New Foreman Release

So, its been a long time, and finally we got a new foreman release

Download - http://theforeman.org/foreman-latest.tar.bz2
RPMS http://yum.theforeman.org
DEB - http://deb.theforeman.org

Some of this version highlights:

• New UI that doesn't SUCK.
• host groups can now be nested
• hostgroups can now act as a as templates, including VM attributes etc.
• Introducing Smart Variables
• Most of Foreman_configuration has been moved into the UI itself,
  this does not require a restart every time you change something, only
  core settings remain in the settings file.
• audit log now capture class assignments
• Solaris (sparc and intel) provisioning support
• OpenSUSE provisioning support
• BMC NIC management
• Introducing Foreman CLI
• Many API improvements
• added rundeck integration
• dhcp subnets can now be imported via the proxy

Smart Proxy version
In order to use provisioning support with this version of Foreman, you
are required to* update your proxy* to the latest 0.3 release.

Ruby 1.87 support
Foreman 0.4 would be the last major version supporting Ruby older then 1.87.
This has to be done since the upstream rails community no longer
supports older versions, which means that critical security patches
are no longer available if we keep supporting that.

if required, we would release 0.4.x maintenance releases, but since
ruby 1.87+ is available on most distribution these days, you are
encouraged to upgrade.

All in all, this version has around 180 features/bugs fixed, so its
our largest so far - full details at [1]

Full release notes [2]

We've also added another means of communications (besides IRC and
mailing lists, Google+ page [3])

I would like to thank anyone who contributed to the project, I'm
having lots of fun

Ohad

[1] - http://theforeman.org/versions/show/13
[2] - ReleaseNotes - Foreman
[3] - https://plus.google.com/u/0/b/102496134326414788199

Nice, any screenshots of the new UI?!

Josh

My compliments for the many improvements in this new version! Looks
really nice and lots of improvements. Thanks for the hard work you put
into this project.

Well, I know what I'm working on this week now!

Thanks for all the hard work!
Jake

The way I see it:

Don't upgrade to ruby 1.87 ==> known security holes that could exploit
your foreman server (impacting everyone).
Upgrade to ruby 1.87 ==> Pain of migrating foreman to a newer
distribution (impacting only a subset of the users)**

We are also planning to have a maintenance release in the 0.4.x
versions, so critical bugs (and probably less than critical) would be
fixed there as well.

Ohad

** which imho is a non issue, as :

1. there is a fully automated puppet module to install foreman
2. you only need to pass the db and a couple of config files.

>>
>> Ruby 1.87 support
>> Foreman 0.4 would be the last major version supporting Ruby older then 1.87.
>> This has to be done since the upstream rails community no longer
>> supports older versions, which means that critical security patches
>> are no longer available if we keep supporting that.
>>
>> if required, we would release 0.4.x maintenance releases, but since
>> ruby 1.87+ is available on most distribution these days, you are
>> encouraged to upgrade.
>>
>> No distribution based on RHEL5 has a supported version of ruby other than
>> 1.85 AFAIK. It's pretty much a roll-your-own-RPM for 1.87, and that's not
>> possible for most sites.
>
> The way I see it:
>
> Don't upgrade to ruby 1.87 ==> known security holes that could exploit
> your foreman server (impacting everyone).

This is not how RHEL works!
The version stays the same all 7 years of lifetime of the distribution but they are backporting security relevant stuff. Therefore you can not tell from the version number if software is vulnerable. Actually, one can expect, and this is what one pays redhat for, that there are NO security holes in their ruby packages.

Please see https://access.redhat.com/security/updates/backporting/

> Upgrade to ruby 1.87 ==> Pain of migrating foreman to a newer
> distribution (impacting only a subset of the users)**
>
> We are also planning to have a maintenance release in the 0.4.x
> versions, so critical bugs (and probably less than critical) would be
> fixed there as well.

Fine, btw. regular RHEL 5 lifecycle ends on March 31, 2014
https://access.redhat.com/support/policy/updates/errata/

Best Regards, Markus

>
>
>>>
>>> Ruby 1.87 support
>>> Foreman 0.4 would be the last major version supporting Ruby older then 1.87.
>>> This has to be done since the upstream rails community no longer
>>> supports older versions, which means that critical security patches
>>> are no longer available if we keep supporting that.
>>>
>>> if required, we would release 0.4.x maintenance releases, but since
>>> ruby 1.87+ is available on most distribution these days, you are
>>> encouraged to upgrade.
>>>
>>> No distribution based on RHEL5 has a supported version of ruby other than
>>> 1.85 AFAIK. It's pretty much a roll-your-own-RPM for 1.87, and that's not
>>> possible for most sites.
>>
>> The way I see it:
>>
>> Don't upgrade to ruby 1.87 ==> known security holes that could exploit
>> your foreman server (impacting everyone).
>
> This is not how RHEL works!
> The version stays the same all 7 years of lifetime of the distribution but they are backporting security relevant stuff. Therefore you can not tell from the version number if software is vulnerable. Actually, one can expect, and this is what one pays redhat for, that there are NO security holes in their ruby packages.

Trust me, I know, I work for redhat.

if its not clear, what it means, is that if you want to run it on
RHEL5, you can either keep running the current 0.4.x versions or
upgrade your ruby stack. otherwise use a more recent distribution.

I've tried very hard to make foreman accessible to as many
distributions as possible, and as i look at foreman becoming important
piece in the infrastructure puzzle, I can't ignore security issues.

Ohad