Foreman 3.5.0-rc1 is now ready for testing

The first release candidate for Foreman 3.5 is now available. Special thanks to everyone who contributed and took part in making this release ready.

Please help by testing and getting it release-ready, and let us know if you hit any issue when upgrading or installing the release candidate either here or on our issue tracker.

There are likely still some updates needed in the installation instructions and other parts of the documentation. For example, both the host index and detail pages received some excellent improvements but they haven’t been mentioned as headline features yet.

This is also a good time to improve translations for existing locales to ensure full coverage. Help out at: Foreman localization.

Packages may be found in the 3.5 directories on both and, and tarballs are on

The GPG key used for signing RPMs and tarballs has the following fingerprint:

The GPG key used for signing DEBs has the following fingerprint:

1 Like

Upgrade went smooth and took ~25 minutes

Few comments:

  1. there were some warnings, the default config files have changes, perhaps we should warn people in upgrade guide, so they update yml files manually with the new keys.
warning: /etc/foreman-proxy/settings.d/registration.yml created as /etc/foreman-proxy/settings.d/registration.yml.rpmnew
warning: /etc/foreman-proxy/settings.yml created as /etc/foreman-proxy/settings.yml.rpmnew
warning: /etc/foreman/settings.yaml created as /etc/foreman/settings.yaml.rpmnew
warning: /etc/foreman-proxy/settings.d/remote_execution_ssh.yml created as /etc/foreman-proxy/settings.d/remote_execution_ssh.yml.rpmnew
warning: /etc/foreman-proxy/settings.d/ansible.yml created as /etc/foreman-proxy/settings.d/ansible.yml.rpmnew

This one is probably safe to ignore

warning: /etc/foreman-installer/scenarios.d/foreman-answers.yaml created as /etc/foreman-installer/scenarios.d/foreman-answers.yaml.rpmnew

but that should also probably be mentioned.

  1. another warning, we should probably update the policy (this instance does not have foreman_puppet installed, it used to have but then it was cleared out)
/sbin/restorecon: SELinux: Could not get canonical path for /etc/puppet/node.rb restorecon: No such file or directory.
  1. Rake task prints the following deprecation, perhaps something we can tell users also to ignore
WARNING: Sidekiq::Web.sessions= is no longer relevant and will be removed in Sidekiq 7.0. /usr/share/gems/gems/sidekiq-6.3.1/lib/sidekiq/web.rb:75:in `set'
  1. there’s 10 manual steps I need to run over SSH, each taking non-trivial time, so I have to watch the progress to run the next one. I wish there was some wrapper around this, which would execute everything as a single upgrade command, like foreman-maintain upgrade :slight_smile:

  2. In REX job, I see "
    Error loading data from proxy: RestClient::NotFound - 404 Not Found" as the error but then the regular stdout cc @aruzicka

  3. the ansible jobs also contain some warnings and deprecation warnings, cc @nofaralfasi and @evgeni

new standard, use ANSIBLE_CALLBACKS_ENABLED instead. This feature will be 
removed from ansible-core in version 2.15. Deprecation warnings can be disabled
 by setting deprecation_warnings=False in ansible.cfg.
[WARNING]: The `requests` python module is not installed Disabling the Foreman
callback plugin.
[WARNING]: Skipping callback 'theforeman.foreman.foreman', unable to load due
to: name 'requests' is not defined

As I said before, all was smooth. I generally tested UI, REX and Ansible jobs and all works. The new host detail page, selectable columns on all hosts page and new REX wizards are nice, all should be highlighted as headline features. Great work!

Thanks! For clarity, I’m guessing this is with Katello and thus a bit slower than a vanilla Foreman.

Yes, the installer manages those so they can be ignored. We’ve had this since forever so I’m not sure how much of a problem it really is. I’m also not sure how we can deal with it, given yum.

Correct. We’ve talked about moving the answers to /var/lib/foreman-installer since they’re more like a DB, but we haven’t found the time to work on it yet.

I recall you mentioned the same earlier:

It still makes me think the -i parameter on restorecon is broken. However, I haven’t checked if there’s an upstream bugreport for that. For reference, from man 8 restorecon: -i ignore files that do not exist.

I know @aruzicka wanted to upgrade further, but it was non-trivial. Having said that, I don’t know where this triggers from. Is there a stack trace?

No, that’s without Katello, the whole plugin list is:

  • foreman-tasks
  • foreman_ansible
  • foreman_remote_execution
  • foreman_webhooks


This was the output of foreman-rake db:sessions:clear, I don’t see anything from this in production.log

The whitelist/enabled thing is known and “intentional” (we want to support old Ansible too, so we set both):

The requests one doesn’t make sense. Can you post the output of rpm -qa |grep -E '(ansible|requests)' please? The collection should have a correct dependency on the requests package:

With the callback disable things do not work as smooth as you say – you get no reporting to Foreman about things :wink:

It may be good to mention it in release notes so people don’t worry about it.

here you are


well there’s another reason for that, my roles are now incompatible with the new ansible and I need to fix that first :wink: but sure, the callback likely does not work right now

This is somewhat known issue. Currently we have no way of distinguishing between “the task did not appear on the proxy yet” and “the task disappeared from the proxy” without doubling the amount of http requests we do. Iirc there’s a BZ for it around here somewhere.

Most likely it is coming from here foreman-tasks/routes.rb at master · theforeman/foreman-tasks · GitHub

Huh? What new ansible do you mean? We’ve been using the BaseOS-provided ansible-core ever since EL 8.6 released.

Anyway, I cannot reproduce the requests warning on my 3.5 install here and would ask for access to yours if you want to debug this further.

That’s not the version that is in the 3.5 plugins repo. It should be ansible-collection-theforeman-foreman-3.7.0-2.el8.noarch.

3.5.0-1 doesn’t contain the new Python 3.9 dependency.

funny, now it shows as upgradable, as of Thursday, it was not (I’m sure I did full upgrade)

I blindly applied the command from the upgrade instructions dnf upgrade ruby\* foreman\* which didn’t upgrade the ansible-collection-theforeman-foreman. We should probably add this to the command or somehow enforce the upgrade.

That wouldn’t have updated ansible-core to 2.13 either :stuck_out_tongue: