1. Foreman 3.5 Release Notes

1.1. Headline Features

1.1.1. Improved inventory pages

Inventory management has always been a core feature of Foreman. In Foreman 2.2 the host detail page redesign was started and made default in Foreman 3.2. This release greatly enhances the page with many more integrations which provides the user a more complete overview without having to navigate to other pages.

For a long time foreman_column_view has provided a way to customize the columns on the host list. The new Selectable columns feature feature brings a lot of this functionality to Foreman itself without the need to know a lot about the Foreman internals.

1.1.2. Enabled HTTP/2 on Apache

HTTP/2 is now enabled by default on all platforms. Compared to HTTP/1(.1) the newer HTTP/2 protocol allows multiplexing over a single connection, making it possible for clients to retrieve multiple resources at the same time. For example, browsers no longer need to wait for one one image to complete before requesting the next image.

1.1.3. Use of system crypto policy with Apache on Enterprise Linux 8

Red Hat Enterprise Linux 8 introduced consistent crypto policies and Foreman’s installer now configures Apache to use those. Where previously the installer manually maintained a list of protocols and ciphers, it now follows what is configured system wide.

Note that Katello users can’t use the FUTURE policy since cdn.redhat.com has a cerificate signed with SHA1 in its signature chain. This was already a problem prior to this change. See Red Hat BZ#2117265 for more information.

For Debian/Ubuntu users nothing has changed.

1.1.4. Redis 6 on Enterprise Linux 8

The installer now ensures Redis 6 is used on Enterprise Linux 8. The Redis 5 AppStream went EOL in May 2022. Previously it was up to the user to switch streams, but now the installer enforces the redis:6 stream and updates the package.

1.1.5. Allow manual modifications of ansible.cfg

The installer no longer manages ansible.cfg and thus allows users to put in their own modifications. This file was previously used to configure the options that Foreman required to have set. This is no longer the case as the necessary options are set using a different mechanism. During upgrades the file is not touched which means some cruft remains. It is safe to remove the file or remove all content.

1.2. Upgrade Warnings

  • The foreman_chef plugin is unmaintained and broken since a few releases. It has been removed from the Installer and Packaging.

  • Google compute resource has been extracted to the Foreman Google plugin. Foreman servers with Google compute resources enabled are automatically migrated to the plugin.

2. Katello 4.7 Release Notes

2.1. Headline Features

  • New Alternate Content Sources improvements

    • Alternate Content Sources support for RHUI types.

    • Alternate Content Sources support for bulk refresh and delete.

    • Alternate Content Sources have been moved out of labs into content on the vertical navigation bar.

    • Content Credentials have been updated to support Alternate Content Sources.

  • New Host UI improvements

    • Clicking on a Content Host in the legacy UI now takes you to the new host UI page.

    • Applicable errata now show as an option on the ErrataOverviewCard

  • New Inter Server Synchronization improvements

    • Syncable imports can now sync from a URL instead of a file path

    • Yum repository now has support for syncable formats

  • Over 45 bug fixes.

2.2. Upgrade Warnings

2.3. Deprecations

3. Katello 4.7.0 Whiskey Sour

A full list of changes is available on Redmine

3.1. Katello

  • Use synced content broken if hostgroup is set to all media - #35624

  • Repair/ Verify checksum is broken - #35600

  • ACS create wizard: review details step displays password in plaintext when manual auth is selected - #35537

  • ACS create fails when same name used with "PG::UniqueViolation: ERROR: duplicate key value violates unique constraint" - #35482

  • New host details UI does not work at all - #35336

  • As a user, I can bulk delete and refresh ACSs via the UI - #33464

  • As a user, I can create CDN and RHUI ACSs via the UI - #33463

3.1.1. Inter Server Sync

  • Generated content views are displayed in Main Dashboard - #35723

  • Make syncable import accept a url instead of a path - #35606

  • [RFE] Need syncable yum-format repository imports - #35505

  • Content View Versions generated by Export are still listed in Composite page - #35501

  • Syncable exports not properly validated - #35442

  • Importing a custom repository with different label but same name causes validation error - #35425

  • Pathing issue on exports - #35410

  • Incremental export on repository exports not working correctly after syncably exporting repository - #35369

  • Need to be able to provide custom cert for ISS for Red Hat CDN - #35296

  • [RFE] Allow to export Docker images from content views or as repository as part ISS - #35247

