1. Foreman 3.12 Release Notes

1.1. Headline Features

1.1.1. All Host index page improvements

The experimental new All Hosts index page gets some major improvements with this release. To use the new page by default, in Settings, set Show new host overview page to Yes. The legacy All Hosts page and the new All Hosts page now have links to each other, so you can switch between them easily regardless of the setting value.

Host bulk actions - You can now select one or more hosts and click the vertical ellipsis menu to perform the following actions: Build management, Change host group, and Delete

Single-host actions - Additionally, you can click the vertical ellipsis in the rightmost table column (without selecting the host) and perform actions on a single host: Edit, Clone, and Delete

Column selector - You can now click Manage Columns and customize columns displayed in the table. The column options are the same as those on the legacy All Hosts page. Any changes made here will also reflect on the legacy All Hosts page, and vice versa.

For more information, see #37395, #37551, #37690, #37675, #37478, #37293.

1.1.2. Puppet 8 support

Foreman 3.12 now fully supports Puppet 8. While Foreman 3.11 unofficially supported Puppet 8, Puppet’s official puppetserver RPMs are known to break on Java. The installer now handles this for users. For more information, see #37686. Users are encouraged to upgrade since Puppet 7 is expected to go end of life in February 2025.

1.2. Upgrade Warnings

There are no upgrade warnings with Foreman 3.12.

1.3. Deprecations

1.3.1. Running Foreman on Enterprise Linux 8 removal in Foreman 3.13

Running on Enterprise Linux 8 is deprecated since Foreman 3.11. Foreman 3.13 will drop this support so users are encouraged to plan their upgrade.

Note this is for running Foreman itself. Clients will remain supported.

2. Katello 4.14 Release Notes

2.1. Headline Features

2.1.1. Container push

You can now push container images to Katello via podman push. Please check the documentation for container name requirements since organization and product namespacing is required.

2.1.2. New All Hosts index page improvements

There are some significant improvements in the experimental new All Hosts index page with this release. To use the new page by default, in Settings, set Show new host overview page to Yes.

Host bulk actions - You can now select one or more hosts and click the vertical ellipsis menu to perform the following actions:

  • Manage content

  • Packages (install / remove / upgrade)

  • Errata

  • Content source

  • Content view environments - change the content view and lifecycle environment of hosts

Single-host actions - In addition to actions added by Foreman, you can click the vertical ellipsis in the rightmost table column (without selecting the host) to change content view environments on a single host.

Column selector - You can now click Manage Columns and customize columns displayed in the table. The column options are the same as those on the legacy All Hosts page. Any changes made in either the new experimental All Hosts page and the legacy All Hosts page reflect on each other.

2.1.3. Assign multiple content view environments to hosts

You can now assign multiple content view environments to a host through subscription-manager or Hammer. A multi-environment host will have access to enabled repositories from all of its assigned content view environments. This strategy may be more convenient than composite content views for instances where frequent publishes are required.

Through hammer, pass the content-view-environments param to hammer host update in a comma-separated list in the format <lifecycle_environment_label>/<content_view_label> . Ex hammer host update --id xxx --content-view-environments lce1/cv1,lce2/cv2

On the host, run subscription-manager environments --set and pass in a comma-separated list. Ex. subscription-manager environments --set lce1/cv1,lce2/cv2 . To see the list of possible content view environments, use subscription-manager environments --list To see the currently assigned content view environment(s), use subscription-manager environments --list-enabled

The web UI does not yet support assigning multiple environments. However, multi-environment hosts will now be displayed in the web UI on the new All Hosts page and new host details page.

On the new All Hosts page, there is a new 'Content view environments' column available to add. This will display all assigned environments for a host. The existing 'Content view' and 'Lifecycle environment' columns will continue to work, but will only display the first assigned environment.

If you reassign a host’s content view environments using the web UI, the host will no longer be a multi-environment host.

