Problem:
I have deployed a new version #3.4.1 recently. Our older version is running on version #2.0.3.
Now I am planning to migrate old Foreman clients to new one. Hence wanted a guidance in this regards.
Expected outcome:
I checked with freshly installed client with following command and registration works well.
Hi! The global registration template should help with this (Hosts > Register Host). You’ll want to go to the advanced tab and check the “Force” option - this will pass --force to subscription-manager when registering, meaning it will unregister the host from the old Foreman first before registering to the new one.
If the old Foreman no longer exists, you should run subscription-manager clean on the hosts, then run the global registration script without the force option.
Thank you very much for your help!
Addition to your solution, just wanted to check if there are any packages needed to be removed belonging to old Foreman i.e. Katello CA / Agent / QPID rpms etc?!?!
Or the curl command will take care of this removal?
No, you don’t have to manually change any packages. The new server configuration in /etc/rhsm/rhsm.conf that you get from running the curl command will take care of everything you need.
Hi… Tried with one agent to test but something is looks weird. Somehow it is hitting old Foreman for consumer CA rather than querying the new Foreman & is preregistering from new Foreman instead of old Foreman. oldforeman.ex.org > DNS Entry newforeman.ex.org > Host File entry (DNS Entries not yet done)
Here is an output :
[root@agent1 ~]# curl -sS 'https://newforeman.ex.org/register?activation_keys=centos_uat&hostgroup_id=1&lifecycle_environment_id=1&location_id=2&operatingsystem_id=1&organization_id=1&update_packages=false' -H 'Authorization: Bearer <hash_truncated>' | bash
#
# Running registration
#
Unregistering from: newforeman.ex.org:443/rhsm
Unable to verify server's identity: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:618)
All local data removed
Loaded plugins: enabled_repos_upload, fastestmirror, package_upload, product-id, search-disabled-repos, subscription-manager, tracer_upload
This system is not registered with an entitlement server. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package katello-ca-consumer-oldforeman.ex.org.noarch 0:1.0-2 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================================================================================================================================
Package Arch Version Repository Size
==============================================================================================================================================================================================
Removing:
katello-ca-consumer-oldforeman.ex.org noarch 1.0-2 @/katello-ca-consumer-latest.noarch 16 k
Transaction Summary
==============================================================================================================================================================================================
Remove 1 Package
Installed size: 16 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Erasing : katello-ca-consumer-oldforeman.ex.org-1.0-2.noarch 1/1
Uploading Package Profile
Cannot upload package profile. Is this client registered?
Uploading Tracer Profile
Cannot upload tracer data, is this client registered?
Verifying : katello-ca-consumer-oldforeman.ex.org-1.0-2.noarch 1/1
Removed:
katello-ca-consumer-oldforeman.ex.org.noarch 0:1.0-2
Complete!
Uploading Enabled Repositories Report
Cannot upload enabled repos report, is this client registered?
Loaded plugins: enabled_repos_upload, fastestmirror, package_upload, product-id, search-disabled-repos, subscription-manager, tracer_upload
This system is not registered with an entitlement server. You can use subscription-manager to register.
Loading mirror speeds from cached hostfile
There are no enabled repos.
Run "yum repolist all" to see the repos you have.
To enable Red Hat Subscription Management repositories:
subscription-manager repos --enable <repo>
To enable custom repositories:
yum-config-manager --enable <repo>
Uploading Enabled Repositories Report
Cannot upload enabled repos report, is this client registered?
HTTP error (500 - Internal Server Error): At least one activation key must have a lifecycle environment and content view assigned to it
[root@agent1 ~]#
Am I doing something wrong or missing on some steps?
my bad! I did the modifications & now trying with freshly installed system. Here is the error I am getting:
[root@agent1 ~]# curl -sS 'https://newforeman.ex.org/register?activation_keys=centos_uat&hostgroup_id=1&lifecycle_environment_id=1&location_id=2&operatingsystem_id=1&organization_id=1&update_packages=false' -H 'Authorization: Bearer <hash_truncated>' | bash
#
# Running registration
#
Loaded plugins: fastestmirror
No Match for argument: katello-ca-consumer*
No Packages marked for removal
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was
14: curl#7 - "Failed to connect to 2600:1f16:c1:5e01:4180:6610:5482:c1c0: Network is unreachable"
One of the configured repositories failed (Unknown),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:
1. Contact the upstream for the repository and get them to fix the problem.
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
3. Run the command with the repository temporarily disabled
yum --disablerepo=<repoid> ...
4. Disable the repository permanently, so yum won't use it by default. Yum
will then just ignore the repository until you permanently enable it
again or use --enablerepo for temporary usage:
yum-config-manager --disable <repoid>
or
subscription-manager repos --disable=<repoid>
5. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true
Cannot find a valid baseurl for repo: base/7/x86_64
'/etc/rhsm/rhsm.conf' not found, cannot configure subscription-manager
[root@agent1 ~]#
How did rhsm.conf get deleted? Subscription manager needs this file.
Try running subscription-manager clean, then generate a new registration script from the new Foreman and run it. This will ensure that the sub-man config is correct, I think.
We usually carry out minimal installation of CentOS server. Per my understanding, subscription-manager does not get installed by default?!?!
Could that be a reason for this error? Though only following file is present on the client -
-rw-r--r--. 1 root root 2981 Jan 30 16:52 /etc/rhsm/ca/katello-server-ca.pem
Hi…
Yes, I tried subscription-manager clean but that did not work.
Could it be because agent could not installsubscription-manager package? If the curl command installs this package from the foreman, then it should have ideally worked. If it tries to install the package from internet, probably it should not work as there is no internet connectivity from the agent.
Are there any specific steps which are to be carried out for the systems with no internet access?
Is it possible to get list of packages which curl command installs so that I can have it stored on internal share drive from which it will wget and install first?
Thanks!
Yes, you’d have to have the content available on the disconnected Foreman instance. subscription-manager is provided by the RHEL BaseOS repository; not sure which other repos you may find it in. You can use the import/export process to get content from a connected Foreman to a disconnected one. But you may still have to install subscription-manager manually; I’m not sure.
You can view the registration template script in Hosts > Provisioning Templates > Global Registration. (Also, what I like to do is remove the | bash from the end of the generated curl command. This will allow you to see the rendered template.)
I’d recommend using remote execution instead of katello-agent, as katello-agent is deprecated. But if you do want to use it, and have already enabled it in the installer, you’ll next have to enable the Foreman Client repository on Foreman; katello-agent is provided there. Then you can just yum install it on the hosts.
update: I can’t remember exactly what the upstream repo is called… Foreman tools? Foreman client?
Thank you so much for the help!
Will it be possible for you to share document links where in I can study about this?
Looks like there are major changes happened in new version so would like to learn little more about it.
Something with reference to remote command, simple content, etc.
Thanks… I have those repos ready but if something is getting deprecated, I would rather think of going with future-ready setup. Hence wanted to know more about remote command, simple content, etc.
The linked repos also contain katello-host-tools-tracer which provides tracer uploads from your clients to your Foreman server. Not using katello-agent is definitely a good call.
For Rocky Linux 8, you’ll find subscription-manager in the basic OS repositories; a Foreman Client is IMHO stricly speaking not necessary then for basic registration.