bilan de santé soumise(s). Veuillez patienter et recharge
 #: screens/Instances/InstanceDetail/InstanceDetail.js:234
 #: screens/Instances/InstanceList/InstanceListItem.js:242
 msgid "Health checks are asynchronous tasks. See the"
-msgstr "Les bilans de santé sont des tâches asynchrones. Veuillez consulter la documentation pour plus d'informations."
+msgstr ""
 
 #: screens/InstanceGroup/Instances/InstanceList.js:286
 #: screens/Instances/InstanceList/InstanceList.js:219
 msgid "Health checks can only be run on execution nodes."
-msgstr "Les bilans de santé ne peuvent être exécutées que sur les nœuds d'exécution."
+msgstr ""
 
 #: components/StatusLabel/StatusLabel.js:42
 msgid "Healthy"
@@ -5048,7 +5048,7 @@ msgstr "Lancer"
 
 #: components/TemplateList/TemplateListItem.js:214
 msgid "Launch Template"
-msgstr "Lancer le modèle."
+msgstr "Lacer le modèle."
 
 #: screens/ManagementJob/ManagementJobList/LaunchManagementPrompt.js:32
 #: screens/ManagementJob/ManagementJobList/LaunchManagementPrompt.js:34
@@ -9637,7 +9637,7 @@ msgstr "Utilisateur"
 
 #: components/AppContainer/PageHeaderToolbar.js:160
 msgid "User Details"
-msgstr "Détails de l'utilisateur"
+msgstr "Détails de l'erreur"
 
 #: screens/Setting/SettingList.js:121
 #: screens/Setting/Settings.js:118

awx/ui/src/screens/Dashboard/Dashboard.js

@@ -80,7 +80,7 @@ function Dashboard() {
           <Trans>
             <p>
               <InfoCircleIcon /> A tech preview of the new {brandName} user
-              interface can be found <a href="/ui_next">here</a>.
+              interface can be found <a href="/ui_next/dashboard">here</a>.
             </p>
           </Trans>
         </Banner>

awx/ui/src/screens/Job/JobOutput/HostEventModal.js

@@ -3,7 +3,6 @@ import { Modal, Tab, Tabs, TabTitleText } from '@patternfly/react-core';
 import PropTypes from 'prop-types';
 import { t } from '@lingui/macro';
 import { encode } from 'html-entities';
-import { jsonToYaml } from 'util/yaml';
 import StatusLabel from '../../../components/StatusLabel';
 import { DetailList, Detail } from '../../../components/DetailList';
 import ContentEmpty from '../../../components/ContentEmpty';
@@ -145,28 +144,9 @@ function HostEventModal({ onClose, hostEvent = {}, isOpen = false }) {
             <ContentEmpty title={t`No JSON Available`} />
           )}
         </Tab>
-        <Tab
-          eventKey={2}
-          title={<TabTitleText>{t`YAML`}</TabTitleText>}
-          aria-label={t`YAML tab`}
-          ouiaId="yaml-tab"
-        >
-          {activeTabKey === 2 && jsonObj ? (
-            <CodeEditor
-              mode="javascript"
-              readOnly
-              value={jsonToYaml(JSON.stringify(jsonObj))}
-              onChange={() => {}}
-              rows={20}
-              hasErrors={false}
-            />
-          ) : (
-            <ContentEmpty title={t`No YAML Available`} />
-          )}
-        </Tab>
         {stdOut?.length ? (
           <Tab
-            eventKey={3}
+            eventKey={2}
             title={<TabTitleText>{t`Output`}</TabTitleText>}
             aria-label={t`Output tab`}
             ouiaId="standard-out-tab"
@@ -183,7 +163,7 @@ function HostEventModal({ onClose, hostEvent = {}, isOpen = false }) {
         ) : null}
         {stdErr?.length ? (
           <Tab
-            eventKey={4}
+            eventKey={3}
             title={<TabTitleText>{t`Standard Error`}</TabTitleText>}
             aria-label={t`Standard error tab`}
             ouiaId="standard-error-tab"

awx/ui/src/screens/Job/JobOutput/HostEventModal.test.js

@@ -2,7 +2,6 @@ import React from 'react';
 import { shallow } from 'enzyme';
 import { mountWithContexts } from '../../../../testUtils/enzymeHelpers';
 import HostEventModal from './HostEventModal';
-import { jsonToYaml } from 'util/yaml';
 
 const hostEvent = {
   changed: true,
@@ -168,8 +167,6 @@ const jsonValue = `{
   ]
 }`;
 
-const yamlValue = jsonToYaml(jsonValue);
-
 describe('HostEventModal', () => {
   test('initially renders successfully', () => {
     const wrapper = shallow(
@@ -190,7 +187,7 @@ describe('HostEventModal', () => {
       <HostEventModal hostEvent={hostEvent} onClose={() => {}} isOpen />
     );
 
-    expect(wrapper.find('Tabs Tab').length).toEqual(5);
+    expect(wrapper.find('Tabs Tab').length).toEqual(4);
   });
 
   test('should initially show details tab', () => {
@@ -290,7 +287,7 @@ describe('HostEventModal', () => {
     expect(codeEditor.prop('value')).toEqual(jsonValue);
   });
 
-  test('should display YAML tab content on tab click', () => {
+  test('should display Standard Out tab content on tab click', () => {
     const wrapper = shallow(
       <HostEventModal hostEvent={hostEvent} onClose={() => {}} isOpen />
     );
@@ -302,21 +299,6 @@ describe('HostEventModal', () => {
     const codeEditor = wrapper.find('Tab[eventKey=2] CodeEditor');
     expect(codeEditor.prop('mode')).toBe('javascript');
     expect(codeEditor.prop('readOnly')).toBe(true);
-    expect(codeEditor.prop('value')).toEqual(yamlValue);
-  });
-
-  test('should display Standard Out tab content on tab click', () => {
-    const wrapper = shallow(
-      <HostEventModal hostEvent={hostEvent} onClose={() => {}} isOpen />
-    );
-
-    const handleTabClick = wrapper.find('Tabs').prop('onSelect');
-    handleTabClick(null, 3);
-    wrapper.update();
-
-    const codeEditor = wrapper.find('Tab[eventKey=3] CodeEditor');
-    expect(codeEditor.prop('mode')).toBe('javascript');
-    expect(codeEditor.prop('readOnly')).toBe(true);
     expect(codeEditor.prop('value')).toEqual(hostEvent.event_data.res.stdout);
   });
 
@@ -334,10 +316,10 @@ describe('HostEventModal', () => {
     );
 
     const handleTabClick = wrapper.find('Tabs').prop('onSelect');
-    handleTabClick(null, 4);
+    handleTabClick(null, 3);
     wrapper.update();
 
-    const codeEditor = wrapper.find('Tab[eventKey=4] CodeEditor');
+    const codeEditor = wrapper.find('Tab[eventKey=3] CodeEditor');
     expect(codeEditor.prop('mode')).toBe('javascript');
     expect(codeEditor.prop('readOnly')).toBe(true);
     expect(codeEditor.prop('value')).toEqual('error content');
@@ -369,10 +351,10 @@ describe('HostEventModal', () => {
     );
 
     const handleTabClick = wrapper.find('Tabs').prop('onSelect');
-    handleTabClick(null, 3);
+    handleTabClick(null, 2);
     wrapper.update();
 