Assigning or registering a host to multiple environments requires the Allow multiple content views setting to be on. If you turn this setting off, existing multi-environment hosts will continue to work, but you will not be able to assign multiple environments to hosts going forward.

You can also assign multiple environments at registration using subscription-manager register --environments, but global registration and activation keys are not yet supported.

2.2. Upgrade Warnings

Container content users will want to run 'foreman-maintain advanced procedure run pulpcore-container-handle-image-metadata' to pre-migrate data to avoid a lengthy migration in the future. There will be multiple releases to allow this before it is mandatory.

2.2.1. Port 8443 disabled by default

On Smart Proxy server, the deprecated port 8443 has been disabled by default on new installations and upgrades. Clients are expected to be using port 443 when communicating through a Smart Proxy server. If there are older clients still using port 8443, they should be re-configured either by using remote execution, the katello-ca-consumer RPM, or updating /etc/rhsm/rhsm.conf using subscription-manager --port 443.

For users that temporarily need access to port 8443 again, the installer can be executed with foreman-installer --foreman-proxy-content-reverse-proxy true. This should only be used as a temporary solution as port 8443 will be removed permanently in the next release.

2.2.2. Pulp performance issue

Extra Pulpcore indexes to address a performance issue will be added during the upgrade. If you’ve manually created these indexes, please remove them before proceeding with the upgrade to ensure that the migration runs successfully.

2.3. Deprecations

There are no deprecations with Katello 4.14.

3. Foreman 3.12.1

A full list of changes is available on Redmine

3.1. Foreman

3.1.1. Templates

3.1.2. Unattended installations

  • Ansible password is not extracted correctly in the Windows default provisioning template - #37903

  • Missing enable-puppet8 parameter to enable AIO style packaging - #37891

3.2. Installer

  • Checks don’t disable the default CA path which means openssl will use the default system CA path by default - #37828

3.2.1. Foreman modules

  • Installer fails with OpenJDK 17 on missing keyalg parameter to keytool - #38010

3.2.2. foreman-installer script

  • Katello-certs-check no longer works on RHEL8 - #38027

  • Java detection doesn't handle Java 11 and newer and always stops the service - #38012

  • Disconnected upgrade fails to switch postgresql dnf module - #37874

4. Katello 4.14.0

A full list of changes is available on Redmine

4.1. Katello

4.1.1. API

  • Add Hammer & API support for host multi-CV - #37669

4.1.2. Activation Key

  • AKs description of registration_commands needs more info - #37559

4.1.3. Alternate Content Sources

  • ACS - throw proper errors for ULN ACS URLs - #35582

4.1.4. Client/Agent

  • "Upload profile - Katello Script Default" doesn't work for SLES - #37569

4.1.5. Container

  • Limit v1 search to v1 container clients on Capsule - #37705

  • Create Katello push repositories as needed at container push time - #37455

4.1.6. Content Views

  • Newly published CV version shows need_published as true - #37633

  • katello_repository_debs "id" column hits max integer size - #37585

  • Content import task failed indexing errata from Pulp - #37549

  • CV promote fails with undefined method `get_status' for nil:NilClass when deleting a Host in the CV during Finalize phase of the Promote task - #37543

  • Removing CV error's with "Cannot delete record because of dependent content_facet" - #37538

  • Very long CV names/labels display weirdly on CV UI - #37530

4.1.7. Errata Management

  • Use custom snippets during Errata Installation - #37654

4.1.8. Foreman Proxy Content

  • [DEV [RFE] Need an option to turn off the 'Reclaim Space' warning] - #37716

  • Smart Proxy referred to as "proxy" in settings - #37656

  • Slow smart proxy sync in 4.11 - #37356

4.1.9. Host Collections

  • Host Collections widget should respect the errata_status_installable setting - #37288

4.1.10. Hosts

  • Drop Katello.with_remote_execution? as we depend on REX - #37739

  • Content source is changed to wrong proxy if you simply press the submit button on the host page - #37709

