I’ve seen a number of documents that indicate that Katello can’t be added to Foreman, and that a new installation is needed. Does that include the DB? Do users need to start completely from scratch, recreating their host groups manually, and subscribing clients individually? Or can the new host be configured to use the old DB, and simply replace it?
Truth is, it can be added, but our installer does not support that and I haven’t heard about anybody succeeding the manual path (as it is not documented at all).
Which brings question - our installer is puppet based, why it actually does not work? If you run installer with foreman scenario and then with katello scenario shouln’t puppet just correct things according to manifests @ekohl? Is this just lack of testing?
I think the hardest part is that with Katello, all certificates are generated by Katello CA (candlepin) while with pure Foreman it’s puppet CA. Replacing certs is hard, even detecting they should be replaces is hard.
I also thing that certs are major issue, we should get them aligned short-term.
@dLobatog has tried it and it is possible with the installer, but you need to know a few things. The installer isn’t really the issue because it’s idempotent though I recall there was an issue that Foreman runs the proxy on port 8443 and katello on 9090. I don’t think we handled changing the URL in the installer.
So technically it’s possible but it’s not really supported in the sense that it’s undocumented.
This is hard. The certificate stack of Katello is not one I would want to use for Foreman. It’s a very complicated script that nobody dares to touch. There are also big benefits to reusing the Puppet CA. Ideally we’d have something pluggable and I have done some tests with that. I mostly got stuck on actually understanding the Katello stack well enough. The certs module also has some issues we need to fix. This has been the biggest obstacle to splitting the Katello deployment into multiple hosts.
Is it realistic to expect the following sequence to work:
- Install Foreman+Katello on new host
- Configure that host to use the existing PostgreSQL datagbase
- Add any required HTTPS certificates
- Modify DNS to point to new server
- Retire older Foreman server
There are currently two know migrations that will fail adding Katello to Foreman due to ordering. This can be worked around. The biggest question I have is:
- How many nodes are you managing?
- Are they all puppet managed nodes?
About 3700 nodes, all puppet managed.
Is there any documentation on the known migration failures, or the workarounds?