1. Headline Features

1.1. DSL Autocompletion in templates

The template editor now has embedded DSL documentation (https://yourforeman.example.com/templates_doc) as an auto-completion feature that is similar to modern text editors or IDEs. It allows users to list all available macros whilst writing a new or changing an existing template. An item in the list shows the signature of the macro, its description and examples of how to use it. Each item can be selected to be filled automatically in the template’s body by pressing Enter key. The list can be shown by pressing Ctrl + Space keys. There is also Live Autocompletion checkbox to examine the list whilst typing.

Autocompletion is disabled by default and can be enabled in the editor by checking Autocompletion checkbox.

1.2. EL9 Client repository

This release ships with the foreman-client repository being available for EL9 (CentOS Stream 9, AlmaLinux 9, Rocky 9, etc).

2. Upgrade Warnings

2.1. Disabling unattended mode dropped

Running Foreman with setting unattended: false is dropped. Every Foreman instance is now effectively running with this setting on. For more details and discussion read the RFC.

2.2. BMC credentials access turned off by default

BMC credentials access through ENC YAML output and templates is turned off by default for increased security. To turn it on, go to Administer - Settings and turn the "BMC credentials access" setting on.

2.3. Updated browser compatiblity

We’ve updated our browsers compatibility to support the following:

  • Google Chrome - latest version

  • Microsoft Edge - latest version

  • Apple Safari - latest version

  • Mozilla Firefox - latest version

  • Mozilla Firefox Extended Support Release (ESR) - latest version

3. Deprecations

3.1. Running Foreman on EL 7

EL7 support is deprecated and will be dropped with Foreman 3.4. Users are advised to upgrade to EL8.

Note that this support statement refers to running Foreman and Foreman Smart Proxy themselves on EL7. Managing EL7 hosts remains supported. See the RFC for more information.

3.2. Running Foreman on Debian 10

Debian 10 support is deprecated and will be dropped with Foreman 3.4. Users are advised to upgrade to Debian 11.

Note that this support statement refers to running Foreman and Foreman Proxy themselves on Debian 10. Managing Debian 10 hosts remains supported. See the RFC for more information.

3.3. Running Foreman on Ruby 2.5

With the deprecation of Debian 10 deployments in Foreman 3.2 (and the removal of support in 3.4), there will be no supported platform with Ruby 2.5 anymore. Therefore running Foreman on Ruby 2.5 is deprecated and support will be dropped (together with Debian 10) in Foreman 3.4. Please switch to Ruby 2.7.

4. Foreman 3.3.1

A full list of changes is available via Redmine

4.1. Foreman

4.1.1. Templates

  • Restart yggdrasil from kptm if it is already running - #35472

  • ks= kernel parameter in Kickstart default iPXE causes RHEL9 Anaconda failure to start - #34975

  • Allow setting up REX pull during provisioning and registration - #34969

  • Ubuntu Autoinstall PXELinux template does not reference Smart Proxy correctly - #34941

4.1.2. Compute resources - VMware

  • hammer cannot use the cluster name or id as valid input when clusters are residing inside folders and fails with error fog not found - #35438

4.1.3. Tests

  • Update show_me_the_cookies dependency to 6.x - #35371

4.1.4. Settings

  • Ignore calico interfaces from Foreman - #35289

4.1.5. Host creation

  • Bulk rebuild hosts can not reset the build token - #35203

4.1.6. Unattended installations

  • Add installation medium for Stream 9 - #35151

4.1.7. Audit Log

  • Audit page shows "auditable id / Host2" for "Host1" but Host2 does not exist or deleted from the all hosts - #35132

4.1.8. Inventory

  • Hide reports "Origin" column when table is already filtered by origin - #35126

  • Host’s power status ping is limited to three seconds - #35083

4.1.9. Host registration

  • In Global Registration, using another LANG like pt_BR.UTF-8 breaks the UUID - #35051

4.1.10. Smart Proxy

  • Smart Proxy upgrade/install fails due to proxy configuration in 'HTTP(S) proxy' in settings - #34996

4.1.11. Web Interface

  • Models index page does 3 same API requests - #34987

4.1.12. Organizations and Locations

  • Taxonomies are being set during extlogin too early, leading to user’s default taxonomies being ignored - #34949