  • Host update failure: param is missing or the value is empty: content_facet_attributes - #37704

  • Convert2rhel env facts are getting filtered due to env ethernet regex - #37696

  • 'TypeError: getCustomizedRexUrl is not a function' when you go to Review step in Packages wizard - #37684

  • Change All Hosts kebab menu to match mockup - #37674

  • Multiple environments can be assigned to a host even if setting should prevent it - #37657

  • Katello should be able to handle subscription-manager environments --set - #37618

  • Don't clear KS repo when reregistering host - #37599

  • Add Bulk Errata Wizard - #37596

  • Add 'remove packages' to Packages wizard - #37586

  • BulkChangeCVModal should be disabled when Any Organization is selected - #37546

  • @host nil error with kickstart_repository_id when creating host - #37544

  • RHEL Lifecycle Status tests failing because RHEL8 full support is now ended - #37533

  • Kickstart Repository association is not deleted from a host when it is unregistered - #37518

  • Display multi-CV on host details page - #37509

  • Multi-CV: Add ordering to content view environments - #37508

  • Legacy Chost UI > Errata tab > Environments Dropdown shows "/undefined" for Content-View's Name - #37483

  • Set default templates for Debian/Suse based systems - #37416

  • Trace_status = reboot_needed not working after upgrade to 4.12 - #37354

  • As a web UI user, I can select multiple hosts and install or update packages via REX - #37347

  • Host and hostgroup form shows multiple Library entries - #37174

4.1.11. Inter Server Sync

  • PUT /katello/api/organizations/:id doesn't update redhat_repository_url - #37658

  • Unable to import cvv export on RHEL 9 - #37598

4.1.12. Reporting

  • Move Ansible-based job templates to "Katello via Ansible" - #37362

4.1.13. Repositories

  • Upload file section doesn't hide "Upload Package" for file repos - #37736

  • [DEV links from package details page incorrectly parse plus signs] - #37722

  • Previous sha1 repo stays sha1 when changed to Default - #37715

  • [DEV When having connection issue, scan CDN always fail silently and return empty result which is hard to debug] - #37697

  • Repo discovery returns all repos hosted at the provided url - #37694

  • [DEV Remove container push setting necessity] - #37668

  • Remove remnants of Katello container management workflow - #37659

  • Stop users from editing container push repositories - #37634

  • Drop useKatelloDocUrl and replace with Foreman's getDocsURL - #37632

  • Deletion of repository not working from "Products" page when repo in published CV - #37617

  • Migrate sha1 repos only at the next edit time - #37609

  • API endpoint "/katello/api/repositories/:id/upload_content " not accepting calls from the client - #37603

  • Clean up defunct deb content mirror_publication_options - #37595

  • Publish container push repositories in content views - #37552

  • Filtering repositories on RH Repos page gives incorrect results - #37534

  • Yum Metadata Checksum of SHA1 no longer supported by Pulp - #37522

  • Pulp never purge the completed tasks - #37521

  • Registry doesn't 404 for v2 clients trying to search - #37504

  • Get rid of unmaintained anemone - #37159

4.1.14. Roles and Permissions

  • Improve the error message when listing/viewing capsules via API w/o permissions - #37555

4.1.15. Subscriptions

  • Count hosts that consume a particular product (now that subscriptions are gone) - #37683

  • 'Bind entitlements to an allocation' task fails with wrong number of arguments (given 1, expected 0) (ArgumentError) - #37571

  • Update Hard Coded rhsm url to use an env setting - #37194

4.1.16. Tests

  • Tests failing on Ruby 2.7 due to sorting of content types in the message - #37681