3.1.2. Foreman Proxy Content

  • Can't sync container repos from pulp_container 2.14 to proxies with pulp_container 2.10 - #35688

  • Use proxy template URL in registration - #35627

  • Accessing an external capsule from UI, shows "Last sync failed: 404 Not Found" even if the last capsule content sync was successful in Satellite 6.12 - #35552

  • Python content isn't sychronized to smart proxies - #35091

  • Assign HTTP Proxies to ACSs per smart proxy rather than per ACS - #34897

3.1.3. API

  • Can't edit the `ignore_types\` of an Organization - #35687

  • Activation Keys "product_content" API doesn't expose the "per_page" parameter - #35633

  • repositories/import_uploads API endpoint do require two mandatory parameters - #35567

3.1.4. Errata Management

  • Show applicable errata on ErrataOverviewCard - #35668

  • Toggle group is hidden when host has no installable errata - #35575

  • Errata Mail calculates updated_at date per repository, should be per erratum - #35503

  • Unable to apply all Errata via Remote Execution on Web UI with "Select All" - #35484

  • \'This host has errata that are applicable, but not installable\' message incorrectly appears - #35398

3.1.5. Web UI

  • Audit permissions on ACS UI - #35661

  • Edit ansible_collections menu link to be /content/ansible_collections to avoid redirect - #35643

  • Change \'Subscription Allocation\' to \'Manifest\' on the Manage Manifest screen - #35618

  • Add content profile for hosts index page - #35595

  • ACS UI - General updates - #35571

  • ACS Wizard - UX changes - #35565

  • When searching for content, dropdown filters are literal search terms. - #35512

  • Don’t allow to mismatch Environment / CV / capsule - #35446

  • Remove unused jquery.trunk8 vendored library - #35435

3.1.6. Repositories

  • Index module profiles for modular repos - #35653

  • Remove ACS from labs and place it in the Content section - #35608

  • Pulpcore 3.21 - Upload rpm fails - #35590

  • Unable to "Remove" a repository directly if the repo is part of a CV as well as CCV in Satellite 6.12 - #35549

  • - Add rhel-6-server-els-rpms repository under recommended repositories - #35539

  • Repo Deletion with no feed url causes a `ArgumentError\` - #35534

  • CV version details repository tab links to library_instance_inverse version and lets you use it like a regular library repo - #35517

  • Simplified ACSs are being created during content view publishing - #35504

  • Non-enabled repository types make it into the apipie help-text - #35459

  • Add Alternate Content Sources tab to content credentials - #35344

  • ModuleStreamErratumPackages aren't indexed at first repository syncing - #35337

  • Katello rpm search via nvra also - #35290

  • Task group errors do not drill into child task errors - #35275

  • Retain packages on Repository removes RPMs from Pulp but not from Katello - #35120

3.1.7. Hosts

  • As a user, when I click a link to a content host it should take me to the new host details page - #35632

  • Repository Sets does not list reposets - #35596

  • Content change template assumes host has a kickstart repository available - #35566

  • The "Change Content Source" feature does not changes the "registered_through" proxy - #35548

  • Changing content source for a host breaks REX pull, if configured - #35516

  • User report: host repo files are not updating when switching lifecycle environments or content views - #35458

  • Packages tab - Add dropdown to select upgrade version - #35452

  • Host UI - cards have cursor pointer - #35441

  • \'0 enhancements\' text sometimes overflows Errata overview card - #35399

  • Add host collections card empty state - #35372

  • new host ui details, add button to navigate to old content UI - #35367

  • Details tab cards - Switch to masonry card layout instead of square grid - #35295

  • All errata are applied when user only selects certain errata - #35045

  • New host details - Hide module streams tab for EL7 hosts - #34973

3.1.8. Content Views

  • CVV Compare - Add sorting to the tables - #35613

  • Content view filter will include module streams of other repos/arches if the errata contain rpms in multiple repos/arches. - #35610

  • CVV Compare - Add repository subtab to content view compare - #35589

  • Make cv publish fail on invalid/non existent content - #35572

  • Navigating to content view page from the left panel after creating a cv does not work - #35511

  • - Add static ouia-id to modal with wizard for publishing a cv - #35370

  • Input sanitation of Content View Names not working - #35235

3.1.9. Subscriptions

  • Create a rake task to identify missing content in Candlepin - #35599

  • Update registration controller to check for multiple envs being passed in - #35368

