Skip to content

Instantly share code, notes, and snippets.

@domcleal
Last active December 17, 2015 06:39
Show Gist options
  • Save domcleal/5567450 to your computer and use it in GitHub Desktop.
Save domcleal/5567450 to your computer and use it in GitHub Desktop.
Foreman 1.2 release notes

Release candidate notes for 1.2.0-RC1

Unavailable features in RPMs

Due to time constraints and the major reworking of the RPM packages to use Software Collections (SCL), some features are unavailable in RC1. They will be made available later in the RC cycle:

  • Passenger in RPMs: under review due to co-locating SCL Foreman and non-SCL Puppet within the same Apache instance
  • MySQL support in RPMs: the required MySQL gems haven't been built for the SCL yet
  • Only EL6 packages available, EL5 and Fedora to follow

Installation

If using the installer on RPM distros, the following answers file is recommended due to the above constraints:

FIXME

Known issues

Important issues are listed below, but all issues targeted to be fixed in the Foreman 1.2 release are available here:

Admin account not enabled after installation (issue #2519)

Workaround (RPMs): after install run cd ~foreman && sudo -u foreman ruby193-rake permissions:reset RAILS_ENV=production

Workaround (others): after install run cd ~foreman && sudo -u foreman rake permissions:reset RAILS_ENV=production

Available locales not displayed (issue #2536)

Workaround: none

Release notes for 1.2

Headline features

Discovery plugin support

foreman_discovery is supported with Foreman 1.2 and provides Metal-as-a-Service hardware discovery. New hosts boot into a discovery image which registers with Foreman, then can be converted and built from the web interface. See the README file for a step by step guide to configuring Foreman and the plugin.

BMC and IPMI support

Power control and boot device controls are now available from the web interface for bare metal hosts with a BMC network interface configured. The BMC interface can be added under the host network tab, and a smart proxy with the BMC feature configured is also required to perform actions over IPMI.

Internationalization

The web interface has been internationalized and now supports a number (FIXME) of languages. The interface will switch to the language specified by the browser by default and can be overridden from the user settings within Foreman. Further translations are welcomed through the Foreman project on Transifex.

SPICE HTML5 support

Virtual machine consoles on oVirt hosts can now be viewed from any HTML5-capable browser, instead of requiring the Linux-only XPI plugin. The XPI view is still available via the "New Window" link.

SELinux targeted support

An SELinux module for the standard targeted policy is now shipped in the foreman-selinux subpackage, supporting all standard configurations and options of Foreman. Please file any AVCs caused by Foreman or common plugins as bugs.

PostgreSQL by default

The Foreman installer default database has changed from SQLite to PostgreSQL, providing increased performance and reducing concurrency errors seen even in very small environments. MySQL is also fully supported and can be selected as an alternative. Database management in the installer modules can also be disabled, see this announcement for details.

Puppet runs via MCollective

The smart proxy can now initiate Puppet runs via the MCollective "puppet" agent, when configured with :puppet_provider: mcollective.

API version 2

A new API version has been added, providing new features while retaining APIv1 compatibility. Puppet classes can now be added and removed on hosts and host groups, locations and organizations have a CRUD interface and parameters on hosts, host groups etc can be managed.

Upgrade notes

Changes to production deployment for non-package users

For users running Foreman from git instead of RPMs or Debian packages, two additional deployment steps are now required for production usage:

  • rake locale:pack to compile locale .mo files
  • rake assets:precompile to compile images, JavaScript etc.

Software collections in RPMs

The RPMs now provide a full Ruby 1.9 stack via software collections (SCL), complete with the version of Ruby on Rails and other dependencies used by Foreman. This allows for a single stack of packages across each supported RPM-based distro, plus easier support of future dependencies as Ruby 1.8 goes EOL upstream. The software collection is installed under /opt/rh/ruby193.

This changes any rake or ruby commands used for managing Foreman, which now become ruby193-rake and ruby193-ruby respectively. Commands can also be run with scl enable ruby193 'original command' to run in the context of the collection (note the quotes).