4.1.13. Rake tasks

  • `foreman-rake permissions:reset` should show a warning that it’s required to manually update the password in 'foreman.yml' - #31966

4.2. Installer

4.2.1. External modules

  • SSO feature settings are not getting enabled and fails with HTTPD CONF issue - #35524

  • cache-enabled setting for proxy content module isn’t migrated to 'true' properly - #35157

4.3. Packaging

4.3.1. RPMs

  • Sendmail binary is not present on EL8 and needs manual configuration - #35461

4.4. Smart Proxy

4.4.1. Packaging

  • Declare compatible versions of Sinatra - #35507

5. Foreman 3.3.0

A full list of changes is available via Redmine

5.1. Foreman

  • Support EC (and other non-RSA) keys in Foreman core - #34843

  • Remove the "Share your feedback" link from the new host details page - #34841

  • Add a reports tab to the hosts details page - #34782

  • Add developer documentation for pagelets - #34544

  • Include the host comments to a host list page - #34516

  • Host list page should show the owner of the host - #34515

5.1.1. Settings

  • Fix the SettingValueException error message - #34921

  • Settings - Issues with search - #34866

  • "Sync Connect Timeout" setting takes invalid value and shows update successful but doesn’t reflect the change for invalid values - #34838

  • Deprecate other than DSL setting definitions - #34603

  • GraphQL is using Setting model directly - #34328

  • Initialize Setting for tests without fixtures - #33782

  • Move setting value collections to SettingPresenter - #30861

5.1.2. DB migrations

  • Pending migrations check-in seeds does not take plugins into consideration - #34913

5.1.3. JavaScript stack

  • Show error when using node 16+ - #34857

  • Fix slots in system properties card - #34815

  • New host detail page - sentence case fixes - #34798

  • Fix host status card alignment for the new host detail page - #34755

  • Adding the host parameters clears the values of the prior line - #34747

  • Better handling when no key is passed to API middleware - #34745

  • Remove PatternFly 3 OverlayTrigger - #34713

  • Use hostFriendlyId and hostName props for host ActionBar component - #34673

  • Provide helpers for dealing with global IDs returned by graphql queries - #34614

  • Remove pagination deprecations - #34580

  • Add ouiaId on components for easier testing - #34542

  • Update to the latest foreman-js - #34481

  • Create PatternFly 4 breadcrumb switcher - #34290

  • useAPI infinite loop - #33236

5.1.4. Web Interface

  • Change the host status icon to green - #34831

  • Tabbable latest version 5.3.1 is not compatible with jest dom/ JSDom without changes to PF4. - #34802

  • Breadcrumb switcher use V for selected - #34662

  • Cancel host form redirects to legacy host UI - #34579

  • Add pagelet mountpoints for hosts list table - #34543

  • Add breadcrumbs switcher to new host page - #34511

  • Breadcrumb switcher doesnt work with Katello contentt work with Katello content - #34495

  • Close bookmarks dropdown after selecting a bookmark - #34228

  • New host detail page shows IP address over multiple lines - #33948

  • Add details tab to the host details page - #33010

  • Refactor PageLayout to use PF4 components - #32991

5.1.5. Inventory

  • Submit button on Edit page of a host will revert back to a invalid page on Foreman - #34830

  • The Submit button on a host form redirects to an invalid page - #34572

  • Expose reported data in the API - #34391

5.1.6. Statistics

  • Host - Last Checkin report template is not showing any other content host apart from Foreman itself. - #34809

5.1.7. TFTP

  • "Kickstart default user data" Provisioning Template contains doubled description key

  • Make the operatingsystem.bootfile usable in Jail - #34689

5.1.8. API

  • Taxonomies API does not accept per_page all - #34748

  • Refactor handling of External IPAM response - #34714

  • Turn off caching for apipie in production - #34643

  • Improve GraphQL association resolving - #34557

  • Add import_ipv4_subnets to API - #34251

5.1.9. Reporting

  • Remove reports deprecation from develop and 3.2 - #34744

  • Report template request: list enabled repositories and CV package counts - #34712

  • "Subscription - Entitlement Report" does not show correct number of subscriptions attached/consumed - #34610

