Foreman upgrade to support CentOS-8

Problem: I have a Foreman-Katello installation version 1.22.0 I would like to upgrade it to a version that supports CentOS-8, can I upgrade from my current version to the latest version, what is the upgrade path? I had a difficult time getting the initial install to work properly and I would hate to screw up this installation. Any advice, help, would be appreciated.

**Foreman and Proxy versions: Pulp, Dynflow, Ansible, SSH, Templates, TFTP, Puppet CA, Puppet, Logs, and HTTPBoot - 1.22.0

Foreman and Proxy plugin versions: foreman-tasks - 0.15.5
foreman_ansible - 3.0.2
foreman_remote_execution - 1.8.0
katello - 3.12.0

Distribution and version: 1.22.0

There is not a currently released version of Katello that supports running on top of CentOS 8. This is most likely to occur with the Katello 3.18 release. I would suggest working to upgrade to latest Katello and stay up to date so you are ready when that version is released. The migration path when it is released will be to do a clone (with some tooling) of application data over to a new CentOS 8 box. We will work on getting more details around this.

1 Like

Let me rephrase my question, I would like to know what is the earliest version of foreman-katello that has support for CentOS-8 as a content host, not as the foreman-katello main server.

Ahh, in that case EL8 support was introduced in Katello 3.10. Looks like you are on Katello 3.12 and therefore should have support. Are you seeing an issue?

1 Like

I haven’t tried it yet starting to add CentOS-8 to our environment. So Katello 3.10 is supported. What agent should I use on my CentOS-8 boxes to connect to Foreman? This is the repo I used for CentOS-7, ,because my Foreman-Katello installation is 1.22.0, can I still use that version of the agent? In looking through the repo it looks like I would have to be at version,

There is no katello-agent on EL8 for remote yum actions. Users will need to use Remote Execution plugin to achieve that functionality. Package, enabled repositories and errata reporting are still maintained and working on EL8. For more information around the katello-agent and EL8 see this (extensive) thread:

Hmm, from reading that thread it sounds like I won’t be able to use subscription-manager then to pull down content from my foreman server then and deploy errata, package updates, etc. like I used to and will probably have to come up with a whole new way now to do these updates. What a shame it took us almost a year to get all of our hosts registered with Foreman and running errata and package updates working successfully, only to have to come up with a different solution for CentOS-8 now.

I don’t think you should have to change your whole workflow. The only real difference between CentOS 8 and CentOS 7 support is the agent piece. All the agent piece provided was a pull mechanism for running yum updates or yum install initiated from the Server. The replacement for that is using Remote Execution plugin with a push model through SSH or Ansible. The connection from the client to Server changes (ssh to client vs agent to qpid) but the initiation mechanism is the same (kick off action from the server for a host or set of hosts).

I will add we are in the early stages of exploring a replacement pull provider if that is the concern.

So how would I now register new CentOS-8 hosts with Foreman? I used to register my hosts, keep in mind I am not using Foreman as a mechanism to build out my hosts, we build them out through a VMware process, and the subscribe them to our Foreman-Katello installation, with this type of method.

sudo curl --insecure --output katello-ca-consumer-latest.noarch.rpm https://SOMESERVER/pub/katello-ca-consumer-latest.noarch.rpm
sudo yum localinstall katello-ca-consumer-latest.noarch.rpm
sudo subscription-manager register --org=“Default_Organization” --activationkey=“CentOS_7_Prod_Key”

This workflow still works for CentOS 8 hosts. Nothing changed there.

Okay. I guess the issue I have is that if I wanted to pull in the CentOS-8 repo, with other versions of CentOS I could click on the Errata tab and manage errata on the host, apply updates, etc. The katello-agent package is required to manage errata on the host. It sounds like that ability is gone now and I have to configure a different option to view and run updates now on anything running CentOS-8. We strictly use Foreman-Katello as a mechanism to deliver security updates and package updates, and some minimal management using SSH. But we are not using Foreman-Katello for CI pipelines, building out hosts, deploying templates, etc. It’s main purpose in our environment is patching. Right now it works pretty well, but now if we inject CentOS-8 hosts that ability is gone.

You don’t have to change much like written before.
You need to register your CentOS8-machine like you have done it before (maybe you need to make the subscription-manager with a new repository available to do so).
After registration (what seemed to be succesful) you need to install the package “katello-host-tools” and optionally “katello-host-tools-tracer”, which are the successors to the old “katello-agent”. These packages also exist for CentOS 7.
The “katello-host-tools” install a plugin for yum/dnf, that all packages and repositories are uploaded to your foreman. Then you can see the package-list and katello can calculate if there are available package upgrades or errata.
The “katello-host-tools-tracer” additionally check after updates if there are services, which need a restart. After a kernel-upgrade it suggests to reboot the machine. However, this package is optional.
That the foreman/katello can show errata for your CentOS 8-hosts you need repositories in which these Errata-information are available. This might be the main issue - we also use CentOS8, but we do not have repositories with errata-information inside:

The only other difference if you want to apply package updates/errata from the GUI is the need of the SSH-key for remote execution in the authorized keys of your host. Then you can install the packages using remote execution, where the foreman-proxy user (the used keys are under /var/lib/foreman-proxy/ssh/) connects to the host via ssh to the user you configured (default is root) and installs the packages instead of the communication over qpid with the katello-agent.
So you do not need to check anymore if qpid runs, but you have to make sure that the authorized keys contain the ssh-key. Other than that only the package name changes from “katello-agent” to “katello-host-tools” and the mechanisms behind are different.

Also you should have the plugin “remote execution” enabled inside your foreman - and if you want to use ansible-jobs instead of ssh with bash, you might want the ansible-plugin as well.