Release Notes

Red Hat Satellite 6.3

Product notes, new features, and known bugs for Red Hat Satellite 6.3.

Red Hat Satellite Documentation Team

Abstract

This document contains product notes, brief descriptions of new features, and known bugs for Red Hat Satellite 6.3.

Chapter 1. Introduction

Red Hat Satellite is a system management solution that enables you to deploy, configure, and maintain your systems across physical, virtual, and cloud environments. Satellite provides provisioning, remote management and monitoring of multiple Red Hat Enterprise Linux deployments with a single, centralized tool.

Red Hat Satellite Server synchronizes the content from Red Hat Customer Portal and other sources, and provides functionality including fine-grained life cycle management, user and group role-based access control, integrated subscription management, as well as advanced GUI, CLI, or API access.

Red Hat Satellite Capsule Server mirrors content from Red Hat Satellite Server to facilitate content federation across various geographical locations. Host systems can pull content and configuration from the Capsule Server in their location and not from the central Satellite Server. The Capsule Server also provides localized services such as Puppet Master, DHCP, DNS, or TFTP. Capsule Servers assist you in scaling Red Hat Satellite as the number of managed systems increases in your environment.

1.1. Satellite 6 Component Versions

Red Hat Satellite is a combination of a number of upstream projects. For the full details of the major projects included, and the version of those projects included in each major and minor release of Red Hat Satellite, see Satellite 6 Component Versions.

1.2. Red Hat Satellite and Proxy Server Life Cycle

For an overview of the life cycle phases for Red Hat Network Satellite and Red Hat Satellite and the status of support for these products, see Red Hat Satellite and Proxy Server Life Cycle.

1.3. Red Hat Satellite FAQ

For a list of frequently asked questions about Red Hat Satellite 6, see Red Hat Satellite 6 FAQ.

Chapter 2. Content Delivery Network Repositories

This section describes the repositories required to install Red Hat Satellite 6.3.

You can install Red Hat Satellite 6.3 through the Content Delivery Network (CDN). To do so, configure subscription-manager to use the correct repository for your operating system version and variant.

Run the following command to enable a CDN repository:

# subscription-manager repos --enable=[reponame]

Run the following command to disable a CDN repository:

# subscription-manager repos --disable=[reponame]

The following sections outline the repositories required by Red Hat Satellite 6.3. When one of these repositories is required to install a package, the steps to enable the required repositories are included in the documentation.

2.1. Red Hat Satellite

The following table lists the repositories for Red Hat Satellite Server.

Table 2.1. Red Hat Satellite

ChannelRepository Name

Red Hat Satellite 6.3 (for RHEL 7 Server) (RPMs)

rhel-7-server-satellite-6.3-rpms

Red Hat Satellite 6.3 - Puppet 4 (for RHEL 7 Server) (RPMs)

rhel-7-server-satellite-6.3-puppet4-rpms

2.2. Red Hat Satellite Capsule

The following table lists the repositories for Red Hat Satellite Capsule Server.

Table 2.2. Red Hat Satellite Capsule

ChannelRepository Name

Red Hat Satellite Capsule 6.3 (for RHEL 7 Server) (RPMs)

rhel-7-server-satellite-capsule-6.3-rpms

Red Hat Satellite Capsule 6.3 - Puppet 4 (for RHEL 7 Server) (RPMs)

rhel-7-server-satellite-capsule-6.3-puppet4-rpms

2.3. Red Hat Satellite Maintenance

The following table lists the repositories for Red Hat Satellite Maintenance.

Table 2.3. Red Hat Satellite Maintenance

ChannelRepository Name

Red Hat Satellite Maintenance 6 (for RHEL 7 Server) (RPMs)

rhel-7-server-satellite-maintenance-6-rpms

2.4. Red Hat Satellite Tools

The following table lists the repositories for Red Hat Satellite Tools.

