Questo contenuto non è disponibile nella lingua selezionata.
Chapter 2. New features
This section describes new features and major enhancements introduced in Red Hat Satellite 6.16.
2.1. Web UI
Compliance remediation wizard
Previously, you had to remediate OpenSCAP compliance failures by manually creating a remote execution job to apply remediation scripts or snippets. With this update, Satellite web UI provides a compliance remediation wizard that you can use to remediate OpenSCAP compliance failures. For more information, see Remediating compliance failures in Managing Security Compliance.
Jira:SAT-23240[1]
Manifest expiration warnings and extension of expiration date
Users are now notified in the web UI before their subscription manifest expires. The number of days of notice is determined by the expire_soon_days
setting.
Refreshing a subscription manifest now extends the expiration date to one year from the current date. Refresh your manifest at least once a year so it will never expire.
The subscription manifest expiration date is displayed on the Manage Manifest page under Content > Subscriptions.
Jira:SAT-11630[1]
2.2. Installation and upgrade
satellite-maintain update
command for minor releases
The`satellite-maintain update`command replaces satellite-maintain upgrade
with --target-version
for updating minor (z-stream) versions. As the upgrade command is now dedicated to major upgrades, the --target-version
parameter has been removed.
Jira:SAT-21970[1]
Puppet Server updated to version 8
Puppet Server 8 is now included in Satellite. Existing clients with Puppet agent 7 will continue to work against Puppet Server 8.
Jira:SAT-24140[1]
Upgrading to Satellite 6.16 also upgrades to PostgreSQL 13
When you upgrade your Satellite Server 6.15 to version 6.16, the PostgreSQL database on the system is upgraded from version 12 to version 13. During the upgrade, a backup of the PostgreSQL data is created in the /var/lib/pgsql/data-old/
directory. You can safely remove this directory after the upgrade completes.
To create the backup, you must ensure enough disk space is available in /var/lib/pgsql/
. The additional space required for the backup equals the amount of space currently consumed by PostgreSQL 12. After you run satellite-maintain
to start the upgrade, the utility performs a check to verify the available disk space.
Jira:SAT-23369[1]
SCRAM hashing for PostgreSQL passwords
PostgreSQL 13 uses SCRAM hashing for passwords. The installer updates existing user passwords to SCRAM hashing. You can view the existing users and their password hashes by running the following command:
SELECT rolname,rolpassword FROM pg_authid WHERE rolpassword != '';
Jira:SAT-24414[1]
2.3. Content management
Content repair command for Capsule
To repair all content on Capsule, run the following command:
$ hammer capsule content verify-checksum \
--id My_Capsule_ID
Jira:SAT-16330[1]
Publishing content views during repository synchronization is blocked to prevent incorrect metadata
An error message is displayed if you try to publish a content view while a child repository is performing one of the following actions:
- Sync
- Upload content
- Remove content
- Republish metadata
Similarly, you cannot initiate the above tasks on a repository while a parent content view is being published.
Without this error message, publishing a content view while synchronizing a repository can cause incorrect metadata.
Jira:SAT-20281[1]
Containers can now be pushed to Satellite’s container registry
Each pushed container repository path must include the organization, product, and repository name. Example: podman push <image> satellite.example.com/organization/product/repository
.
Jira:SAT-20280[1]
Command for container label migration
The container image API now shows manifest labels, annotations, and if the manifest represents bootable or flatpak content. Satellite performs a pre-migration in the background after the upgrade to make this data available.
Jira:SAT-23852[1]
2.4. Host provisioning and management
Provisioning templates for reconfiguring a self-signed CA certificate on hosts
Satellite now provides public provisioning templates. You can use the templates to refresh your self-signed CA certificate on hosts when you renew the CA certificate on Satellite Server. You can use the following public provisioning templates:
foreman_ca_refresh
- This template renders a shell script. You can use this template to execute the script on hosts, for example by using remote execution, to configure the CA certificate on hosts automatically.
foreman_raw_ca
- This template renders raw content of the CA certificate. You can use this template to download the CA certificate and configure it on your hosts manually.
For more information, see Refreshing the self-signed CA certificate on hosts in Managing hosts.
Job templates for running remote scripts on hosts
Satellite now provides job templates that you can use to download a script from a URL and execute the script on a host. You can use one of the following REX templates to run a script from an URL:
-
Download and run a script
in theCommands
job category for the Script remote execution provider. -
Download and execute a script
in theAnsible Commands
job category for the Ansible remote execution provider.
Root passwords are hashed by using SHA512
Satellite now uses the SHA512 algorithm to hash the root passwords of operating systems by default. The new default is only applied to new operating system entries. If you want to use the SHA512 algorithm in your existing operating systems, you have to change the algorithm manually and reprovision your hosts.
Improved RHEL 9 network configuration in Kickstart provisioning templates
Previously, Satellite created ifcfg
files in the Finish template to configure host network interfaces. In RHEL 9, the ifcfg
files have been replaced with key files. For more information, see RHEL 9 networking: Say goodbye to ifcfg-files, and hello to keyfiles.
With this release, the Kickstart provisioning templates rely on Anaconda to configure network interfaces, which makes the configuration process more robust. Additionally, Anaconda is now aware of the proper interface configuration and it can safely use those interfaces for the installation process.
This improvement also fixes SAT-22579.
