Migrate foreman + katello to new host in new datacenter

bhatsu · May 28, 2021, 8:40pm

Problem: Advice on migrating existing foreman + katello server to new hosts in new datacenter

Expected outcome: Foreman running in new datacenter

Other relevant data: In our current infrastructure we have two DCs and we have a foreman server running katello in one location (DC1) and a smart-proxy running in 2nd location (DC2).
We are now migrating to two new datacenters and have to build servers from scratch in the new DCs.

We are currently working on new datacenter (New-DC1) and have spun up an additional smarty-proxy pointing to the foreman server at DC1.

We will soon start work on the 2nd new datacenter New-DC2 which is where our foreman + Katello server will eventually reside. We are exploring our option on how to migrate the current foreman to this new location. Should we be building another smart-proxy at New-DC2 and then when everything is built we convert it to being the main foreman server (if that is even possible) OR should we build a new foreman server at this new datacenter (New-DC2) and then re-point the newly created smart-proxy (New-DC1) to it? OR will a backup and restore of foreman server be a good idea keeping in mind that we are building everything from scratch at the new location so existing host data isn’t of any use.

The only thing we really care about is puppet, foreman hostgroups and their variables plus the parameters that have been defined.

Marek_Hulan · May 31, 2021, 12:26pm

It depends on the amount of data you have to create (number of foreman host groups, number of smart class parameters you override etc). I think that starting from scratch is always good. If you use foreman-ansible-modules to automate the Foreman setup, you can even reuse that in New-DC3, 4 and 5 in future

If you prefer avoiding re-creation of some parts, you still need to migrate everything. The new Foreman would have to use the same certificates, some instance specific things are stored in the DB (settings mainly). You may be interested in Administering Foreman since you have Katello in the mix

bhatsu · May 31, 2021, 4:35pm

Thanks @Marek_Hulan.
I also think recreating the foreman from scratch is a good idea since we can automate the setup now.
Can the smart-proxies be easily re-registered to a different foreman server or am I looking at recreating them as well ?

Marek_Hulan · June 1, 2021, 3:30pm

Smart proxy reregistration should be simple. The biggest issue you’ll hit is the certificate trust. If you reuse the CA certificates from the previous Foreman, it may work. I don’t know whether there’s a way to clean up or link existing content to new content views, but my guess is not. So if you already have a lot of repos synced there, it’s probably better to deploy new ones. Deploying a smart proxy is usually much easier than deploying a Foreman

cc @katello developers, they may have some insights about content migration I’m not aware of