-    const codeEditor = wrapper.find('Tab[eventKey=3] CodeEditor');
+    const codeEditor = wrapper.find('Tab[eventKey=2] CodeEditor');
     expect(codeEditor.prop('mode')).toBe('javascript');
     expect(codeEditor.prop('readOnly')).toBe(true);
     expect(codeEditor.prop('value')).toEqual('foo bar');
@@ -393,10 +375,10 @@ describe('HostEventModal', () => {
     );
 
     const handleTabClick = wrapper.find('Tabs').prop('onSelect');
-    handleTabClick(null, 3);
+    handleTabClick(null, 2);
     wrapper.update();
 
-    const codeEditor = wrapper.find('Tab[eventKey=3] CodeEditor');
+    const codeEditor = wrapper.find('Tab[eventKey=2] CodeEditor');
     expect(codeEditor.prop('mode')).toBe('javascript');
     expect(codeEditor.prop('readOnly')).toBe(true);
     expect(codeEditor.prop('value')).toEqual('baz\nbar');
@@ -412,10 +394,10 @@ describe('HostEventModal', () => {
     );
 
     const handleTabClick = wrapper.find('Tabs').prop('onSelect');
-    handleTabClick(null, 3);
+    handleTabClick(null, 2);
     wrapper.update();
 
-    const codeEditor = wrapper.find('Tab[eventKey=3] CodeEditor');
+    const codeEditor = wrapper.find('Tab[eventKey=2] CodeEditor');
     expect(codeEditor.prop('mode')).toBe('javascript');
     expect(codeEditor.prop('readOnly')).toBe(true);
     expect(codeEditor.prop('value')).toEqual(

awx/ui/src/screens/SubscriptionUsage/SubscriptionUsage.js

@@ -30,7 +30,7 @@ function SubscriptionUsage() {
           <Trans>
             <p>
               <InfoCircleIcon /> A tech preview of the new {brandName} user
-              interface can be found <a href="/ui_next">here</a>.
+              interface can be found <a href="/ui_next/dashboard">here</a>.
             </p>
           </Trans>
         </Banner>

awx/ui/src/screens/Template/WorkflowJobTemplateVisualizer/Modals/NodeModals/NodeViewModal.js

@@ -201,11 +201,7 @@ function NodeViewModal({ readOnly }) {
         overrides.limit = originalNodeObject.limit;
       }
       if (launchConfig.ask_verbosity_on_launch) {
-        overrides.verbosity =
-          originalNodeObject.verbosity !== undefined &&
-          originalNodeObject.verbosity !== null
-            ? originalNodeObject.verbosity.toString()
-            : '0';
+        overrides.verbosity = originalNodeObject.verbosity.toString();
       }
       if (launchConfig.ask_credential_on_launch) {
         overrides.credentials = originalNodeCredentials || [];

awx/ui_next/Makefile

@@ -35,7 +35,7 @@ ui-next/src/build: $(UI_NEXT_DIR)/src/build/awx
 ## True target for ui-next/src/build. Build ui_next from source.
 $(UI_NEXT_DIR)/src/build/awx: $(UI_NEXT_DIR)/src $(UI_NEXT_DIR)/src/node_modules/webpack
 	@echo "=== Building ui_next ==="
-	@cd $(UI_NEXT_DIR)/src && PRODUCT="$(PRODUCT)" PUBLIC_PATH=/static/awx/ ROUTE_PREFIX=/ui_next npm run build:awx
+	@cd $(UI_NEXT_DIR)/src && PRODUCT="$(PRODUCT)" PUBLIC_PATH=/static/awx/ npm run build:awx
 	@mv $(UI_NEXT_DIR)/src/build/awx/index.html $(UI_NEXT_DIR)/src/build/awx/index_awx.html
 
 .PHONY: ui-next/src

awx_collection/galaxy.yml

@@ -18,7 +18,7 @@ documentation: https://github.com/ansible/awx/blob/devel/awx_collection/README.m
 homepage: https://www.ansible.com/
 issues: https://github.com/ansible/awx/issues?q=is%3Aissue+label%3Acomponent%3Aawx_collection
 license:
-  - GPL-3.0-or-later
+  - GPL-3.0-only
 name: awx
 namespace: awx
 readme: README.md

awx_collection/plugins/module_utils/tower_legacy.py

@@ -0,0 +1,119 @@
+# This code is part of Ansible, but is an independent component.
+# This particular file snippet, and this file snippet only, is BSD licensed.
+# Modules you write using this snippet, which is embedded dynamically by Ansible
+# still belong to the author of the module, and may assign their own license
+# to the complete work.
+#
+# Copyright (c), Wayne Witzel III <wayne@riotousliving.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above copyright notice,
+#      this list of conditions and the following disclaimer in the documentation
+#      and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+import os
+import traceback
+
+TOWER_CLI_IMP_ERR = None
+try:
+    import tower_cli.utils.exceptions as exc
+    from tower_cli.utils import parser
+    from tower_cli.api import client
+
+    HAS_TOWER_CLI = True
+except ImportError:
+    TOWER_CLI_IMP_ERR = traceback.format_exc()
+    HAS_TOWER_CLI = False
+
+from ansible.module_utils.basic import AnsibleModule, missing_required_lib
+
+
+def tower_auth_config(module):
+    """
+    `tower_auth_config` attempts to load the tower-cli.cfg file
+    specified from the `tower_config_file` parameter. If found,
+    if returns the contents of the file as a dictionary, else
+    it will attempt to fetch values from the module params and
+    only pass those values that have been set.
+    """
+    config_file = module.params.pop('tower_config_file', None)
+    if config_file:
+        if not os.path.exists(config_file):
+            module.fail_json(msg='file not found: %s' % config_file)
+        if os.path.isdir(config_file):
+            module.fail_json(msg='directory can not be used as config file: %s' % config_file)
+
+        with open(config_file, 'r') as f:
+            return parser.string_to_dict(f.read())
+    else:
+        auth_config = {}
+        host = module.params.pop('tower_host', None)
+        if host:
+            auth_config['host'] = host
+        username = module.params.pop('tower_username', None)
+        if username:
+            auth_config['username'] = username
+        password = module.params.pop('tower_password', None)
+        if password:
+            auth_config['password'] = password
+        module.params.pop('tower_verify_ssl', None)  # pop alias if used
+        verify_ssl = module.params.pop('validate_certs', None)
+        if verify_ssl is not None:
+            auth_config['verify_ssl'] = verify_ssl
+        return auth_config
+
+
+def tower_check_mode(module):
+    '''Execute check mode logic for Ansible Tower modules'''
+    if module.check_mode:
+        try:
+            result = client.get('/ping').json()
+            module.exit_json(changed=True, tower_version='{0}'.format(result['version']))
+        except (exc.ServerError, exc.ConnectionError, exc.BadRequest) as excinfo:
+            module.fail_json(changed=False, msg='Failed check mode: {0}'.format(excinfo))
+
+
+class TowerLegacyModule(AnsibleModule):
+    def __init__(self, argument_spec, **kwargs):
+        args = dict(
+            tower_host=dict(),
+            tower_username=dict(),
+            tower_password=dict(no_log=True),
+            validate_certs=dict(type='bool', aliases=['tower_verify_ssl']),
+            tower_config_file=dict(type='path'),
+        )
+        args.update(argument_spec)
+
+        kwargs.setdefault('mutually_exclusive', [])
+        kwargs['mutually_exclusive'].extend(
+            (
+                ('tower_config_file', 'tower_host'),
+                ('tower_config_file', 'tower_username'),
+                ('tower_config_file', 'tower_password'),
+                ('tower_config_file', 'validate_certs'),
+            )
+        )
+
+        super().__init__(argument_spec=args, **kwargs)
+
+        if not HAS_TOWER_CLI:
+            self.fail_json(msg=missing_required_lib('ansible-tower-cli'), exception=TOWER_CLI_IMP_ERR)