3.1.10. Content Credentials

  • Prevent the deletion of content credentials when they are in use - #35588

3.1.11. Tooling

  • Nightly eslint failure on babel plugin dependency in eslintrc - #35532

  • Development env issue: param group Api::V2::HostsController#installed_products not defined - #35499

  • Upgrade to Pulpcore 3.21 - #35476

  • When installing errata via katello-agent, content_action_finish_timeout is ignored and tasks don't wait for client status to finish - #35364

3.1.12. Ansible Collections

  • Indexing error if a collection to be synced from galaxy doesn't have tags associated. - #35412

3.1.13. Tests

  • ouia-ID for tile cards in the new host details page - #35411

  • Uncomment upload tests that were commented while waiting on updated pulp bindings that upgrade Faraday to 1.0.1 - #35395

  • Comment upload tests while waiting on updated pulp bindings that upgrade Faraday to 1.0.1 - #35394

3.1.14. Sync Plans

  • Capsule Last Sync date and status should not be based on task data. - #35407

3.1.15. Activation Key

  • Activation key can be deleted, but still shows up in hostgroup configuration - #35386

4. Foreman 3.5.0

A full list of changes is available on Redmine

4.1. Foreman

4.1.1. Packaging

  • Allow latest 6.1 version of Rails for bug fixes and CVEs - #35758

  • Relax JWT pin to get newer versions of the gem - #35663

  • Update rack-cors to 1.1.x - #35450

  • Update sshkey to version 2.x - #35449

  • Update roadie-rails to version 3 for Ruby 3 support - #35448

  • Update apipie-rails to 0.8.x - #35447

  • Update oauth to version 1 - #35429

  • Update rails-i18n to version 7 - #35428

  • Ensure scoped_search is at least 4.1.10 - #35427

  • Update ancestry to version 4 - #35423

  • Update audited to version 5 - #35422

  • Pin will_paginate to at least 3.3.0 - #35421

  • Bump sidekiq to 6.3.x - #35414

  • Disable public_file_server in production - #35403

  • Allow additional entries in config.hosts - #35376

  • Update graphql gem to at least 1.12 - #32685

  • Unbundle websockify - #29539

4.1.2. Web Interface

  • Hide Manage columns button text in small screens - #35751

  • Searchbar disappears when trying to select a bookmark as user without bookmark permissions - #35634

  • Host details statuses clear button is always disabled - #35491

  • Add ouiaId for the host details pages - #35436

  • New/Edit Subnet form help text for Range field - #25507

4.1.3. Inventory

  • Add Virtual guests to System properties card - #35745

  • Add network category to selectable columns - #35733

  • Incorrect page title on host statuses page - #35724

  • Host Details - Add a BIOS card - #35667

  • Host Details - Add a provisioning card - #35665

  • Host - Details tab - 'Networking interfaces' card - #35656

  • Display host name instead of host ID in delete host confirm modal in host overview - #35636

  • Add reported data profile for hosts index page - #35623

  • Add kernel release to new host details operating system card - #35622

  • new host details - Details tab cards are all in one column on very tall screens - #35605

  • Add a link to the host group on the new host detail page - #35497

  • add masonryLayout to os card in host details - #35475

  • host details audits, change from list to table - #35424

  • Add a card with templates to the Host details page - #35387

  • Make columns on host index page selectable - #35361

  • Host details Operating system card - #35345

  • Host detail page - Cursor on boxes should be regular pointer - #35319

  • New host detail - OS label as a link to OS detail - #35305

  • Host Details tab - Switch to masonry card layout instead of square grid - #35294

  • Create column selector on host index page - #35287

  • Use more accurate messaging when host statuses are cleared - #35206

  • Hosts "New UI" no way to review templates - #35176

  • Fix host details tab cards Expand/collapse all behavior - #34997

  • Page title incorrect on new host details page - #34219

4.1.4. Rails

  • use caller_locations when emiting deprecation warnings - #35717

  • Drop boot_settings.rb early loading mechanism - #35420

  • Incorrect method signatures with keyword arguments - #35300

4.1.5. Internationalization

  • Malformed translation strings - #35708

4.1.6. JavaScript stack

  • Move CardExpansionContext to apply all host tabs - #35702

  • Fix current lint warnings - #35558

  • Add ouia-id to ConfirmModal - #35439

  • Remove deprecated slot 'details-cards' - #34786

4.1.7. Facts

  • Add BIOS info to reported data facet - #35696

  • Ansible fact parser fails to parse Windows facts if they do not contain os_name - #35658

