Red Hat SummitRelease notes
New features, deprecated and removed features, Technology Previews, known issues, and bug fixes
Abstract
Chapter 1. Overview
Release notes include links to the original tickets. Private tickets have no links and instead feature the following footnote[1].
1.1. Advisories
You can view all advisories, including security and bug fixes, for major and minor versions of this release on the Red Hat Customer Portal.
1.2. Major changes in Red Hat Satellite 6.19
Red Hat Satellite 6.19 introduces the following major changes:
- Red Hat Lightspeed vulnerability service in Satellite (previously a Technology Preview feature) is fully supported. Additionally, the feature receives enhancements, such as improved role-based access control and control over vulnerability analysis on hosts (Section 2.2, “Red Hat Lightspeed”).
- Satellite provides Puppet functionality through OpenVox packages (SAT-31648).
- Transient packages on image mode hosts are now tracked (SAT-30671, SAT-36790).
- SSH certificates are supported for remote execution (SAT-28038).
- Multiple content view (CV) environments in hosts and activation keys (previously a Technology Preview feature) are fully supported. Additionally, support for multiple CV environments in hosts and activation keys in the Web UI is enhanced (SAT-26055).
- Satellite MCP server (Technology Preview) can be granted write permissions, with which it can incrementally update, publish, and promote content views (SAT-40970).
- The OpenShift Virtualization plugin (Technology Preview) benefits from improved stability and usability (SAT-41368).
For a complete list of changes in this release, see the following sections.
1.3. Red Hat Satellite
With Red Hat Satellite, you can deploy, configure, and maintain your systems across physical, virtual, and cloud environments. Red Hat Satellite provides provisioning, remote management and monitoring of multiple Red Hat Enterprise Linux deployments with a single, centralized tool.
- Red Hat Satellite Server synchronizes content from the Red Hat Customer Portal and other sources. It provides detailed lifecycle management, user and group role-based access control, integrated subscription management, and advanced GUI, CLI, and API access.
- Red Hat Satellite Capsule Server mirrors content from the Red Hat Satellite Server and distributes it to different geographical locations. Host systems pull content and configurations from the Capsule Server in their location instead of the central Satellite Server. The Capsule Server also provides localized services such as Puppet server, DHCP, DNS, or TFTP, assisting in scaling Red Hat Satellite as the number of managed systems in your environment grows.
1.4. Additional resources
- Red Hat Satellite product life cycle describes the time period for each major version and its level of maintenance.
- Satellite 6 component versions describes upstream core components, Foreman plugins, and integrated projects.
- Overview, concepts, and deployment considerations describes Red Hat Satellite concepts, components, tools, and deployment planning.
- Supported usage and versions of Satellite components in Overview, concepts, and deployment considerations describes supported client architectures for content management, host provisioning, and configuration management.
Chapter 2. New features and enhancements
Discover new capabilities and improvements introduced in Red Hat Satellite 6.19.
2.1. Host provisioning and management
- Job templates can be cloned with Hammer CLI
With this update, you can clone job templates on the command line by using the new
hammer job-template clonesub-command. This is a CLI equivalent to thePOST /api/job_templates/:id/cloneAPI call. This enhancement streamlines workflows and aligns CLI capabilities with API functionality.
- Cloned templates track the original template ID
This update stores the original template reference in the new
cloned_frommetadata field. The source template is also displayed in the Web UI and as output from thehammer template info --id My_host_id,hammer report-template info --id My_host_id, andhammer job-template info --id My_host_idcommands. This enhancement improves template management and traceability.
- SSH certificates are supported for remote execution
You can configure your Capsules to use SSH certificates signed by your trusted certificate authority (CA) during a remote execution connection. By enabling this feature, you can avoid the default Trust on First Use (TOFU) model, and benefit from centralized trust management and revocation capabilities. For more information, see Configuring Capsule and hosts to authenticate with SSH certificates during remote execution in Managing hosts.
- VMs with Libvirt compute resource can be provisioned on RHEL 10 hypervisors
With this update, you can create and provision virtual machines by using the Libvirt compute resource on Red Hat Enterprise Linux 10 hypervisors.
- Reports and Host - Details can include hardware and cloud billing facts
With this update, you can incorporate cloud billing facts for AWS, Microsoft Azure, and Google Cloud, and the hardware model into the Host - Installed Products report template and Host - Details pages. As a result, you can segment your systems based on billing sources and hardware.
2.2. Red Hat Lightspeed
- Enhanced role-based access control for Red Hat Lightspeed in Satellite
The following new user permissions are available to control user access to RHEL hosts Recommendations and Common Vulnerabilities and Exposures (CVE) data:
-
edit_advisor -
view_advisor -
edit_vulnerability -
view_vulnerability
Additionally, this update adds the
ForemanRhCloud Read Onlybuilt-in role, which includes the new viewing permissions. TheForemanRHCloudbuilt-in role now includes the new viewing and editing permissions.For more information, see Monitoring hosts by using Red Hat Lightspeed in Satellite in Managing hosts.
Jira:SAT-40466[1]
-
- Enhanced control over vulnerability analysis on hosts
With this update, you can disable vulnerability analysis on selected hosts, controlling which hosts are included in vulnerability reporting. This functionality is available from the All Hosts page and Host Details page.
