The Satellite boot disk feature can now generate host-based images that work with template proxying (Capsule isolation feature of 6.1). The new "Subnet" type image is provided as a counterpart to the generic image which works with any host.

With the introduction of template proxying, the Satellite boot disk had to be modified to generate valid boot disk images that work with Capsule proxies. This modification is no longer required.

If you create a docker repository that has tags and then synchronize it in one organization, and then view the Docker Tags page for another organization, you can see all the tags for the first organization.

None at this time.

If you provide a numeric value to an API element which requires a numeric value, you may see the following error message.

Enclose the numeric value in quote characters (").

When you create an activation key and immediately add a subscription to it, you may find that the selected subscription is then duplicated in the list of subscriptions.

None at this time.

When you publish a Content View, you might see an error message displayed in a language different from your preferred setting. For example:

Check /etc/foreman-proxy/settings.yml file and the :trusted_hosts: field. Ensure that the host name in that field matches the host name from the error message above. If not, add an additional entry to that setting (can be multiple lines) and restart the foreman-proxy service. Navigate to Monitor → Tasks and resume the Publish task.

After you configure and register a capsule to a Satellite server and start the synchronization process, you might see a large number of "Resetting dropped connection" messages in the /var/log/messages file. For example:

To work around this issue, set the value of MaxRequestsPerChild to 0 in the /etc/httpd/conf.d/prefork.conf file on the Satellite server. This effectively allows an unlimited number of connections to the Satellite server during a Capsule synchronization.

If the file name entered for --certs-tar is not correct, the installation program will commence and eventually fail for confusing reasons. The error message may appear as:

You need to ensure that the --certs-tar value in the capsule-installer command refers to the correct tar archive. If not, the error condition may be difficult to diagnose.

If the time difference between the Satellite and the Capsule is too great, you might see the following error when you try to attach subscriptions. This can occur if the time difference is more than one or two minutes.

The time settings for both the Satellite and Capsule need to be the same to ensure proper registration of clients through the Capsule. Red Hat recommends that you install ntpd or a similar service on the Satellite and Capsule servers, and ensure the times are synchronized. Alternatively, you can manually ensure the time settings on each server are set correctly.

If you attempt to delete a Capsule that still has Content Hosts associated with it, the following error appears:

The workaround for this issue involves several steps, and also requires that the user deleting the capsule have access to the Organization associated with the Capsule.

Deleting or unregistering a Content Host that is associated with a Capsule, and then reregistering it, can cause synchronization to fail with a "Content Host not found" error. For example:

You can fix this issue in the foreman-rake console as follows:

When you upload packages to a repository the process can be very slow, and the hammer process can take 100% of CPU resources. No progress is indicated, which means that you cannot determine the status of the task without checking log files.

None at this time. See the Bugzilla report for more detailed information.

If you try to create a new host using the hammer host create command, it can fail with the error message "mac value is blank," even if a MAC value is provided. For example:

The error message for this issue is incorrect. You do not need to specify a MAC address because it gets updated after the VM is created. However, you do need to specify a value for either compute_attributes or compute_profile_id. See the Bugzilla report for more detailed information.

If you try to list available repositories using the hammer repository-set available-repositories command, and use the --product option to specify the product name, the command fails. For example:

Use the --product-id option and specify the product ID.

If you run the hammer content-view remove-version command, it returns The component version has been removed, but the versions might still be visible in the web UI.

None required. Content View version removal is an asynchronous task. The versions have actually been scheduled for removal, and will be removed in due course. A more accurate output message is planned for a later release.

In the CLI, you can perform a content-override on a product in an activation key. However, there is currently no way to view the enablement of a product in the CLI.

If you attempt to assign permissions to a role, using the roles' names, you might see the following error message:

Specify the roles by their unique identifiers. For example:

The Hammer command hammer repository-set available-repositories lists repositories as being disabled when in fact they are enabled.

No workaround is available for the CLI. The only other option is to use the web user interface for this operation.

The pulp_auth service does not provide a response to the Hammer ping command if incorrect credentials are provided.

None at this time.

