How to replace an existing Forman/Puppet server by a new one

Hello,

I am new on this group, so, hello everybody and please forgive me if
I break some cultural rules…

I started with Puppet/Foreman late spring and I now have a small
cluster installed and managed this way. Now I would like to secure
things a bit : first replay the installation of the Puppet/Foreman
server and make sure I am able to reinstall everything in a controlled
manner, second back-up all data that has to be.

  1. First question is how to switch my Puppet clients from one server
    to a new one (same puppet/foreman versions for the moment, but
    this is also a use case to switch to a more up-to-date server)

  2. Installing (foreman-installer) my new server I came across a few
    difficulties :

    a) foreman-installer uses the lastest foreman version (1.2) while
    I wanted to install 1.1. I think I have understood how to
    use params.pp files to obtain what I want.

    b) How to tell foreman-installer to use MySQL backend rightaway ?
    I set use_sqlite to false but it does not seem to be enough.
    There are no params for that…

    c) What is the best way to transfer DB data from one server to
    another given that if the Foreman versions do not match, the
    schema could be different ?

If some of you have been already in this situation, thanks for
their advices.

JM

··· -- ------------------------------------------------------------------------ Jean-michel BARBET | Tel: +33 (0)2 51 85 84 86 Laboratoire SUBATECH Nantes France | Fax: +33 (0)2 51 85 84 79 CNRS-IN2P3/Ecole des Mines/Universite | E-Mail: barbet@subatech.in2p3.fr ------------------------------------------------------------------------

Hi,

My understanding on this :

  1. client server switch:

Quick answer would be : you can't, because the puppet CA would be different.
Unless you've got a dedicated puppet CA server (or your own CA…).

Now, it is possible to have several puppet masters and slaves, you just have to change the puppet server in the file /etc/puppet/puppet.conf - but then you must make sure your different puppet servers correctly point to the ENC (forman) that's in production…

Actually, the foreman updates also are quite 'frightening' for me too, because I don't want to break what I have, so I'd be glad hearing about others 2 cents on this foreman/puppetmaster upgrade procedure.

For now, I would surely install a VM with my current setup, attempt an upgrade on it, and if working, roll out the upgrade in production.

2)c) I would say : database dump on old foreman, database restore on new foreman, schema upgrade on the new foreman ?
If the question is "how to migrate from sqlite to mysql/postgres" : I read ruby is db agnostic and it should be fairly "easy" to "read the db on one backend, then write it on another" - but I did not succeed in finding such a (working) tool, and I'm no ruby programmer. I found one tool that said it could do that, but failed at recreating tables…

Cheers

-----Message d'origine-----

··· De : foreman-users@googlegroups.com [mailto:foreman-users@googlegroups.com] De la part de Jean-Michel Barbet Envoyé : mardi 17 septembre 2013 10:33 À : foreman-users@googlegroups.com Objet : [foreman-users] How to replace an existing Forman/Puppet server by a new one

Hello,

I am new on this group, so, hello everybody and please forgive me if
I break some cultural rules…

I started with Puppet/Foreman late spring and I now have a small
cluster installed and managed this way. Now I would like to secure
things a bit : first replay the installation of the Puppet/Foreman
server and make sure I am able to reinstall everything in a controlled
manner, second back-up all data that has to be.

  1. First question is how to switch my Puppet clients from one server
    to a new one (same puppet/foreman versions for the moment, but
    this is also a use case to switch to a more up-to-date server)

  2. Installing (foreman-installer) my new server I came across a few
    difficulties :

    a) foreman-installer uses the lastest foreman version (1.2) while
    I wanted to install 1.1. I think I have understood how to
    use params.pp files to obtain what I want.

    b) How to tell foreman-installer to use MySQL backend rightaway ?
    I set use_sqlite to false but it does not seem to be enough.
    There are no params for that…

    c) What is the best way to transfer DB data from one server to
    another given that if the Foreman versions do not match, the
    schema could be different ?

If some of you have been already in this situation, thanks for
their advices.