Table 2.4. Red Hat Satellite Tools

ChannelRepository Name

Red Hat Satellite Tools 6.3 (for RHEL 5 Server - AUS) (RPMs)

rhel-5-server-aus-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 5 Server - ELS) (RPMs)

rhel-5-server-els-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 5 for System Z - ELS) (RPMs)

rhel-5-for-system-z-els-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 6 Desktop) (RPMs)

rhel-6-desktop-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 6 Server) (RPMs)

rhel-6-server-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 6 Server - EUS) (RPMs)

rhel-6-server-eus-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 6 Server - AUS) (RPMs)

rhel-6-server-aus-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 6 Workstation) (RPMs)

rhel-6-workstation-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 6 for System Z) (RPMs)

rhel-6-for-system-z-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 6 for System Z - EUS) (RPMs)

rhel-6-for-system-z-eus-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 6 for IBM Power) (RPMs)

rhel-6-for-power-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 6 for IBM Power - EUS) (RPMs)

rhel-6-for-power-eus-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 6 for Scientific Computing) (RPMs)

rhel-6-for-hpc-node-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 6 for Scientific Computing - EUS) (RPMs)

rhel-6-for-hpc-node-eus-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 7 Desktop) (RPMs)

rhel-7-desktop-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 7 Server) (RPMs)

rhel-7-server-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 7 Server - EUS) (RPMs)

rhel-7-server-eus-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 7 Server - AUS) (RPMs)

rhel-7-server-aus-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 7 Workstation) (RPMs)

rhel-7-workstation-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 7 for System Z) (RPMs)

rhel-7-for-system-z-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 7 for System Z - EUS) (RPMs)

rhel-7-for-system-z-eus-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 7 for IBM Power) (RPMs)

rhel-7-for-power-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 7 for IBM Power - EUS) (RPMs)

rhel-7-for-power-eus-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 7 for Scientific Computing) (RPMs)

rhel-7-for-hpc-node-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 7 for Scientific Computing - EUS) (RPMs)

rhel-7-for-hpc-node-eus-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 7 for IBM Power LE) (RPMs)

rhel-7-for-power-le-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 7 for IBM Power LE - EUS) (RPMs)

rhel-7-for-power-le-eus-satellite-tools-6.3-rpms

Red Hat Satellite Tools 6.3 (for RHEL 7 Server for ARM) (RPMs)

rhel-7-for-arm-satellite-tools-6.3-rpms

2.5. Red Hat Satellite Tools - Puppet 4

The following table lists the repositories for Red Hat Satellite Tools - Puppet 4.

Table 2.5. Red Hat Satellite Tools - Puppet 4

ChannelRepository Name

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 5 Server - AUS) (RPMs)

rhel-5-server-aus-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 5 Server - ELS) (RPMs)

rhel-5-server-els-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 6 Desktop) (RPMs)

rhel-6-desktop-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 6 Server) (RPMs)

rhel-6-server-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 6 Server - EUS) (RPMs)

rhel-6-server-eus-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 6 Server - AUS) (RPMs)

rhel-6-server-aus-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 6 Workstation) (RPMs)

rhel-6-workstation-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 6 for Scientific Computing) (RPMs)

rhel-6-for-hpc-node-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 6 for Scientific Computing - EUS) (RPMs)

rhel-6-for-hpc-node-eus-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 7 Desktop) (RPMs)

rhel-7-desktop-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 7 Server) (RPMs)

rhel-7-server-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 7 Server - EUS) (RPMs)

rhel-7-server-eus-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 7 Server - AUS) (RPMs)

rhel-7-server-aus-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 7 Workstation) (RPMs)

rhel-7-workstation-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 7 for Scientific Computing) (RPMs)

rhel-7-for-hpc-node-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 7 for Scientific Computing - EUS) (RPMs)

rhel-7-for-hpc-node-eus-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 7 for IBM Power LE) (RPMs)

rhel-7-for-power-le-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 7 for IBM Power LE - EUS) (RPMs)

rhel-7-for-power-le-eus-satellite-tools-6.3-puppet4-rpms

Red Hat Satellite Tools 6.3 - Puppet 4 (for RHEL 7 Server for ARM) (RPMs)

rhel-7-for-arm-satellite-tools-6.3-puppet4-rpms

Chapter 3. Key Changes to the Documentation Set

Several notable changes were made to the Red Hat Satellite documentation set for this release. The following list outlines and explains these changes.

Errata Management Guide
The Errata Management Guide is a new title that describes how to set up patching in a Red Hat Satellite environment.
Hammer CLI Guide
A full reference to Hammer commands has now been added. For more information, see Reference in the Hammer CLI Guide.
Host Configuration Guide
The Host Configuration Guide included in the Red Hat Satellite 6.2 documentation suite has now been renamed Managing Hosts to more closely reflect the content it contains. Content on configuring provisioning environments and managing content previously found in this guide has been moved to the Provisioning Guide and Content Management Guide respectively.
Installation Guide
Content on upgrading and updating Red Hat Satellite has been moved to a standalone title Upgrading and Updating Red Hat Satellitie.
Server Administration Guide
The Server Administration Guide included in the Red Hat Satellite 6.2 documentation suite has now been renamed Administering Red Hat Satellite to more closely reflect the content it contains. Content on managing content previously found in this guide has been moved to the Content Management Guide.