For more information, see Disabling vulnerability analysis on hosts in Managing hosts.
2.3. Model Context Protocol
- Patch hosts and incrementally update, publish, and promote content views by using MCP
With this update, you can patch hosts registered with your Satellite by using natural language instructions through the Model Context Protocol (MCP). You can use your AI application connected to the MCP server for Satellite to apply errata to hosts, incrementally update, publish, and promote actions on content views. This improvement streamlines patch management, minimizing the requirement for manual work and multiple steps.
For more information, see the following updated documentation:
Jira:SAT-40970[1]
2.4. Web UI
- Compact table mode available in Satellite web UI to reduce table padding
With this update, the Compact table mode setting is available for viewing tables in Satellite web UI. With Compact table mode enabled, Satellite web UI shows table rows with less space between items. As a result, you can view more data on the screen at once.
To enable Compact table mode in the Satellite web UI, click the user menu in the top bar and select My Account. Under the UI Preferences tab, select Compact table mode.
- Container Image Tags page is redesigned
The Container Image Tags page in the Satellite web UI is enhanced for improved usability and easier navigation when managing and viewing container content in Satellite. The enhancements include displaying more details about container content and improved filtering. As a result, the redesigned page provides a single location to view all information related to container image tags and their associated metadata in Satellite.
To view the page, navigate to Content > Content types > Container image tags.
- All Hosts page improvements
This update adjusts the All Hosts page for easier management of host collections and system purpose. Among other improvements, you can more efficiently make changes for multiple hosts.
2.5. Installation and upgrade
- Leapp host upgrades support target version selection
When upgrading hosts to the next major Red Hat Enterprise Linux release, you can now specify a particular target version for Leapp pre-upgrade checks and upgrades. This enhancement provides more control and flexibility in host upgrades. For more information, see Upgrading hosts to next major Enterprise Linux release.
2.6. Content management
- Satellite transitions to OpenVox 8
Satellite is transitioning to OpenVox 8 packages for Puppet management for Satellite Server, Capsule Server, and clients. The implementation of OpenVox reduces operational risk and ensures security continuity. To install these packages on the clients, enable the Red Hat Satellite Client 6 OpenVox repository for the Red Hat Enterprise Linux version your clients use. For more information, see Upgrade Puppet agent 7 to OpenVox agent 8 in Upgrading connected Red Hat Satellite to 6.19 and OpenVox versions supported for integration with Satellite in Managing configurations by using Puppet integration.
Jira:SAT-31648[1]
- Making transient packages on image mode hosts persistent
If you use Satellite to manage image mode hosts with transient packages, you can generate a new Containerfile install command to persist transient packages in your container image. By placing the command in the Containerfile, you can build a new container image that includes the necessary packages. You can then upgrade your image mode host to the new image, incorporating the packages into future builds.
For more information, see Persisting transient packages in your image in Managing content.
- Tracking transient packages on image mode hosts
Satellite provides options for viewing the persistence mode of packages on an image mode host:
- On the host details page in the Satellite web UI, navigate to Content > Packages. Persistence mode is displayed in the Persistence column.
-
From the command line, execute the
hammer host package list --host-id My_Host_ID --fields ALLcommand. Persistence mode is included in the output.
Note that information about package persistence is not yet available in Satellite. The data will be provided by a future version of the Subscription Manager service.
- Enhanced support for multiple CV environments in hosts and activation keys in web UI
Previously, Satellite web UI could only display information about hosts and activation keys with multiple content view (CV) environments assigned. With this update, you can also assign and manage multiple CV environments for hosts and activation keys from the web UI.
For more information, see Managing content view environments in Managing content.
Note that with this release, the option to manage multiple CV environments in hosts and activation keys is enabled by default.
2.7. Documentation
- Source for documentation links in Satellite web UI can be configured for RHOKP
With this update, the Red Hat documentation server URL setting is available in the Satellite web UI. You can use the setting to provide the URL of your instance of the Red Hat Offline Knowledge Portal (RHOKP). When the RHOKP URL is provided, documentation links in the Satellite web UI point to the RHOKP instance rather than the default
docs.redhat.comsite.To view the Red Hat documentation server URL setting in the Satellite web UI, navigate to Administer > Settings. The setting is located on the General tab.
- Guidelines on expense management for your subscriptions
Your procurement team can review the new documentation on managing expenses for your Red Hat subscriptions. For more information, see Expense management for Red Hat subscriptions in Overview, concepts, and deployment considerations.
Jira:SAT-36021[1]
Chapter 3. Technology Preview features
Explore Technology Preview features available in Red Hat Satellite 6.19.
For information on Red Hat scope of support for Technology Preview features, see Technology Preview Features Support Scope.
3.1. Model Context Protocol
- MCP server is available for Satellite (Technology Preview)
Satellite provides a container image that you can use to run a Model Context Protocol (MCP) server locally. The MCP server for Satellite is designed for advanced reporting and data analysis that leverages AI capabilities. You can use it to generate dynamic and comprehensive reports from your Satellite inventory. With the container image provided with Satellite 6.19, you can also use MCP to patch hosts and incrementally update, publish, and promote content views. For more information on this update, see Jira:SAT-40970.