4.1.17. Tooling

  • Trying to reset katello devel box, shows warning - #37666

  • Upgrade pulp-rpm to 3.26 - #37622

  • Angular tests failing on master-source - #37563

  • Rewrite 'React Tests' GH action - #37560

4.1.18. Web UI

  • load js correctly in smart_proxies - #37539

  • Exclude vendor dir in jest config - #37506

  • Update frontend to use new upload_profile REX feature - #37225

  • Remove 'query-string' JS dependency - #37112

4.1.19. katello-tracer

  • sudo katello-tracer-upload fails - #37561

5. Katello 4.14.1

A full list of changes is available on Redmine

5.1. Katello

  • Container push sometimes makes duplicate repos due to race condition - #37785

  • Deleting published repos from product page doesn't work right - #37782

  • Handle empty CVE in InfoProvider content_view_info - #37779

  • Use :default_location_subscribed_hosts in registration - #37703

  • Pagination within Packages wizard is wonky - #37587

5.1.1. Content credentials

  • Unable to load gpg key using downloaded key file - #37804

5.1.2. Content views

  • Pagination component navigation within content view details pages does not function properly - #37760

5.1.3. Foreman Proxy content

  • If a smart proxy sync task fails in plan, for_resource helper does not work - #37820

5.1.4. Hosts

  • Large table titles show in All Hosts wizards - #37788

  • Banner text on Repository sets screen needs updating for multi-CV - #37771

  • Registration without environments or environment_id param causes NoMethodError - #37763

  • Using the "Select All" checkbox on All Hosts Errata and Package pages throws an error - #37762

  • Remote execution controller still uses old job invocation form - #37728

5.1.5. Repositories

  • Pagination broken on Redhat repos page and generic content tables - #37777

  • "Remove Repositories" button not shown for non-admin users with "destroy_repositories" permission - #37732

  • /katello/sync_management tries to use /assets/spinner.gif but that's 404 - #37133

5.1.6. Roles and permissions

  • Improve the error message when listing/viewing capsules via API w/o permissions - #37816

5.1.7. Subscriptions

  • Down migration in AddConvert2rhelToHostFacets has wrong table name for subscription facets - #37815

6. Katello 4.14.2

A full list of changes is available on Redmine

6.1. Katello

6.1.1. API

  • apidoc doesn't allow to unset CV/LCE of an activationkey - #38008

6.1.2. Content views

  • Deleting a CV version does not scale when a product has too many repos (cloned in CVs) - #38003

6.1.3. Hosts

  • getting hosts list performs redundantly huge query over duplicated host IDs - #37842

6.1.4. Repositories

  • Remove Client2 repos from Recommended Repositories on Sat6.16 - #37985

  • Update recommend repositories on Satellite GUI to add Capsule, Utils and Maintenance repos for 6.16. - #37984

7. Foreman 3.12.0

A full list of changes is available on Redmine

7.1. Foreman

  • Bulk Packages wizard - Host search bleeds into package/errata search - #37768

  • User search filter for auth_source_type returns error code 500 - #37767

  • Fix audit message about removing records - #37734

  • Move telemetry allowed_labels to settings - #37647

7.1.1. API

  • Host Creation via GraphQL only as Admin - #37765

  • per_page=all doesn't work for parameters of subnets, domains, organizations.... - #37550

7.1.2. Compute resources - VMware

  • Feature Request: Support of NVMe controllers for VMware - #34839

7.1.3. Compute resources - libvirt

  • Drop CPU model for libvirt VM creation - #36999

7.1.4. Development tools

  • Fix Style/CaseLikeIf cop - #37458

  • Fix Style/ExplicitBlockArgument cop - #37428

  • Rubocop minitest rules fix - #37426

  • Fix Style/RedundantRegexpEscape cop - #37424

  • Fix Style/HashEachMethods cop violations - #37423

  • Fix Style/AccessorGrouping cop violations - #37420

7.1.5. Facts

  • Fix parsing of Ubuntu version in fact parsers - #36547

7.1.6. Host creation

  • Host create form - UI improvements - #37519

7.1.7. Host registration

  • Host remains in build mode during registration when setup_insights is set to true - #37720

  • Provide methods to find taxonomies in host registration for use in plugins - #37702

