1. Foreman 3.3 Release Notes

1.1. Headline Features

1.1.1. DSL Autocompletion in templates

The template editor now has embedded DSL documentation (https://yourforeman.example.com/templates_doc) as an auto-completion feature that is similar to modern text editors or IDEs. It allows users to list all available macros whilst writing a new or changing an existing template. An item in the list shows the signature of the macro, its description and examples of how to use it. Each item can be selected to be filled automatically in the template’s body by pressing Enter key. The list can be shown by pressing Ctrl + Space keys. There is also Live Autocompletion checkbox to examine the list whilst typing.

Autocompletion is disabled by default and can be enabled in the editor by checking Autocompletion checkbox.

1.1.2. EL9 Client repository

This release ships with the foreman-client repository being available for EL9 (CentOS Stream 9, AlmaLinux 9, Rocky 9, etc).

1.2. Upgrade Warnings

1.2.1. Disabling unattended mode dropped

Running Foreman with setting unattended: false is dropped. Every Foreman instance is now effectively running with this setting on. For more details and discussion read the RFC.

1.2.2. BMC credentials access turned off by default

BMC credentials access through ENC YAML output and templates is turned off by default for increased security. To turn it on, go to Administer - Settings and turn the "BMC credentials access" setting on.

1.2.3. Updated browser compatiblity

We’ve updated our browsers compatibility to support the following:

  • Google Chrome - latest version

  • Microsoft Edge - latest version

  • Apple Safari - latest version

  • Mozilla Firefox - latest version

  • Mozilla Firefox Extended Support Release (ESR) - latest version

1.3. Deprecations

1.3.1. Running Foreman on EL 7

EL7 support is deprecated and will be dropped with Foreman 3.4. Users are advised to upgrade to EL8.

Note that this support statement refers to running Foreman and Foreman Smart Proxy themselves on EL7. Managing EL7 hosts remains supported. See the RFC for more information.

1.3.2. Running Foreman on Debian 10

Debian 10 support is deprecated and will be dropped with Foreman 3.4. Users are advised to upgrade to Debian 11.

Note that this support statement refers to running Foreman and Foreman Proxy themselves on Debian 10. Managing Debian 10 hosts remains supported. See the RFC for more information.

1.3.3. Running Foreman on Ruby 2.5

With the deprecation of Debian 10 deployments in Foreman 3.2 (and the removal of support in 3.4), there will be no supported platform with Ruby 2.5 anymore. Therefore running Foreman on Ruby 2.5 is deprecated and support will be dropped (together with Debian 10) in Foreman 3.4. Please switch to Ruby 2.7.

2. Katello 4.5 Release Notes

2.1. Headline Features

For the full list of changes, see the Changelog.

  • Content view versions may now be removed from a content view in bulk via the UI.

  • A new Smart Proxy Content download-policy Streamed has been added. This will act like a forwarding-proxy. All packages requested will be requested from the main server. This is useful if the Smart Proxy does not have enough disk-space to hold all package-contents.

  • A new option to export/import just a repository.

  • Alternate Content Sources (ACSs) are now available for testing. ACSs are alternative locations to download yum and file content from during syncing. Enable ACSs in the UI via the "Show Experimental Labs" setting.

  • Work on the new host details page has progressed, specifically the packages and errata overview pages:

    • An Installed Products card has been added to the overview.

    • New host collections overview card showing the associated host collections.

    • Updated content view details card to change content view and lifecycle environments associated to a host.

    • Can enable/disable/install module streams.

  • Can search on hosts by enabled repositories. This is useful when you want to search on hosts have a particular repository enabled.

  • Over 60 bug fixes.