For more information on MCP for Satellite, see Connecting AI applications to the MCP server for Satellite.
3.2. Host provisioning and management
- OpenShift Virtualization plugin (Technology Preview)
You can provision virtual machines by using the OpenShift Virtualization plugin. For more information, see Provisioning hosts.
Jira:SAT-18663[1]
- Red Hat OpenShift Virtualization compute resource enhancements
This update introduces many fixes and improvements for the Red Hat OpenShift Virtualization compute resource, which is a Technology Preview feature. This improves the stability and usability of this feature.
- Kernel execution template (Technology Preview)
You can use the kernel execution (
kexec) provisioning template for PXE-less boot methods. For more information, see Discovery in PXE-less mode.
Chapter 4. Deprecated features
The following functionalities are deprecated in Red Hat Satellite 6.19.
Deprecated functionalities will likely not be supported in future releases of this product and are not recommended for new deployments. For the most recent list of deprecated functionality within a particular major release, refer to the latest version of release documentation.
The support status of deprecated functionality remains unchanged within Red Hat Satellite 6.19. For information about the length of support, see Red Hat Enterprise Linux Life Cycle and Red Hat Enterprise Linux Application Streams Life Cycle.
Deprecated hardware components are not recommended for new deployments on the current or future releases. Hardware driver updates are limited to security and critical fixes only. Red Hat recommends replacing this hardware as soon as reasonably feasible.
A package can be deprecated and not recommended for further use. Under certain circumstances, a package can be removed from a product. Product documentation then identifies more recent packages that offer functionality similar, identical, or more advanced to the one deprecated, and provides further recommendations.
- Hammer Admin is deprecated
The Hammer Admin plugin is deprecated. As an alternative, you can use the Satellite installer to manage your Satellite Server or Satellite Capsule Server.
First deprecated in Satellite 6.19.
- API parameter deprecations
On hosts, the
content_view_idandlifecycle_environment_idparameters are deprecated and will be removed in a future release. On thePOST /activation_keysandPUT /activation_keys/:idactivation keys, thecontent_view_id,environment_id, and environment parameters are deprecated and will be removed in a future release. Check any automations you may have to make sure they do not use API calls with these parameters.Use the
content_view_environment_idsorcontent_view_environmentsparameters instead.First deprecated in Satellite 6.19.
- Legacy Job Invocations page is deprecated
The legacy Job Invocations Details page is deprecated and will be removed in a future version. The new job details page is displayed by default.
First deprecated in Satellite 6.19.
- GRUB Legacy is deprecated in provisioning
GRUB Legacy, also known as GRUB version 1, is deprecated in provisioning and will be removed in a future release. GRUB 1 was used by end of life distributions such as RHEL 6. Current distributions use GRUB 2 and are not affected by the deprecation.
First deprecated in Satellite 6.18.
- Puppet packages included in Satellite are deprecated
The
puppet-agentandpuppetserverpackages, which are currently included in Satellite, are deprecated. In a future release, Satellite will stop providing these packages. Satellite will provide integration with OpenVox or Puppet packages that customers implement in their environment.First deprecated in Satellite 6.18.
Jira:SAT-39110[1]
- Sendmail is deprecated for delivering email
Delivering email by calling the
sendmailbinary on the system is deprecated and will be removed in a future version. As an alternative, use the SMTP mail delivery method. For more information, see Configuring Satellite Server for outgoing emails.First deprecated in Satellite 6.18.
- External authentication with Red Hat Single Sign-On is deprecated
Configuring Satellite with Red Hat Single Sign-On (RH SSO) as an external authentication source is deprecated. The RH SSO 7 product family reached End of Full Support. Instead of RH SSO, you can configure Red Hat build of Keycloak as an external authentication source for Satellite.
To migrate from using RH SSO in your Satellite deployment, reconfigure the authentication source settings on your 6.17 Satellite Server to follow the requirements for Red Hat build of Keycloak. For more information, see Configuring SSO and 2FA with Red Hat build of Keycloak in Satellite.
For information on the current support policy for RH SSO, see Red Hat Application Services Product Update and Support Policy.
First deprecated in Satellite 6.17.
- Legacy remote execution job form in the Satellite web UI is deprecated
The option to use the legacy web UI form to run remote execution jobs is deprecated and will be removed in a future version. The new job invocation wizard will be the only available option. Note that the new job invocation wizard is the default method to run remote execution jobs in Satellite 6.13 and later versions.
First deprecated in Satellite 6.17.
- iPXE firmware is deprecated
Using iPXE firmware for network-boot provisioning is deprecated. Instead, use HTTP booting for hosts in UEFI mode to reduce provisioning times. Note that iPXE firmware was never officially supported in Red Hat Satellite.
First deprecated in Satellite 6.17
hammer host subscription attachandhammer host subscription auto-attachcommands are deprecatedThe
hammer host subscription attachandhammer host subscription auto-attachcommands are deprecated. The commands are non-functional and do not result in attaching a subscription.First deprecated in Satellite 6.16
Note: Entitlement-based subscription management was removed in Satellite 6.16.
