1. Foreman 3.11 Release Notes
1.1. Headline Features
1.1.1. Greatly decreased JavaScript size for plugins
Previously, Foreman’s whole JavaScript bundle was duplicated in every plugin. Now a separate bundle is generated that Foreman and each plugin can reuse. In most plugins, we saw a 2 to 3 MB reduction in size. Depending on the number of plugins, this can save a significant amount in transfer size. While Foreman does compress and cache these JavaScript bundles, they still had to be loaded all the time.
For more details, see https://projects.theforeman.org/issues/37252 and https://projects.theforeman.org/issues/37391.
1.2. Upgrade Warnings
1.2.1. keycloak-httpd-client-install dropped from Enterprise Linux 9
Foreman has shipped its own keycloak-httpd-client-install
package because initially the version shipped in Enterprise Linux 7 was too old to support ODIC.
Recently it was noticed that the version in Enterprise Linux 8 contains the required features but still contains a packaging bug.
The version in Enterprise Linux 9 contains all the required features but is older than what Foreman has shipped.
Foreman 3.10 was the first release on Enterprise Linux 9 and it was marked as experimental.
As a result, the decision has been made to remove it from Foreman’s Enterprise Linux 9 packaging.
Users who have this package installed should downgrade it using dnf downgrade keycloak-httpd-client-install
.
For more details, see https://projects.theforeman.org/issues/37334.
1.3. Deprecations
1.3.1. Running Foreman on Enterprise Linux 8 removal in Foreman 3.13
Now that running on Enterprise Linux 9 is fully supported, running on Enterprise Linux 8 is deprecated. Foreman 3.13 will drop this support so users are encouraged to plan their upgrade.
Note this is for running Foreman itself. Clients will remain supported.
For more details and discussion, see https://community.theforeman.org/t/drop-support-for-running-on-el8-with-foreman-3-13/38083.
2. Katello 4.13 Release Notes
2.1. Headline Features
2.1.1. New All Hosts index page improvements
On the experimental new All Hosts index page, you can now click 'Manage Columns' and add Katello-provided columns, including
-
RHEL Lifecycle status
-
Installable updates
-
Last seen
-
Lifecycle environment
-
Content view
-
Content source
-
Registered at
Also, you can now change the content view and lifecycle environment of multiple hosts. Select some hosts, click the vertical ellipsis, then click 'Change content view environments.'
2.1.2. New manifest expiration warnings
Users will now be notified before their subscription manifest expires. The number of days of notice is configured by the expire_soon_days setting.
If a manifest is expired or expiring soon, you’ll see new alert banners on the Manage Manifest screen.
The expiration date of the manifest is now displayed on the Manage Manifest screen.
Refreshing your manifest will now extend the expiration date of the manifest to 1 year from the current date.
2.1.3. Repair content view versions
New actions have been introduced to facilitate repairs on the CV version repositories. These actions involve identifying and fixing missing or corrupted content units within the published repository. The action is available on hammer as "verify-checksum" sub-command for content-view version command.
2.1.4. Content View Publish
Users will not be allowed to publish a content view if a child repository is syncing and vice-versa to avoid any data integrity issues.
2.1.5. Other enhancements
Subscription expiration information has now moved from the Subscription - Entitlement report to the Subscription - General report. This report now accepts the expiring_in_days input, so you can see when your subscriptions will expire.
The activation keys selection on the Hostgroup Edit page has been refactored from jquery to React, providing a more modern look and user experience.
Katello now indexes metadata for container manifests, including annotations, labels, and identifiers for Flatpak and bootable images.
Container Gateway database migrated from SQLite to PostgreSQL for increased smart proxy container registry performance.
3. Foreman 3.11.5
4. Foreman 3.11.4
5. Foreman 3.11.3
Foreman 3.11.3 was accidentally tagged without any changes. Please refer to the latest version 3.11.4 when wanting to upgrade.