2.2. Upgrade Warnings

2.3. Deprecations

3. Foreman 3.3.0

A full list of changes is available via Redmine

3.1. Foreman

  • Support EC (and other non-RSA) keys in Foreman core - #34843

  • Remove the "Share your feedback" link from the new host details page - #34841

  • Add a reports tab to the hosts details page - #34782

  • Add developer documentation for pagelets - #34544

  • Include the host comments to a host list page - #34516

  • Host list page should show the owner of the host - #34515

3.1.1. Settings

  • Fix the SettingValueException error message - #34921

  • Settings - Issues with search - #34866

  • "Sync Connect Timeout" setting takes invalid value and shows update successful but doesn’t reflect the change for invalid values - #34838

  • Deprecate other than DSL setting definitions - #34603

  • GraphQL is using Setting model directly - #34328

  • Initialize Setting for tests without fixtures - #33782

  • Move setting value collections to SettingPresenter - #30861

3.1.2. DB migrations

  • Pending migrations check-in seeds does not take plugins into consideration - #34913

3.1.3. JavaScript stack

  • Show error when using node 16+ - #34857

  • Fix slots in system properties card - #34815

  • New host detail page - sentence case fixes - #34798

  • Fix host status card alignment for the new host detail page - #34755

  • Adding the host parameters clears the values of the prior line - #34747

  • Better handling when no key is passed to API middleware - #34745

  • Remove PatternFly 3 OverlayTrigger - #34713

  • Use hostFriendlyId and hostName props for host ActionBar component - #34673

  • Provide helpers for dealing with global IDs returned by graphql queries - #34614

  • Remove pagination deprecations - #34580

  • Add ouiaId on components for easier testing - #34542

  • Update to the latest foreman-js - #34481

  • Create PatternFly 4 breadcrumb switcher - #34290

  • useAPI infinite loop - #33236

3.1.4. Web Interface

  • Change the host status icon to green - #34831

  • Tabbable latest version 5.3.1 is not compatible with jest dom/ JSDom without changes to PF4. - #34802

  • Breadcrumb switcher use V for selected - #34662

  • Cancel host form redirects to legacy host UI - #34579

  • Add pagelet mountpoints for hosts list table - #34543

  • Add breadcrumbs switcher to new host page - #34511

  • Breadcrumb switcher doesnt work with Katello contentt work with Katello content - #34495

  • Close bookmarks dropdown after selecting a bookmark - #34228

  • New host detail page shows IP address over multiple lines - #33948

  • Add details tab to the host details page - #33010

  • Refactor PageLayout to use PF4 components - #32991

3.1.5. Inventory

  • Submit button on Edit page of a host will revert back to a invalid page on Foreman - #34830

  • The Submit button on a host form redirects to an invalid page - #34572

  • Expose reported data in the API - #34391

3.1.6. Statistics

  • Host - Last Checkin report template is not showing any other content host apart from Foreman itself. - #34809

3.1.7. TFTP

  • "Kickstart default user data" Provisioning Template contains doubled description key

  • Make the operatingsystem.bootfile usable in Jail - #34689

3.1.8. API

  • Taxonomies API does not accept per_page all - #34748

  • Refactor handling of External IPAM response - #34714

  • Turn off caching for apipie in production - #34643

  • Improve GraphQL association resolving - #34557

  • Add import_ipv4_subnets to API - #34251

3.1.9. Reporting

  • Remove reports deprecation from develop and 3.2 - #34744

  • Report template request: list enabled repositories and CV package counts - #34712

  • "Subscription - Entitlement Report" does not show correct number of subscriptions attached/consumed - #34610

3.1.10. Templates

  • Use foreman request address in windows iPXE - #34710

  • Harmonize preseed templates - #34658

  • Ensure that the insights snippet is being called by honoring the value of host_registration_insights parameter - #34525

  • AutoYaST PXE templates fail to render if http-proxy parameter is set without http-proxy-port - #34489

  • Allow puppet setup to be skipped even if you set a puppet master - #34388

  • AutoYaST SLES template invalid for SLES 15 SP3 - #34311

  • Support unattended partitioning using crypto under Debian - #34307

  • Add driverdisk support to kickstart templates - #33938

  • Cannot change "local boot ipxe template" - #33937

  • Templates - vgname is hardcoded to vg_sda - #33930

  • Add DSL autocompletion in templates - #32035

  • Request to add UEFI Grub2 for SLES/SUSE - #20265

3.1.11. Audit Log

  • Add rake command that prints out documentation for Auditable attributes - #34690