5.1.10. Templates

  • Use foreman request address in windows iPXE - #34710

  • Harmonize preseed templates - #34658

  • Ensure that the insights snippet is being called by honoring the value of host_registration_insights parameter - #34525

  • AutoYaST PXE templates fail to render if http-proxy parameter is set without http-proxy-port - #34489

  • Allow puppet setup to be skipped even if you set a puppet master - #34388

  • AutoYaST SLES template invalid for SLES 15 SP3 - #34311

  • Support unattended partitioning using crypto under Debian - #34307

  • Add driverdisk support to kickstart templates - #33938

  • Cannot change "local boot ipxe template" - #33937

  • Templates - vgname is hardcoded to vg_sda - #33930

  • Add DSL autocompletion in templates - #32035

  • Request to add UEFI Grub2 for SLES/SUSE - #20265

5.1.11. Audit Log

  • Add rake command that prints out documentation for Auditable attributes - #34690

  • PF4 bookmarks and search field - #34546

5.1.12. Host registration

  • The registration database migration could fail when the template is not available - #34661

5.1.13. Rails

  • Upgrade Rails to 6.0.4.7 - #34649

  • Move initialization from application.rb into initializer - #34646

  • Order description syntax does not read right with Maruku - #34634

  • SettingPresenter - pass kwarks in Ruby 3 compatible format - #34570

  • Postpone LookupValue match validations - #34569

  • Switch Rails version to 6.1 - #34526

  • Add support for Rails 6.1 - #34500

  • Remove usage of force_ssl in controller - #30122

5.1.14. Unattended installations

  • Default boot template names - #34596

  • Trigger ansible provisioning callback for Preseed based installs - #34558

  • Use systemd based Ansible callback on Ubuntu >= 15 and Debian >= 8 - #34553

5.1.15. Security

  • Settings defined by DSL are not properly encrypted - #34573

5.1.16. Host creation

  • Installation Media does not find Ubuntu autoinstall kernel files - #34565

  • Ubuntu Autoinstall support - #32632

  • Reimplement !unattended mode support as mainline feature - #10413

5.1.17. Power management

  • Disable EFI local chainloading by default - #34532

5.1.18. Database

  • Undefined method format_errors' when db:seed failformat_errors when db:seed fail when db:seed fail - #34513

  • Ignore dynflow tables for schema dump - #33660

5.1.19. Users, Roles and Permissions

  • Infer of permission name for isolated namespace controllers doesn’t work - #34506

5.1.20. Compute resources - VMware

  • Latest Hardware version for VMware vSphere 7.0 U2 and U3 is not available - #34499

  • CentOS9 and RHEL9 Guest OS are missing - #34498

5.1.21. Facts

  • Shorten DNS timeout for primary NIC detection - #34462

  • Normalize fact parsers to use CentOS instead of centos - #34450

5.1.22. Organizations and Locations

  • Organization context fails to change in web UI - #34416

5.1.23. Plugin integration

  • Facets do not allow emptying their relations through mass assignment - #34375

5.1.24. Compute resources

  • Fix early load of fog_extensions - #34353

5.1.25. Authentication

  • Require foreman/telemetry' in ldap initializerforeman/telemetry in ldap initializer in ldap initializer - #34350

  • Provide alternative FIPS/NIST approved password hashing to bcrypt - #32572

5.1.26. Compute resources - OpenStack

  • Support Openstack Keystone sub-uri - #34346

5.1.27. Tests

  • Sanitize FQDN in tests - #34339

  • Improve the clarity of Api::HostsController test - #34326

5.1.28. Dashboard

  • Setting all_out_of_sync_disabled has no definition warning - #34240

5.1.29. Internationalization

  • [zh_CN] Welcome page (Login/Logout) is not localized - #34106

  • [zh_CN/ja_JP/fr_FR] 'filter' string at switcher button search box is not marked for translation - #34090

5.1.30. BMC

  • Make setting bmc_credentials_accessible disabled by default - #31965

5.2. Installer

  • Installer spams with katello-certs-check output when using custom certs - #34888

  • Display the mismatched FQDN additionally rather than just showing the commands to verify the output - #34883

  • Pulp: Add options to change the import and export path in /etc/pulp/settings.py - #34882