6. Foreman 3.11.2
A full list of changes is available on Redmine
6.1. Foreman
6.1.1. API
-
Host Creation via GraphQL only as Admin - #37765
6.1.2. Inventory
-
Invalid MAC address error message appears twice while editing interface - #37651
6.1.3. JavaScript stack
-
not all webpack assets are properly invalidated on change - #37775
6.1.4. Packaging
-
FFI 1.17.0+ requires Rubygems 3.3.22+ for installation, breaking Ruby 2.7 source installs - #37607
6.1.5. Plugin integration
-
Plugins are finalized before seeds are executed - #37503
6.1.6. Security
-
Connection reset by peer - SSL_connect when access to content/product menu - #37713
7. Katello 4.13.1
A full list of changes is available on Redmine
7.1. Katello
7.1.1. Container
-
Create Katello push repositories as needed at container push time - #37455
7.1.2. Content Views
-
CV promote fails with undefined method `get_status' for nil:NilClass when deleting a Host in the CV during Finalize phase of the Promote task - #37543
7.1.3. Foreman Proxy Content
-
Slow smart proxy sync in 4.11 - #37356
7.1.6. Subscriptions
-
'Bind entitlements to an allocation' task fails with wrong number of arguments (given 1, expected 0) (ArgumentError) - #37571
7.1.7. Tooling
-
Upgrade pulp-rpm to 3.26 - #37622
8. Foreman 3.11.1
9. Katello 4.13.0
A full list of changes is available on Redmine
9.1. Katello
-
Package rubygem-dynflow not listed in a list of packages - #37457
-
Cannot update packages on non-EL hosts - #37340
-
Fix upstream lint issues - #37331
-
It is possible to end up with the wrong remote type (uln vs. normal) for yum content - #37279
-
Default Organization View is not listed first on the CV select screen in Change Content Source - #37229
-
It should be possible to upload a package / repos profile from UI - #37191
-
content_view_components is not preloaded in content_view controller - #37108
9.1.2. Activation Key
-
Change the default setting for "Limit to environment" on the activationkey and content host pages to true - #37214
9.1.3. Alternate Content Sources
-
Fix ACS randomly failing VCR tests - #37277
9.1.5. Content Credentials
-
asterisk symbol is missing for required field - #37482
9.1.6. Content Views
-
Content view publish failing with katello_repository_rpms_id_seq reached maximum value error - #37403
-
Content view repositories link points to broken link on composite view UI - #37269
-
Newly imported content views show as needs publish - #37254
-
Allow repairing content view versions - #37237
-
[RFE Block content view publishing during repository publication tasks] - #37139
-
Very slow content view list loading - #36976
-
Python content not getting published to versions - #36611
9.1.8. Hammer
-
Improve displayed filter rules info in hammer - #37181
9.1.9. Host Collections
-
Fetching Host's details does not scale wrt Hosts Collections - #37346
9.1.10. Hosts
-
Add Setting to disable validation of host/lifecycle environment/content source coherence - #37400
-
Add bulk CV/LCE assignment to new All Hosts page - #37336
-
Add Katello column(s) to new host index page - #37309
-
katello:clean_backend_objects false alarms on systems with >1500 clients when PUTing customer facts - #37283
-
Error undefined method `repository_url' when trying to use composed images for system deployments - #37268
-
Link of Upgradable Content for Debian/Ubuntu is misaligned on Hosts page - #37267
-
Hostgroup not showing associated Kickstart Repository in edit - #37197
-
Remove the setting 'upload_profiles_without_dynflow' - #37195
-
undefined method `family' for nil:NilClass after cloning a rhel8 host - #37178
-
Managing a Hosts Repository Sets does not behave as expected - #37169
-
Update Checkin time for ESXi hypervisors from virt-who report - #37162
-
Postgresql logs contain PG::UniqueViolation: ERROR: duplicate key value violates unique constraint "katello_available_module_streams_name_stream_context" - #37137
-