  • PF4 bookmarks and search field - #34546

3.1.12. Host registration

  • The registration database migration could fail when the template is not available - #34661

3.1.13. Rails

  • Upgrade Rails to 6.0.4.7 - #34649

  • Move initialization from application.rb into initializer - #34646

  • Order description syntax does not read right with Maruku - #34634

  • SettingPresenter - pass kwarks in Ruby 3 compatible format - #34570

  • Postpone LookupValue match validations - #34569

  • Switch Rails version to 6.1 - #34526

  • Add support for Rails 6.1 - #34500

  • Remove usage of force_ssl in controller - #30122

3.1.14. Unattended installations

  • Default boot template names - #34596

  • Trigger ansible provisioning callback for Preseed based installs - #34558

  • Use systemd based Ansible callback on Ubuntu >= 15 and Debian >= 8 - #34553

3.1.15. Security

  • Settings defined by DSL are not properly encrypted - #34573

3.1.16. Host creation

  • Installation Media does not find Ubuntu autoinstall kernel files - #34565

  • Ubuntu Autoinstall support - #32632

  • Reimplement !unattended mode support as mainline feature - #10413

3.1.17. Power management

  • Disable EFI local chainloading by default - #34532

3.1.18. Database

  • Undefined method format_errors' when db:seed failformat_errors when db:seed fail when db:seed fail - #34513

  • Ignore dynflow tables for schema dump - #33660

3.1.19. Users, Roles and Permissions

  • Infer of permission name for isolated namespace controllers doesn’t work - #34506

3.1.20. Compute resources - VMware

  • Latest Hardware version for VMware vSphere 7.0 U2 and U3 is not available - #34499

  • CentOS9 and RHEL9 Guest OS are missing - #34498

3.1.21. Facts

  • Shorten DNS timeout for primary NIC detection - #34462

  • Normalize fact parsers to use CentOS instead of centos - #34450

3.1.22. Organizations and Locations

  • Organization context fails to change in web UI - #34416

3.1.23. Plugin integration

  • Facets do not allow emptying their relations through mass assignment - #34375

3.1.24. Compute resources

  • Fix early load of fog_extensions - #34353

3.1.25. Authentication

  • Require foreman/telemetry' in ldap initializerforeman/telemetry in ldap initializer in ldap initializer - #34350

  • Provide alternative FIPS/NIST approved password hashing to bcrypt - #32572

3.1.26. Compute resources - OpenStack

  • Support Openstack Keystone sub-uri - #34346

3.1.27. Tests

  • Sanitize FQDN in tests - #34339

  • Improve the clarity of Api::HostsController test - #34326

3.1.28. Dashboard

  • Setting all_out_of_sync_disabled has no definition warning - #34240

3.1.29. Internationalization

  • [zh_CN] Welcome page (Login/Logout) is not localized - #34106

  • [zh_CN/ja_JP/fr_FR] 'filter' string at switcher button search box is not marked for translation - #34090

3.1.30. BMC

  • Make setting bmc_credentials_accessible disabled by default - #31965

3.2. Installer

  • Installer spams with katello-certs-check output when using custom certs - #34888

  • Display the mismatched FQDN additionally rather than just showing the commands to verify the output - #34883

  • Pulp: Add options to change the import and export path in /etc/pulp/settings.py - #34882

  • Resetting nssdb certificate does not update private key and breaks Qpid - #34860

  • Installer does not restart foreman.service when changing Puma configuration - #34824

  • Puppet Agent enabled in Katello installations, even if it should not - #34819

  • Rename foreman_proxy::plugin::remote_execution::ssh to foreman_proxy::plugin::remote_execution::script - #34758