If you attempt to install the katello-agent package on a Red Hat Enterprise Linux 6.3 client, the installation fails. This occurs even if the Satellite 6 tools repository has been configured. For example:

The katello-agent package will install on a Red Hat Enterprise Linux 6.3 client if the following repository is included in the life cycle environment and content view that the client registers to:

If you pass an invalid command to a container, the system returns an HTTP 404 Not Found error, instead of informing the user that the command itself was invalid or not found. For example, the web UI displays the following error:

None at this time.

The ability to add a custom registry is currently only available through the web UI, not using hammer (CLI) or the API. You need to use the web UI to create an external registry and then reference that registry and not the official one. This registry is used to create containers using the External Registry tab in order to search for the desired image and select a tag. Satellite then pulls the image from the custom registry and creates the container.

If you use the New Container wizard to try to provision a new Docker container directly from the Red Hat registry, the provisioning process fails with no indication in the UI as to what has happened.

You can work around this issue by using HTTPS instead of HTTP.

Custom repositories with large numbers of Puppet Modules (for example, Puppet Forge, with 2,000 modules) can cause performance problems rendering the Puppet Module list in the Content View selection page. This can result in your web browser becoming completely unresponsive for a short period.

As a temporary workaround, Red Hat recommends that you only upload the puppet modules that you plan to use to your repositories, and not the entire collection.

The Capsule listing of Puppet environments or Puppet classes fails when multiple content views (3 or more parallel) are published. When this occurs, the content view publishing process fails and must be re-attempted in a singular fashion.

Increase the REST client timeout as follows:

The relationship between a Composite Content View and the used ContentViewVersion is not strict. If you re-publish a ContentView and delete the old ContentViewVersion, the list of Composite Content View components is empty.

None at this time.

A race condition could exist if you try to create, enable, publish, or promote different content views to the same environment. As a result, not all of the repositories that should be visible in the environment are actually visible.

To work around this issue, re-enable the repository or promote the Content View again.

If you remove the repositories from a specific product, Red Hat Satellite does not automatically remove the associated packages from the file system, even though the repositories themselves are successfully removed.

No supported workaround for this issue currently exists. If you encounter this issue, contact Red Hat Support or visit https://access.redhat.com/solutions/1295653 "How to deploy and use pulp-admin."

If you unregister a Content Host from Satellite, the process completes successfully but displays an error in the /var/log/messages file. For example:

None required.

If you see messages similar to the following in /var/log/foreman/production.log log file, they can be ignored. The underlying error does not affect Satellite 6's operation and will be resolved in a future release.

None required.

Publishing and promoting Content View performance is not optimal and will be improved in future releases. Currently the publish and promotion process operates on all the repositories in the Content View, not only those repositories whose content had been changed.

None at this time.

If you navigate to Content → Content View → Create New View, enter a name for the view and check the Composite View? checkbox, you may find the list of content views contains duplicates. This issue is cosmetic only and does not affect the operation of views.

Navigate to another screen, then navigate again to Content → Content View and the duplicates will no longer be visible.

If you have errata present in your organization but have no content hosts with applicable errata and navigate to the Errata page, you may find that you get the following error message:

Uncheck the Applicable checkbox.

If you try to clone a Host group which has either global parameters or activation keys, you may see the following error message when you click Save.

None at this time.

If you install Satellite 6 with a signed CA certificate and then change to a self-signed certificate, it can cause issues with SSL and Foreman. This is the result of the previous certificates still existing in the /etc/pki/katello-certs directory.

Refer to https://access.redhat.com/solutions/1311844 for information on how to work around this issue.

When you run katello-installer, it saves the password in plain text. Further, every time you run katello-installer successfully after that it is echoed to the console.

To prevent this issue, change the password using the Satellite UI/API. The new password is not displayed as the installer output; only the old, invalid password is shown.