Offer a hint in the UI about how to get 'Synced Content' available - #36992
-
When cloning a hostgroup the fields content source content view and lifecycle are empty - #35215
9.1.12. Notifications
-
Use with_enabled_email scope instead of handcrafting the query all over the place - #37192
9.1.14. Repositories
-
Repository synchronization progress does not get updated in real time on Satellite Web UI's "Content ---> Sync Status" page - RHEL8 Satellite 6.16 - #37442
-
Upgrade pulp-container bindings to 2.20 - #37414
-
Fix typo for container_repository_name in metadata_generate_needed? - #37408
-
Create a rake script that reindexes manifests with label information - #37407
-
Add Include Refs and Exclude Refs options for OSTree repository type - #37383
-
Container push can fail with a different JSON error - #37380
-
Index Pulp manifest annotations, labels, is_bootable, is_flatpak and expose them via API - #37379
-
Fix Katello (or maybe BATS) -- orphan cleanup tries deleting distributed repo versions - #37371
-
Product level Verify checksum action spawns unessasary checksum tasks for cloned repositories of the root repository - #37259
-
Registry Service Accounts token is not accepted in "Upstream Authentication Token" of a docker repo - #37238
-
Red Hat products that were never synced are reporting last synced time - #31318
9.1.15. Roles and Permissions
-
Content Exporter role is missing the create_content_views permission - #37430
9.1.16. Subscriptions
-
Org still holds stale cached manifest expiration date after manifest import/refresh - #37481
-
subscription-manager release --unset doesn't reset the client information on foreman - #37358
-
As a user I want to be warned before the manifest (upstream consumer identity certificate) will expire, and have a notification to refresh the manifest. - #37271
-
As a user, when I refresh my manifest the expiration date of the identity certificate will get renewed, so that I am never caught with an expired manifest. - #37266
-
Remove SCA-related API endpoints and params - #37226
9.1.17. Tests
-
Update tests to stop using https://fixtures.pulpproject.org/rpm-zchunk/ - #37187
9.1.18. Upgrades
-
Upgrade pulpcore to 3.49 - #37301
9.1.19. Web UI
-
update ak results in hostgroup - #37476
-
Update TableWrapper to comply with changes in SelectAllCheckbox - #37378
-
refactor ak in hostgroups to react - #37370
-
Change content source screen is still confusing coming from host edit - #37313
-
Invalid PropType errors when selecting a content source on Change Content Source form - #37303
-
Duplicate repositories in content view versions warning is always active - #37240
9.1.20. katello-tracer
-
Use dnf needs-restarting to collect tracer information - #36973
10. Foreman 3.11.0
A full list of changes is available on Redmine
10.1. Foreman
10.1.1. API
-
API 'build_pxe_default' is broken when a taxonomy is passed - #37439
10.1.3. Database
-
Upgrade to PostgreSQL 13 on EL8 - #37208
10.1.5. Facts
-
drop bookworm/sid workaround now that bookworm is released - #37484
10.1.6. Host creation
-
Creating a host without a comment and then editing it and submitting without any changes creates an update audit record for the nil->'' transition of comment - #37224
10.1.7. Host groups
-
Hostgroup facets are not cloned when cloning hostgroup - #37179
10.1.11. JavaScript stack
-
use host_details_ui in React context - #37489
-
Prevent XSS issue for katello angular pages - #37437
-
Webpack - Prevent react duplicates in core - #37391
-
Drop unused typeToIcon function - #37387
-
Drop toggleRowGroup and filter_permissions functions - #37386
-
Drop check_all_roles and uncheck_all_roles event handlers - #37385
-
always use cached manifest json to find webpack chunks, not only for JS - #37353
-
Webpack assets not compressed after Webpack 5 migration - #37344
-
@redhat-cloud-services/frontend-components-utilities@4.0.8 breaks compatibility with NodeJS 14 - #37312
-
remove unused typeAheadSelect - #37280
-