- Asynchronous SSH remote execution mode is deprecated
The
async-sshremote execution mode is deprecated. If you have unstable connectivity between Capsules and managed hosts, use the pull mode instead. For more information about pull mode, see Transport Modes for Remote Execution in Managing hosts.First deprecated in Satellite 6.13.
- Package Group Actions is deprecated
The Package Group Actions option in the web UI is deprecated.
First deprecated in Satellite 6.10.
katello-ca-consumerpackage andkatello-rhsm-consumerscript are deprecatedThe
katello-ca-consumerpackage andkatello-rhsm-consumerscript are deprecated. You must use the global registration template to register a host.First deprecated in Satellite 6.9.
- Bootstrap.py host registration script is deprecated
The
bootstrap.pyscript for registering a host to Satellite or Capsule is deprecated. It is replaced with thecurlcommand created by using the global registration template.First deprecated in Satellite 6.9.
Chapter 5. Removed features
The following functionalities are removed in Red Hat Satellite 6.19.
5.1. Server administration
- Legacy Content Host Details page and related API endpoints are removed
The legacy Content Host Details page is removed. The
auto_attachparameter is removed from the following endpoints:-
PUT /activation_keys/:id -
POST /activation_keys -
POST /activation_keys/:id/copy
The following API endpoints are removed entirely:
-
PUT /activation_keys/:id/add_subscriptions -
PUT /activation_keys/:id/remove_subscriptions -
PUT /hosts/:host_id/subscriptions/auto_attach -
PUT /hosts/:host_id/subscriptions/add_subscriptions -
PUT /hosts/:host_id/subscriptions/remove_subscriptions -
PUT /hosts/bulk/remove_subscriptions -
PUT /hosts/bulk/add_subscriptions -
PUT /hosts/bulk/auto_attach
Check that your automation does not use any of the removed endpoints.
Jira:SAT-21227[1]
-
5.2. Host provisioning and management
- GRUB Legacy is removed from provisioning
GRUB Legacy, also known as GRUB version 1, is removed from provisioning. GRUB 1 was used in RHEL versions prior to RHEL 7. Current distributions use GRUB 2 and are not affected by the deprecation. Systems that were upgraded from an older version might contain obsolete GRUB 1 files and templates.
- Content Host UI and package group actions in the web UI are removed
The Content Host UI is removed. This includes all pages under Hosts > Content Hosts. As an alternative, use the new UI at Hosts > All Hosts.
Package group actions in the web UI are removed. As an alternative, use the Run Command remote execution job template.
5.3. Users and roles
- Overriding organizations and locations on the filter level is no longer available
You can no longer specify organizations and locations when editing a permission filter. Filters now always inherit the organizations and locations set at the role level. The web UI form for editing a filter no longer includes the Override and Unlimited checkboxes. You can still add a search to the filter as long as the selected resource type supports granular filtering.
Chapter 6. Known issues
The following known issues have been identified in Red Hat Satellite 6.19. Review them to anticipate potential problems and identify workarounds for your environment.
6.1. Web UI
- All Hosts page always links to the new host details UI
The links on the Hosts > All Hosts page always point to the new host details UI, even if the setting New host details UI is set to No.
To work around this problem, display the old host details UI by clicking the options menu in the upper right and selecting Legacy UI.
6.2. Installation and upgrade
- "Permission Denied" errors on Lightspeed pages in secured systems
Incorrect file permissions on the
/var/lib/foreman/public/assets/appsdirectory in combination with a non-default umask cause Lightspeed pages to fail with 403 "Permission Denied" errors. This occurs, for example, in systems secured in accordance with CIS and STIG profiles, which use non-default umasks.To work around this problem, manually change the file permissions. For more information, see the Red Hat Knowledgebase solution Several 'Permission Denied' errors on the iop-core-engine container and other files/services after installing or upgrading to Satellite 6.18 with IOP enabled when non-default umask is applied.
6.3. Red Hat Lightspeed
- Red Hat Lightspeed vulnerability CVE map download fails with proxy
Satellite servers configured for the Red Hat Lightspeed vulnerability service in Satellite fail to download CVE mapping files if the Satellite server uses an HTTP proxy to reach https://security.access.redhat.com. This issue is caused by the
iop-cvemap-download.serviceservice lacking HTTP proxy configuration.To work around this problem, manually set the
HTTPS_PROXYandNO_PROXYenvironment variables for theiop-cvemap-downloadservice. For more information, see Installing Red Hat Lightspeed in Satellite on a connected Satellite Server.
- Red Hat Lightspeed might fail on Satellite servers with managed DNS
When the
namedservice is already running on a Satellite server, theaardvark-dnsservice, which is required for running containers, fails to start. This is caused by a conflict betweennamedandpodmanconfigurations for IPv4 connections. As a consequence, Red Hat Lightspeed installations might fail on Satellite servers configured for managed DNS. To work around this problem, perform the following steps:Set managed DNS in
satellite-installertounmanaged:# satellite-installer --foreman-proxy-dns-managed=falseConfigure your Satellite server to only listen on the local IP addresses by adding the following content to the
/etc/named/options.conffile:listen-on-v6 { fd00:4::25; }; listen-on { 192.168.4.25; };-
Restart the
namedservice. You can verify that the configuration works by checking that the DNS service is listening on port
53:[root@satellite6:/root]# netstat -tulpn| grep 53 tcp 0 0 10.130.0.1:53 0.0.0.0:* LISTEN 2199/aardvark-dns tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 2252/dnsmasq tcp 0 0 192.168.4.25:53 0.0.0.0:* LISTEN 1016/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1016/named tcp6 0 0 fd00:4::25:53 :::* LISTEN 1016/named
- Cannot easily select all CVEs in Red Hat Lightspeed vulnerability
On the Red Hat Lightspeed vulnerability page, you cannot easily select all CVEs.
