Chapter 5. Known issues

All Hosts page always links to the new host details UI

The links on the Hosts > All Hosts page always point to the new host details UI, even if the setting New host details UI is set to No.

red-hat-lightspeed-in-satellite not enabled on disconnected Satellite when the Podman Host.NetworkBackend is set as CNI

When the Host.NetworkBackend for Podman is set to CNI on a Satellite Server, satellite-installer fails to enable red-hat-lightspeed-in-satellite. The issue occurs because the Red Hat Enterprise Linux 9.6 ISO provides a version of the container-selinux policy that is earlier than 2.237.0. Later versions are provided with Red Hat Enterprise Linux 9.6.z, which fixes the issue, and is provided with the 9.7 ISO.

Red Hat Lightspeed vulnerability CVE map download fails with an HTTP proxy to https://security.access.redhat.com

Satellite servers configured for the Red Hat Lightspeed vulnerability service in Satellite, which is a Technology Preview, fail CVE map downloads if the Satellite server uses an HTTP proxy to reach https://security.access.redhat.com. This issue is caused by the iop-cvemap-download.service service lacking HTTP proxy configuration.

hammer ping does not list services of Red Hat Lightspeed in Satellite

When Red Hat Lightspeed in Satellite is enabled, the hammer ping command does not display advisor and vulnerability services.

”Any location” produces error in Remediations and Vulnerabilities

When the location is set to “Any location”, accessing the Remediations or Vulnerabilities menu produces an error message. As a consequence, you cannot see a global view of all systems in Remediations or Vulnerabilities.

Satellite with Red Hat Lightspeed enabled produces errors in Inventory Upload

The Inventory Upload page was moved to the Administer menu for Red Hat Lightspeed, mainly for troubleshooting. As a consequence, some operations are invalid and may produce an error.

Unable to upload an OpenSCAP report from hosts that run RHEL 9.3 or earlier with FIPS mode enabled

On hosts that run RHEL 9.3 or earlier versions with FIPS mode enabled, uploading an OpenSCAP report fails with the following error:

Some endpoints bypass user authentication and fail to terminate user sessions

API endpoints that call the add_smart_proxy_filters function bypass user authentication. This is due to improper session termination logic introduced in Satellite 6.18. In addition, user sessions remain active beyond the period specified in the idle_timeout setting. This affects the API endpoints related to the following resources:

Restoring from backup fails due to inconsistencies in the data

If the backup is generated from a database with inconsistencies, the restore fails. The satellite-maintain tool uses the PostgreSQL amcheck extension to detect inconsistencies in the data before backup to prevent issues during restore.

Newly created filters do not inherit organizations and locations associated with the role

When an organization and location are defined for a role, these organizations and locations are not propagated to the filters created within the role. Consequently, users with a role assigned can access resources in any other organization or location that they have sufficient permissions to view instead of only organizations and locations defined for the role.

virt-who is not supported on IPv6-only networks in Satellite

Satellite does not support the virt-who agent in an IPv6-only network.

Additional configuration is required in IPv6-only networks when using kinit for IdM and AD users

If your Satellite Server runs in an IPv6-only network and also runs on RHEL 9.6 and earlier versions, Kerberos authentication for external users from Identity Management (IdM) and Active Directory (AD) fails. This known issue is caused by a bug in the System Security Services Daemon (SSSD) and occurs when the DNS name of the IdM or AD server can be translated to both an IPv4 and IPv6 address but the IPv4 address is not accessible, for example because it is blocked by a firewall.

Mismatch of the IPv6 address entry in Satellite when using a DHCPv6 server

When you use a DHCPv6 server to assign an IP address dynamically and you provision a host in an IPv6 network, Satellite contains an IPv6 address that does not match the actual IPv6 address of the host. This mismatch impairs host management capabilities, such as remote execution.

Host Discovery fails in an IPv6 network

When you attempt to discover an unknown host in an IPv6 network, the discovery fails with Error: 1001: Failed to open TCP connection to satellite.example.com:443.

Failure to provision hosts in PXE-less Discovery over IPv6

After PXE-less host discovery on an IPv6 Satellite, when the host starts provisioning, it fails to resolve Satellite. As a result, the host fails to fetch Kickstart and the required files.

Incomplete translation of Satellite UI and CLI

If you are using a supported translation, that is French, Japanese, Korean, or Simplified Chinese, you might see some messages in English.