awx_collection/test/awx/conftest.py

@@ -181,8 +181,10 @@ def run_module(request, collection_import):
             resource_class = resource_module.ControllerAWXKitModule
         elif getattr(resource_module, 'ControllerAPIModule', None):
             resource_class = resource_module.ControllerAPIModule
+        elif getattr(resource_module, 'TowerLegacyModule', None):
+            resource_class = resource_module.TowerLegacyModule
         else:
-            raise RuntimeError("The module has neither a ControllerAWXKitModule or a ControllerAPIModule")
+            raise RuntimeError("The module has neither a TowerLegacyModule, ControllerAWXKitModule or a ControllerAPIModule")
 
         with mock.patch.object(resource_class, '_load_params', new=mock_load_params):
             # Call the test utility (like a mock server) instead of issuing HTTP requests

awx_collection/test/awx/test_notification_template.py

@@ -155,4 +155,4 @@ def test_build_notification_message_undefined(run_module, admin_user, organizati
     nt = NotificationTemplate.objects.get(id=result['id'])
 
     body = job.build_notification_message(nt, 'running')
-    assert 'The template rendering return a blank body' in body[1]
+    assert '{"started_by": "My Placeholder"}' in body[1]

awx_collection/tests/integration/targets/inventory_source_update/tasks/main.yml

@@ -26,7 +26,7 @@
         name: "{{ project_name }}"
         organization: "{{ org_name }}"
         scm_type: git
-        scm_url: https://github.com/ansible/ansible-tower-samples
+        scm_url: https://github.com/ansible/test-playbooks
         wait: true
 
     - name: Create a git project with same name, different org

awx_collection/tests/integration/targets/project/tasks/main.yml

@@ -31,7 +31,7 @@
         name: "{{ project_name1 }}"
         organization: Default
         scm_type: git
-        scm_url: https://github.com/ansible/ansible-tower-samples
+        scm_url: https://github.com/ansible/test-playbooks
         wait: true
       register: result
 
@@ -44,7 +44,7 @@
         name: "{{ project_name1 }}"
         organization: Default
         scm_type: git
-        scm_url: https://github.com/ansible/ansible-tower-samples
+        scm_url: https://github.com/ansible/test-playbooks
         wait: true
         state: exists
       register: result
@@ -58,7 +58,7 @@
         name: "{{ project_name1 }}"
         organization: Default
         scm_type: git
-        scm_url: https://github.com/ansible/ansible-tower-samples
+        scm_url: https://github.com/ansible/test-playbooks
         wait: true
         state: exists
         request_timeout: .001
@@ -75,7 +75,7 @@
         name: "{{ project_name1 }}"
         organization: Default
         scm_type: git
-        scm_url: https://github.com/ansible/ansible-tower-samples
+        scm_url: https://github.com/ansible/test-playbooks
         wait: true
         state: absent
       register: result
@@ -89,7 +89,7 @@
         name: "{{ project_name1 }}"
         organization: Default
         scm_type: git
-        scm_url: https://github.com/ansible/ansible-tower-samples
+        scm_url: https://github.com/ansible/test-playbooks
         wait: true
         state: exists
       register: result
@@ -103,7 +103,7 @@
         name: "{{ project_name1 }}"
         organization: Default
         scm_type: git
-        scm_url: https://github.com/ansible/ansible-tower-samples
+        scm_url: https://github.com/ansible/test-playbooks
         wait: false
       register: result
       ignore_errors: true
@@ -137,7 +137,7 @@
         name: "{{ project_name2 }}"
         organization: "{{ org_name }}"
         scm_type: git
-        scm_url: https://github.com/ansible/ansible-tower-samples
+        scm_url: https://github.com/ansible/test-playbooks
         scm_credential: "{{ cred_name }}"
       check_mode: true
 
@@ -162,7 +162,7 @@
         name: "{{ project_name2 }}"
         organization: Non_Existing_Org
         scm_type: git
-        scm_url: https://github.com/ansible/ansible-tower-samples
+        scm_url: https://github.com/ansible/test-playbooks
         scm_credential: "{{ cred_name }}"
       register: result
       ignore_errors: true
@@ -179,7 +179,7 @@
         name: "{{ project_name2 }}"
         organization: "{{ org_name }}"
         scm_type: git
-        scm_url: https://github.com/ansible/ansible-tower-samples
+        scm_url: https://github.com/ansible/test-playbooks
         scm_credential: Non_Existing_Credential
       register: result
       ignore_errors: true
@@ -191,7 +191,7 @@
           - "'Non_Existing_Credential' in result.msg"
           - "result.total_results == 0"
 
-    - name: Create a git project using a branch and allowing branch override
+    - name: Create a git project without credentials without waiting
       project:
         name: "{{ project_name3 }}"
         organization: Default

awx_collection/tests/integration/targets/project_update/tasks/main.yml

@@ -13,7 +13,7 @@
     name: "{{ project_name1 }}"
     organization: Default
     scm_type: git
-    scm_url: https://github.com/ansible/ansible-tower-samples
+    scm_url: https://github.com/ansible/test-playbooks
     wait: false
   register: project_create_result
 

awx_collection/tools/roles/template_galaxy/templates/galaxy.yml.j2

@@ -19,6 +19,8 @@ homepage: https://www.ansible.com/
 issues: https://github.com/ansible/awx/issues?q=is%3Aissue+label%3Acomponent%3Aawx_collection
 license:
   - GPL-3.0-or-later
+  # plugins/module_utils/tower_legacy.py
+  - BSD-2-Clause
 name: {{ collection_package }}
 namespace: {{ collection_namespace }}
 readme: README.md

awxkit/awxkit/api/pages/credentials.py

@@ -96,7 +96,6 @@ credential_type_name_to_config_kind_map = {
     'vault': 'vault',
     'vmware vcenter': 'vmware',
     'gpg public key': 'gpg_public_key',
-    'terraform backend configuration': 'terraform',
 }
 
 config_kind_to_credential_type_name_map = {kind: name for name, kind in credential_type_name_to_config_kind_map.items()}

awxkit/awxkit/ws.py

@@ -51,16 +51,7 @@ class WSClient(object):
     # Subscription group types
 
     def __init__(
-        self,
-        token=None,
-        hostname='',
-        port=443,
-        secure=True,
-        ws_suffix='websocket/',
-        session_id=None,
-        csrftoken=None,
-        add_received_time=False,
-        session_cookie_name='awx_sessionid',
+        self, token=None, hostname='', port=443, secure=True, session_id=None, csrftoken=None, add_received_time=False, session_cookie_name='awx_sessionid'
     ):
         # delay this import, because this is an optional dependency
         import websocket
@@ -77,7 +68,6 @@ class WSClient(object):
             hostname = result.hostname
 
         self.port = port
-        self.suffix = ws_suffix
         self._use_ssl = secure
         self.hostname = hostname
         self.token = token
@@ -95,7 +85,7 @@ class WSClient(object):
         else:
             auth_cookie = ''
         pref = 'wss://' if self._use_ssl else 'ws://'
-        url = '{0}{1.hostname}:{1.port}/{1.suffix}'.format(pref, self)
+        url = '{0}{1.hostname}:{1.port}/websocket/'.format(pref, self)
         self.ws = websocket.WebSocketApp(
             url, on_open=self._on_open, on_message=self._on_message, on_error=self._on_error, on_close=self._on_close, cookie=auth_cookie
         )

awxkit/setup.py

@@ -90,7 +90,6 @@ setup(
     install_requires=[
         'PyYAML',
         'requests',
-        'setuptools',
     ],
     python_requires=">=3.8",
     extras_require={'formatting': ['jq'], 'websockets': ['websocket-client==0.57.0'], 'crypto': ['cryptography']},

awxkit/test/test_ws.py

@@ -17,11 +17,6 @@ def test_explicit_hostname():
     assert client.token == "token"
 
 
-def test_websocket_suffix():
-    client = WSClient("token", "hostname", 566, ws_suffix='my-websocket/')
-    assert client.suffix == 'my-websocket/'
-
-
 @pytest.mark.parametrize(
     'url, result',
     [

docs/docsite/rst/administration/instances.rst

@@ -13,7 +13,7 @@ Scaling your mesh is only available on Openshift and Kubernetes (K8S) deployment
 
 Instances serve as nodes in your mesh topology. Automation mesh allows you to extend the footprint of your automation. Where you launch a job and where the ``ansible-playbook`` runs can be in different locations.
 
-.. image:: ../common/images/instances_mesh_concept.drawio.png
+.. image:: ../common/images/instances_mesh_concept.png
 	:alt: Site A pointing to Site B and dotted arrows to two hosts from Site B 
 
 Automation mesh is useful for:
@@ -23,7 +23,7 @@ Automation mesh is useful for:
 
 The nodes (control, hop, and execution instances) are interconnected via receptor, forming a virtual mesh.
 
-.. image:: ../common/images/instances_mesh_concept_with_nodes.drawio.png
+.. image:: ../common/images/instances_mesh_concept_with_nodes.png
 	:alt: Control node pointing to hop node, which is pointing to two execution nodes.  
 
 
@@ -51,227 +51,13 @@ Prerequisites
 - To manage instances from the AWX user interface, you must have System Administrator or System Auditor permissions.
 
 
-Common topologies
-------------------
-
-Instances make up the network of devices that communicate with one another. They are the building blocks of an automation mesh. These building blocks serve as nodes in a mesh topology. There are several kinds of instances:
-
-+-----------+-----------------------------------------------------------------------------------------------------------------+
-| Node Type | Description                                                                                                     |
-+===========+=================================================================================================================+
-| Control   | Nodes that run persistent Ansible Automation Platform services, and delegate jobs to hybrid and execution nodes |
-+-----------+-----------------------------------------------------------------------------------------------------------------+
-| Hybrid    | Nodes that run persistent Ansible Automation Platform services and execute jobs                                 |
-|           | (not applicable to operator-based installations)                                                                |
-+-----------+-----------------------------------------------------------------------------------------------------------------+
-| Hop       | Used for relaying across the mesh only                                                                          |
-+-----------+-----------------------------------------------------------------------------------------------------------------+
-| Execution | Nodes that run jobs delivered from control nodes (jobs submitted from the user’s Ansible automation)            |
-+-----------+-----------------------------------------------------------------------------------------------------------------+
-
-Simple topology
-~~~~~~~~~~~~~~~~
-
-One of the ways to expand job capacity is to create a standalone execution node that can be added to run alongside the Kubernetes deployment of AWX. These machines will not be a part of the AWX Kubernetes cluster. The control nodes running in the cluster will connect and submit work to these machines via Receptor. The machines are registered in AWX as type "execution" instances, meaning they will only be used to run AWX jobs, not dispatch work or handle web requests as control nodes do.
-
-Hop nodes can be added to sit between the control plane of AWX and standalone execution nodes. These machines will not be a part of the AWX Kubernetes cluster and they will be registered in AWX as node type "hop", meaning they will only handle inbound and outbound traffic for otherwise unreachable nodes in a different or more strict network.
-
-Below is an example of an AWX task pod with two execution nodes. Traffic to execution node 2 flows through a hop node that is setup between it and the control plane.
-
-.. image:: ../common/images/instances_awx_task_pods_hopnode.drawio.png
-	:alt: AWX task pod with a hop node between the control plane of AWX and standalone execution nodes.
-
-
-Below are sample values used to configure each node in a simple topology:
-
-.. list-table::
-   :widths: 20 30 10 20 15
-   :header-rows: 1
-
-   * - Instance type
-     - Hostname
-     - Listener port
-     - Peers from control nodes
-     - Peers
-   * - Control plane
-     - awx-task-65d6d96987-mgn9j
-     - n/a
-     - n/a
-     - [hop node]
-   * - Hop node
-     - awx-hop-node
-     - 27199
-     - True
-     - []     
-   * - Execution node
-     - awx-example.com
-     - n/a
-     - False
-     - [hop node]  
-
-
-
-Mesh topology
-~~~~~~~~~~~~~~
-
-Mesh ingress is a feature that allows remote nodes to connect inbound to the control plane. This is especially useful when creating remote nodes in restricted networking environments that disallow inbound traffic.
-
-
-.. image:: ../common/images/instances_mesh_ingress_topology.drawio.png
-	:alt: Mesh ingress architecture showing the peering relationship between nodes.
-
-
-Below are sample values used to configure each node in a mesh ingress topology:
-
-.. list-table::
-   :widths: 20 30 10 20 15
-   :header-rows: 1
-
-   * - Instance type
-     - Hostname
-     - Listener port
-     - Peers from control nodes
-     - Peers
-   * - Control plane
-     - awx-task-65d6d96987-mgn9j
-     - n/a
-     - n/a
-     - [hop node]
-   * - Hop node
-     - awx-mesh-ingress-1
-     - 27199
-     - True
-     - []     
-   * - Execution node
-     - awx-example.com
-     - n/a
-     - False
-     - [hop node]  
-    
-
-In order to create a mesh ingress for AWX, see the `Mesh Ingress <https://ansible.readthedocs.io/projects/awx-operator/en/latest/user-guide/advanced-configuration/mesh-ingress.html>`_ chapter of the AWX Operator Documentation for information on setting up this type of topology. The last step is to create a remote execution node and add the execution node to an instance group in order for it to be used in your job execution. Whatever execution environment image used to run a playbook needs to be accessible for your remote execution node. Everything you are using in your playbook also needs to be accessible from this remote execution node.
-
-.. image:: ../common/images/instances-job-template-using-remote-execution-ig.png
-    :alt: Job template using the instance group with the execution node to run jobs.
-    :width: 1400px
-
-
-.. _ag_instances_add:
-
-Add an instance
-----------------
-
-To create an instance in AWX:
-
-1. Click **Instances** from the left side navigation menu of the AWX UI.
-
-2. In the Instances list view, click the **Add** button and the Create new Instance window opens.
-
-.. image:: ../common/images/instances_create_new.png
-    :alt: Create a new instance form.
-    :width: 1400px
-
-An instance has several attributes that may be configured:
-
-- Enter a fully qualified domain name (ping-able DNS) or IP address for your instance in the **Host Name** field (required). This field is equivalent to ``hostname`` in the API.
-- Optionally enter a **Description** for the instance
-- The **Instance State** field is auto-populated, indicating that it is being installed, and cannot be modified 
-- Optionally specify the **Listener Port** for the receptor to listen on for incoming connections. This is an open port on the remote machine used to establish inbound TCP connections. This field is equivalent to ``listener_port`` in the API. 
-- Select from the options in **Instance Type** field to specify the type you want to create. Only execution and hop nodes can be created as operator-based installations do not support hybrid nodes. This field is equivalent to ``node_type`` in the API. 
-- In the **Peers** field, select the instance hostnames you want your new instance to connect outbound to. 
-- In the **Options** fields:
-	- Check the **Enable Instance** box to make it available for jobs to run on an execution node.
-	- Check the **Managed by Policy** box to allow policy to dictate how the instance is assigned.
-	- Check the **Peers from control nodes** box to allow control nodes to peer to this instance automatically. Listener port needs to be set if this is enabled or the instance is a peer.
-
-
-
-3. Once the attributes are configured, click **Save** to proceed.
-
-Upon successful creation, the Details of the one of the created instances opens.
-
-.. image:: ../common/images/instances_create_details.png
-    :alt: Details of the newly created instance.
-    :width: 1400px
-
-.. note::
-
-	The proceeding steps 4-8 are intended to be ran from any computer that has SSH access to the newly created instance. 
-
-4. Click the download button next to the **Install Bundle** field to download the tarball that contain files to allow AWX to make proper TCP connections to the remote machine.
-
-.. image:: ../common/images/instances_install_bundle.png
-    :alt: Instance details showing the Download button in the Install Bundle field of the Details tab.
-    :width: 1400px
-
-5. Extract the downloaded ``tar.gz`` file from the location you downloaded it. The install bundle contains TLS certificates and keys, a certificate authority, and a proper Receptor configuration file. To facilitate that these files will be in the right location on the remote machine, the install bundle includes an ``install_receptor.yml`` playbook. The playbook requires the Receptor collection which can be obtained via:
-
-::
-
-	ansible-galaxy collection install -r requirements.yml
-
-6. Before running the ``ansible-playbook`` command, edit the following fields in the ``inventory.yml`` file:
-
-- ``ansible_user`` with the username running the installation
-- ``ansible_ssh_private_key_file`` to contain the filename of the private key used to connect to the instance
-
-::
-
-	---
-	all:
-	  hosts:
-	    remote-execution:
-	      ansible_host: <hostname>
-	      ansible_user: <username> # user provided
-	      ansible_ssh_private_key_file: ~/.ssh/id_rsa
-
-The content of the ``inventory.yml`` file serves as a template and contains variables for roles that are applied during the installation and configuration of a receptor node in a mesh topology. You may modify some of the other fields, or replace the file in its entirety for advanced scenarios. Refer to `Role Variables <https://github.com/ansible/receptor-collection/blob/main/README.md>`_ for more information on each variable.  
-
-7. Save the file to continue.
-
-8. Run the following command on the machine you want to update your mesh:
-
-::
-
-	ansible-playbook -i inventory.yml install_receptor.yml
-
-Wait a few minutes for the periodic AWX task to do a health check against the new instance. You may run a health check by selecting the node and clicking the **Run health check** button from its Details page at any time. Once the instances endpoint or page reports a "Ready" status for the instance, jobs are now ready to run on this machine!
-
-9. To view other instances within the same topology or associate peers, click the **Peers** tab. 
-
-.. image:: ../common/images/instances_peers_tab.png
-    :alt: "Peers" tab showing two peers.
-    :width: 1400px
-
-To associate peers with your node, click the **Associate** button to open a dialog box of instances eligible for peering.
-
-.. image:: ../common/images/instances_associate_peer.png
-    :alt:  Instances available to peer with the example hop node.
-    :width: 1400px
-
-Execution nodes can peer with either hop nodes or other execution nodes. Hop nodes can only peer with execution nodes unless you check the **Peers from control nodes** check box from the **Options** field.
-
-.. note::
-
-	If you associate or disassociate a peer, a notification will inform you to re-run the install bundle from the Peer Detail view (the :ref:`ag_topology_viewer` has the download link).
-
-    .. image:: ../common/images/instances_associate_peer_reinstallmsg.png
-      :alt: Notification to re-run the installation bundle due to change in the peering.
-
-You can remove an instance by clicking **Remove** in the Instances page, or by setting the instance ``node_state = deprovisioning`` via the API. Upon deleting, a pop-up message will appear to notify that you may need to re-run the install bundle to make sure things that were removed are no longer connected.
-
-
-10. To view a graphical representation of your updated topology, refer to the :ref:`ag_topology_viewer` section of this guide.
-
-
 Manage instances
 -----------------
 