To work around this problem, manually click the drop-down list near the Select button and choose Select page (100 items) for each page individually.
6.4. Security and authentication
- FIPS-enabled hosts running RHEL 9.3 or earlier cannot upload OpenSCAP reports
On hosts that run RHEL 9.3 or earlier versions with FIPS mode enabled, uploading an OpenSCAP report fails with the following error:
Unable to load certs Neither PUB key nor PRIV keyFor more details, see a related Knowledgebase solution. Note that the problem is fixed for hosts that run RHEL 9.4 or later versions.
No known workaround exists.
6.5. Content management
- Unable to synchronize custom repositories by using only the upstream username without password
Attempts to synchronize a custom repository by using only the upstream username fail with errors about unauthorized access.
Satellite web UI displays the following error message:
An error occurred saving the repository: Validation failed: Upstream username requires upstream password to be set.Hammer CLI displays the following error message:
401, message='Unauthorized', url=<upstream_url>No known workaround is available.
- Unable to upload more than 127 packages at once from the Satellite web UI
When uploading packages to a repository from the Satellite web UI, you can upload up to only 127 RPMs or other files. This known issue occurs due to a limitation with the Rack gem.
To work around this problem, use the API bulk uploader for operations that involve a large number of files.
- Legacy empty CCVs that were previously published and promoted cannot be deleted
In some situations, composite content views (CCVs) that do not contain any content views cannot be deleted. This issue affects CCVs that were created before Satellite 6.18 and were previously published and promoted.
For example, when attempting to remove the CCV with the
hammer content-view removecommand, the command displays the following error:Could not remove objects from content view: PG::NotNullViolation: ERROR: null value in column "katello_content_view_version_id" of relation "katello_content_view_histories" violates not-null constraintTo work around this problem, publish a new version of the empty CCV and then delete it.
- Flatpak content becomes inaccessible after upgrading to Satellite 6.19
Upgrading to Satellite 6.19 prevents hosts from consuming Flatpak content managed by your Satellite Server. The Flatpak registry static index endpoint located at
https://<satellite.example.com>/pulpcore_registry/index/staticreturns a server error.This issue exists because the Pulp Core version included in Satellite 6.19 implements response caching that requires JSON-serializable responses, while the pulp-container FlatpakIndex view returns a Python set in its response data.
No known workaround is available.
6.6. Host provisioning and management
- PXE/TFTP provisioning of RHEL 7 hosts on UEFI (EFI-based) firmware fails due to incompatible bootloaders
During provisioning, Satellite copies the bootloader from the
/bootdirectory of the underlying OS to the/tftpbootdirectory. Because RHEL 9.7 and later versions provide a bootloader that is incompatible with RHEL 7 and earlier versions, the provisioning of RHEL 7 with PXE/TFTP on UEFI (EFI-based) firmware fails.To work around this problem, manually provide the RHEL 7 systems with an older bootloader. For more information, see the Red Hat Knowledgebase solution Provisioning a RHEL 7 client system stuck at "Booting Kickstart default PXEGrub2" on Red Hat Satellite Capsule 6.18.
- Logs incorrectly show missing resources in Red Hat OpenShift Virtualization host creation
In deployments with the Red Hat OpenShift Virtualization compute resource, which is a Technology Preview feature, the production log shows
<Kubeclient::ResourceNotFoundError> virtualmachineinstances.kubevirt.io "host.example.com" not founderrors even though no resources are missing from the provisioning. This is caused by attempts to access a missing VirtualMachineInstance (VMI) that report a warning due tofog-kubevirtexception handling.To work around this problem, ignore these warnings. No action is needed.
- Concurrent host registration fails with a database error
When you register multiple hosts of the same operating system version, the hosts initially fail to register. The redundant creation of an operating system entry in the Red Hat Subscription Management (RHSM) fact parser triggers a unique constraint violation.
To work around this problem, rerun the registration. Note that this leads to an increase in registration time due to the need for retries.
6.7. Backup and restore
- Restoring from backup fails due to inconsistencies in the data
If the backup is generated from a database with inconsistencies, the restore fails. The
satellite-maintaintool uses the PostgreSQLamcheckextension to detect inconsistencies in the data before backup to prevent issues during restore.To work around this problem, contact Red Hat customer support to fix any detected inconsistencies before proceeding with the backup. For more information, see Restoring Red Hat Satellite 6.16+ fails complaining about db duplicates on CREATE UNIQUE INDEX in the Red Hat Knowledgebase.
6.8. IPv6
virt-whois not supported on IPv6-only networksSatellite does not support the
virt-whoagent in an IPv6-only network.No known workaround exists.