More about software collections in general is available here and more about its use in Foreman here (FIXME, wiki/posts).

Host group matcher inheritance

Matchers used in smart variables or class parameters to match host groups are now inherited by children of those matching host groups too (e.g. a matcher for hostgroup=Base will also apply to Base/Web). This behaviour can be reverted by the host_group_matchers_inheritance setting (More > Settings > Puppet).

ActiveRecord-based storeconfigs / database sharing now unsupported

Previously it was suggested that a single database could be shared between Puppet ActiveRecord-based storeconfigs and Foreman, which would be used to import data from Puppet - this configuration was deprecated in Foreman 1.1 and is now unsupported in 1.2. Foreman must be configured with a standalone database, then configure either an ENC or fact and report uploads, which provides most of the same functionality as database sharing without the associated issues.

Puppet 3 also deprecated the use of ActiveRecord-based storeconfigs and it is now recommended to use PuppetDB instead for storeconfigs and exported resources. This can be used alongside Foreman as the two do not need to interact.

Release notes

API

  • APIv2 added, providing:
    • Puppet class management nested on hosts and host groups (#2250)
    • Locations and organizations CRUD API (#2239)
    • Parameters on hosts, domains, host groups and operating systems can now be managed via nested calls, e.g. GET /api/domains/6/parameters (#1988)
    • Template combinations (host groups and environments) management, nested under /config_templates
    • Resource list/show methods can now specify location_id and organization_id to filter (#2239)
    • Full hash parameters (rather than using _ids) now supported in config templates for operating systems
    • Separate APIv2 documentation linked via "v2" in top-right of docs web page
  • All API routes now follow existing delegated roles and permissions (#2248, #2266)
  • Usergroups can be searched and ordered when listed
  • Permissions error when managing environments fixed (#2273)
  • Ensure documentation is loaded to show links on /api

Authentication and authorization

  • All pages and actions now attached to permissions and can be delegated, including "Run Puppet" (#2202, #2221, #985)
  • Host groups ownership is hierarchical, users now have access to child host groups (#2219)
  • trusted_puppetmaster_hosts setting added to permit specified hosts to ENC/reports/facts (#2153)
  • Signo support added for SSO with Katello, using OpenID protocol (#2417)
  • Users can no longer select "Any Organization" and view hosts outside of their organizations (#2298)
  • Admin flag can no longer be removed from mandatory builtin admin user

Compute resources

  • Amazon EC2: IAM roles can be specified on images (#2229)
  • Amazon EC2: fix empty security group error (#2490)
  • OpenStack: available operating system images shown (#2251)
  • OpenStack: text console log can be viewed for hosts (#2252)
  • OpenStack: floating/public IP address can now been selected (#2253)
  • RHEV 3.1: selecting templates fixed (#2224)
  • RHEV 3.1: fix host installation due to disk locking (#2163)
  • RHEV 3.1: fix error when adding disk to existing VM (#2316)
  • SPICE console now uses HTML5 instead of requiring XPI extension, which is still accessible via "New Window" button (#2277)
  • VMware: network label now set correctly on NICs (#2188)
  • Fix test connection button for existing compute resources

Host management

  • BMC tab for power control added to hosts with a BMC NIC configured, requires a BMC-enabled smart proxy (#426)
  • Environment can be updated to the host group selection via the multi-select change environment window (#686)
  • Add Gentoo operating system, add SLES and SLED to SUSE family
  • Domain no longer appended to FQDN on host update when FQDN domain differs (#2130)
  • Fix OS selection when scoped by both organization and location (#2222)
  • Behaviour of new host form fixed when "Any Location/Organization" selected (#2197)
  • Free IP address correctly retrieved from smart proxy on Ruby 1.9 (#2398)