_victoryCore.Helpers.isFunction is not a function - #37255
-
Webpack - Prevent foreman core duplicates in plugins - #37252
-
Add main action button to PermissionDenied component - #37236
-
Generic table on TableIndexPage always shows actions kebab, even if empty - #37233
10.1.12. Packaging
-
Allow rdoc 6.4 on Ruby 3.1 - #35463
10.1.13. Performance
-
Iterate on hashes when both key and value are used - #37287
10.1.14. Plugin integration
-
Facets with hostgroup inherit override host-specific facet values - #37043
10.1.17. Settings
-
default_$taxonomy setting descriptions only mention Puppet instead of all facts - #37488
10.1.19. Tests
-
Use PostgreSQL 13 in tests - #37241
10.1.20. Unattended installations
-
Don't use the Kickstart rhsm for RHEL 9 - #37461
-
Foreman and Anaconda are not in sync when deploying RHEL9: both keyfiles/snippets and ifcfg-xxx files are generated - #37367
-
kickstart_kernel_options deprecation warning - ks param on rhel8 - #37343
-
Ubuntu 22.04.3 needs adaption user-data template - #37011
-
Add Clevis/Tang disk encryption template - #36885
-
Debian boot_file_sources uses transform_vars but preseed_path does not - #36830
-
Enable connectefi scsi for grub2 by default - #36691
-
kickstart's RHSM line only works on RHEL hosts - #36525
10.1.23. foreman-debug
-
Drop upload functionality from foreman-debug - #37406
10.2. Installer
10.2.1. Foreman modules
-
During upgrade to Katello 4.11 issues are seen with Candlepin keystore when using FIPS - #37384
-
Support PostgreSQL database for smart_proxy_container_gateway - #37325
-
REMOTE_USER is unset by Apache for Pulpcore Registry when it shouldn't be - #37308
-
Retire foreman-hooks from installer - #37296
-
Support for Avatars broken by ProxyPass - #37211
10.2.2. foreman-installer script
-
Use rubocop cmdline parameters according to version 0.80.1 - #37393
-
Exclude all subdirectories for vendor in .rubocop.yaml - #37392
-
Puppet server ciphers updated in 2.0 but old ciphers can remain in answers - #37306
-
Default PostgreSQL password encryption to SCRAM - #37297
-
Add gitlab CI config - #37261
-
Upgrade to PostgreSQL 13 on EL8 - #37177
-
Make katello-certs-check verify if the CA bundle has any certificates with trust rules - #37063
10.4. Smart Proxy
10.4.1. DHCP
-
Creating a DHCP host can cause an IPv6 address to be looked up - #37355
10.4.2. DNS
-
Free IPs service is not started for MS DHCP - #37450
10.4.3. TFTP
-
Smart Proxy TFTP fetching writes out broken files on HTTP errors - #37147
10.4.4. Tests
-
Tests fail inside docker container - #37413
Appendix A: Foreman Contributors
We’d like to thank the following people who contributed to the Foreman 3.11 release:
Adam Hosek, Adam Lazik, Adam Růžička, Alexander Olofsson, Aneta Šteflová Petrová, Archana Kumari, Bastian Schmidt, Beat Gaetzi, Bernhard Suttner, Chris Roberts, Cole Higgins, Dirk Götz, Eric Helms, Evgeni Golov, Ewoud Kohl van Wijngaarden, Girija Soni, Gordon Bleux, Greg Cox, Griffin Sullivan, Hao Yu, Ian Ballou, Jan Löser, Jeremy Lenz, Joniel Pasqualetto, Laurent Bigonville, Lennart Betz, Leos Stejskal, Marek Hulán, Maria Agaphontzev, Markus Bucher, Martin Alfke, Matěj Mudra, Maximilian Kolb, Nadja Heitmann, Mike Massonnet, Nofar Alfassi, Oleh Fedorenko, Pat Riehecky, Patrick Creech, Quinn James, Samir Jha, Sayan Das, Sebastian Bublitz, Shimon Shtein, Thorben Denzer, Tim Meusel, Zach Huntington-Meath, cocker-cc, Waldirio M Pinheiro, William Bradford Clark, dosas, jmott85, Et7f3, gardar, omahs
As well as all users who helped test releases, report bugs and provide feedback on the project.
Appendix B: Katello Contributors
Adam Růžička Aneta Šteflová Petrová Bernhard Suttner Chris Roberts Evgeni Golov Ian Ballou Jeremy Lenz Joniel Pasqualetto Lukas Magauer Manisha Singhal Maria Agaphontzev Markus Bucher Matěj Mudra Maximilian Kolb Michael Yoder Oleh Fedorenko Partha Aji Quinn James Quirin Pamp Samir Jha Sayan Das Stejskal Leos Thorben Denzer William Bradford Clark