  • Curl command cannot be rendered during host registration due to Loc/Org mismatch - #37640

  • Unify sending built status in host_init_config - #37495

7.1.8. Inventory

  • Add button linking to new All Hosts UI - #37690

  • Change All Hosts kebab menu to match mockup - #37675

  • Invalid MAC address error message appears twice while editing interface - #37651

  • Append domain setting results in broken host details page with long hostnames or hosts without domain - #37584

  • use textarea in host comment edit - #37582

  • Content Columns can disappear from the Manage Columns widget on the redesigned All Hosts Page - #37553

  • As a web UI user, I can select multiple hosts and perform a bulk change of the hostgroup - #37551

  • HostsIndex page should gracefully handle when 'Any organization' is selected - #37548

  • New All Hosts page ignores pagination url params on first load - #37485

  • Add Power Status column to new All Hosts page - #37478

  • Extend TableIndexPage and TableHooks with new capabilities for All Hosts page - #37398

  • As a web UI user, I can select multiple hosts and perform build actions - #37395

7.1.9. JavaScript stack

  • not all webpack assets are properly invalidated on change - #37775

  • Drop coffee-rails dependency - #37583

  • Change I18n loading from import to require - #37300

7.1.10. Organizations and Locations

  • Property media is assigned twice in the same method - #37527

  • Smart Proxy forces association to all Locations unless Puppet is enabled on the proxy - #29450

7.1.11. Packaging

  • FFI 1.17.0+ requires Rubygems 3.3.22+ for installation, breaking Ruby 2.7 source installs - #37607

7.1.12. Plugin integration

  • Plugins are finalized before seeds are executed - #37503

7.1.13. Proxy gateway

  • Test Connection' button in 'New HTTP Proxy' returns success with invalid URL - #36919

7.1.14. Reporting

  • Add product host count to 'Subscription - General Report' - #37756

7.1.15. Settings

  • The description of a setting Instance color contains additional dot - #37597

  • Append domain name setting is not consistently applied everywhere - #37532

7.1.16. Templates

  • subscription_manager_setup.erb doesn't point to correct host - #37769

  • Create a way to refresh CA certificates on hosts that are managed by Katello - #37601

  • Track original template when cloning templates - #37059

7.1.17. Tests

  • intermittent host_js integeration test failure: test_0002_correctly override global params " Expected false to be truthy." - #37774

  • nic_managed factory can create an IP outside of its subnet - #37711

  • Report renderer tests fail depending on the libyaml version - #37613

  • with_temporary_settings test helper doesn't clean up properly - #37558

  • Possibility to use selenium remote driver - #36978

7.1.18. Unattended installations

  • Use SHA512 for root password hashing when no OS is set - #37614

  • HostCommon.crypt_passwords reencrypts Base64 based passwords for Grub, leading to errors - #37610

  • Monitor -> Host statusses shows "Pending Installation" instead of Installed - #37589

  • Provisioning Templates or RHEL 9 should have option timesource - #37581

  • Improved "EFI local chainloading" on SecureBoot enabled hosts not working for all distribution - #37562

  • RHEL registration template ignores host_parm subscription_manager_org - #37496

  • Improve "EFI local chainloading" on SecureBoot enabled hosts - #37345

  • Upload facts after host provisioning - #36886

  • Template render error when no PXELoader is selected - #36626

  • Extend Windows support in templates - #36495

7.1.19. Web Interface

  • Pagination doesn't re-render a table when switching pages - #37770

  • Show complete hostgroup name in host overview and table - #37648

  • Tab title missing in tableindexpage - #37645

  • Pagination doesnt always update between react pages - #37644

  • Template render error when host has .ics domain name - #37623

  • remove space between table buttons - #37578

  • Foreman Table columns sort is inconsistent - #37575

  • Cancel build shows notification with host id instead of hostname on the new UI of Red Hat Satellite - #37556

  • Help page should not link libera chat anymore after the migration to matrix - #37086