 Click **Instances** from the left side navigation menu to access the Instances list.
 
 .. image:: ../common/images/instances_list_view.png
-    :alt: List view of instances in AWX
-    :width: 1400px
+	:alt: List view of instances in AWX
 
 The Instances list displays all the current nodes in your topology, along with relevant details:
 
@@ -297,9 +83,7 @@ The Instances list displays all the current nodes in your topology, along with r
 From this page, you can add, remove or run health checks on your nodes. Use the check boxes next to an instance to select it to remove or run a health check against. When a button is grayed-out, you do not have permission for that particular action. Contact your Administrator to grant you the required level of access. If you are able to remove an instance, you will receive a prompt for confirmation, like the one below:
 
 .. image:: ../common/images/instances_delete_prompt.png
-  :alt: Prompt for deleting instances in AWX
-  :width: 1400px
-
+	:alt: Prompt for deleting instances in AWX.
 
 .. note::
 
@@ -312,8 +96,7 @@ Click **Remove** to confirm.
 If running a health check on an instance, at the top of the Details page, a message displays that the health check is in progress. 
 
 .. image:: ../common/images/instances_health_check.png
-  :alt: Health check for instances in AWX
-  :width: 1400px
+	:alt: Health check for instances in AWX
 
 Click **Reload** to refresh the instance status. 
 
@@ -321,20 +104,162 @@ Click **Reload** to refresh the instance status.
 
 	Health checks are ran asynchronously, and may take up to a minute for the instance status to update, even with a refresh. The status may or may not change after the health check. At the bottom of the Details page, a timer/clock icon displays next to the last known health check date and time stamp if the health check task is currently running.
 
-  .. image:: ../common/images/instances_health_check_pending.png
-    :alt: Health check for instance still in pending state.
+	.. image:: ../common/images/instances_health_check_pending.png
+		:alt: Health check for instance still in pending state.
 
 The example health check shows the status updates with an error on node 'one':
 