Chapter 4. New Features and Enhancements

This chapter introduces new features in Red Hat Satellite 6.3, and links to further information.

Ansible Tower Integration
Satellite 6.3 now supports Ansible Tower Integration. Ansible Tower is a web-based graphical interface for automating management tasks such as cloud provisioning, configuration, and application deployment. Red Hat Satellite, with Ansible Tower, provides a dynamic inventory, and provisioning callbacks. Ansible Tower is able to use Red Hat Satellite as a dynamic inventory source, and both products are able to sync inventory. Systems provisioned by Red Hat Satellite are able to ‘callback’ to Tower, allowing Ansible playbooks to run post provisioning.
Arbitrary Files in Content Views
Satellite 6.3 provides the ability for custom products to include repositories for custom file types. This provides a generic method to incorporate arbitrary files in a product. Applications range from distributing SSH keys and source code files to larger files such as virtual machine images and ISO files.
Bulk Subscription Upgrade Tooling
Satellite 6.3 subscription management now provides the ability to manage subscriptions against multiple systems. This includes the ability to export subscriptions to a file in CSV format, import from a previously exported CSV file, and bulk-attach subscriptions using the API and CLI.
Cloning Utility
Satellite 6.3 provides the ability to restore Red Hat Satellite to a bare metal environment by cloning an existing Red Hat Satellite 6.1 or 6.2 backup, and then upgrading the clone to Red Hat Satellite 6.3.
Content Synchronization Policies
Red Hat Satellite Capsules now feature their own user selectable download policy for repositories: On Demand, Background, Immediate, and Inherit from Repository.
EC2 Support
Satellite 6.3 now supports running on Amazon Elastic Compute Cloud (Amazon EC2).
Email Setting Configuration
Satellite 6.3 introduces user configurable email settings by the API and the Administer settings of the web user interface. Settings include Sendmail/SMTP settings, authentication settings, and how emails are sent by Satellite.
Future-Dated Subscriptions
Satellite 6.3 introduces the ability to view and attach future dated subscriptions to systems. The Red Hat Customer Portal now has the facility to view and download manifests containing future dated subscriptions.
Host Name Control
Satellite 6.3 features improved hostname creation logic for clients with Discovery, providing the ability to set the fact that is used for the hostname of the system.
Improved Compute Resource Configuration
Satellite 6.3 introduces user configurable resource allocation within hypervisor environments.
LDAP User Organization and Location Assignment
This release adds to Hammer the ability to change the default location or organisation of a user, using the name of the location or organization in addition to the ID.
Login Page Messages
This release adds the ability to specify a custom message on the login screen to the Red Hat Satellite Server web user interface.
Notification Drawer

This release adds a notification drawer to the Red Hat Satellite Server web user interface. The drawer provides event notifications to keep administrators informed of important environment changes. Notifications currently implemented include the following:

  • Host discovery
  • Host deletion
  • Successful provisioning of a system
  • Imported host with no owner
OpenSCAP Tailoring Files
This release adds the ability to upload and use tailoring files to customize existing OpenSCAP policies.
Organization Administrator Role
This release adds a new organization administrator role by default. This role can view the configuration of every element of the Satellite structure, logs, and statistics.
Parameterized Subnets
This release adds a method to specify parameters for subnets in a similar way as for domains. From the Infrastructure menu, when you create or edit subnets, there is a new Parameters tab.
Puppet 4 Support
This release supports hosts with Puppet version 3.8 or later. You can now update hosts to the Puppet 4 agent.
Red Hat Virtualization 4.0 Support
This release adds support for Red Hat Virtualization 4.0 as a compute resource back end.
Rename Utility
This release includes a tool for renaming a Satellite or Capsule Server.
SSH Key Provisioning Support
This release adds support for the deployment of public SSH keys as part of the provisioning process.
Static IP Configuration in Bootdisks
This release adds support for static IP configuration to be included in full host bootdisks.
Template Enhancements
This release adds two enhancements to provisioning templates. It is now possible to export templates. The template editor now features a Help tab which contains information about the template syntax.
Tokenized Authentication for Hammer
This release adds the ability to initiate a token-based authenticated session with Satellite and avoid storing credentials in plan text. You are only prompted once for credentials at the beginning of a session when running Hammer commands.
UEFI Support
This release adds support for PXE booting of UEFI systems.
User Description Field
This release adds the ability to specify a custom description for individual users in the Red Hat Satellite Server web user interface.
Virt-Who Configuration Utility
This release adds a feature which assists the task of creating and deploying virt-who configuration files.