- Additional configuration is required in IPv6-only networks when using
kinitfor IdM and AD users If your Satellite Server runs in an IPv6-only network and also runs on RHEL 9.6 and earlier versions, Kerberos authentication for external users from Identity Management (IdM) and Active Directory (AD) fails. This known issue is caused by a bug in the System Security Services Daemon (SSSD) and occurs when the DNS name of the IdM or AD server can be translated to both an IPv4 and IPv6 address but the IPv4 address is not accessible, for example because it is blocked by a firewall.
To work around this problem, configure the
lookup_family_orderoption in the[domain/<domain_name>]in the/etc/sssd/sssd.conffile:[domain/example.com] lookup_family_order = ipv6_only
- Mismatch of the IPv6 address entry when using a DHCPv6 server
When you use a DHCPv6 server to assign an IP address dynamically and you provision a host in an IPv6 network, Satellite contains an IPv6 address that does not match the actual IPv6 address of the host. This mismatch impairs host management capabilities, such as remote execution.
To work around this problem, perform one of the following steps:
-
Execute
subscription-manager facts --uploadon the host. -
Wait for the next facts upload to resolve the issue. Note that the Ignore interfaces facts for provisioning (
ignore_puppet_facts_for_provisioning) setting can disable updating the interfaces from facts.
-
Execute
- Host discovery fails in an IPv6 network
When you attempt to discover an unknown host in an IPv6 network, the discovery fails with
Error: 1001: Failed to open TCP connection to satellite.example.com:443.No known workaround exists.
- Failure to provision hosts in PXE-less Discovery over IPv6
After PXE-less host discovery on an IPv6 Satellite, when the host starts provisioning, fails to resolve the DNS entry for Satellite. As a result, the host fails to fetch Kickstart and the required files.
No known workaround exists.
Chapter 7. Fixed issues
Red Hat Satellite 6.19 fixes the following bugs that may have previously impacted Red Hat Satellite deployments.
7.1. Installation and upgrade
Red Hat Lightspeedno longer fails to enable whenHost.NetworkBackendfor Podman is set toCNIBefore this update, when
Host.NetworkBackendfor Podman was set to Container Network Interface (CNI on a Satellite Server, satellite-installer failed to enableRed Hat Lightspeed. The issue occured because the Red Hat Enterprise Linux 9.6 ISO provided a version of thecontainer-selinuxpolicy that older than 2.237.0. With this release, the error starting IoP container due to CNI network configuration is resolved.
- Validation no longer fails due to duplicate operating system entries
Before this update, Satellite duplicated operating system entries when uploading Puppet facts. As a consequence, uploading facts failed with a validation error, which also affected Leapp upgrades. This release improves how the fact parser handles operating system title uniqueness and prevents duplicate entries. As a result, Satellite correctly reuses existing operating system entries instead of trying to create new ones.
7.2. Security and authentication
- Proper session termination in certain API endpoints and enforced reauthentication
Before this update, API endpoints that call the
add_smart_proxy_filtersfunction bypassed user authentication. This was due to improper session termination logic introduced in Satellite 6.18. In addition, user sessions remained active beyond the period specified in theidle_timeoutsetting. This affected the API endpoints related to the following resources:- Organizations
- Repositories
- Config reports
- Hosts
As a consequence, removed and nonexistent users failed due to missing required permissions and not due to failed authentication. In addition, user sessions were not terminated and could access certain endpoints without reauthentication.
With this release, user sessions no longer bypass authentication and are terminated correctly. As a result, users are forced to reauthenticate to access those resources.
7.3. Content management
- Capsules sync correctly after upgrading Satellite Server to 6.18
Previously, after upgrading Satellite Server from version 6.17 to version 6.18 while keeping Capsules at version 6.17, Capsule sync started failing. The 6.18.3 update fixes the problem, and 6.17 Capsules sync as expected after upgrading Satellite Server to 6.18.
- Capsule sync no longer fails due to a null value in UUID of a host
Before this update, when attempting to sync Capsule in certain setups with an improperly registered host, the sync failed due to a null value in the
uuidcolumn of thehostsdatabase table. This update fixes the issue, and the host UUID is correctly set in the described setups.
7.4. Host provisioning and management
- Root password update added to
cloud-inittemplate for image-based deployment on VMware Before this update, image-based deployment on VMware using Satellite set the root password to the password defined in the VM template, not the password defined in the Host settings during the build process. As a consequence, the root password remained unchanged from the VM template during image-based deployment. With this release, the root password update has been incorporated into the
cloud-inittemplate. Consequently, the root password changes correctly in accordance with the Host settings incloud-inittemplates.
- Provisioning RHEL 9 hosts no longer creates unnecessary
localhost.localdomainentries Before this update, provisioning of RHEL 9 hosts with Foreman discovery image (FDI), PXE-less discovery, and static networking created an unnecessary
localhost.localdomainentry due to a missing hostname update. With this release, Satellite sets the hostname to the static value before the Red Hat Subscription Manager call. As a result, setting the hostname prevents unnecessarylocalhost.localdomaincreation.
- Firmware type in Compute Profiles and the New Host form no longer reverts to Automatic
Before this update, the selected firmware type could be reset to Automatic or shown incorrectly in the web UI. This release ensures that the firmware type keeps the correct value.