 .. image:: ../common/images/topology-viewer-instance-with-errors.png
-  :alt: Health check showing an error in one of the instances.
-  :width: 1400px
+	:alt: Health check showing an error in one of the instances.
+
+
+Add an instance
+----------------
+
+One of the ways to expand capacity is to create an instance. Standalone execution nodes can be added to run alongside the Kubernetes deployment of AWX. These machines will not be a part of the AWX Kubernetes cluster. The control nodes running in the cluster will connect and submit work to these machines via Receptor. The machines are registered in AWX as type "execution" instances, meaning they will only be used to run AWX jobs, not dispatch work or handle web requests as control nodes do.
+
+Hop nodes can be added to sit between the control plane of AWX and standalone execution nodes. These machines will not be a part of the AWX Kubernetes cluster and they will be registered in AWX as node type "hop", meaning they will only handle inbound and outbound traffic for otherwise unreachable nodes in a different or more strict network.
+
+Below is an example of an AWX task pod with two execution nodes. Traffic to execution node 2 flows through a hop node that is setup between it and the control plane.
+
+.. image:: ../common/images/instances_awx_task_pods_hopnode.png
+	:alt: AWX task pod with a hop node between the control plane of AWX and standalone execution nodes.
+
+To create an instance in AWV:
+
+1. Click **Instances** from the left side navigation menu of the AWX UI.
+
+2. In the Instances list view, click the **Add** button and the Create new Instance window opens.
+
+.. image:: ../common/images/instances_create_new.png
+	:alt: Create a new instance form.
+
+An instance has several attributes that may be configured:
+
+- Enter a fully qualified domain name (ping-able DNS) or IP address for your instance in the **Host Name** field (required). This field is equivalent to ``hostname`` in the API.
+- Optionally enter a **Description** for the instance
+- The **Instance State** field is auto-populated, indicating that it is being installed, and cannot be modified 
+- Optionally specify the **Listener Port** for the receptor to listen on for incoming connections. This is an open port on the remote machine used to establish inbound TCP connections. This field is equivalent to ``listener_port`` in the API. 
+- Select from the options in **Instance Type** field to specify the type you want to create. Only execution and hop nodes can be created as operator-based installations do not support hybrid nodes. This field is equivalent to ``node_type`` in the API. 
+- In the **Peers** field, select the instance hostnames you want your new instance to connect outbound to. 
+- In the **Options** fields:
+	- Check the **Enable Instance** box to make it available for jobs to run on an execution node.
+	- Check the **Managed by Policy** box to allow policy to dictate how the instance is assigned.
+	- Check the **Peers from control nodes** box to allow control nodes to peer to this instance automatically. Listener port needs to be set if this is enabled or the instance is a peer.
+
+In the example diagram above, the configurations are as follows:
+
++------------------+---------------+--------------------------+--------------+
+| instance name    | listener_port | peers_from_control_nodes | peers        |
++==================+===============+==========================+==============+
+| execution node 1 | 27199         | true                     | []           |
++------------------+---------------+--------------------------+--------------+
+| hop node         | 27199         | true                     | []           |
++------------------+---------------+--------------------------+--------------+
+| execution node 2 | null          | false                    | ["hop node"] |
++------------------+---------------+--------------------------+--------------+
+
+
+3. Once the attributes are configured, click **Save** to proceed.
+
+Upon successful creation, the Details of the one of the created instances opens.
+
+.. image:: ../common/images/instances_create_details.png
+	:alt: Details of the newly created instance.
+
+.. note::
+
+	The proceeding steps 4-8 are intended to be ran from any computer that has SSH access to the newly created instance. 
+
+4. Click the download button next to the **Install Bundle** field to download the tarball that contain files to allow AWX to make proper TCP connections to the remote machine.
+
+.. image:: ../common/images/instances_install_bundle.png
+	:alt: Instance details showing the Download button in the Install Bundle field of the Details tab.
+
+5. Extract the downloaded ``tar.gz`` file from the location you downloaded it. The install bundle contains TLS certificates and keys, a certificate authority, and a proper Receptor configuration file. To facilitate that these files will be in the right location on the remote machine, the install bundle includes an ``install_receptor.yml`` playbook. The playbook requires the Receptor collection which can be obtained via:
+
+::
+
+	ansible-galaxy collection install -r requirements.yml
+
+6. Before running the ``ansible-playbook`` command, edit the following fields in the ``inventory.yml`` file:
+
+- ``ansible_user`` with the username running the installation
+- ``ansible_ssh_private_key_file`` to contain the filename of the private key used to connect to the instance
+
+::
+
+	---
+	all:
+	  hosts:
+	    remote-execution:
+	      ansible_host: 18.206.206.34
+	      ansible_user: <username> # user provided
+	      ansible_ssh_private_key_file: ~/.ssh/id_rsa
+
+The content of the ``inventory.yml`` file serves as a template and contains variables for roles that are applied during the installation and configuration of a receptor node in a mesh topology. You may modify some of the other fields, or replace the file in its entirety for advanced scenarios. Refer to `Role Variables <https://github.com/ansible/receptor-collection/blob/main/README.md>`_ for more information on each variable.  
+
+7. Save the file to continue.
+
+8. Run the following command on the machine you want to update your mesh:
+
+::
+
+	ansible-playbook -i inventory.yml install_receptor.yml
+
+Wait a few minutes for the periodic AWX task to do a health check against the new instance. You may run a health check by selecting the node and clicking the **Run health check** button from its Details page at any time. Once the instances endpoint or page reports a "Ready" status for the instance, jobs are now ready to run on this machine!
+
+9. To view other instances within the same topology or associate peers, click the **Peers** tab. 
+
+.. image:: ../common/images/instances_peers_tab.png
+	:alt: "Peers" tab showing two peers.
+
+To associate peers with your node, click the **Associate** button to open a dialog box of instances eligible for peering.
+
+.. image:: ../common/images/instances_associate_peer.png
+	:alt:  Instances available to peer with the example hop node.
+
+Execution nodes can peer with either hop nodes or other execution nodes. Hop nodes can only peer with execution nodes unless you check the **Peers from control nodes** check box from the **Options** field.
+
+.. note::
+
+	If you associate or disassociate a peer, a notification will inform you to re-run the install bundle from the Peer Detail view (the :ref:`ag_topology_viewer` has the download link).
+
+	.. image:: ../common/images/instances_associate_peer_reinstallmsg.png
+		:alt: Notification to re-run the installation bundle due to change in the peering. 
+
+You can remove an instance by clicking **Remove** in the Instances page, or by setting the instance ``node_state = deprovisioning`` via the API. Upon deleting, a pop-up message will appear to notify that you may need to re-run the install bundle to make sure things that were removed are no longer connected.
+
+
+10. To view a graphical representation of your updated topology, refer to the :ref:`ag_topology_viewer` section of this guide.
 
 
 Using a custom Receptor CA
 ---------------------------
 
-Refer to the AWX Operator Documentation, `Custom Receptor CA <https://ansible.readthedocs.io/projects/awx-operator/en/latest/user-guide/advanced-configuration/custom-receptor-certs.html>`_ for detail.
+The control nodes on the K8S cluster will communicate with execution nodes via mutual TLS TCP connections, running via Receptor. Execution nodes will verify incoming connections by ensuring the x509 certificate was issued by a trusted Certificate Authority (CA).
+
+You may choose to provide your own CA for this validation. If no CA is provided, AWX operator will automatically generate one using OpenSSL.
+
+Given custom ``ca.crt`` and ``ca.key`` stored locally, run the following:
+
+::
+
+	kubectl create secret tls awx-demo-receptor-ca \
+   	--cert=/path/to/ca.crt --key=/path/to/ca.key
+
+The secret should be named ``{AWX Custom Resource name}-receptor-ca``. In the above, the AWX Custom Resource name is "awx-demo". Replace "awx-demo" with your AWX Custom Resource name.
+
+If this secret is created after AWX is deployed, run the following to restart the deployment:
+
+::
+
+	kubectl rollout restart deployment awx-demo
+
+
+.. note::
+
+	Changing the receptor CA will sever connections to any existing execution nodes. These nodes will enter an *Unavailable* state, and jobs will not be able to run on them. You will need to download and re-run the install bundle for each execution node. This will replace the TLS certificate files with those signed by the new CA. The execution nodes will then appear in a *Ready* state after a few minutes.
 
 
 Using a private image for the default EE

docs/docsite/rst/administration/ldap_auth.rst

@@ -7,7 +7,6 @@ Setting up LDAP Authentication
    single: LDAP
    pair: authentication; LDAP
    
-This chapter describes how to integrate LDAP authentication with AWX.
 
 .. note::
 

docs/docsite/rst/release_notes/relnotes.rst

@@ -11,13 +11,19 @@ Release Notes
    pair: release notes; v23.3.0
    pair: release notes; v23.3.1
    pair: release notes; v23.4.0
-   pair: release notes; v23.5.0
-   pair: release notes; v23.5.1
-   pair: release notes; v23.6.0
-   pair: release notes; v23.7.0
-   pair: release notes; v23.8.0
-   pair: release notes; v23.8.1
 
 
-Refer to `AWX Release Notes <https://github.com/ansible/awx/releases>`_.
+For versions older than 23.0.0, refer to `AWX Release Notes <https://github.com/ansible/awx/releases>`_.
 