  • Add kernel_version to reported data facet for use in new host UI OS card - #35619

  • Missing icons for salt and chef as fact sources - #35569

  • While running concurrent registrations, foreman fails with 500 ISE on index_operatingsystems_on_title unique index violation - #35485

4.1.8. Templates

  • Expose product version as a macro in templates - #35694

  • Template input_resource macro & preview error - #35536

  • save_to_file macro does not work if the thing being saved contains a heredoc terminated with EOF - #35530

4.1.9. API

  • User is able to create table preference without columns - #35673

  • Calling the api/v2/operatingsystems#bootfiles endpoint fails with "unknown permission" - #35055

4.1.10. Host registration

  • Malformed Debian repository - #35650

  • Use registration_url setting exposed by the Smart Proxy - #35626

  • Changing proxy causes an error - #35490

4.1.11. Development tools

  • Describe dealing with pkgconfig error in foreman_dev_setup.asciidoc - #35647

  • Updating Contributions file with a few links & adding a link to it in ReadMe file - #35587

  • developer_docs/foreman_dev_setup adding a guide for Fedora users and edge error fix - #35581

  • Update as_deprecation_tracker to at least 1.6 for Ruby 3 - #35430

  • Add testing instructions to the Foreman development setup guide - #35417

  • Add a disabled option to the dropdown menu items on foreman - #35416

  • Document developer setup for Smart Proxy, REX & Ansible - #35391

4.1.12. Settings

  • Power status should be a selectable column - #35621

4.1.13. Unattended installations

  • dhclient not available in minimal iso image for EL>=8 - #35583

  • NetPlan templates broken when using Dual Stack environments - #35578

  • Allow delaying yggdrasild restart - #35561

  • REX pull deployment snippet is not included in kickstart default template - #35547

  • Fix the iPXE default template description - #35519

  • Raise an error if OS family is not set - #35480

  • Change puppetlabs_repo snippet to reference puppet-release files from repo root directory - #35466

  • Ubuntu Autoinstall template does not take host params into account - #35397

  • RHEL 9 provisioned host goes into emergency mode after initial reboot - #35331

  • New kexec template required in order to deploy Ubuntu 22 via discovery - #35285

  • AutoYaST PXELinux does not support networks without DHCP - #35240

  • Dual Stack Fallback mode for provisioning - #35207

  • Add option to use `reboot --kexec` to speed up provisioning - #35194

  • Ubuntu Autoinstall default network identifier - #35180

  • Add option to permit graphical installs for Red Hat - #35177

  • Ubuntu Autoinstall does not support static IP deployment - #35166

  • Add option to clone installation media - #35152

  • Add installation medium for Stream 9 - #35151

  • Permit setting puppet tag during install - #35137

  • remove reference to legacy puppet brand identifier puppetlabs in provision templates - #31593

4.1.14. DB migrations

  • Remove i386 from seeded host architectures - #35528

  • After removing the foreman_docker plugin, foreman log is flooded with huge tracebacks related to "unknown class DockerRegistry, ignoring" and "unknown class Container, ignoring" - #35347

  • Remove Trends and Statistics data from all instances - #32116

4.1.15. Rake tasks

  • 'snapshots:generate' doesn't work - #35488

  • `foreman-rake permissions:reset` should show a warning that it's required to manually update the password in 'foreman.yml' - #31966

4.1.16. Authentication

  • Kerberos authentication fails for POST, PUT and DELETE api calls - #35473

4.1.17. Compute resources - VMware

  • hammer cannot use the cluster name or id as valid input when clusters are residing inside folders and fails with error fog not found - #35438

4.1.18. Plugin integration

  • Remove empty webpack_assets.rb file - #35419

4.1.19. Network

  • Boding interface bondig slaves are always changed to lower case - #35377

4.1.20. Proxy gateway

  • Make the Http Proxy store a CA certifcate - #35359

4.1.21. Host creation

  • Bulk rebuild hosts can not reset the build token - #35203

4.1.22. Users, Roles and Permissions

  • Users who were disabled should be clearly marked in the user list - #35131

  • Refactor filters page to use PatternFly 4 - #34764

4.1.23. Compute resources - GCE

  • Remove GCE Compute resource code - #35088

4.1.24. Organizations and Locations

  • Taxonomies are being set during extlogin too early, leading to user's default taxonomies being ignored - #34949

