Chapter 2. New features

Image mode host registration and management

You can now register image mode hosts, view their Bootc status information, and remotely execute Bootc commands in Red Hat Satellite. The Booted Container Images page provides an overview of the container images that hosts boot from, supporting management of image mode hosts.

Support for RHEL 10 hosts has been added

You can now manage RHEL 10 hosts with Satellite.

Remote execution in pull mode is now compatible with clients running yggdrasil versions 0.2.z and 0.4.z

The remote execution pull provider has been updated to be compatible with all versions of the yggdrasil package that can be installed on a host. As a result, remote execution jobs in pull mode work on Satellite hosts that run any of the currently supported versions of RHEL. This applies also to hosts with the Extra Packages for Enterprise Linux (EPEL) repository enabled.

The Template Sync plugin supports using an HTTP proxy to connect to a repository

You can now use an HTTP proxy to synchronize templates between your Satellite server and a git repository. Configuring an HTTP proxy for template synchronization ensures that Satellite routes the Template Sync request to the repository through the specified proxy server.

The auditing system now records adding and removing Ansible roles on a host

Audit logs have been expanded to include records on adding or removing Ansible roles on a host. To view the audit logs, navigate to Monitor > Audits in the Satellite web UI.

Secure Boot

You can now provision Secure Boot enabled hosts by using PXE booting and UEFI HTTP booting. You can use Secure Boot on bare metal, VMware, and KVM (Libvirt). Secure Boot is currently unsupported in Discovery and boot disks.

Invalidation of registration tokens

You can now invalidate registration JSON Web Tokens (JWTs) that are used to authenticate the registration call from a host to Satellite or Capsule. Once you invalidate the JWTs, users can no longer use their existing JWTs to register hosts.

Discovery image updated with RHEL 9

The Discovery image now uses the Red Hat Enterprise Linux 9.5.0 base.

Select resources in global registration by title

You can select certain resources in the global registration API call by the resource title. The following resources are available:

ansible_tower_api_url replaces ansible_tower_fqdn when configuring provisioning callback in Ansible Automation Platform

The ansible_tower_api_url parameter has been introduced to ensure compatibility with Ansible Automation Platform 2.5. The parameter defines the URL of your Ansible Automation Platform, including the required API path, for the purposes of configuring provisioning callback. It replaces the previously used ansible_tower_fqdn parameter.

Virtual TPM option in VMware provisioning

When creating virtual machines in a VMware compute resource, you can now enable the Virtual Trusted Platform Module in the attributes of the virtual machine for enhanced security.

ELS option in Convert2RHEL job templates

You can now use the Extended Lifecycle Support (ELS) Add-On subscription during host conversion to Red Hat Enterprise Linux.

Red Hat Offline Knowledge Portal is now available

Satellite now offers Red Hat Offline Knowledge Portal, a lightweight, secure, offline version of the online Red Hat Customer Portal and Knowledgebase. This capability enables users in air-gapped or disconnected environments to access an offline version of Red Hat’s support knowledge and documentation alongside the existing content in Satellite. For more information, see the Red Hat Offline Knowledge Portal documentation.

Option to automatically update the default content HTTP proxy

When you create a new HTTP proxy, the Satellite web UI now provides an option to set this new HTTP proxy as default. If you select the option and save your new HTTP proxy, Satellite updates the Default HTTP Proxy global Content setting automatically.

Improved Capsule content counting

Capsule content counting is improved to increase efficient content counting and precision.

N-2 Capsule support

You can now use Capsules that are up to two minor versions older with your Satellite, for example Satellite 6.17 supports Capsule 6.16 and Capsule 6.15. This allows you to upgrade your Capsules of versions 6.16 and 6.15 separately from the Satellite. Note that N-2 Capsule support is only available with Satellite 6.17 and later versions.

Red Hat Satellite Installation Helper app is now available on the Red Hat Customer Portal

With the Red Hat Satellite Installation Helper application, you can generate interactive customized instructions for installing a Satellite Server or Capsule Server. For more information, see Red Hat Satellite Installation Helper on Red Hat Customer Portal.

satellite-installer now verifies that CA does not use SHA-1 certificates

The certificate authority (CA) that signs the Satellite API certificates can no longer use SHA-1 as the signature algorithm. The satellite-installer utility has been enhanced with a check to verify whether the CA used by Satellite uses SHA-1 certificates. If your internal CAs or custom certificates use SHA-1, attempting to install or upgrade now fails with the following message:

IPv6 support

Satellite deployment and operation in IPv6-only networks are now fully supported. Dual-stack deployments have not been tested and are not supported.

Flatpak support for applications

Satellite now supports Flatpak, enabling users to install, manage, and run portable applications, primarily for desktop environments. Flatpak repositories function similarly to other content repositories in Satellite allowing you to synchronize them, manage access permissions, and assign repositories to specific lifecycle environments to control application availability. Managing Flatpak repositories is done using Hammer CLI. After you mirror a repository, you can manage it in the web UI like any other repository. Remote execution (REX) jobs are available to help automate the setup and installation of Flatpak applications on hosts. Capsule support is limited in this release and lifecycle environment isolation is not enforced for Flatpak repositories served from Capsules.

Collecting usage metrics to understand how customers use Satellite

Satellite now collects information on product usage to improve how Red Hat prioritizes future development and to help with debugging. The collected usage metrics include information such as which Satellite features are used and the number of objects in the database.

Documentation has been added on preparing for disaster recovery and recovering from data loss

New documentation is available on preparing a disaster recovery plan to ensure the continuity of Satellite services in case of a disruptive event. These guidelines help ensure that you can restore your Satellite deployment to an operational state after an incident. See Preparing for disaster recovery and recovering from data loss in Administering Red Hat Satellite.

External authentication with Red Hat build of Keycloak

You can now configure Satellite to use Red Hat build of Keycloak as an external authentication source. For more information, see Configuring SSO and 2FA with Red Hat build of Keycloak in Satellite.

Enhanced web UI and Hammer CLI localization

The Satellite web UI and Hammer command-line interface are now available in Korean. Additionally, the French, Japanese, and Simplified Chinese translations have been updated.