JM

Jean-michel BARBET | Tel: +33 (0)2 51 85 84 86
Laboratoire SUBATECH Nantes France | Fax: +33 (0)2 51 85 84 79
CNRS-IN2P3/Ecole des Mines/Universite | E-Mail: barbet@subatech.in2p3.fr


You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.

  1. Sean's answer is much tidier than the trick I use by running a good old
    "ssh for loop" shutdown the puppet agent delete the ssl directory then do a
    puppet agent --server=new-puppet.example.com --wait-for-cert=300

a)
Not sure why you would want to use the 1.1 version 1.2 is imho much better
and 1.3 is just around the corner but there is a RHEL/CentOS repo for 1.1
installer[1] and Debian flavours are also available, you will find the
installer docs here[2] . Default there is Postgresql but the manual install
docs will help you get running with MySQL.

b) DB setup docs here
http://theforeman.org/manuals/1.1/index.html#3.5.3DatabaseSetup

c) The DB docs give examples of migrating, my advise backup and test

Afaik The installer is not meant for complex edge cases though I am happy
to be corrected here.

[1] http://yum.theforeman.org/releases/1.1/
[2] Foreman :: Manual

Jim :slight_smile:

··· On 17 September 2013 09:32, Jean-Michel Barbet < Jean-Michel.Barbet@subatech.in2p3.fr> wrote:

Hello,

I am new on this group, so, hello everybody and please forgive me if
I break some cultural rules…

I started with Puppet/Foreman late spring and I now have a small
cluster installed and managed this way. Now I would like to secure
things a bit : first replay the installation of the Puppet/Foreman
server and make sure I am able to reinstall everything in a controlled
manner, second back-up all data that has to be.

  1. First question is how to switch my Puppet clients from one server
    to a new one (same puppet/foreman versions for the moment, but
    this is also a use case to switch to a more up-to-date server)

  2. Installing (foreman-installer) my new server I came across a few
    difficulties :

    a) foreman-installer uses the lastest foreman version (1.2) while
    I wanted to install 1.1. I think I have understood how to
    use params.pp files to obtain what I want.

    b) How to tell foreman-installer to use MySQL backend rightaway ?
    I set use_sqlite to false but it does not seem to be enough.
    There are no params for that…

    c) What is the best way to transfer DB data from one server to
    another given that if the Foreman versions do not match, the
    schema could be different ?

If some of you have been already in this situation, thanks for
their advices.

JM


------------------------------------------------------------

Jean-michel BARBET | Tel: +33 (0)2 51 85 84 86
Laboratoire SUBATECH Nantes France | Fax: +33 (0)2 51 85 84 79
CNRS-IN2P3/Ecole des Mines/Universite | E-Mail: barbet@subatech.in2p3.fr
------------------------------------------------------------


You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.comforeman-users%2Bunsubscribe@googlegroups.com
.
To post to this group, send email to foreman-users@googlegroups.com
.
Visit this group at http://groups.google.com/**group/foreman-usershttp://groups.google.com/group/foreman-users
.
For more options, visit https://groups.google.com/**groups/opt_outhttps://groups.google.com/groups/opt_out
.

I just did something similar in migrating 20-30 servers from our original
puppetmaster to a new one when we implemented foreman. Now, my note
doesn't relate to the foreman/puppetmaster side of your question, but more
the client side problem of getting agents bound to one
puppetmaster/puppetca migrated to another one.

The simple answer… write a puppet module to accomplish it. Deploy the
module on your old puppet master and apply it to the nodes in some fashion

  • perhaps a couple of test nodes first.

Anyway, the high level actions in my module were:

  1. Use a file resource ensure that /var/lib/puppet/ssl is not present.
  2. Using a file resource ensure that /etc/puppet/puppet.conf is applied
    with a template pointing at your new master / environment, and Notify the
    puppet service.
  3. Watch as the puppet agent reconfigures itself, and joins the new
    puppetmaster.
  4. On my foreman/puppetmaster I am using a puppet-puppet module which
    integrates with foreman parameters like $::puppetmaster and $::foreman_env,
    so in the future if I move a host from one puppet master / puppet
    environment to another the puppet agent will update it's config on the next
    puppet run. I only have one puppetmaster currently, but the environment
    thing works like a champ.

Hope that helps a bit.

··· On Thu, Sep 26, 2013 at 10:55 AM, SCHAER Frederic wrote:

Hi,

My understanding on this :

  1. client server switch:

Quick answer would be : you can’t, because the puppet CA would be
different.
Unless you’ve got a dedicated puppet CA server (or your own CA…).

Now, it is possible to have several puppet masters and slaves, you just
have to change the puppet server in the file /etc/puppet/puppet.conf - but
then you must make sure your different puppet servers correctly point to
the ENC (forman) that’s in production…

Actually, the foreman updates also are quite ‘frightening’ for me too,
because I don’t want to break what I have, so I’d be glad hearing about
others 2 cents on this foreman/puppetmaster upgrade procedure.

For now, I would surely install a VM with my current setup, attempt an
upgrade on it, and if working, roll out the upgrade in production.

2)c) I would say : database dump on old foreman, database restore on new
foreman, schema upgrade on the new foreman ?
If the question is “how to migrate from sqlite to mysql/postgres” : I read
ruby is db agnostic and it should be fairly “easy” to “read the db on one
backend, then write it on another” - but I did not succeed in finding such
a (working) tool, and I’m no ruby programmer. I found one tool that said it
could do that, but failed at recreating tables…

Cheers

-----Message d’origine-----
De : foreman-users@googlegroups.com [mailto:foreman-users@googlegroups.com]
De la part de Jean-Michel Barbet
Envoyé : mardi 17 septembre 2013 10:33
À : foreman-users@googlegroups.com
Objet : [foreman-users] How to replace an existing Forman/Puppet server by
a new one

Hello,

I am new on this group, so, hello everybody and please forgive me if
I break some cultural rules…

I started with Puppet/Foreman late spring and I now have a small
cluster installed and managed this way. Now I would like to secure
things a bit : first replay the installation of the Puppet/Foreman
server and make sure I am able to reinstall everything in a controlled
manner, second back-up all data that has to be.

  1. First question is how to switch my Puppet clients from one server
    to a new one (same puppet/foreman versions for the moment, but
    this is also a use case to switch to a more up-to-date server)

  2. Installing (foreman-installer) my new server I came across a few
    difficulties :

    a) foreman-installer uses the lastest foreman version (1.2) while
    I wanted to install 1.1. I think I have understood how to
    use params.pp files to obtain what I want.

    b) How to tell foreman-installer to use MySQL backend rightaway ?
    I set use_sqlite to false but it does not seem to be enough.
    There are no params for that…

    c) What is the best way to transfer DB data from one server to
    another given that if the Foreman versions do not match, the
    schema could be different ?

If some of you have been already in this situation, thanks for
their advices.

JM

Jean-michel BARBET | Tel: +33 (0)2 51 85 84 86
Laboratoire SUBATECH Nantes France | Fax: +33 (0)2 51 85 84 79
CNRS-IN2P3/Ecole des Mines/Universite | E-Mail: barbet@subatech.in2p3.fr


You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.


You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.


Sean M. Alderman
Senior Engineer, UDit Systems Integration and Engineering
University of Dayton
300 College Park
Dayton, Ohio 45469-1530
(937) 229-5088
salderman1@udayton.edu

“We are not some casual and meaningless product of evolution. Each of us
is the result of a thought of God. Each of us is willed. Each of us is
loved. Each of us is necessary.”
- BXVI

Thank you Frederic, Sean, Jim for your answers, I will read the links.

JM

··· On 09/26/2013 05:35 PM, James Bailey wrote: > 1) Sean's answer is much tidier than the trick I use by running a good > old "ssh for loop" shutdown the puppet agent delete the ssl directory > then do a puppet agent --server=new-puppet.example.com > --wait-for-cert=300

Jean-michel BARBET | Tel: +33 (0)2 51 85 84 86
Laboratoire SUBATECH Nantes France | Fax: +33 (0)2 51 85 84 79
CNRS-IN2P3/Ecole des Mines/Universite | E-Mail: barbet@subatech.in2p3.fr