4.1.25. Reporting

  • new report template to list all the installed packages - #29590

4.2. Installer

  • Add ForemanGoogle plugin - #35677

  • Drop xinetd support - #35353

4.2.1. Foreman modules

  • Provide a parameter to set Candlepin log level - #35699

  • allow setting GssapiLocalName Off - #35685

  • Filter "Applied catalog in x.y seconds" messages out of Puppet report - #35684

  • Add support to set registration_url - #35680

  • Add stronger ciphers to Candlepin's config - #35638

  • Configure Pulpcore's TELEMETRY feature - #35607

  • Support ensuring the OpenSCAP Puppet module in the foreman_proxy module - #35531

  • Add default pulp_deb config during installer runs - #35496

  • Restart yggdrasil from /usr/bin/katello-rhsm-consumer - #35486

  • Make installer generate an environment file for ansible instead of ansible.cfg - #35455

  • Salt master configuration file has wrong file permission - #35396

  • Compatibility with apache mod_status - #35356

  • serve assets directly via Apache, not via Puma/Rails - #33956

4.2.2. foreman-installer script

  • Enable HTTP/2 in Apache configs - #35631

  • Default Apache to use system ciphers via PROFILE=system - #35629

  • Use Redis 6 - #35564

  • Remove the trailing "\" from capsule-certs-generate command for new capsules in katello-certs-check - #35453

4.2.3. External modules

  • SSO feature settings are not getting enabled and fails with HTTPD CONF issue - #35524

4.3. Packaging

4.3.1. RPMs

  • katello-change-hostname uses removed --disable-system-checks - #35756

  • Obsolete foreman_docker - #35538

  • make sprockets-based plugin assets reachable from within /var/lib/foreman/public/assets - #35409

  • dnf can't load foreman-protector.py as a regular user - #35366

4.4. SELinux

  • Foreman can't log to journald/syslog - #35695

  • Allow apache to read /var/lib/foreman/public - #35402

  • Access to /etc/resolv.conf is denied when using systemd-resolved - #34807

4.5. Smart Proxy

  • Drop deprecated methods - #33881

  • Drop daemonize support - #31118

4.5.1. Registration

  • registration_url setting for Registration module - #35639

  • Use rackup_path helper in registration - #35467

4.5.2. Packaging

  • Explicitly depend on webrick for Ruby 3 support - #35510

  • Declare compatible versions of Sinatra - #35507

4.5.3. Plugins

  • Verify boolean settings in modules - #35468

Appendix A: Foreman Contributors

We’d like to thank the following people who contributed to the Foreman 3.5 release:

Adam Ruzicka, Amit Upadhye, Andrew Teixeira, Anthony Somerset, Antoine Beaupré, Bastian Schmidt, Bernhard Suttner, Chris Roberts, Dirk Götz, Dyrkon, Eric D. Helms, Evgeni Golov, Ewoud Kohl van Wijngaarden, Gordon Bleux, Ian Ballou, Jeremy Lenz, John Mitsch, Jonas Trüstedt, Jonathon Turel, Justin Sherrill, Karolina Malyjurkova, Leos Stejskal, Lior Keren, Lucy Fu, Lukáš Zapletal, Marcel Kühlhorn, Marek Hulán, Maria Agaphontzev, Matt Darcy, Matěj Mudra, Melanie Corr, Nofar Alfassi, Oleh Fedorenko, Ondřej Ezr, Ondřej Pražák, Partha Aji, Pat Riehecky, Patrick Creech, Pavel Moravec, Peter Koprda, Rahul Bajaj, Romuald Conty, Ron Lavi, Sayan Das, Shim Shtein, Shimon Shtein, Shira Maximov, Tim Meusel, Tomer Brisker, William Clark, Yifat Makias, Štefan Németh

As well as all users who helped test releases, report bugs and provide feedback on the project.

Appendix B: Katello Contributors

Adam Růžička, Bernhard Suttner, Chris Roberts, Evgeni Golov, Ewoud Kohl van Wijngaarden, Ian Ballou, Jeremy Lenz, Leos Stejskal, Lucy Fu, Maria, Partha Aji, Pavel Moravec, Samir Jha, William Bradford Clark, Hao-yu