Foreman 3.5 Release Notes

1. Headline Features

1.1. Improved inventory pages

Inventory management has always been a core feature of Foreman. In Foreman 2.2 the host detail page redesign was started and made default in Foreman 3.2. This release greatly enhances the page with many more integrations which provides the user a more complete overview without having to navigate to other pages.

For a long time foreman_column_view has provided a way to customize the columns on the host list. The new Selectable columns feature feature brings a lot of this functionality to Foreman itself without the need to know a lot about the Foreman internals.

1.2. Enabled HTTP/2 on Apache

HTTP/2 is now enabled by default on all platforms. Compared to HTTP/1(.1) the newer HTTP/2 protocol allows multiplexing over a single connection, making it possible for clients to retrieve multiple resources at the same time. For example, browsers no longer need to wait for one one image to complete before requesting the next image.

1.3. Use of system crypto policy with Apache on Enterprise Linux 8

Red Hat Enterprise Linux 8 introduced consistent crypto policies and Foreman’s installer now configures Apache to use those. Where previously the installer manually maintained a list of protocols and ciphers, it now follows what is configured system wide.

Note that Katello users can’t use the FUTURE policy since cdn.redhat.com has a cerificate signed with SHA1 in its signature chain. This was already a problem prior to this change. See Red Hat BZ#2117265 for more information.

For Debian/Ubuntu users nothing has changed.

1.4. Redis 6 on Enterprise Linux 8

The installer now ensures Redis 6 is used on Enterprise Linux 8. The Redis 5 AppStream went EOL in May 2022. Previously it was up to the user to switch streams, but now the installer enforces the redis:6 stream and updates the package.

1.5. Allow manual modifications of ansible.cfg

The installer no longer manages ansible.cfg and thus allows users to put in their own modifications. This file was previously used to configure the options that Foreman required to have set. This is no longer the case as the necessary options are set using a different mechanism. During upgrades the file is not touched which means some cruft remains. It is safe to remove the file or remove all content.

2. Upgrade Warnings

The foreman_chef plugin is unmaintained and broken since a few releases. It has been removed from the Installer and Packaging.
Google compute resource has been extracted to the Foreman Google plugin. Foreman servers with Google compute resources enabled are automatically migrated to the plugin.
Puppet reports skip "Applied catalog in x.y second logs" messages. Uneventful Puppet runs are now completely empty, which reduces database storage requirements. This exposed a bug where Foreman is unable to determine the origin. Because of this, uneventful Puppet reports do not have an origin.
External node classifier renames hostname and fqdn parameters. In Foreman 2.4 the hostname and fqdn parameters were added, but this overrides with the facts in Puppet. The parameters are now prefixed by foreman_.
Trends and statistics will be removed unless foreman_statistics is installed. This data used to be part of Foreman, but was extracted to a plugin in Foreman 2.3. Until now this data was kept in the database, but now this data will be purged unless the plugin is installed.

3. Foreman 3.5.3

A full list of changes is available on Redmine

3.1. Foreman

3.1.1. Unattended Installations

preseed_netplan_generic_interface with DHCP interface - #35578

3.1.2. API

Parameter 'search' on fact_value API endpoint results in internal server error - #35990

3.1.3. Inventory

Host Detail button landed to old Host UI page - #36225

3.1.4. PuppetCA

"change Puppet Master" option does not work - #35949

3.2. Smart Proxy

3.2.1. TFTP

tftp initrd/vmlinux generation: curl malformed - #36209

4. Foreman 3.5.2

A full list of changes is available on Redmine

4.1. Foreman

4.1.1. API

Fixes API documentation typo - #35648

4.1.2. Development tools

Change container image to CentOS 8 Stream - #35593

4.1.3. Inventory

Host list interpretes HTML from comment-field - #35977
Windows password-encryption code changes input-value - #35946
No host found error after editing host's address - #35762

4.1.4. JavaScript stack

Add tag_type parameter to replace_value_control - #35876
New host details - Move Details tab out of experimental labs - #35839

4.1.5. Notifications

Make RSS notification stick around for 1 month instead of going away after a day - #35866

4.1.6. Settings

Foreman.settings.load_values is not able to pick settings which transitioned from a non-default to default value - #35894

4.1.7. Templates

host_puppet_environment ignores host param - #36153
ks= kernel parameter in Kickstart default iPXE causes RHEL9 Anaconda failure to start - #34975

4.1.8. Unattended installations

Pass URL parameters to foreman_url as hash - #36019

4.2. Installer

4.2.1. Foreman modules

assets are not compressed during delivery anymore - #36028
mod_expires is not loaded - #35870
Disable Puppetserver telemetry by default - #35728

4.3. Packaging

4.3.1. RPMs

rubygem-openscap (and thus foreman_openscap) can't be installed on CentOS Stream 8 - #36086
Legacy rex form is missing options for future or recurring execution - #35997
Introduce foreman-obsolete-packages to remove old packages - #35743

4.4. Smart Proxy

Invalid syntax for curl --time-cond - #36138

5. Foreman 3.5.1

A full list of changes is available on Redmine

5.1. Foreman

5.1.1. DB migrations

Statistics migrations are purged even if foreman_statistics is present - #35871

5.1.2. Facts

Support new Debian unstable OS facts - #35865

5.1.3. Host creation

Ubuntu Autoinstall enable offline and online installation - #35719

5.1.4. Unattended installations

Provisioning registered RHEL hosts is impossible without Katello installed - #35868

5.1.5. Web Interface

host details - Details tab cards have horizontal scroll - #35819

6. Foreman 3.5.0

A full list of changes is available on Redmine

6.1. Foreman

6.1.1. API

Internal Server Error when creating a CV with org_id specified as array - #35816
User is able to create table preference without columns - #35673
Fixes API documentation typo - #35648
Calling the api/v2/operatingsystems#bootfiles endpoint fails with "unknown permission" - #35055

6.1.2. Authentication

Kerberos authentication fails for POST, PUT and DELETE api calls - #35473

6.1.3. Compute resources - GCE

Remove GCE Compute resource code - #35088

6.1.4. Compute resources - VMware

hammer cannot use the cluster name or id as valid input when clusters are residing inside folders and fails with error fog not found - #35438

6.1.5. DB migrations

Remove i386 from seeded host architectures - #35528
After removing the foreman_docker plugin, foreman log is flooded with huge tracebacks related to "unknown class DockerRegistry, ignoring" and "unknown class Container, ignoring" - #35347
Remove Trends and Statistics data from all instances - #32116

6.1.6. Development tools

Describe dealing with pkgconfig error in foreman_dev_setup.asciidoc - #35647
Updating Contributions file with a few links & adding a link to it in ReadMe file - #35587
developer_docs/foreman_dev_setup adding a guide for Fedora users and edge error fix - #35581
Update as_deprecation_tracker to at least 1.6 for Ruby 3 - #35430
Add testing instructions to the Foreman development setup guide - #35417
Add a disabled option to the dropdown menu items on foreman - #35416
Document developer setup for Smart Proxy, REX & Ansible - #35391

6.1.7. External Nodes

Foreman Puppet ENC "hostname" and "fqdn" conflict with core Puppet Facts - #35326

6.1.8. Facts

Add BIOS info to reported data facet - #35696
Ansible fact parser fails to parse Windows facts if they do not contain os_name - #35658
Add kernel_version to reported data facet for use in new host UI OS card - #35619
Missing icons for salt and chef as fact sources - #35569
While running concurrent registrations, foreman fails with 500 ISE on index_operatingsystems_on_title unique index violation - #35485

6.1.9. Host creation

Bulk rebuild hosts can not reset the build token - #35203

6.1.10. Host registration

Malformed Debian repository - #35650
Use registration_url setting exposed by the Smart Proxy - #35626
Changing proxy causes an error - #35490

6.1.11. Internationalization

React-intl components are not translated - #35744
Malformed translation strings - #35708