  • Resetting nssdb certificate does not update private key and breaks Qpid - #34860

  • Installer does not restart foreman.service when changing Puma configuration - #34824

  • Puppet Agent enabled in Katello installations, even if it should not - #34819

  • Rename foreman_proxy::plugin::remote_execution::ssh to foreman_proxy::plugin::remote_execution::script - #34758

  • After upgrading to Katello 4.0+ ping check fails with "Some components are failing: katello_agent"

  • --reset-data does not remove /var/lib/candlepin/.puppet-candlepin-rpm-version - #34686

  • Drop apipie cache generation and indexing - #34640

  • Detect plugin installation and trigger Puma restart - #34602

  • Keytool does not work on FIPS enabled EL 8 - #34598

  • Add hammer-cli-foreman-host-reports to the installer - #34505

  • Add support for REX pull transport - #34239

  • Warning: postgresql.service changed on disk. Run systemctl daemon-reload' to reload units.systemctl daemon-reload to reload units. to reload units. - #32323

  • Make it possible to install Foremans httpd with mpm_events httpd with mpm_event - #20889

5.2.1. Foreman modules

  • OS upgrade keeps original TFTP setup preventing machines to boot from the network - #34774

5.2.2. foreman-installer script

  • Run Apache httpd without default modules from puppetlabs-apache - #34590

5.3. Packaging

  • Require psql for foreman-maintain - #34855

  • Update the foreman-protectors Yum and Dnf source file paths - #34801

  • Drop apipie cache generation from RPM builds - #34641

5.3.1. Debian/Ubuntu

  • Updates oauth Gem installed by puppet-agent-oauth under Debian to a newer version (0.5.1 produces lots of warnings about URI.escape) - #34681

5.3.2. RPMs

  • Provide modular metadata in EL8 - #34615

  • foreman.rpm pulls in nodejs - #34507

  • Installer uses hostname, but that package can be absent - #34468

  • Deliver EL8 repositories as modular repositories to fix dependency resolution, get automatic dependent module enablement and handle dependency resolution without module_hotfixes - #34126

5.4. SELinux

5.4.1. Plugins

  • Drop foreman_docker compatibility - #34730

  • Syncing the git templates on RHEL8 raises SElinux errors - #34726

5.5. Smart Proxy

  • Support EC (and other non-RSA) keys in foreman proxy - #34844

  • Set the MALLOC_ARENA_MAX variable to counter memory bloating in production environments - #34624

  • Rewrite validate_ip to use a case statement - #34566

5.5.1. SSL

  • foreman-proxy does not log permissions errors when trying to read ssl_ca.pem - #34613

5.5.2. Packaging

  • rsec gem listed twice generates a warning - #34589

5.5.3. Tests

  • Drop single_test gem dependency - #34564

  • Drop rdoc from test dependencies - #34563

  • Allow calling load_test_settings without settings - #34162

  • Test fail locally: Error details for private method \`select called for nil:NilClass: called for nil:NilClass: - #27088

Appendix A: Foreman Contributors

We’d like to thank the following people who contributed to the Foreman 3.3 release:

Adam Růžička, Adi Abramovich, Amir Fefer, Amit Upadhye, Andrew Teixeira, Anna Vítová, Antoine Beaupré, Bastian Schmidt, Ben Magistro, Bernhard Suttner, Chris Roberts, Christopher Smith, Daniel Henninger, Eric D. Helms, Erik Berg, Evgeni Golov, Ewoud Kohl van Wijngaarden, Gordon Bleux, Ian Ballou, Jason, Jeremy Lenz, John Mitsch, Jonathon Turel, Justin Sherrill, Leoš Stejskal, Lukáš Zapletal, Marcel Kühlhorn, Marek Hulán, Maria Agaphontzev, Markus Bucher, Melanie Corr, Nadja Heitmann, Nagoor Shaik, Oleh Fedorenko, Ondřej Ezr, Ondřej Pražák, Patrick Creech, Peter Koprda, Rahul Bajaj, Romuald Conty, Ron Lavi, Samir Jha, Sayan Das, Shimon Shtein, Shira Maximov, Tim Meusel, Tomer Brisker, William Clark, Yifat Makias

As well as all users who helped test releases, report bugs and provide feedback on the project.