1. Foreman 3.14 Release Notes

1.1. Headline Features

There are no highlights with Foreman 3.14.

1.2. Upgrade Warnings

1.2.1. EL 7 client repositories dropped

RHEL 7 is out of maintenance since June 2024 and at the same time CentOS Linux 7 went end of life. With Foreman 3.14, the client repository is no longer built for EL 7. This primarily affects Katello and OpenSCAP users.

For more details, see the removal RFC.

1.3. Deprecations

There are no deprecations with Foreman 3.14.

2. Katello 4.16 Release Notes

2.1. Headline Features

2.1.1. postgresql-evr extension no longer required

Installation of the Katello database on remote systems where root access is not available is now possible. Only a basic PostgreSQL installation is required. With this feature, you can now install on systems like Amazon RDS or Azure Database for PostgreSQL.

2.2. Upgrade Warnings

There are no upgrade warnings with Katello 4.16.

2.3. Deprecations

There are no deprecations with Katello 4.16.

3. Foreman 3.14.0

A full list of changes is available on Redmine

3.1. Foreman

3.1.1. API

  • Hide organization-id and location-id options from api documentation of unscoped resources - #37824

3.1.2. Authentication

  • NameError: undefined local variable or method `logger' for JwtToken - #38122

3.1.3. Compute resources

  • Fields in OS tab don't populate until after failed host import and the network details are incorrect - #37855

3.1.4. Compute resources - EC2

  • Remove EC2 subnet from compute profiles - #38193

3.1.5. Compute resources - VMware

  • Missing CentOS stream 10 and RHEL10 GuestOS for VMware compute-resource - #38121

  • Add VMware SecureBoot & Virtual TPM support - #37823

3.1.6. Compute resources - libvirt

  • Add Libvirt UEFI & SecureBoot support - #37566

3.1.7. DNS

  • Fix DNS orchestration conflict detection to take IPv6 filed into account - #37990

3.1.8. Development tools

  • apipie cache generation command fails on a centos9 katello devel stable machine - #38159

  • update theforeman-rubocop gem - #37429

3.1.9. Facts

  • Make sure an IPv6 interface is suggested as primary - #38046

3.1.10. Host registration

  • Registering bootc host fails to set up ssh keys - #38095

  • Pull provider template renders OS-specific error message for all OS types - #38082

  • The template "Linux host_init_config default" has an unwanted single quote - #38002

3.1.11. Internationalization

  • Do not try to translate ruby-symbol - #38106

3.1.12. Inventory

  • host_edit when no inherit button creates error - #38223

  • page scroll freeze in host edit unselect architecture - #38220

  • New All hosts: Delete host redirects to old hosts list regardless of setting - #37758

  • 'Manage Columns' does not appear on new Hosts Index page - #37573

3.1.13. JavaScript stack

  • remove select2('destroy') for non select2 item - #38177

  • Allow generic table children outside of tbody - #38154

  • Remove @theforeman/vendor-dev - #37830

  • add js-cookie - #37664

  • drop jquery-ui - #37390

  • Update to jQuery 3 - #37382

3.1.14. Network

  • Pagelet for HTTP Proxy form - #38000

3.1.15. Packaging

  • Drop NodeJS 14 support - #38125

  • Increase foreman.socket's Backlog option to INT_MAX - #37964

3.1.16. Performance

  • PG::UniqueViolation: ERROR: duplicate key value violates unique constraint "index_operatingsystems_on_title" DETAIL: Key (title)=(RedHat 9.2) already exists. - #38169

3.1.17. Proxy gateway

  • Test connection for HTTP proxy errors out - #38208

3.1.18. Rails

  • In-browser password manager may pop up when editing name fields of various resources - #38217