- Corrected power operations on hosts in Redfish BMC provider
Before this update, power operations were implemented in the Redfish provider of the baseboard management controller (BMC) as follows:
- Cycle – implemented incorrectly
- Reboot – not implemented
- Reset – not implemented
As a consequence, users experienced host shutdown instead of cycle and could not use host reboot or reset. This release fixes implementation of all three operations. As a result, BMC operations work correctly on the Redfish provider.
- Incomplete Create host form on OpenShift Virtualization no longer duplicates disks
Before this update, submitting a Create host form on an OpenShift Virtualization compute resource with a validation error, such as an empty required field, caused additional virtual disks to be added on the Virtual machine tab. This might also have caused host creation failures.
This update fixes the issue. The disk configuration remains unchanged when validation fails, and prevents disk duplication.
7.5. Users and roles
- External users can now log in to Satellite without specifying an email address
Previously, external users, such as users defined in Identity Management or Active Directory, were unable to log in to Satellite without an email address. With this update, external users can log in to Satellite even when their user account does not include an email address. Note that if the
Mail Enabledoption is enabled for a user account in the Satellite web UI, the user is still prompted to enter an email address.
7.6. Red Hat Lightspeed
hammer pingcorrectly lists Red Hat Lightspeed services in SatelliteBefore this update, with Red Hat Lightspeed in Satellite enabled, the
hammer pingcommand did not display the Advisor and Vulnerability services. Additionally, some web UI elements, such as the Recommendations tab on host details and the Recommendations list page behaved as in a non-Red Hat Lightspeed in Satellite setup.This update fixes the problem, and
hammer pingcorrectly displays the Advisor and Vulnerability services.
- Tag generation works with
Any location Before this update, accessing the Recommendations or Vulnerabilities menu produced an error message when the location was set to
Any location. As a consequence, users could not see a global view of all systems in Recommendations or Vulnerabilities. This update adds support for forwarding Insights Cloud UI requests when the session has no location selected. Tag generation works when the location is not set by using a wildcard location tag and relaxing host filtering on location. As a result, you can access the Recommendations or Vulnerabilities menu without selecting a location.
- "Sync all inventory status" no longer fails with Red Hat Lightspeed
Before this update, with Red Hat Lightspeed enabled, performing the Sync all inventory status operation on the Inventory Upload page could fail with an error similar to the following:
Could not get task details: TypeError: Cannot read properties of undefined (reading 'sync')This update adds inventory synchronization in IOP mode, hides cloud-specific UI components that are not relevant in local Advisor Engine environments, and has fixed the issue. The Inventory Upload page and its controls are adjusted for environments that use Red Hat Lightspeed, and using Sync all inventory status no longer produces this error.
- Recommendations and Vulnerabilities no longer fail to switch hosts
Before this update, when switching between hosts by using the breadcrumb switcher on the host details page, the Recommendations and Vulnerabilities tabs did not update to reflect the newly selected host.
With this update, this issue is fixed for cases where you switch between two registered hosts with Red Hat Lightspeed.
However, if you switch from a host that is registered to Red Hat Lightspeed to a host that is not registered, you might still encounter a blank screen and loading spinner instead of being redirected to the Overview tab. To work around this problem, reload the page.
Chapter 8. Changes in satellite-installer parameters, Hammer CLI, REST API, and usage metrics
Review these changes to update your existing workflows and discover new capabilities in Red Hat Satellite.
8.1. satellite-installer parameters
- New
satellite-installerparameters -
--foreman-db-extra-options -
--reset-foreman-db-extra-options -
--foreman-proxy-plugin-remote-execution-script-ssh-host-ca-public-keys-file -
--reset-foreman-proxy-plugin-remote-execution-script-ssh-host-ca-public-keys-file -
--foreman-proxy-plugin-remote-execution-script-ssh-user-ca-public-key-file -
--reset-foreman-proxy-plugin-remote-execution-script-ssh-user-ca-public-key-file -
--iop-core-engine-log-level-insights-core-dr -
--reset-iop-core-engine-log-level-insights-core-dr -
--iop-core-engine-log-level-insights-kafka-service -
--reset-iop-core-engine-log-level-insights-kafka-service -
--iop-core-engine-log-level-insights-messaging -
--reset-iop-core-engine-log-level-insights-messaging -
--iop-core-engine-log-level-root -
--reset-iop-core-engine-log-level-root -
--reset-puppet-agent-manage-environment -
--puppet-agent-manage-environment
-
- Removed
satellite-installerparameters -
This release does not remove or replace any
satellite-installerparameters.
8.2. Hammer CLI
- New Hammer commands and subcommands
- This release does not add any Hammer commands or subcommands.