Jira:SAT-23034[1]
rhsm
command registers RHEL 9 hosts to Satellite and enables Insights
Previously, you registered RHEL hosts to Satellite in the redhat_register
snippet and enabled Insights in the insights
snippet. With this release, you can use the kickstart_rhsm
snippet to register RHEL 9 hosts to Satellite and, optionally, enable Insights.. This snippet uses the rhsm
command, which is part of Anaconda Kickstart native syntax. As a result, the number of required transactions is reduced to make the host configuration more robust. The workflow does not change for you. The new snippet accepts the same host parameters.
Jira:SAT-23053
timesource
configures NTP server when provisioning RHEL 9 hosts
Previously, the Kickstart default provisioning template used the single timezone
Kickstart command to configure both the time zone and NTP server. With this release, the NTP configuration is split into two Kickstart commands, timezone
and timesource
, to incorporate the new RHEL 9 Kickstart syntax.
Jira:SAT-23053
Updated syntax for Anaconda options when provisioning RHEL 8 hosts
Previously, the kickstart_kernel_options
provisioning snippet used deprecated legacy syntax for Anaconda options when provisioning RHEL 8 hosts. With this release, the snippet uses the current syntax for Anaconda options. As a result, provisioning RHEL 8 hosts does not produce that warning.
Jira:SAT-23053
use-ntp
installs chrony when provisioning RHEL 7 hosts
Previously, the use-ntp
parameter installed the ntpdate
package to configure an NTP client on RHEL 7 hosts. With this release, the Kickstart default provisioning template and ntp
snippet install the chrony suite on RHEL 7 hosts. As a result, time synchronization is more accurate and robust.
Jira:SAT-23053[1]
Improved customization of host registration
The Global Registration
template can now include user-defined snippets before_registration
and after_registration
. You can create these snippets to add custom commands to registration without editing the original template.
For more information, see Foreman feature #38189.
VMware vCenter Server 8 support
You can now provision virtual machines by using a VMware compute resource with vCenter Server 8.
Jira:SAT-21075[1]
Improved error message for missing VMware datastore
Previously, when you attempted to provision a host on a VMware datastore cluster by using the API, it might fail with an ambiguous InvalidDatastorePath
error. With this release, the API produces a specific ArgumentError
with a descriptive message when the datastore is missing. As a result, you can easily debug the problem.
Jira:SAT-23052
Provisioning supports NVMe
Previously, you could only provision VMware machines with SCSI controllers. With this release, you can provision VMware machines with non-volatile memory express (NVMe) storage options. As a result, your virtual machines can access data faster and you have more flexibility for storage solutions.
Jira:SAT-23052
SCSI storage connection for VMware ESXi Quick Boot enabled by default
Previously, when performing a VMware ESXi Quick Boot with GRUB2 chainloading, you had to enable the connectefi scsi
command in the pxegrub2_chainload
snippet and the provisioning templates in which it is included. With this release, the command is enabled by default and you can disable it with the grub2-connectefi
host parameter. As a result, you do not have to edit the provisioning templates to enable the feature. For more information, see the snippet.
This improvement also fixes SAT-19018.
Jira:SAT-23052[1]
2.5. Users and roles
Active Directory login with user name only
Active Directory (AD) users can now log in to the web UI or use the kinit
utility by entering only a user name without specifying a domain. You can set a default AD domain name by using the foreman-ipa-sssd-default-realm
option in the satellite-installer
utility.
2.6. Hammer CLI tool
New Hammer subcommands and options
The following Hammer command has been added:
-
hammer preupgrade-report
The following Hammer subcommands have been added:
-
hammer capsule content verify-checksum
-
hammer content-view version verify-checksum
-
hammer product verify-checksum
-
hammer proxy content verify-checksum
-
hammer repository verify-checksum
The following Hammer options have been added:
-
--content-view-environment-ids
and--content-view-environments
added to thehammer host create
command -
--content-view-environment-ids
and--content-view-environments
added to thehammer host update
command -
--include-latest-upgradable
and--status
added to thehammer host deb-package list
command -
--include-latest-upgradable
and--status
added to thehammer host deb-package index
command -
--limit-to-env
added to thehammer host subscription content-override
command -
--repo-data
added to thehammer host-registration generate-command
command -
--succeeded-only
added to thehammer job-invocation rerun
command -
--async
added to thehammer product update-proxy
command -
--exclude-refs
and--include-refs
added to thehammer repository create
command -
--exclude-refs
and--include-refs
added to thehammer repository update
command
For more information, see Using the Hammer CLI tool or enter the commands with the --help
option.
Jira:SAT-28136[1]
2.7. REST API
New API endpoints
The following API endpoints have been added:
-
/katello/api/capsules/:id/content/verify_checksum
-
/katello/api/content_view_versions/:id/verify_checksum
-
/api/host_packages/:id
-
/api/host_packages/compare
-
/api/host_packages/installed_packages
-
/api/hosts/:host_id/subscriptions/remove_subscriptions
-
/api/hosts/bulk/build
-
/api/hosts/bulk/reassign_hostgroups
-
/katello/api/packages/thindex
-
/api/permissions/current_permissions
For more information, see the full API reference on your Satellite Server at https://satellite.example.com/apidoc/v2.html
.
Jira:SAT-28134[1]