Chapter 5. Release Information

These release notes highlight technology preview items, recommended practices, known issues, and deprecated functionality to be taken into consideration when deploying this release of Red Hat Satellite 6.

Notes for updates released during the support lifecycle of this Red Hat Satellite 6 release will appear in the advisory text associated with each update.

5.1. Enhancements

This release of Red Hat Satellite 6 features the following enhancements:

BZ#1329051

Previously, users had to synchronize the Atomic Kickstart Tree content manually through a custom repository. With this release, users can synchronize the Atomic Kickstart Tree content from within the Red Hat Content Delivery Network.

5.2. Technology Preview

The items listed in this section are provided as Technology Previews. For further information on the scope of Technology Preview status, and the associated support implications, see https://access.redhat.com/support/offerings/techpreview/.

Synchronize Templates from Git Repositories
Satellite 6.3 introduces a plug-in that allows templates to be pushed to, and pulled from, an external Git repository or filesystem. For more information, see Synchronizing Templates with Git.
Auto-attach Bootdisk for VMWare
Satellite 6.3 introduces an auto-attach bootdisk for VMWare as a feature. For more information, see Satellite 6.3 Feature Overview: Auto-attach Bootdisk for VMWare [Tech Preview].
Tracer
Satellite 6.3 introduces Tracer, an integration with the Tracer tool that monitors running processes and identifies if they need to be restarted due to package updates or similar activities. For more information, see Satellite 6.3 Feature Overview: Tracer [Tech Preview].

BZ#1376191

Previously, provisioning on IBM POWER was not available. With this release, provisioning clients on IBM POWER via BOOTP is available as a Technology Preview feature.

5.3. Release Notes

This section outlines important details about the release, including recommended practices and notable changes to Red Hat Satellite. You must take this information into account to ensure the best possible outcomes for your deployment.

BZ#1432285

Previously, there was an API JSON field named "enabled_override" for the API at "/api/v2/hosts/1/subscriptions/product_content". With this release, the API JSON field name "enabled_override" has been deprecated in favor of "override" to improve consistency.

BZ#1433458

To synchronize container images from a registry with self-signed certificates, you must either configure certificates manually or disable the SSL Verify option.

BZ#1435007

With this release, the roles included in Red Hat Satellite are now read only. If any of these roles were previously customized, an editable version of those roles with the name "Cuztomized XXXX" is created when you upgrade your environment to this version.

BZ#1469599

Because of security fixes that were introduced with this fix, if you clone templates that contain Ruby's `to-proc` syntax in Satellite 6.2, and then upgrade to Satellite 6.3, you cannot use the template.

As a workaround, write the same code as a full Ruby block, for example, `(1..3).collect(&:to_s)` becomes `(1..3).collect {|num| num.to_s}`.

To find affected code, search the template for `&:`. Replace `…(&:…)` with `…{|i| i.…}`.

Use the following two examples as a guide:

Ruby syntax in 6.2 cloned template:

 <% host_param('ssh_authorized_keys').split(',').map(&:strip).each do |ssh_key| -%>

Updated Ruby syntax for Satellite 6.3:

 <% host_param('ssh_authorized_keys').split(',').map{ |item| item.strip }.each do |ssh_key| -%>


Ruby syntax in 6.2 cloned template:

 nameserver=#{[subnet.dns_primary, subnet.dns_secondary].select(&:present?).join(',')}

Updated Ruby syntax for Satellite 6.3:

 nameserver=#{[subnet.dns_primary, subnet.dns_secondary].select{ |item| item.present? }.join(',')}

BZ#1552093

Previously, the templates used "<%= foreman_url %>" to notify Satellite that the build is done. In 6.3, the templates use "<%= foreman_url('built') %>", which explicitly calls the 'built' template.

BZ#1512959

If you plan to manually upgrade from Satellite 6.2 to Satellite 6.3, and if you previously installed the python-pulp-agent-lib package, you must enable the satellite-tools repository to successfully perform the upgrade. This package was moved into the tools repository for Satellite 6.3.