+
+- See `What's Changed for 23.4.0 <https://github.com/ansible/awx/releases/tag/23.4.0>`_.
+
+- See `What's Changed for 23.3.1 <https://github.com/ansible/awx/releases/tag/23.3.1>`_.
+
+- See `What's Changed for 23.3.0 <https://github.com/ansible/awx/releases/tag/23.3.0>`_.
+
+- See `What's Changed for 23.2.0 <https://github.com/ansible/awx/releases/tag/23.2.0>`_.
+
+- See `What's Changed for 23.1.0 <https://github.com/ansible/awx/releases/tag/23.1.0>`_.
+
+- See `What's Changed for 23.0.0 <https://github.com/ansible/awx/releases/tag/23.0.0>`_.

docs/docsite/rst/userguide/glossary.rst

@@ -90,6 +90,19 @@ Glossary
     Node
         A node corresponds to entries in the instance database model, or the ``/api/v2/instances/`` endpoint, and is a machine participating in the cluster / mesh. The unified jobs API reports ``awx_node`` and ``execution_node`` fields. The execution node is where the job runs, and AWX node interfaces between the job and server functions.
 
+        +-----------+-----------------------------------------------------------------------------------------------------------------+
+        | Node Type | Description                                                                                                     |
+        +-----------+-----------------------------------------------------------------------------------------------------------------+
+        | Control   | Nodes that run persistent Ansible Automation Platform services, and delegate jobs to hybrid and execution nodes |
+        +-----------+-----------------------------------------------------------------------------------------------------------------+
+        | Hybrid    | Nodes that run persistent Ansible Automation Platform services and execute jobs                                 |
+        |           | (not applicable to operator-based installations)                                                                |
+        +-----------+-----------------------------------------------------------------------------------------------------------------+
+        | Hop       | Used for relaying across the mesh only                                                                          |
+        +-----------+-----------------------------------------------------------------------------------------------------------------+
+        | Execution | Nodes that run jobs delivered from control nodes (jobs submitted from the user’s Ansible automation)            |
+        +-----------+-----------------------------------------------------------------------------------------------------------------+
+
     Notification Template
         An instance of a notification type (Email, Slack, Webhook, etc.) with a name, description, and a defined configuration.
 

docs/release_process.md

@@ -124,14 +124,10 @@ This workflow will take the generated images and promote them to quay.io in addi
 
 ![Verify release awx.awx collection](img/galaxy.png)
 
-8. Go to awxkit's page on [PyPi](https://pypi.org/project/awxkit/#history) and validate the latest release is there:
+8. Go to awxkit's page on [PiPy](https://pypi.org/project/awxkit/#history) and validate the latest release is there:
 
 ![Verify awxkit](img/pypi.png)
 
-9. While verifying that awxkit was published on Pypi, also validate that the latest version of the [tar](https://pypi.org/project/awxkit/#files) file is there as well.
-
-![Verify awxkit files](img/pypi_files.png)
-
 ### Releasing the AWX operator
 
 Once the AWX image is live, we can now release the AWX operator.

requirements/requirements.in

@@ -1,4 +1,4 @@
-aiohttp>=3.8.6  # CVE-2023-47627
+aiohttp
 ansiconv==1.0.0  # UPGRADE BLOCKER: from 2013, consider replacing instead of upgrading
 asciichartpy
 asn1
@@ -8,8 +8,8 @@ boto3
 botocore
 channels
 channels-redis==3.4.1  # see UPGRADE BLOCKERs
-cryptography>=41.0.6  # CVE-2023-49083
-Cython<3 # this is needed as a build dependency, one day we may have separated build deps
+cryptography>=41.0.2  # CVE-2023-38325
+Cython<3 # Since the bump to PyYAML 5.4.1 this is now a mandatory dep
 daphne
 distro
 django==4.2.6  # CVE-2023-43665
@@ -26,15 +26,15 @@ django-split-settings==1.0.0    # We hit a strange issue where the release proce
 djangorestframework
 djangorestframework-yaml
 filelock
-GitPython>=3.1.37  # CVE-2023-41040
+GitPython>=3.1.32  # CVE-2023-40267
 hiredis==2.0.0  # see UPGRADE BLOCKERs
 irc
-jinja2>=3.1.3  # CVE-2024-22195
+jinja2
 JSON-log-formatter
 jsonschema
 Markdown  # used for formatting API help
 openshift
-pexpect==4.7.0  # see library notes
+pexpect==4.7.0 # see library notes
 prometheus_client
 psycopg
 psutil
@@ -49,20 +49,20 @@ pyyaml>=6.0.1
 receptorctl
 social-auth-core[openidconnect]==4.4.2  # see UPGRADE BLOCKERs
 social-auth-app-django==5.4.0  # see UPGRADE BLOCKERs
-sqlparse>=0.4.4   # Required by django https://github.com/ansible/awx/security/dependabot/96
+sqlparse >= 0.4.4   # Required by django https://github.com/ansible/awx/security/dependabot/96
 redis
 requests
 slack-sdk
 tacacs_plus==1.0  # UPGRADE BLOCKER: auth does not work with later versions
 twilio
-twisted[tls]>=23.10.0  # CVE-2023-46137
+twisted[tls]
 uWSGI
 uwsgitop
-wheel>=0.38.1  # CVE-2022-40898
+wheel>=0.38.1 # CVE-2022-40898
 pip==21.2.4  # see UPGRADE BLOCKERs
 setuptools  # see UPGRADE BLOCKERs
 setuptools_scm[toml]  # see UPGRADE BLOCKERs, xmlsec build dep
-setuptools-rust>=0.11.4  # cryptography build dep
+setuptools-rust >= 0.11.4 # cryptography build dep
 pkgconfig>=1.5.1  # xmlsec build dep - needed for offline build
 
 # Temporarily added to use ansible-runner from git branch, to be removed

requirements/requirements.txt

@@ -1,6 +1,6 @@
 adal==1.2.7
     # via msrestazure
-aiohttp==3.9.3
+aiohttp==3.8.3
     # via -r /awx_devel/requirements/requirements.in
 aioredis==1.3.1
     # via channels-redis
@@ -70,12 +70,14 @@ channels==3.0.5
 channels-redis==3.4.1
     # via -r /awx_devel/requirements/requirements.in
 charset-normalizer==2.1.1
-    # via requests
+    # via
+    #   aiohttp
+    #   requests
 click==8.1.3
     # via receptorctl
 constantly==15.1.0
     # via twisted
-cryptography==41.0.7
+cryptography==41.0.3
     # via
     #   -r /awx_devel/requirements/requirements.in
     #   adal
@@ -161,7 +163,7 @@ frozenlist==1.3.3
     #   aiosignal
 gitdb==4.0.10
     # via gitpython
-gitpython==3.1.42
+gitpython==3.1.32
     # via -r /awx_devel/requirements/requirements.in
 google-auth==2.14.1
     # via kubernetes
@@ -214,7 +216,7 @@ jaraco-text==3.11.0
     # via
     #   irc
     #   jaraco-collections
-jinja2==3.1.3
+jinja2==3.1.2
     # via -r /awx_devel/requirements/requirements.in
 jmespath==1.0.1
     # via
@@ -360,7 +362,7 @@ pyyaml==6.0.1
     #   djangorestframework-yaml
     #   kubernetes
     #   receptorctl
-receptorctl==1.4.4
+receptorctl==1.4.2
     # via -r /awx_devel/requirements/requirements.in
 redis==4.3.5
     # via -r /awx_devel/requirements/requirements.in
@@ -438,7 +440,7 @@ tomli==2.0.1
     # via setuptools-scm
 twilio==7.15.3
     # via -r /awx_devel/requirements/requirements.in
-twisted[tls]==23.10.0
+twisted[tls]==22.10.0
     # via
     #   -r /awx_devel/requirements/requirements.in
     #   daphne

