Foreman/Katello 3.2/4.4 update to 3.3/4.5 on AlmaLinux 8.6

Took the plunge and upgraded Foreman/Katello 3.2/4.4 to 3.3/4.5 on AlmaLinux 8.6 today and all went well. Just a few things I noticed and did compared to the documentation.
I ran this on both Foreman and Proxies:

dnf -y module enable foreman katello pulpcore

On Foreman server I just went:

dnf -y install
dnf -y install
dnf clean all
dnf -y update
foreman-maintain service stop

Since my Proxies run offline using repos from Foreman, I started by adding new RPM-GPG-KEY keys for Foreman 3.3/Katello 4.5 and Pulpcore to Foreman and then create new repos for:

and subscribe the proxies to them.
Run this on offline proxies and zero out any new .repo file in /etc/yum.repos.d/ (expect redhat.repo):

dnf -y update katello-repos foreman-release

After that I just went:

dnf clean all
dnf -y update

I did not regenerate any certificates for the proxies.

I do the update on my proxies usually the same way as the main server, i.e. update, stop services, run foreman-installer. Then everything is up again…

Since “foreman-maintain service stop” is not available on my proxies, how do you stop the services on the proxy?

[root@proxy ~]# foreman-maintain service stop
-bash: foreman-maintain: command not found

How did you install those proxies?

It should be in rubygem-foreman_maintain…

They are installed as Katello content proxies with:

foreman-installer \
--scenario foreman-proxy-content \
--certs-tar-file                              "/root/smart-proxy_certs_proxy.tar" \
--foreman-proxy-register-in-foreman           "true" \
--foreman-proxy-foreman-base-url              "https://foreman.internal" \
--foreman-proxy-trusted-hosts                 "foreman.internal" \
--foreman-proxy-trusted-hosts                 "proxy.internal" \
--foreman-proxy-oauth-consumer-key            "XXXXXXXXXXXXXXXXXXX" \
--foreman-proxy-oauth-consumer-secret         "XXXXXXXXXXXXXXXXXXX" \
--foreman-proxy-plugin-ansible-manage-runner-repo "false" \
--enable-foreman-proxy-plugin-ansible \
--enable-foreman-proxy-plugin-openscap \
--enable-foreman-proxy-plugin-remote-execution-ssh \
--foreman-proxy-plugin-remote-execution-ssh-remote-working-dir /opt/fmrex

What is the foreman-installer option for updating the Foreman servers?

For updates you run foreman-installer without any options after updating the rpms, just like I wrote in the first post and also stated in the documentation.

Ok thanks. But that is just for the install correct?

I was thinking of ongoing updates, which is outlined in this doc but this is for Red Hat Satellite but it is listed in the Foreman docs.

I would recommend to always follow the “full update” instructions, even for minor version updates. There have been some minor updates which required database updates. Easiest way to do those is to run foreman-installer.

# dnf -y update
# foreman-maintain service stop
# foreman-installer

After that, everything should be up-to-date and running again.

1 Like