BZ#1560607

Several parameters of the capsule-certs-generate command were changed, and some were added. Those prefixed --capsule were changed to a --foreman-proxy prefix. New parameters prefixed --reset were added to allow commonly-used parameters to be reset to their default values. A --certs-reset parameter was added to reset any custom certificates and use the self-signed CA instead.

5.4. Deprecated Functionality

In this release, you can no longer use the subscription_manager_registration snippet in a template to enable Satellite Tools repositories. You must configure your repositories to be enabled using an activation key.

5.5. Known Issues

These known issues exist in Red Hat Satellite 6 at this time.

BZ#1321041

Known Issue
Hosts provisioned by Satellite, but not registered, are showing a green icon, indicating they are covered by a subscription. These should show a red icon, indicating they are not covered by a subscription.

BZ#1382090

Known Issue
In the Red Hat Subscriptions tab of the user interface, the hyperlinks used in the subscription type "Guests of hypervisor-name" are incorrect and broken. This is due to the hyperlink using the candlepin uuid rather than the host ID.

BZ#1445625

Known Issue

On Puppet Forge, some Puppet modules are invalid and cannot sync with Satellite.

These invalid Puppet modules cause error messages such as Invalid properties or MissingModulePile.

Despite receiving a report of a sync failure, the valid Puppet modules sync from Puppet Forge into Satellite.

BZ#1507848

Known Issue
Satellite Installer requires absolute paths. Always provide an absolute path for --certs-tar. For example, /root/new.name-certs.tar. If you run the installer with a relative path, run the installer again with the absolute path and the --scenario parameter to create the last_scenario.yml.

BZ#1518848

Known Issue
The command katello-change-hostname creates an error condition when run on Satellite 6.2 during migration and upgrade. This occurs because of a bug in the version of the katello-change-hostname command in the 6.2 release. To avoid this problem, complete the upgrade to Satellite 6.3 before running the katello-change-hostname command.

BZ#1523392

Known Issue
Running the ./install_packages command when attempting to set up a disconnected Satellite Server fails and returns NOKEY error.
Workaround
For more information, see the KCS Solution at https://access.redhat.com/solutions/3275791

BZ#1538597

Known Issue
When using image-based provisioning against VMWare, attempting to add additional storage to the new host returns an error.

BZ#1541002

Known Issue

If you try to delete a subnet that is used to provision a machine, instead of receiving a user-friendly error message, you receive a confusing error message:

 | NoMethodError: undefined method `klass' for nil:NilClass
 | Did you mean?  class

BZ#1541481

Known Issue
If you have SELinux enabled, using Kerberos (KRB) keys instead of RSA keys can cause remote execution jobs to fail.

BZ#1541885

For ISO-based disconnected Satellite users

Known Issue
The RPM script is missing "--local", which makes it search the internet to install the "oauth" gem. For disconnected Satellites, this is a problem.
Workaround

If Puppet 4 is installed, when yum installs packages using the default Puppet 4 repositories, before you run satellite-installer, enter the following command:

/opt/puppetlabs/puppet/bin/gem install --local /usr/share/foreman-installer/gems/oauth-0.5.1.gem

Workaround

If you upgrade to Puppet 4, before you enter the --upgrade-puppet command, enter the following commands:

# yum remove -y puppet-server
# yum install puppetserver puppet-agent puppet-agent-oauth
/opt/puppetlabs/puppet/bin/gem install --local /usr/share/foreman-installer/gems/oauth-0.5.1.gem

BZ#1544401

Known Issue
Running katello-backup with a relative path for the destination, for example `katello-backup .', causes an error.
Workaround
Run katello-backup with a full path. For example 'katello-backup /backup-destination'.

Chapter 6. Technical Notes

This section contains the summary text for bug fixes and enhancements in Red Hat Satellite errata advisories. The information and procedures in this section are relevant to Red Hat Satellite administrators.

6.1. Red Hat Satellite 6.3.0

This section outlines the errata advisories released for Red Hat Satellite 6.3.0.

