1. Foreman 3.11 Release Notes

1.1. Headline Features

1.1.1. Greatly decreased JavaScript size for plugins

Previously, Foreman’s whole JavaScript bundle was duplicated in every plugin. Now a separate bundle is generated that Foreman and each plugin can reuse. In most plugins, we saw a 2 to 3 MB reduction in size. Depending on the number of plugins, this can save a significant amount in transfer size. While Foreman does compress and cache these JavaScript bundles, they still had to be loaded all the time.

1.1.2. Running Foreman on Enterprise Linux 9 is fully supported

Foreman 3.10 only supported Enterprise Linux 9 as experimental, but with this release it is fully supported.

1.2. Upgrade Warnings

1.2.1. keycloak-httpd-client-install dropped from Enterprise Linux 9

Foreman has shipped its own keycloak-httpd-client-install package because initially the version shipped in Enterprise Linux 7 was too old to support ODIC. Recently it was noticed that the version in Enterprise Linux 8 contains the required features but still contains a packaging bug. The version in Enterprise Linux 9 contains all the required features but is older than what Foreman has shipped. Foreman 3.10 was the first release on Enterprise Linux 9 and it was marked as experimental. As a result, the decision has been made to remove it from Foreman’s Enterprise Linux 9 packaging. Users who have this package installed should downgrade it using dnf downgrade keycloak-httpd-client-install.

1.3. Deprecations

1.3.1. Running Foreman on Enterprise Linux 8 removal in Foreman 3.13

Now that running on Enterprise Linux 9 is fully supported, running on Enterprise Linux 8 is deprecated. Foreman 3.13 will drop this support so users are encouraged to plan their upgrade.

Note this is for running Foreman itself. Clients will remain supported.

2. Katello 4.13 Release Notes

2.1. Headline Features

2.1.1. New All Hosts index page improvements

On the experimental new All Hosts index page, you can now click 'Manage Columns' and add Katello-provided columns, including

  • RHEL Lifecycle status

  • Installable updates

  • Last seen

  • Lifecycle environment

  • Content view

  • Content source

  • Registered at

Also, you can now change the content view and lifecycle environment of multiple hosts. Select some hosts, click the vertical ellipsis, then click 'Change content view environments.'

2.1.2. New manifest expiration warnings

Users will now be notified before their subscription manifest expires. The number of days of notice is configured by the expire_soon_days setting.

If a manifest is expired or expiring soon, you’ll see new alert banners on the Manage Manifest screen.

The expiration date of the manifest is now displayed on the Manage Manifest screen.

Refreshing your manifest will now extend the expiration date of the manifest to 1 year from the current date.

2.1.3. Repair content view versions

New actions have been introduced to facilitate repairs on the CV version repositories. These actions involve identifying and fixing missing or corrupted content units within the published repository. The action is available on hammer as "verify-checksum" sub-command for content-view version command.

2.1.4. Content View Publish

Users will not be allowed to publish a content view if a child repository is syncing and vice-versa to avoid any data integrity issues.

2.1.5. Other enhancements

Subscription expiration information has now moved from the Subscription - Entitlement report to the Subscription - General report. This report now accepts the expiring_in_days input, so you can see when your subscriptions will expire.

The activation keys selection on the Hostgroup Edit page has been refactored from jquery to React, providing a more modern look and user experience.

Katello now indexes metadata for container manifests, including annotations, labels, and identifiers for Flatpak and bootable images.

Container Gateway database migrated from SQLite to PostgreSQL for increased smart proxy container registry performance.

2.2. Upgrade Warnings

Container content users will want to run 'foreman-maintain advanced procedure run pulpcore-container-handle-image-metadata' to pre-migrate data to avoid a lengthy migration in the future. There will be multiple releases to allow this before it is mandatory.

2.3. Deprecations

Deprecated certain SCA-related API and Hammer endpoints and parameters. These are likely non-functional and will be removed in the future.

Removed the 'Upload profiles without Dynflow' config setting.

3. Katello 4.13.0

A full list of changes is available on Redmine

3.1. Katello

  • Package rubygem-dynflow not listed in a list of packages - #37457

  • Cannot update packages on non-EL hosts - #37340

  • Fix upstream lint issues - #37331

  • It is possible to end up with the wrong remote type (uln vs. normal) for yum content - #37279

  • Default Organization View is not listed first on the CV select screen in Change Content Source - #37229

  • It should be possible to upload a package / repos profile from UI - #37191

  • content_view_components is not preloaded in content_view controller - #37108

3.1.1. API

  • --content-view-filter-id only works for ID-type filters - #37394

  • API endpoint for activation_keys/:id/product_content should be TRUE by default - #37350

3.1.2. Activation Key

  • Change the default setting for "Limit to environment" on the activationkey and content host pages to true - #37214

3.1.3. Alternate Content Sources

  • Fix ACS randomly failing VCR tests - #37277

3.1.4. Container

  • Allow pushing container images to Pulp without indexing - #37302

3.1.5. Content Credentials

  • asterisk symbol is missing for required field - #37482

3.1.6. Content Views

  • Content view publish failing with katello_repository_rpms_id_seq reached maximum value error - #37403

  • Content view repositories link points to broken link on composite view UI - #37269

  • Newly imported content views show as needs publish - #37254

  • Allow repairing content view versions - #37237

  • [RFE Block content view publishing during repository publication tasks] - #37139

  • Very slow content view list loading - #36976

  • Python content not getting published to versions - #36611

3.1.7. Foreman Proxy Content

  • Container gateway needs to send ACCEPT headers from podman to Pulp - #37399

  • Allow granular repair functionality for capsules - #37258

  • SmartProxy Content Sync should offer Verify Content Checksum - #36803

3.1.8. Hammer

  • Improve displayed filter rules info in hammer - #37181

3.1.9. Host Collections

  • Fetching Host's details does not scale wrt Hosts Collections - #37346

3.1.10. Hosts

  • Add Setting to disable validation of host/lifecycle environment/content source coherence - #37400

  • Add bulk CV/LCE assignment to new All Hosts page - #37336

  • Add Katello column(s) to new host index page - #37309

  • katello:clean_backend_objects false alarms on systems with >1500 clients when PUTing customer facts - #37283

  • Error undefined method `repository_url' when trying to use composed images for system deployments - #37268

  • Link of Upgradable Content for Debian/Ubuntu is misaligned on Hosts page - #37267

  • Hostgroup not showing associated Kickstart Repository in edit - #37197

  • Remove the setting 'upload_profiles_without_dynflow' - #37195

  • undefined method `family' for nil:NilClass after cloning a rhel8 host - #37178

  • Managing a Hosts Repository Sets does not behave as expected - #37169

  • Update Checkin time for ESXi hypervisors from virt-who report - #37162

  • Postgresql logs contain PG::UniqueViolation: ERROR: duplicate key value violates unique constraint "katello_available_module_streams_name_stream_context" - #37137

  • Offer a hint in the UI about how to get 'Synced Content' available - #36992

  • When cloning a hostgroup the fields content source content view and lifecycle are empty - #35215

3.1.11. Inter Server Sync

  • content export actions are failing in ruby 3 - #37381

  • cdn_ssl_version Setting enforces at most TLS1.0 version - #36979

3.1.12. Notifications

  • Use with_enabled_email scope instead of handcrafting the query all over the place - #37192

3.1.13. Reporting

  • Cannot create report "Host - All Installed Packages" for hosts running Debian/Ubuntu - #37198

  • SCA-Only: Remove Subscription-Entitlement notification - #37170

3.1.14. Repositories

  • Repository synchronization progress does not get updated in real time on Satellite Web UI's "Content ---> Sync Status" page - RHEL8 Satellite 6.16 - #37442

  • Upgrade pulp-container bindings to 2.20 - #37414

  • Fix typo for container_repository_name in metadata_generate_needed? - #37408

  • Create a rake script that reindexes manifests with label information - #37407

  • Add Include Refs and Exclude Refs options for OSTree repository type - #37383

  • Container push can fail with a different JSON error - #37380

  • Index Pulp manifest annotations, labels, is_bootable, is_flatpak and expose them via API - #37379

  • Fix Katello (or maybe BATS) -- orphan cleanup tries deleting distributed repo versions - #37371

  • Product level Verify checksum action spawns unessasary checksum tasks for cloned repositories of the root repository - #37259

  • Registry Service Accounts token is not accepted in "Upstream Authentication Token" of a docker repo - #37238

  • Red Hat products that were never synced are reporting last synced time - #31318

3.1.15. Roles and Permissions

  • Content Exporter role is missing the create_content_views permission - #37430

3.1.16. Subscriptions

  • Org still holds stale cached manifest expiration date after manifest import/refresh - #37481

  • subscription-manager release --unset doesn't reset the client information on foreman - #37358

  • As a user I want to be warned before the manifest (upstream consumer identity certificate) will expire, and have a notification to refresh the manifest. - #37271

  • As a user, when I refresh my manifest the expiration date of the identity certificate will get renewed, so that I am never caught with an expired manifest. - #37266

  • Remove SCA-related API endpoints and params - #37226

3.1.17. Tests

  • Update tests to stop using https://fixtures.pulpproject.org/rpm-zchunk/ - #37187