  • After upgrading to Katello 4.0+ ping check fails with "Some components are failing: katello_agent"

  • --reset-data does not remove /var/lib/candlepin/.puppet-candlepin-rpm-version - #34686

  • Drop apipie cache generation and indexing - #34640

  • Detect plugin installation and trigger Puma restart - #34602

  • Keytool does not work on FIPS enabled EL 8 - #34598

  • Add hammer-cli-foreman-host-reports to the installer - #34505

  • Add support for REX pull transport - #34239

  • Warning: postgresql.service changed on disk. Run systemctl daemon-reload' to reload units.systemctl daemon-reload to reload units. to reload units. - #32323

  • Make it possible to install Foremans httpd with mpm_events httpd with mpm_event - #20889

3.2.1. Foreman modules

  • OS upgrade keeps original TFTP setup preventing machines to boot from the network - #34774

3.2.2. foreman-installer script

  • Run Apache httpd without default modules from puppetlabs-apache - #34590

3.3. Packaging

  • Require psql for foreman-maintain - #34855

  • Update the foreman-protectors Yum and Dnf source file paths - #34801

  • Drop apipie cache generation from RPM builds - #34641

3.3.1. Debian/Ubuntu

  • Updates oauth Gem installed by puppet-agent-oauth under Debian to a newer version (0.5.1 produces lots of warnings about URI.escape) - #34681

3.3.2. RPMs

  • Provide modular metadata in EL8 - #34615

  • foreman.rpm pulls in nodejs - #34507

  • Installer uses hostname, but that package can be absent - #34468

  • Deliver EL8 repositories as modular repositories to fix dependency resolution, get automatic dependent module enablement and handle dependency resolution without module_hotfixes - #34126

3.4. SELinux

3.4.1. Plugins

  • Drop foreman_docker compatibility - #34730

  • Syncing the git templates on RHEL8 raises SElinux errors - #34726

3.5. Smart Proxy

  • Support EC (and other non-RSA) keys in foreman proxy - #34844

  • Set the MALLOC_ARENA_MAX variable to counter memory bloating in production environments - #34624

  • Rewrite validate_ip to use a case statement - #34566

3.5.1. SSL

  • foreman-proxy does not log permissions errors when trying to read ssl_ca.pem - #34613

3.5.2. Packaging

  • rsec gem listed twice generates a warning - #34589

3.5.3. Tests

  • Drop single_test gem dependency - #34564

  • Drop rdoc from test dependencies - #34563

  • Allow calling load_test_settings without settings - #34162

  • Test fail locally: Error details for private method \`select called for nil:NilClass: called for nil:NilClass: - #27088

4. Katello 4.5.0

4.1. Features

4.1.1. Web UI

  • ACS UI - Refresh action from UI and show last refresh on index (#34916)

  • Set up lab routes for ACS UI and land on read-only index page for ACS (#34783, 2a10b1eb)

  • Hosts UI - Module streams - Filter by state & installation status (#34663, 91dd495a)

  • Add table sorting by column (#34461, f609171f)

4.1.2. Hosts

4.1.3. Repositories

  • Extend info box in release field of Deb repository create page in Katello GUI (#34795, 7b1bd0e3)

  • Report that lists all the hosts on which a particular repository is enabled (#34711, d6d9b712)

  • As a user, I can CRUD custom ACSs via the API (#34034, 71f9e497)

  • As a user, I can CRUD custom ACSs via hammer (#34033)

4.1.4. Subscriptions

4.1.5. Content Views

  • RFE - add ouia-ID for buttons on a cv (#34749, 07d59d07, f67131e5)

  • Report template support: list enabled repositories and RPM counts for content hosts (#34695, 688869a5)

  • Content view filter should suggest architectures parameters in RPM rule (#34586, 96125025)

  • Publish new version should redirect to "Version" tab (#34496, e4c3cc06)

  • Allow bulk selections on CV UI to support bulk removing versions (#34169, 197688c0)

4.1.6. Foreman Proxy Content

4.1.7. Other

  • New host details - Add Subscription UUID to System Properties card (#34814, 0839a913)

  • Properly translate plurals (#34628, 87ad581a)

  • [RFE] add option to export and import just repository for hammer content-export (#34374, dd112712, 4c1e7211)

  • As a user, I can create custom ACSs via the UI (#33462)

4.2. Bug Fixes

4.2.1. Upgrades

  • DB seeds fails on NoMethodError: undefined method update! for nil:NilClass (#34974)

  • default_location_puppet_content setting and others not cleaned up (#34587, 24d0ba88)

4.2.2. Subscriptions

  • Manifest refresh randomly fails with "No such file or directory" when having multile dynflow workers (#34957)

  • "Subscription - Entitlement Report" does not show correct number of subscriptions attached/consumed (#34609, cf82cbbc)

  • [Bug] Custom subscriptions consumed and available quantity not correct in the CSV file (#34578, ad4c50a7)

  • Add deprecation banners for traditional (non-SCA) subscription management (#34522, ad0cc6f8)

4.2.3. Errata Management

  • Upgrade to Satellite 6.10.5.1 fails with error message "PG::NotNullViolation: ERROR: null value in column "erratum_package_id" violates not-null constraint" (#34944)

  • Errata icons are the wrong colors (#34425, 6f39ec6a)

4.2.4. Web UI

  • Activation key overriding broke parameters table (#34934)

  • [SAT-5692] Details tab - Registration details card (#34836, b5eaf76f)

  • New host detail page - sentence case fixes (#34797, b997a2f0)

  • Use split button dropdown for Traces & Errata REX actions (#34721)

  • Katello bookmark icon should be consistent with Foreman’s (#34659)

  • [SAT-5692] Add Bookmarks to all host detail tables (#34632, 0daa8c99)

  • [RFE] CV UI - Errata Filter Date doesn’t show "Start Date" & "End Date" (#34630, 05798608)

  • CV UI - Wizard bug fixes (#34599, d2497425)

  • CV UI - Patternfly update causes tabs to navigate twice on click (#34559, acf477e2)

  • CV UI - Status value translations should only translate the user facing text, not params etc sent to API. (#34158, aa9592ee)

  • Table row selection is slow when per_page is high (#34072, 99d0567c)

4.2.5. Repositories

  • Web elements are not localized Available Button (#34933)

  • Fix upstream authentication autofill issue for Katello repositories (#34818, ea78e268)

  • Bring back 0 package counts! (#34803, b82bfb5a)

  • Sync Status page does not show syncing progress bar under "Result" column when syncing a repo (#34766, f8172454)

  • Add 'republish repository metadata' to Hammer (#34762, 114b12ad)

  • Repositories/import_uploads API endpoint do require two mandatory parameters (#34729, 2d288ff1)

  • A failed CV promote during publish or repo sync causes ISE (#34680, f0c69a1b)

  • Cannot upload a package to a repository if the same package already exists in another repository, but is not downloaded (#34635, a3a856e8)

  • Remotes should have username and password cleared out if a user sets them to be blank (#34619, 17a12869)

  • The "Serve via HTTP" and "Verify SSL" options in Repo Discovery page does not functions at all in Satellite 7.0 (#34617, 8f76e5e9)

  • Satellite/capsule 6.10 and tools 6.10 repos are listed in the Recommended Repositories for Sat 7.0 (#34577, c0cb3e25)

  • Deletion of Custom repo deletes it from all versions of CV where it is included but the behavior is different for Red Hat based repos in Satellite 7.0 (#34576, 05d1d710)

  • Red Hat Repositories have weird behavior if arch setting is changed (#34490, 77f6193f)

  • After upgrade products with repositories that had Ignorable Content = drpm can no longer be modified (#34432, 2859ec67)

4.2.6. Tooling

4.2.7. Hammer

  • Hammer is not showing gpg key in repo info (#34924)

  • hammer repo update fails on when providing docker info (#34817)