If Puppet has been run at any time on a host prior to the installation of Satellite 6 (such as in an environment where the normal bootstrap process involves running Puppet), the host-specific certs are generated, but the CA certificate is not generated. When you run the Satellite 6 installation program, it attempts to generate the CA certificates but fails, because the host .PEM files already exist. The installation does not appear to error out in any way. The result is that the installation fails because HTTPD does not start. You might see the following error message:

To work around this issue, use the following procedure:

Attempting to change the FQDN and update the certificates on a Satellite 6 system currently does not work as expected, and as described in https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.0/html/User_Guide/sect-Troubleshooting.html#idp27144192. Following this procedure does not correctly update the server certificates and results in an error.

Updating the Satellite server host name is currently not supported, and consequently there is no workaround for this issue. This is scheduled to be addressed in an upcoming release.

The default Satellite 6 installation settings allow a maximum of 225 connected Content Hosts.

See https://access.redhat.com/solutions/1375253 for instructions on how to configure your Satellite 6 deployment to support more Content Hosts.

The first time you run katello-installer it issues a randomly-generated "seed" password. You can change this password from the web UI. However, if you run the katello-installer command again, it issues another random password, which does not work. The password change made in the web UI is required.

There is no actual workaround for this issue. If you forget the password change that you made in the web UI you can reset the password from the command line, as follows:

The capsule-certs-generate command always suggests using the "ACME_Corporation" organization with the subscription-manager command, whether that organization exists or not. For example:

Ensure that you replace "ACME_Corporation" with a valid organization.

The ISO installer --help output contains the --enhanced_reporting option, which attempts to install the splice, ruby193-rubygem-splice_reports, and spacewalk-splice-tool packages. These packages do not exist on the ISO.

None at this time.

If the host name does not contain a top-level domain, the katello-installer command fails with an error similar to the following:

Either update the host name to include a top-level domain, or pass a valid email address to the katello-installer command. For example:

If you create a content view with at least one module and attempt to promote it on a system that does not have a reverse DNS record, the action will fail with an error similar to the following:

There is currently no workaround for this issue. Red Hat Satellite 6 requires that both forward and reverse DNS be configured and working correctly.

The Satellite 6 installation program is based on Puppet, which means that any manual configuration changes might be overwritten if you run the installation program more than once.

You can use the --noop argument when you run the installation program to determine what changes would be applied. This argument ensures that no actual changes are made. Potential changes are written to the /var/log/katello-installer.log file.

If you install katello and run the katello-installer installation program, and then use the katello-remove command, various packages and directories remain. This may cause issues with any future installations.

If Satellite 6.1 services are configured to start at the wrong runlevel, it could result in the system failing to boot. Satellite 6.1 services require that networking be enabled, and so all Satellite 6.1 services should be off for runlevels 0, 1, 2, and 6, and on for runlevels 3, 4, and 5.

Use the chkconfig command on Red Hat Enterprise Linux 6 or the systemctl command on Red Hat Enterprise Linux 7 to ensure that all Satellite services are enabled for the correct runlevels.

If you create a user on RHEV-M and assign the required roles and permissions for provisioning, when you try to deploy a new Content Host the operation fails with an error similar to the following:

Log in to the "User Portal" with the same user and same permissions to create a new virtual machine.

If you use VMware as a compute resource and have Red Hat Enterprise Linux 7 available as a profile, it does not appear as an available OS when creating a new host in Satellite 6.1.

To address this issue, you need to manually update the vmodl.db file and restart the appropriate services, as follows:

If you clone a host in a Vmware ESX cluster from a template, the newly created host receives an empty network label/VLAN on the network interface. The attached network interface is not active and is assigned the "Standard port group" type, while previously deployed machines have been assigned the "Distributed port group" interface type. As a result the VM does not receive a DHCP IP address and cannot complete deployment.

The best workaround currently available is that for the described network infrastructure, use network-based, instead of image-based, provisioning.

The web UI currently provides no direct process for creating an unmanaged host.

To create an unmanaged host in the web UI, you first need to select a managed host and then edit it to make it unmanaged. You can also use the API to create an unmanaged host without first creating a managed host.

Unlike Satellite 6.0, Satellite 6.1 uses encrypted connections by default to connect to the console of provisioned hosts. Before you can use encrypted connections, you need to import the Satellite server's CA certificate into your browser.