- New Hammer options
--lifecycle-environment-idsis added to the following commands:-
hammer content-view create -
hammer content-view update
-
-
--dependency-idsis added to thehammer flatpak-remote remote-repository mirrorsubcommand -
--containerfile-install-commandis added to thehammer host packagesubcommand -
--persistenceis added to thehammer host packagesubcommand -
--cloneis added to thehammer job-templatesubcommand --ui-compact-modeis added to the following commands:-
hammer user update -
hammer user create
-
-
--cloneis added to thehammer job-templatesubcommand
- Removed Hammer commands and subcommands
-
add-subscription,remove-subscription, andsubscriptionssubcommands are removed from thehammer activation-keycommand -
attachandremovesubcommands are removed from thehammer host subscriptioncommand
-
- Removed Hammer options
--auto-attachis removed from the following commands:-
hammer activation-key create -
hammer activation-key updatesubscriptions -
hammer host subscription
-
--autohealis removed from the following commands:-
hammer host create -
hammer host update
-
location,location-id,location-title,organization,organization-id, andorganization-titleare removed from the following commands:-
hammer filter create -
hammer filter update -
hammer location create -
hammer location delete -
hammer location info -
hammer location list -
hammer location update
-
Additional resources
-
For more information, see Using the Hammer CLI tool or enter the commands with the
--helpoption.
8.3. REST API
- New API endpoints
- Host_debs endpoints
-
/api/host_debs/:id -
/api/host_debs/compare -
/api/host_debs/installed_debs
-
- Host_packages
-
/api/hosts/:host_id/transient_packages/containerfile_install_command
-
- Host_tracer endpoints
-
/api/hosts/bulk/traces/auto_complete_search
-
- Hosts_bulk_actions endpoints
-
api/hosts/bulk/assign_content_view_environments -
/api/hosts/bulk/change_power_state
-
- Removed API endpoints
- Activation_keys endpoints
-
/api/activation_keys/:id/add_subscriptions -
/api//activation_keys/:id/remove_subscriptions -
/api/activation_keys/:id/auto_attach -
/api/activation_keys/auto-attach -
/api/activation_keys/:id/copy/auto-attach
-
- Hosts endpoints
-
/api/hosts/:host_id/subscriptions/add_subscriptions -
/api/hosts/:host_id/subscriptions/remove_subscriptions -
/api/hosts/bulk/remove_subscriptions -
/api/hosts/bulk/add_subscriptions -
/api/hosts/bulk/auto_attach
-
8.4. Ansible modules
This release performs the following changes in the Satellite Ansible Collection.
- New Ansible modules
-
redhat.satellite.content_view_history_info
-
- Removed Ansible modules
- This release does not remove any Ansible modules.
8.5. Collected usage metrics
- New usage metrics
-
rh_cloud_connector_enabled -
rh_cloud_exclude_host_package_info -
rh_cloud_hosts_count -
rh_cloud_inventory_upload_enabled -
rh_cloud_minimal_data_collection -
rh_cloud_mismatched_auto_delete -
rh_cloud_mismatched_hosts_count -
rh_cloud_obfuscate_inventory_hostnames -
rh_cloud_obfuscate_inventory_ips -
rh_cloud_recommendations_sync_enabled -
rh_cloud_total_hits
-
Additional resources
- For more information, see Usage metrics collection in Satellite in Administering Red Hat Satellite.
Appendix A. Providing feedback on Red Hat documentation
We appreciate your feedback on our documentation. Let us know how we can improve it.
Use the Create Issue form in Red Hat Jira to provide your feedback. The Jira issue is created in the Red Hat Satellite Jira project, where you can track its progress.
Prerequisites
- Ensure you have registered a Red Hat account.
Procedure
- Click the following link: Create Issue. If Jira displays a login error, log in and proceed after you are redirected to the form.
- Complete the Summary and Description fields. In the Description field, include the documentation URL, chapter or section number, and a detailed description of the issue. Do not modify any other fields in the form.
- Click Create.
Appendix B. Revision history
0.0-0Nov X 2025, Jan Fiala (jafiala@redhat.com)
- Release of the Red Hat Satellite 6.19 Release Notes.
Appendix C. List of tickets by component
Bugzilla and JIRA tickets are listed in this document for reference. The links lead to the release notes in this document that describe the tickets.
| Component | Tickets |
|---|---|
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| Jira:SAT-37927, Jira:SAT-37871, Jira:SAT-42732, Jira:SAT-27578 |
|
| Jira:RHEL-40069, Jira:SAT-32530, Jira:SAT-30601, Jira:SAT-30796, Jira:SAT-30794 |
|
| |
|
| |
|
| Jira:SAT-40466, Jira:SAT-40203, Jira:SAT-39088, Jira:SAT-38683, Jira:SAT-39459, Jira:SAT-42758 |
|
| |
|
| |
|
| |
|
| |
|
| Jira:SAT-38784, Jira:SAT-39469, Jira:SAT-18663, Jira:SAT-41368, Jira:SAT-21012, Jira:SAT-39843, Jira:SAT-28823, Jira:SAT-41340 |
|
| |
|
| |
|
| |
|
| |
|
| Jira:SAT-34616, Jira:SAT-28038, Jira:SAT-43508, Jira:SAT-30410 |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| Jira:SAT-32173, Jira:SAT-23851, Jira:SAT-35463, Jira:SAT-37128 |
| other | Jira:SAT-31701, Jira:SAT-36021, Jira:SAT-38905, Jira:SAT-27644, Jira:SAT-28823, Jira:SAT-27578, Jira:SAT-21372, Jira:SAT-21137 |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}