  • Mirror on sync still shows up in 'hammer repository info', while mirroring policy does not (#34594, 75bac351)

4.2.8. Content Views

  • override_components don’t make it to composite CV publish step (#34905)

  • Incremental CV update does not auto-publish CCV (#34676, 7424532d)

  • Multi-page listing when adding repositories to Content Views confuses the number of repositories to add (#34670, 29bf01ba)

  • Epoch version is missing from rpm Packages tab of Content View Version (#34633, 066d693e)

  • Exclude filter may exclude errata and packages that are needed (#34437, f5a42e78)

  • Incremental update with --propagate-all-composites makes new CVV but with no new content (#34383, 2b908d44)

4.2.9. API

  • Don’t expose "label" param in PUT /organizations/:id API (#34859, 56e5b386)

4.2.10. Hosts

  • Repository Sets - Filter by status (#34808, bd142604)

  • Updating packages from the Content host’s page always tries to use katello-agent even when remote_execution_by_default set to true (#34743, 2b824a86)

  • Rename SSH to script provider (#34696, 6014c4b6)

  • New host details tables should link to REX job page, not Foreman Tasks (#34620, a0f9140b)

  • Repository Sets - Add Select All & bulk actions (#34421, 70a71857)

4.2.11. Inter Server Sync

  • Repository set not showing repos after importing library and creating an ak in a disconnected satellite (#34733, 13dba28d)

  • On content import failure for a repository the created version should be cleaned up (#34518, dfacc815)

  • Fail to import contents when the connected and disconnected servers have different product labels for the same product (#34501, c90c4bd2)

  • Misleading error message when incorrect org label is entered (#34464, cf5f9c87)

4.2.12. Tests

  • Transient test failure test_yum_copy_all_no_filter_rules (#34679, 694c6bcd)

4.2.13. Foreman Proxy Content

  • UI suddenly shows "Connection refused - connect(2) for 10.74.xxx.yyy:443 (Errno::ECONNREFUSED) Plus 6 more errors" for a smart proxy even if there are no connectivity issue present (#34671, 2a19fa75)

4.2.14. Lifecycle Environments

  • Lifecycle Environment tab flash OSTree & Docker details for a second then shows actual content path. (#34470, 8089232c)

4.2.15. Container

  • docker-ce fails to pull docker images (#32830)

4.2.16. Other

  • Un-break Katello after Foreman settings change (#34902)

  • Update terminology for ISS (#34734, 92980096, 4f334235)

  • Recurring logic does not clean up sync plan relationship when unset (#34660, 828e4f05)

  • Job invocation installs all the installable errata if incorrect Job Template is used (#34638, bbecd8d7)

  • rake katello:correct_repositories will try to re-create content in katello (#34540, 1aa4945f)

  • Failed to docker pull image with "Error: image <image name> not found" error (#34530, 3963952e)

Appendix A: Foreman Contributors

Appendix B: Katello Contributors

Adam Růžička <a.ruzicka@outlook.com> Andrew <andrewgdewar@gmail.com> Chris Roberts <chrobert@redhat.com> Eric D. Helms <ericdhelms@gmail.com> Evgeni Golov <evgeni@golov.de> Ian Ballou <ianballou67@gmail.com> Jeremy Lenz <jlenz@redhat.com> Jonathon Turel <jturel@gmail.com> Justin Sherrill <jsherril@redhat.com> Leos Stejskal <github@stejskalleos.cz> Lucy Fu <lufu@redhat.com> Manisha Singhal <singhal@atix.de> Markus Bucher <bucher@atix.de> Nadja Heitmann <nadjah@atix.de> Ondřej Ezr <oezr@redhat.com> Partha Aji <paji@redhat.com> Quirin Pamp <pamp@atix.de> Ron Lavi <1ronlavi@gmail.com> Samir Jha <sjha4@ncsu.edu> William Bradford Clark <wclark@redhat.com> Ryan Verdile <rverdile@redhat.com>