6.1.12. Inventory

BIOS UUID on host detail page is incorrect - #35836
Status of same columns in different categories should affect each other - #35757
Add Virtual guests to System properties card - #35745
Add network category to selectable columns - #35733
Incorrect page title on host statuses page - #35724
Host Details - Add a BIOS card - #35667
Host Details - Add a provisioning card - #35665
Host - Details tab - 'Networking interfaces' card - #35656
Display host name instead of host ID in delete host confirm modal in host overview - #35636
Add reported data profile for hosts index page - #35623
Add kernel release to new host details operating system card - #35622
new host details - Details tab cards are all in one column on very tall screens - #35605
Add a link to the host group on the new host detail page - #35497
add masonryLayout to os card in host details - #35475
host details audits, change from list to table - #35424
Add a card with templates to the Host details page - #35387
Make columns on host index page selectable - #35361
Host details Operating system card - #35345
Host detail page - Cursor on boxes should be regular pointer - #35319
New host detail - OS label as a link to OS detail - #35305
Host Details tab - Switch to masonry card layout instead of square grid - #35294
Create column selector on host index page - #35287
Use more accurate messaging when host statuses are cleared - #35206
Hosts "New UI" no way to review templates - #35176
Fix host details tab cards Expand/collapse all behavior - #34997
Page title incorrect on new host details page - #34219

6.1.13. JavaScript stack

Move CardExpansionContext to apply all host tabs - #35702
Fix current lint warnings - #35558
Add ouia-id to ConfirmModal - #35439
Remove deprecated slot 'details-cards' - #34786

6.1.14. Network

Boding interface bondig slaves are always changed to lower case - #35377

6.1.15. Organizations and Locations

Taxonomies are being set during extlogin too early, leading to user's default taxonomies being ignored - #34949

6.1.16. Packaging

Allow latest 6.1 version of Rails for bug fixes and CVEs - #35758
Relax JWT pin to get newer versions of the gem - #35663
Update rack-cors to 1.1.x - #35450
Update sshkey to version 2.x - #35449
Update roadie-rails to version 3 for Ruby 3 support - #35448
Update apipie-rails to 0.8.x - #35447
Update oauth to version 1 - #35429
Update rails-i18n to version 7 - #35428
Ensure scoped_search is at least 4.1.10 - #35427
Update ancestry to version 4 - #35423
Update audited to version 5 - #35422
Pin will_paginate to at least 3.3.0 - #35421
Bump sidekiq to 6.3.x - #35414
Disable public_file_server in production - #35403
Allow additional entries in config.hosts - #35376
Update graphql gem to at least 1.12 - #32685
Unbundle websockify - #29539

6.1.17. Plugin integration

Remove empty webpack_assets.rb file - #35419

6.1.18. Proxy gateway

Make the Http Proxy store a CA certifcate - #35359

6.1.19. Rails

use caller_locations when emiting deprecation warnings - #35717
Drop boot_settings.rb early loading mechanism - #35420
Incorrect method signatures with keyword arguments - #35300

6.1.20. Rake tasks

'snapshots:generate' doesn't work - #35488
`foreman-rake permissions:reset` should show a warning that it's required to manually update the password in 'foreman.yml' - #31966

6.1.21. Reporting

new report template to list all the installed packages - #29590

6.1.22. Settings

Power status should be a selectable column - #35621

6.1.23. Templates

Ubuntu TTY is unresponsive after deployment on some compute providers - #35796
Expose product version as a macro in templates - #35694
Template input_resource macro & preview error - #35536
save_to_file macro does not work if the thing being saved contains a heredoc terminated with EOF - #35530

6.1.24. Unattended installations

custom pre/post snippet hooks - #35674
dhclient not available in minimal iso image for EL>=8 - #35583
NetPlan templates broken when using Dual Stack environments - #35578
Allow delaying yggdrasild restart - #35561
REX pull deployment snippet is not included in kickstart default template - #35547
Fix the iPXE default template description - #35519
Raise an error if OS family is not set - #35480
Change puppetlabs_repo snippet to reference puppet-release files from repo root directory - #35466
Ubuntu Autoinstall template does not take host params into account - #35397
RHEL 9 provisioned host goes into emergency mode after initial reboot - #35331
New kexec template required in order to deploy Ubuntu 22 via discovery - #35285
AutoYaST PXELinux does not support networks without DHCP - #35240
Dual Stack Fallback mode for provisioning - #35207
Add option to use `reboot --kexec` to speed up provisioning - #35194
Ubuntu Autoinstall default network identifier - #35180
Add option to permit graphical installs for Red Hat - #35177
Ubuntu Autoinstall does not support static IP deployment - #35166
Add option to clone installation media - #35152
Add installation medium for Stream 9 - #35151
Permit setting puppet tag during install - #35137
remove reference to legacy puppet brand identifier puppetlabs in provision templates - #31593