requirements/requirements_dev.txt

@@ -8,9 +8,9 @@ ipython>=7.31.1 # https://github.com/ansible/awx/security/dependabot/30
 unittest2
 black
 pytest!=7.0.0
-pytest-asyncio
 pytest-cov
 pytest-django
+pytest-pythonpath
 pytest-mock==1.11.1
 pytest-timeout
 pytest-xdist==1.34.0 # 2.0.0 broke zuul for some reason

requirements/updater.sh

@@ -4,9 +4,7 @@ set -ue
 requirements_in="$(readlink -f ./requirements.in)"
 requirements="$(readlink -f ./requirements.txt)"
 requirements_git="$(readlink -f ./requirements_git.txt)"
-requirements_dev="$(readlink -f ./requirements_dev.txt)"
 pip_compile="pip-compile --no-header --quiet -r --allow-unsafe"
-sanitize_git="1"
 
 _cleanup() {
   cd /
@@ -23,22 +21,18 @@ generate_requirements() {
   # FIXME: https://github.com/jazzband/pip-tools/issues/1558
   ${venv}/bin/python3 -m pip install -U 'pip<22.0' pip-tools
 
-  ${pip_compile} $1 --output-file requirements.txt
+  ${pip_compile} "${requirements_in}" "${requirements_git}" --output-file requirements.txt
   # consider the git requirements for purposes of resolving deps
   # Then remove any git+ lines from requirements.txt
-  if [[ "$sanitize_git" == "1" ]] ; then
-    while IFS= read -r line; do
-      if [[ $line != \#* ]]; then  # ignore comments
-        sed -i "\!${line%#*}!d" requirements.txt
-      fi
-    done < "${requirements_git}"
-  fi;
+  while IFS= read -r line; do
+    if [[ $line != \#* ]]; then  # ignore comments
+      sed -i "\!${line%#*}!d" requirements.txt
+    fi
+  done < "${requirements_git}"
 }
 
 main() {
   base_dir=$(pwd)
-  dest_requirements="${requirements}"
-  input_requirements="${requirements_in} ${requirements_git}"
 
   _tmp=$(python -c "import tempfile; print(tempfile.mkdtemp(suffix='.awx-requirements', dir='/tmp'))")
 
@@ -48,12 +42,6 @@ main() {
     "run")
       NEEDS_HELP=0
     ;;
-    "dev")
-      dest_requirements="${requirements_dev}"
-      input_requirements="${requirements_dev}"
-      sanitize_git=0
-      NEEDS_HELP=0
-    ;;
     "upgrade")
       NEEDS_HELP=0
       pip_compile="${pip_compile} --upgrade"
@@ -73,13 +61,12 @@ main() {
     echo "This script generates requirements.txt from requirements.in and requirements_git.in"
     echo "It should be run from within the awx container"
     echo ""
-    echo "Usage: $0 [run|upgrade|dev]"
+    echo "Usage: $0 [run|upgrade]"
     echo ""
     echo "Commands:"
     echo "help      Print this message"
     echo "run       Run the process only upgrading pinned libraries from requirements.in"
     echo "upgrade   Upgrade all libraries to latest while respecting pinnings"
-    echo "dev       Pin the development requirements file"
     echo ""
     exit
   fi
@@ -98,10 +85,10 @@ main() {
   cp -vf requirements.txt "${_tmp}"
   cd "${_tmp}"
 
-  generate_requirements "${input_requirements}"
+  generate_requirements
 
   echo "Changing $base_dir to /awx_devel/requirements"
-  cat requirements.txt | sed "s:$base_dir:/awx_devel/requirements:" > "${dest_requirements}"
+  cat requirements.txt | sed "s:$base_dir:/awx_devel/requirements:" > "${requirements}"
 
   _cleanup
 }

tools/ansible/roles/dockerfile/templates/Dockerfile.j2

@@ -22,7 +22,6 @@ RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
 RUN dnf -y update && dnf install -y 'dnf-command(config-manager)' && \
     dnf config-manager --set-enabled crb && \
     dnf -y install \
-    iputils \
     gcc \
     gcc-c++ \
     git-core \

tools/docker-compose/ansible/roles/sources/tasks/main.yml

@@ -67,7 +67,7 @@
 
 - name: Get OS info for sdb
   shell: |
-    docker info 2> /dev/null | awk '/Os:/ { gsub(/Os:/, "Operating System:"); }/Operating System/ { print; }'
+    docker info | grep 'Operating System'
   register: os_info
   changed_when: false
 

tools/docker-compose/ansible/roles/sources/templates/nginx.locations.conf.j2

@@ -10,7 +10,7 @@ location {{ (ingress_path + '/favicon.ico').replace('//', '/') }} {
     alias /awx_devel/awx/public/static/favicon.ico;
 }
 
-location ~ ^({{ (ingress_path + '/websocket/').replace('//', '/') }}|{{ (ingress_path + '/api/websocket/').replace('//', '/') }}) {
+location {{ (ingress_path + '/websocket').replace('//', '/') }} {
     # Pass request to the upstream alias
     proxy_pass http://daphne;
     # Require http version 1.1 to allow for upgrade requests

tools/docker-compose/ansible/roles/vault/tasks/initialize.yml

@@ -4,7 +4,7 @@
 
 - block:
     - name: Start the vault
-      community.docker.docker_compose_v2:
+      community.docker.docker_compose:
         state: present
         services: vault
         project_src: "{{ sources_dest }}"
@@ -216,7 +216,7 @@
 
   always:
     - name: Stop the vault
-      community.docker.docker_compose_v2:
+      community.docker.docker_compose:
         state: absent
         project_src: "{{ sources_dest }}"
       when: vault_start is defined and vault_start.changed

tools/docker-compose/ansible/roles/vault/tasks/unseal.yml

@@ -16,7 +16,3 @@
     - "{{ Unseal_Key_1 }}"
     - "{{ Unseal_Key_2 }}"
     - "{{ Unseal_Key_3 }}"
-  register: unseal_result
-  until: unseal_result is succeeded or unseal_result is failed and 'Connection refused' not in unseal_result.msg
-  retries: 5
-  delay: 1

tools/docker-compose/supervisor.conf

@@ -96,7 +96,6 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-
 [program:awx-rsyslogd]
 command = rsyslogd -n -i /var/run/awx-rsyslog/rsyslog.pid -f /var/lib/awx/rsyslog/rsyslog.conf
 autorestart = true

tools/sosreport/controller.py

@@ -12,7 +12,7 @@ SOSREPORT_CONTROLLER_COMMANDS = [
     "awx-manage run_dispatcher --status",  # controller dispatch worker status
     "awx-manage run_callback_receiver --status",  # controller callback worker status
     "awx-manage check_license --data",  # controller license status
-    "awx-manage run_wsrelay --status",  # controller websocket relay status
+    "awx-manage run_wsbroadcast --status",  # controller broadcast websocket status
     "supervisorctl status",  # controller process status
     "/var/lib/awx/venv/awx/bin/pip freeze",  # pip package list
     "/var/lib/awx/venv/awx/bin/pip freeze -l",  # pip package list without globally-installed packages