Import the Satellite server's CA certificate into your browser.

Provisioning fails with VMware Compute Resource if the vCenter's data center uses nested folders.

Until this issue is resolved, Red Hat recommends that you create VMware virtual machines outside of Satellite 6 and associate them using subscription-manager and puppet-agent explicitly.

Cancellation of node sync tasks is not propagated to the agent. As a result, the task on the parent has a state of canceled but continues to run on the agent/node. This means that Katello considers the task canceled when it was not. This prevents new tasks from running by the agent until the previous task finishes normally. This can result in a backlog of agent requests and tasks on the node.

None at this time.

Creating puppet git repositories on other than Satellite 6 machines fails because of dependency issues and import errors.

To use the pulp-puppet-module-builder command on a separate system from the Satellite Server, subscribe the system to a Red Hat Satellite 6 server. This provides access to the extra packages required: pulp-puppet-module-builderpython-setuptools and python-pulp-puppet-common. Enable the Red Hat Satellite 6 repositories and install the packages:

If you try to access a large number of Content Views or Product Views the page may not display correctly, and instead display only "Loading..." The following error can occur in the production log:

This issue is being worked on upstream and a fix will be available in a future release. To work around this issue, you need to uncomment and modify the repo_sync_history option in the /etc/pulp/server.conf file as follows:

If you install an errata that includes kernel updates, the kernel and kernel-devel packages are not reported as being installed.

To work around this issue, you can review the Content Host's package profile to confirm that the expected packages have been updated. This issue is being worked on upstream and will be addressed in a future release.

If you create a non-admin user account, even with the required permissions for registering Content Hosts, any attempt to register a host fails. For example:

To work around this issue, ensure the user is assigned the Admin role, or use an Activation Key.

Satellite 6 and the subscription-manager client show inconsistencies when registering many clients in parallel (for example, 50, 100, 150, 200), using an activation key.

If you run subscription-manager register using an activation key and observe a failure, follow these steps:

Although Satellite 6.1 Server fully supports SELinux in enforcing mode, the smart-proxy process running on Capsule Server does not yet run in confined mode. Other processes on the Capsule are fully confined and full support is expected in the upcoming minor versions of Satellite 6.

If you installed Satellite 6.0 and changed the host name of that Satellite, the upgrade procedure to Satellite 6.1 fails. When you run the katello-installer command, you might see output similar to the following:

No specific workaround is available at this time. To ensure a smooth and error-free upgrade, do not change the Satellite host name prior to or during the upgrade. Changing the host name is currently not supported, but will be available in a future release.

After a successful Satellite upgrade, you may see the following error message in the installer.log log file. This error message can be safely ignored and will be resolved in a future release.

None at this time.

If you configure Active Directory integration and log in to Satellite, the account is created but may not be assigned any roles.

When you specify the Active Directory group in Satellite, you need to use all lowercase characters. A fix for this is being worked on for an upcoming release.

If you navigate to Content → Red Hat Repositories and open a tree for a repository, you might see the following error message:

To work around this issue, update your manifest. This issue will be addressed in a future release.

On the Satellite Server's Content Search user interface, search strings with spaces do not return any results.

To search for product names that contain spaces, either enclose the product name in quotes or escape the spaces. For example:

If you navigate to Configure → Puppet Classes and click Import, the labels in the drop-down list may be cut off at the edge of the browser's window, making it impossible to confirm in advance what is being selected. Resizing the browser's window has no effect on the problem.

None at this time.

If you attempt to remove a network interface card (NIC) from a compute profile, it will fail, with no error message output.

None at this time.

When you assign a host to a host group which has a Puppet Certificate Authority and PuppetMaster specified, and remove these value from the host, you will find that the values are reinstated when you click Submit.

Assign the host to a host group without a Puppet Certificate Authority and PuppetMaster specified.

If you try to delete a Host Group that is referenced by another Organization (that is not visible to your account), the operation does not complete correctly and produces a misleading error.

To delete a Host Group, you need to remove all hosts from that group.