6.1.25. Users, Roles and Permissions

Users who were disabled should be clearly marked in the user list - #35131
Refactor filters page to use PatternFly 4 - #34764

6.1.26. Web Interface

Hide Manage columns button text in small screens - #35751
Searchbar disappears when trying to select a bookmark as user without bookmark permissions - #35634
Host details statuses clear button is always disabled - #35491
Add ouiaId for the host details pages - #35436
New/Edit Subnet form help text for Range field - #25507

6.2. Installer

Add foreman_kernel_care support to the installer - #35800
Add ForemanGoogle plugin - #35677
Drop xinetd support - #35353

6.2.1. External modules

SSO feature settings are not getting enabled and fails with HTTPD CONF issue - #35524

6.2.2. Foreman modules

smart_proxy_ansible needs smart_proxy_rex, but installer doesn't set it up automatically - #35809
Provide a parameter to set Candlepin log level - #35699
allow setting GssapiLocalName Off - #35685
Filter "Applied catalog in x.y seconds" messages out of Puppet report - #35684
Add support to customize rhsm API URL and pulpcore content URL - #35681
Add support to set registration_url - #35680
Add stronger ciphers to Candlepin's config - #35638
Configure Pulpcore's TELEMETRY feature - #35607
Support ensuring the OpenSCAP Puppet module in the foreman_proxy module - #35531
Add default pulp_deb config during installer runs - #35496
Restart yggdrasil from /usr/bin/katello-rhsm-consumer - #35486
Make installer generate an environment file for ansible instead of ansible.cfg - #35455
Salt master configuration file has wrong file permission - #35396
Compatibility with apache mod_status - #35356
serve assets directly via Apache, not via Puma/Rails - #33956

6.2.3. foreman-installer script

Enable HTTP/2 in Apache configs - #35631
Default Apache to use system ciphers via PROFILE=system - #35629
Use Redis 6 - #35564
Remove the trailing "\" from capsule-certs-generate command for new capsules in katello-certs-check - #35453

6.3. Packaging

6.3.1. RPMs

foreman-proxy logrotate sends signal to all processes under foreman-proxy.service - #35859
katello-change-hostname uses removed --disable-system-checks - #35756
Obsolete foreman_docker - #35538
make sprockets-based plugin assets reachable from within /var/lib/foreman/public/assets - #35409
dnf can't load foreman-protector.py as a regular user - #35366

6.4. SELinux

Foreman can't log to journald/syslog - #35695
Allow apache to read /var/lib/foreman/public - #35402
Access to /etc/resolv.conf is denied when using systemd-resolved - #34807

6.5. Smart Proxy

Drop deprecated methods - #33881
Drop daemonize support - #31118

6.5.1. Packaging

Explicitly depend on webrick for Ruby 3 support - #35510
Declare compatible versions of Sinatra - #35507

6.5.2. Plugins

Verify boolean settings in modules - #35468

6.5.3. Registration

registration_url setting for Registration module - #35639
Use rackup_path helper in registration - #35467

Appendix A: Foreman Contributors

We’d like to thank the following people who contributed to the Foreman 3.5 release:

Adam Ruzicka, Alex Fisher, Alexander Olofsson, Amit Upadhye, Anthony Somerset, Bastian Schmidt, Bernhard Suttner, Chris Roberts, Christian Ruppert, Dan Ports, Dirk Götz, Dirk Heinrichs, Dyrkon, Elkin Aguas, Eric D. Helms, Evgeni Golov, Ewoud Kohl van Wijngaarden, Frank Adaemmer, Ian Ballou, Jeremy Lenz, Jonas Trüstedt, Kamil Szubrycht, Karolina Malyjurkova, Leos Stejskal, Lior Keren, Lucy Fu, Lukáš Zapletal, Manuel Laug, Marcel Kühlhorn, Marek Hulán, Maria Agaphontzev, Matt Darcy, Matěj Mudra, Maximilian Kolb, Nofar Alfassi, Oleh Fedorenko, Ondrej Ezr, Partha Aji, Pat Riehecky, Paul Donohue, Pavel Moravec, Peter Koprda, Quirin Pamp, Ron Lavi, Samir Jha, Sayan Das, Shim Shtein, William Clark, benjamin-robertson, kobybr, timdeluxe, Štefan Németh

As well as all users who helped test releases, report bugs and provide feedback on the project.