3.1.18. Upgrades

  • Upgrade pulpcore to 3.49 - #37301

3.1.19. Web UI

  • update ak results in hostgroup - #37476

  • Update TableWrapper to comply with changes in SelectAllCheckbox - #37378

  • refactor ak in hostgroups to react - #37370

  • Change content source screen is still confusing coming from host edit - #37313

  • Invalid PropType errors when selecting a content source on Change Content Source form - #37303

  • Duplicate repositories in content view versions warning is always active - #37240

3.1.20. katello-tracer

  • Use dnf needs-restarting to collect tracer information - #36973

4. Foreman 3.11.0

A full list of changes is available on Redmine

4.1. Foreman

  • Incorrect translation in registration command validation - #37490

  • drop bookworm/sid workaround now that bookworm is released - #37484

  • Unable to modify "manage column" in path "hosts -> all hosts" while using custom roles - #37463

  • Don't use the Kickstart rhsm for RHEL 9 - #37461

  • A lot of dynflow deprecation warning because of sidekiq config.options usage - #37444

  • Provide multiple repositories when you want to register a host - #37440

  • Prevent XSS issue for katello angular pages - #37437

  • Remove timed_cache_store.rb - #37436

  • Fix Style/GlobalStdStream cop - #37432

  • rake snapshots:generate is broken - #37422

  • Foreman and Anaconda are not in sync when deploying RHEL9: both keyfiles/snippets and ifcfg-xxx files are generated - #37367

  • Some APIs / params are not marked as deprecated - #37274

  • OS bootfiles API not working because of misspelled class - #37270

  • Upgrade to PostgreSQL 13 on EL8 - #37208

  • Pull provider installation template crash - #37193

  • Race condition in smart proxy test - #37150

  • Alphabetical sorting in test broken - #37132

  • Allow pagelets on User and Usergroups edit page - #37002

  • Add Clevis/Tang disk encryption template - #36885

  • Enable connectefi scsi for grub2 by default - #36691

  • iPXE Discovery Only Works On net0 - #36502

4.1.1. Authentication

  • After Foreman installation login page respond with "Invalid Timezone: Etc/Unknown" - #37069

4.1.2. Compute resources - VMware

  • Hardware versions for VMWare VSphere 8.0 and 8.0U2 are missing - #37244

  • VMWare Guest OS list is outdated - #36023

4.1.3. Database

  • Invalid kwargs handling in FindCommon - #37273

4.1.4. Host creation

  • Creating a host without a comment and then editing it and submitting without any changes creates an update audit record for the nil->'' transition of comment - #37224

4.1.5. Host groups

  • Hostgroup facets are not cloned when cloning hostgroup - #37179

4.1.6. Host registration

  • Domain is not removed in the details page when the DNS is not configured/enabled in the installer - #37231

  • use subscription-manager for debian hosts - #33664

4.1.7. Internationalization

  • Update fast_gettext to ~> 2.1 - #36574

4.1.8. JavaScript stack

  • use host_details_ui in React context - #37489

  • Webpack - Prevent react duplicates in core - #37391

  • Drop unused typeToIcon function - #37387

  • Drop toggleRowGroup and filter_permissions functions - #37386

  • Drop check_all_roles and uncheck_all_roles event handlers - #37385

  • always use cached manifest json to find webpack chunks, not only for JS - #37353

  • Webpack assets not compressed after Webpack 5 migration - #37344

  • remove unused typeAheadSelect - #37280

  • _victoryCore.Helpers.isFunction is not a function - #37255

  • Webpack - Prevent foreman core duplicates in plugins - #37252

  • fix javascript method for webpack_asset_paths - #37199

4.1.9. Packaging

  • Allow rdoc 6.4 on Ruby 3.1 - #35463

4.1.10. Performance

  • Iterate on hashes when both key and value are used - #37287

4.1.11. Plugin integration

  • Facets with hostgroup inherit override host-specific facet values - #37043

4.1.12. Reporting

  • Expose execution interface's attributes in Ansible Inventory report template if available - #37374

  • Getting "undefined method '#id' for NilClass::Jail (NilClass)" error when generating Ansible inventory report - #37215

  • Satellite "Registered Content Hosts" report generates incorrect hosts' kernel version - #37184

  • SCA-Only: Remove Subscription-Entitlement report - #37167

  • Host - Statuses report failing "unknown keywords: :Name, :Global" - #37065

4.1.13. Settings

  • default_$taxonomy setting descriptions only mention Puppet instead of all facts - #37488

4.1.14. TFTP

  • kickstart_kernel_options deprecation warning - ks param on rhel8 - #37343

4.1.15. Templates

  • API 'build_pxe_default' with taxonomies - #37439

  • foreman_bootdisk templates not seeded - #37421

  • Fix snapshot:generate task - #37337

  • Add current time macro - #37282

  • Registration before & after snippets - #37189

  • Ubuntu 22.04.3 needs adaption user-data template - #37011

4.1.16. Tests

  • Use @redhat-cloud-services/frontend-components-utilities@4.0.7 - #37312

  • Use PostgreSQL by default in tests - #37241

4.1.17. Unattended installations

  • Debian boot_file_sources uses transform_vars but preseed_path does not - #36830

  • kickstart's RHSM line only works on RHEL hosts - #36525

4.1.18. Users, Roles and Permissions

  • Provide a scope for email-notification-eligible users - #36891

4.1.19. Web Interface

  • Edit comment from host details - #37443

  • Use nightly for links to manual in Foreman develop - #37434

  • Add more control over SelectAllCheckbox - #37307

  • As a web UI user, I can choose what columns to display on the new All Hosts page - #37293

  • New hosts index - Change content source link has no href - #37248

  • results.map should appear directly in HostsIndex index.js - #37247

  • Add main action button to PermissionDenied component - #37236

  • Generic table always shows actions - #37233

4.1.20. foreman-debug

  • Drop upload functionality from foreman-debug - #37406

4.2. Installer

  • Use rubocop cmdline parameters according to version 0.80.1 - #37393

  • Exclude all subdirectories for vendor in .rubocop.yaml - #37392

  • Foreman-maintain command for container label migration + incorporate into post-upgrade task - #37357

  • Drop setup plugin - #37298

  • Ensure correct Java is used with Puppetserver 8 - #37291

  • Add gitlab CI config - #37261

  • Add feature in katello-certs-check to verify if CA bundle has any certificates with trust rules - #37063

  • Getting http 500 internal server error due to "ActiveRecord::ConnectionTimeoutError: could not obtain a connection from the pool within 5.000 seconds" - #33974

4.2.1. Foreman modules

  • During upgrade to Katello 4.11 issues are seen with Candlepin keystore - #37384

  • Installer should configure container gateway to use Postgres - #37325

  • Fix apache config so REMOTE_USER is not unset for pulpcore registry - #37308

  • Retire foreman-hooks from installer - #37296

  • Support for Avatars broken by ProxyPass - #37211

4.2.2. foreman-installer script

  • Puppet server ciphers updated in 2.0 but old ciphers can remain in answers - #37306

  • Default PostgreSQL password encryption to SCRAM - #37297

  • Upgrade to PostgreSQL 13 on EL8 - #37177

4.3. Packaging

  • Retire foreman-hooks - #37295

  • Retire foreman_setup plugin - #37212

4.3.1. RPMs

  • Patch puma to fix chunked upload issue - #37419

  • Drop keycloak-httpd-client-install from EL9 - #37334

  • Katello::Errors::Pulp3Error: module 'createrepo_c' has no attribute 'SHA1' - #37332

  • Use PostgreSQL 13 module in Foreman's modular metadata on EL8 - #37210

4.4. Smart Proxy

  • Free IPs service is not started for MS DHCP - #37450

  • Tests fail inside docker container - #37413

4.4.1. DHCP

  • Creating a DHCP host can cause an IPv6 address to be looked up - #37355

4.4.2. TFTP

  • Smart Proxy TFTP fetching writes out broken files on HTTP errors - #37147

Appendix A: Foreman Contributors

We’d like to thank the following people who contributed to the Foreman 3.11 release:

Adam Hosek, Adam Růžička, Alexander Olofsson, Archana Kumari, Bastian Schmidt, Bernhard Suttner, Eric Helms, Evgeni Golov, Ewoud Kohl van Wijngaarden, Girija Soni, Greg Cox, Griffin Sullivan, Hao Yu, Ian Ballou, Jan Löser, Jeremy Lenz, Joniel Pasqualetto, Leos Stejskal, Maria Agaphontzev, Markus Bucher, Martin Alfke, Matěj Mudra, Maximilian Kolb, Nadja Heitmann, Nofar Alfassi, Oleh Fedorenko, Pat Riehecky, Samir Jha, Sayan Das, Sebastian Bublitz, Shimon Shtein, Thorben Denzer, Tim Meusel, Zach Huntington-Meath, cocker-cc, dosas, jmott85, Et7f3

As well as all users who helped test releases, report bugs and provide feedback on the project.

Appendix B: Katello Contributors

Adam Růžička Ashish Humbe Bernhard Suttner Chris Roberts Eric Helms Et7f3 Evgeni Golov Ewoud Kohl van Wijngaarden Hao Yu Ian Ballou Jeremy Lenz Joniel Pasqualetto Lucy Fu Manisha Singhal Maria Agaphontzev Markus Bucher Matěj Mudra Nadja Heitmann Oleh Fedorenko Partha Aji Pavel Moravec Quinn James Samir Jha Thorben Denzer Tobias Grigo William Clark