Infrastructure

  • Ruby on Rails updated to 3.2
  • Ruby 2.0 support, requires Puppet 3.2.0 or higher (#2367)
  • audited 3.0.0 supported (#2393)
  • foreman-debug script added to collect data for support purposes (#2434)
  • Load libvirt group when bundler_ext used (#2428)
  • ruby_parser warnings generated in rake cronjobs have been silenced (#2217)
  • Plugins can now load settings from config/settings.plugins.d/*.yaml (#2389)
  • Puppet can be loaded from a gem by setting :puppetgem: true in settings.yml (#2268)
  • Show error in rake tasks when Facter domain is nil (#2408)
  • Add --dry-run option to foreman-config

Installer

  • PostgreSQL and MySQL can be configured, PostgreSQL is now the default database (#2013, #2014)
  • Oracle Linux is now supported (#2342)
  • Answers file correctly written before running Puppet (#2442)
  • Apache HTTP virtual host IP configured correctly on Debian and Ubuntu (#2346)
  • Concat issue on Ruby 1.9 fixed (#2447)

Packaging

  • RPMs now use Software Collections (SCL) and supply a complete Ruby 1.9.3 stack
  • SELinux targeted policy is now provided (#2125)
  • RPMs now use bundler_ext, so Gemfile.lock no longer requires updating after package update (#2204)

Provisioning templates

  • "regexp buffer overflow" when rendering templates on Ruby 1.8 fixed (#2100)
  • Templates no longer deleted when associated environment is deleted (#2246)
  • Duplicate epel and HTTP Proxy snippets after install fixed (#2358)
  • Refreshed EPEL release RPM version number (#2359)
  • FIXME: refresh all templates

Puppet integration

  • Parameters can be overriden via the host group UI (#2132)
  • Matchers for host groups are now inherited by child host groups, controlled by host_group_matchers_inheritance setting (#2220)
  • Puppet master and CA proxies are now optional when creating hosts (#2461)
  • Facts importer no longer recreates unchanged values in database (#2486)
  • FQDN is now stored lower cased when imported through facts, preventing UI issues (#2351)
  • SQL error when importing modules (e.g. Example42) fixed (#2485)

Smart Proxy

  • MCollective can be used to trigger Puppet runs using the "puppet" agent (#2116)
  • DNS GSS-TSIG support added for Windows AD DNS and FreeIPA (#1685)
  • Shell provider added to BMC API, runs shutdown commands locally (#2387)
  • Fix arbitrary remote execution risk in Puppet run API (CVE-2013-0210)
  • Fix Sinatra 1.4.2 incompatibility, causing HTML to be returned instead of JSON
  • Facts API now refreshes data on each call (#2255)
  • Environments list fixed when ActiveRecord storeconfigs is enabled (#2209)
  • Proxy not started at boot if :daemon set to false (#2152)
  • Puppet class parameters with an "undef" default no longer marked as required (#2191)
  • Puppet manifests with import statements are no longer ignored (#2067)
  • Path to puppetca in Puppet Enterprise fixed

UI

  • New top bar UI design
  • User interface has been internationalized (#2269, #2368, #2420, #2426)
  • Users can select their preferred language (#2444)
  • Plugins can add tabs and new settings to the Settings UI (#2407)
  • Latest reports and metrics now shown on dashboard (#2406)
  • Replace Highcharts with Flot
  • Footer moved to separate About page, showing proxy and compute resource statuses (#2511)
  • Hosts can be searched by comment field (#2475)
  • Hosts and host groups can be searched by the full host group name / label (#2263)
  • Subnet edit page allows editing of location/organization (#2203)
  • Gravatar can be disabled with use_gravatar setting (#2247)
  • Enable host searches on OS minor and major version numbers (#2499)
  • Absolute URLs fixed in Puppet class import (#2416)
  • Escaped HTML in help popups fixed (#2396)
  • Fix display of multiple form errors under Ruby 1.9 (#2242)
  • Favicon now shown when Foreman hosted at non-root context (#2526)
  • Link to host added on some audit entries
  • Filter and sorting added to multi-select components
  • Organizations created via API now shown in UI menu immediately (#2513)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment