Hello altogether,
I am planning on moving hosts from my old Foreman to a new Foreman with Katello. The puppet master is also new. My question is now, how is the recommended action to do this?
I have the following environment:
Foreman 1.19 -> Foreman 1.20.2 (with Katello)
Puppet is 5.5 on both sides
My plan was to stop puppet agents on the hosts to be migrated and unmanage them from old foreman. In new foreman I will add them to be managed but I am not yet sure how to make them work with the new puppet master (certs âŚ).
Also, is it sufficient to just subscribe the hosts to katello?
Iâve done something similar. I used remote execution on the old Foreman server to move endpoints to the new one. Also with Puppet 5 from PuppetLabs.
Presumptions:
you have pre-shared keys deployed for your smart-proxy on the endpoints, and a puppet profile that will update the keys when the hosts change.
remote execution via SSH already works.
Puppet auto-sign is turned on for the new server
Use remote execution with something like the following:
rm -rf /etc/puppetlabs/puppet/ssl/ && /opt/puppetlabs/bin/puppet config --section agent set server foreman.domain.ca && /opt/puppetlabs/bin/puppet config --section main set server foreman.domain.ca && systemctl restart puppet
The puppet config --section agent and --section main were to ensure that there were no differences between systems that were manually added to puppet, and others having the puppet config managed by puppet. Puppet gets confused when main refers to one server, and agent refers to a different one.
You could use remote execution to also register hosts with subscription-manager using something similar and activation keysâŚ
Thanks for your reply!
Some of your points really helped me out but in my case I did not have remote execution on my old Foreman instance. Yet, the shell commands did work out, here is what I did:
Stop puppet agent
remove /etc/puppetlabs/puppet/ssl && /opt/puppetlabs/bin/puppet (just as you told me to)
change values for âca_serverâ and âserverâ in /etc/puppetlabs/puppet/puppet.conf to new puppet master
Start puppet Agent and make a puppetrun. The host is now visible in new Foreman instance.
In Smart Proxy settings I validated the new host (autosign was not enabled)
In Foreman I clicked manage to make the host manageable
Subscribe to katello with activation key
Worked very smoothly! Thanks for your advice. The case can be closed.
Iâm trying something similar.
Migrating my hosts from foreman 1.12 and puppet 3 towards foreman 1.23 and puppet 5.
Iâve done the steps above and the host seems migrated however itâs not showing in the dashboard on 1.23.
I also upgraded my local puppet client version from version 3 to 5 but the result remains the same.
When performing âpuppet agent -tâ it complains that my local environment acceptance is not matching environment production on the master.
But because itâs not in the interface I can not modify this.
Itâs also not executing the proper code due to this.
I checked on the interface of 1.23 and found that the host that I want to migrate is showing in the smart-proxy Puppat CA tab under Certificates.
The certificate is there and valid and looks OK.
The server logs only show "Puppet Compiled catalog for host-xxx in environment production in 0.04 seconds
So I have no error to check further, really at a loss here on where to look next.
Did you check if the host wasnât correctly assigned to the location and organization? You can select the âAnyâ context in the top dropdowns to see if thatâs the case
Yes I did, my view is set to Any Organization and Any Location.
Also checked the dashboard but itâs no where to be found.
When I go in the webinterface to Monitor - Facts and search for any hosts that is normal, it has the option to show a chart.
In that chart my migrated host is included.
However when I search the facts for the hostname of my migrated host, it returns an empty result.
Is it possible you may have some leftover facts in the database from the old instance that refer to that host but it doesnât actually exist in the foreman database?
Do you mean old data on the host that I want to migrate ?
How would I be able to check this ?
It looks clean, I removed the old /etc/puppet folder as well and migrated all settings that were in /etc/puppet/puppet.conf towards /etc/puppetlabs/puppet/puppet.conf
Also I started with a fresh build of Foreman 1.23 so no data from my virtual machines could have been migrated to this new build.
The fact that the machine I want to migrate is visible in the new host is not because of some old data, it has been recently added.
I tried all steps again, but the result remains the same.
I donât have any error logs anywhere, I donât find any official documentation in the manual about it either.
Above is the foreman log after I added the host again.
Any help is much appreciated as Iâm totally stuck at this point.
Still facing the same issue and awaiting feedback.
I tried another thing, disabling the autosign for my domain and revoked the clients certificate on the master and removed the local certificates on the client.
Afterwards I added the host again to my new server and signed the certificate manually.
The result is the same now, the client is visible in the foreman interface and the client certificate is signed like it should. However in the hosts overview it is still not visible and the puppetrun on the clients still shows âNotice: Local environment: âacceptanceâ doesnât match server specified node environment âproductionâ, switching agent to âproductionâ.â
I found one thing however, the folder /etc/puppetlabs/puppet/ssl on the client I want to migrate to the new host always changes user rights while executing puppet agent -t.
It should be set to user and group root looking at other clients but when I execute the puppet run the folder changes to user puppet.
Could this be the issue ? Iâm going to try and figure out what is causing this user rights change.
Iâve removed the user puppet from my OS and cleaned all the old folders from the old puppet 3 agent.
When I run the puppet agent on the client now it doesnât modify the ssl folder anymore to user puppet but it remains on user root.
However still not visible in the hosts tab.
My colleague helped out and checked out the database.
Turns out for the migrated host the organization and location were empty.
When filling in those fields manually in the database the host is visible in the interface and Iâm able to set the other details so my puppet run works now.
This is a major bug in the foreman no ?
Is it because Iâm migrating hosts from version 1.12 ?
Organizations and locations are always enabled since Foreman 1.21. There are settings for default organization and default location that will be set for new hosts reporting in, these should be set to the defaults created during the install but might be empty for some reason in your case. You can also send a custom puppet fact containing which organization/location a host should be added to. If your old hosts send these custom facts as empty, they may end up with no organization and location.
However, they should still be displayed when the âany organization/any locationâ context is selected from the top menu. Were the location_id and organization_id fields for the host empty or NULL in the database?
They are indeed empty in my case for each host Iâm adding to my new foreman.
Here is a select statement after adding a host from my old foreman.
They are not visible in the interface when selecting âany organization/any locationâ.
After running an update statement on the table by filling in the desired organization and location itâs visible.
Thatâs the way Iâm moving forward at the moment.
My personal user didnât have the administrator option checked, so thatâs probably why it was not visible to me at first.
However the edit issue remains.