7.2. Installer

  • PostgreSQL 13 upgrade aborts when user locale doesn't match cluster locale - #37797

  • After an OS version upgrade, the GUI still shows the old/wrong Operating System version - #37726

  • Disable port 8443 by default on content proxies - #37701

7.2.1. External modules

  • Could not find template 'mosquitto/mosquitto.conf' when executing the installer in certain directories - #37799

7.2.2. Foreman modules

  • Custom certificates will override server CA with default CA on foreman-proxy-content scenario - #37817

  • CVE-2024-7923: Authentication bypass in Pulpcore - #37787

  • CVE-2024-7012: Authentication bypass in Foreman - #37786

  • Cockpit integration fails with AH: Unsafe URL with %3f URL rewritten without UnsafeAllow3F in foreman-ssl_error_ssl.log - #37761

  • Pasing --foreman-proxy-content-enable-docker false can leave smart_proxy_container_gateway in an inconsistent state - #37707

  • Correct docroot for Content Proxies's Apache vhost - #37620

  • DNS forwarders aren't validated - #37604

7.2.3. foreman-installer script

  • Add check for ipv6.disable=1 in /proc/cmdline because it's known to break installations - #37693

  • Installler doesn't handle Puppetserver 8 upgrade - #37686

  • Possibility to set puppet version in gitlab CI - #37568

7.3. Packaging

7.3.1. RPMs

  • Make foreman-installer-katello pull in foreman-maintain - #37663

7.4. SELinux

  • websockify doesn't work with SELinux enabled - #37791

7.4.1. Plugins

  • Boot disk based Provisioning fails to generate ISO image for instance client.example.com: ERF42-8093 [Foreman::Exception: ISO build failed] - #37497

7.5. Smart Proxy

7.5.1. BMC

  • Maximum sessions limit reached on iDRAC using Redfish as BMC provider - #37486

7.5.2. DHCP

  • invalid value for Integer(): “#Resolv::DNS::Resource::IN::A:0x00007fnnnnnnnnn” - #37621

7.5.3. Packaging

  • Pin FFI to < 1.17 on Ruby 2.x - #37624

7.5.4. Registration

  • Host registration with repositories fails because smart-proxy cannot convert arrays to string - #37631

Appendix A: Foreman Contributors

We’d like to thank the following people who contributed to the Foreman 3.12 release:

Adam Lazik, Adam Růžička, Aneta Šteflová Petrová, Archana Kumari, Beat Gaetzi, Bernhard Suttner, Chris Roberts, Cole Higgins, Dirk Götz, Eric Helms, Evgeni Golov, Ewoud Kohl van Wijngaarden, Girija Soni, Griffin-Sullivan, Jan Löser, Jason, Jeremy Lenz, Joniel Pasqualetto, Laurent Bigonville, Leos Stejskal, Manisha Singhal, Marek Hulán, Maria Agaphontzev, Markus Reisner, Martin Alfke, Maximilian Kolb, Mike Massonnet, Nadja Heitmann, Nofar Alfassi, Oleh Fedorenko, Partha Aji, Patrick Creech, Pavel Moravec, Quinn James, RhinoX, Richard Stempfl, Romuald Conty, Samir Jha, Sayan Das, Shimon Shtein, Tim Meusel, William Bradford Clark, dosas, gardar, kmalyjur, omahs

As well as all users who helped test releases, report bugs and provide feedback on the project

Appendix B: Katello Contributors

Adam Ruzicka akumari Archana Kumari Bernhard Suttner Chris Roberts dosas Evgeni Golov Ewoud Kohl van Wijngaarden Hao Yu Ian Ballou Jeremy Lenz Maria Markus Bucher Nadja Heitmann Nikos Moumoulidis Partha Aji Pavel Moravec Quinn James Quirin Pamp Samir Jha Thorben Denzer Usman Sunyaev William Bradford Clark Zuzana Lena Ansorgová