6.1.1. RHSA-2018:0336: Important: Satellite 6.3 Release

Information about this advisory is available at https://access.redhat.com/errata/product/250/ver=6.3/rhel---7/x86_64/RHSA-2018:0336.

vulnerability

An integer-overflow flaw was found in V8's Zone class when allocating new memory (Zone::New() and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges.
It was found that ruby will_paginate is vulnerable to a XSS via malformed input that cause pagination to occur on an improper boundary. This could allow an attacker with the ability to pass data to the will_paginate gem to display arbitrary HTML including scripting code within the web interface.
A flaw was found in the provisioning template handling in foreman. An attacker, with permissions to create templates, can cause internal Rails information to be displayed when it is processed, resulting in potentially sensitive information being disclosed.
Pulp makes unsafe use of Bash's $RANDOM to generate a NSS DB password and seed resulting in insufficient randomness. An attacker could potentially guess the seed used given enough time and compute resources.
It was found that Satellite 6 did not properly enforce access controls on certain resources. An attacker, with access to the API and knowledge of the ID name, can potentially access other resources in other organizations.
A flaw was found in discovery-debug in foreman. An attacker, with permissions to view the debug results, would be able to view the root password associated with that system, potentially allowing them to access it.
It was found that foreman is vulnerable to a stored XSS via a job template with a malformed name. This could allow an attacker with privileges to set the name in a template to display arbitrary HTML including scripting code within the web interface.
It was found that foreman is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.
A flaw was found in katello-debug where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
It was found that the hammer_cli command line client disables SSL/TLS certificate verification by default. A man-in-the-middle (MITM) attacker could use this flaw to spoof a valid certificate.
A flaw was found in foreman's logging during the adding or registering of images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems.
It was found that foreman in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
It was found that the private CA key was created in a directory that is world-readable for a small amount of time. A local user could possibly use this flaw to gain access to the private key information in the file.
A flaw was found in foreman's handling of template previews. An attacker with permissions to preview host templates can access the template preview for any host if they are able to guess the host name, disclosing potentially sensitive information.
A flaw was found in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.

6.1.2. RHBA-2018:0337: Satellite 6.3 Libraries

Information about this advisory is available at https://access.redhat.com/errata/RHBA-2018:0337.html.

6.1.3. RHBA-2018:0338: Satellite 6.3 Tools Release

Information about this advisory is available at https://access.redhat.com/errata/RHBA-2018:0338.html.

katello-agent

Under certain conditions, build 19 of the dispatch router can terminate unexpectedly with a segmentation fault. The memory management has been improved to prevent this happening.
You can now manage clients without goferd. This limits the host management functionality only to uploading the package profile after installing, removing, updating packages, and triggering the Satellite tasks such as the applicable errata.
When repeatedly installing and removing a package on the same Content Host, goferd accumulates memory over time. This has been fixed by locally settling down received messages in qpid-proton library.
Reinstalling katello-ca-consumer on a RHEL 7 Content Host did not restart goferd service. Consequently, katello agent did not reconnect to Satellite. This is now fixed.
Restarting the agent on the client forced package applicability calculations which were not necessary. This case has been fixed.
Updating katello-agent did not update dependencies. This is now fixed.
While pushing Errata using the Web UI and katello-agent, goferd terminated with a segmentation fault on some clients. This is now fixed.
Several memory usage bugs in goferd and qpid have been resolved.
When removing katello-ca-consumer RPM, the backup of /etc/rhsm/rhsm.conf was not restored. This is now fixed.
Several memory leaks have been fixed in the qpid dispatch router.
Hypervisor names reported by virt-who are now validated on input.
When qdrouterd was not accessible, the goferd process had a memory leak and goferd terminated unexpectedly. This is now fixed.
After installing 'katello-hosts-tools' and running the Puppet agent,enabled_repos_upload sent output to stdout after all of the 'yum check-update' had output their data. This caused errors for the Puppet agent on the client.

Qpid

During scaling testing of content hosts, qpid consumed huge amounts of memory. This is now fixed.
Previously, Satellite had a hard limit of 64k Content Hosts that can run katello agent. The Qpid Dispatch Router has been improved to remove this limit.
When pausing a Satellite in a VM, any goferd client on a machine registered
to a Capsule failed to connect to the Capsule and logged
“qd:no-route-to-dest” error. The error persisted after qdrouterd on the
Satellite resumed. The qpid dispatch router has been improved to unmap all
addresses in a more reliable way.
During scale testing, qdrouterd experienced segmentation faults in libqpid.so. This is now fixed.
qdrouterd on Capsule Server was deadlocked and did not react to commands to kill the process. This is now fixed.
When several goferd client connections tried to use qdrouterd on Satellite to link to qpidd, qdrouterd experienced a segmentation fault. This is now fixed.
During an upgrade, the qpidd user could not access or read the /etc/pki/katello/nssdb/nss_db_password-file file. The qpidd broker attempted to restart, which caused a segmentation fault.
The 'hammer host-collection erratum install` installation failed with a sub-task error. With the latest update to qpid, this is now fixed.