  • Switch Foreman to Rails 7.0 - #37825

3.1.19. Reporting

  • Show host's IPv6 in the 'host built' mail - #38153

  • Host - Installed Products report should handle multiCV hosts - #38145

3.1.20. Settings

  • String type settings with nil default cannot be unset - #38197

  • Need to add lxc* pattern to IGNORED_INTERFACES list - #38036

3.1.21. Tests

  • Incorrect settings test uncovered by mocha 2.7 - #38078

  • Tests fail with fog-libvirt 0.13.1 - #38017

3.1.22. Unattended installations

  • Anaconda is not setting up the host name correctly during the setup - #38168

  • Kickstart template generates interfaces with --ipv6=dhcp - #38155

  • Replace deprecated wget "-Y off" parameter in templates - #38067

  • Use IPv6 address for SSH provisioning, if available - #38057

  • References to syspurpose addons still remain in Foreman - #38053

  • Remove NicIpResolver class - #38052

  • Unattended controller should accept IPv6 address as part of the built request - #38051

  • Make sure host_finder knows to find hosts given an IPv6 address - #38050

  • Major version accepts negative values while creating operating system - #38044

  • Allow the remote execution user to become any user when creating sudoers drop-ins - #38030

  • Provisioning uses wrong URLs for subscription-manager when a load balanced smart proxy is involved - #38029

  • Support Windows deployment with UEFI - #37862

  • Clevis/Tang disk encryption broken for Ubuntu/multiple disks - #37857

  • New PXE loader "Grub2 UEFI SecureBoot (target OS)" - #36834

3.1.23. Users, Roles and Permissions

  • As a user or admin, I want to invalidate JWTs for all users - #38138

  • As a user I want to invalidate my own JWT tokens via the UI - #38108

  • User last login time is not updated when login with external authentication - #38037

  • As a user or admin, I want to invalidate JWTs for a specific user. - #37936

3.1.24. Web Interface

  • select 2 not showing placeholders - #38211

  • vmware Create controller select freezes the page - #38209

  • form_select_f auto selects first option - #38183

  • Hide search submit button when not submittable - #38141

3.2. Installer

  • New PXE loader "Grub2 UEFI SecureBoot (target OS)" - #36940

3.2.1. External modules

  • Stop managing postgresql-evr extension - #37680

3.2.2. Foreman modules

  • use lowercase FQDN in SSL CN comparison for pulpcore auth - #38110

  • On large deployments puma auto tuning results in too many workers for PostgreSQL connections - #38085

3.2.3. foreman-installer script

  • Halt installer run if the evr extension in remote DBs has the wrong permissions before upgrade - #37883

  • Change evr extension ownership to foreman via installer - #37717

3.3. Packaging

3.3.1. RPMs

  • Drop EL7 client support - #38034

3.4. SELinux

3.4.1. Packaging

  • Remove dependency on unconfined selinux module - #37968

3.4.2. Smart proxy

  • allow smart-proxy with PuppetCA to read some etc files - #37999

3.5. Smart Proxy

3.5.1. Realm

  • rexml is not a default gem on ruby 3 anymore - #38157

3.5.2. TFTP

  • New PXE loader "Grub2 UEFI SecureBoot (target OS)" - #36833

Appendix A: Foreman Contributors

We’d like to thank the following people who contributed to the Foreman 3.14 release:

Adam Lazik, Adam Růžička, Aneta Šteflová Petrová, Archana Kumari, Bastian Schmidt, Ben Erickson, Bernhard Suttner, Brenden Wood, Chris Roberts, Cole Higgins, Eric Helms, Evgeni Golov, Ewoud Kohl van Wijngaarden, Francesco Di Nucci, Gaurav Talreja, Girija Soni, Hao Yu, Ian Ballou, Jan Löser, Jeremy Lenz, Leos Stejskal, Lucy Fu, Maria Agaphontzev, Markus Bucher, Markus Reisner, Martin Alfke, Martin Spiessl, Matthew Davis, Maximilian Kolb, Nadja Heitmann, Nofar Alfassi, Oleh Fedorenko, Partha Aji, Patrick Creech, PopiBrossard, Samir Jha, Sayan Das, Shimon Shtein, Takashi Kajinami, Tim Meusel, VHS, dosas,

As well as all users who helped test releases, report bugs and provide feedback on the project.

Appendix B: Katello Contributors