Most reliable platform for foreman server?

What’s the most reliable platform to run foreman on in people’s experience?
I had tried foreman previously on top of Almalinux8 but had constant issues during either yum or foreman updates. Katello was by far the most sensitive component and likely to stop working correctly after some form of update on the server.

Would my experience running on top of Ubuntu or Debian be better?

I probably should have looked up the fact that katello only seems supported under RHEL based distros at the moment… Still looking for distro advice thou, centos7 is a no-go as it’s soon EOL.

I cannot confirm that. It works fine for me on AlmaLinux in my production environment. Just the occasional bug, but that was the same when I was running on CentOS 7…

What’s the version of Ansible that foreman will pull down now? I think half
of my issues were since I had to use pip to build a version of ansible they
would work with pywinrm, kerberos and credssp auth modules

It’s using ansible-core in the appstream repo by default.

Using AlmaLinux 8 on my production Foreman/Katello server + 8 proxies and been pretty smooth so far. Started with 8.5 and then went to 8.6 and last week 8.7.

I have Foreman successfully running on Oracle Linux 8.x, but I had a lot of issues with the smart-proxy and getting the SSL certificates working between the primary Foreman server and any Smart-Proxy servers that I deployed.

I finally ended up washing my hands of the smart-proxy component and went with independent Foreman servers in the regions I would have normally had a smart-proxy which has been working so far.

We run it on RHEL 8 with no EPEL and have not experienced any platform-related issues.
Our system supports RHEL 7, 8 and 9, and legacy OL7 and CentOS 7.
SELinux is enabled in enforcing mode on our Foreman server and many of the supported systems.

I’d definitelly advice CentOS as our Infra team is running most of the pipelines on CentOS it should be most stable on CentOS.
Also the infra team targets latest stable CentOS releases as soon as possible, so you should be guaranteed to be able to always upgrade as soon as you are ready.

e.g. we support centos 9 now: CentOS 9 Stream Support · Issue #1687 · theforeman/foreman-infra · GitHub

That said, you’re free to choose and Foreman itself should run on any RHEL/Debian based distro. Just be aware that it might be sometime less stable with new releases, or some plugins might not be available or might not be as well tested :slight_smile:

O.K. If you say you recommend CentOS Stream, then that bothers me.

CentOS Stream 8 is end of life 31-05-2024, with the end of full-support of RHEL8. However, RHEL 8 then goes into maintenance support for another 5 years. If you only really test and support CentOS this would mean people have to migrate.

CentOS Stream 9 would be EOL 31-05-2027.

Call me old-fashioned but I still don’t trust the major version in-place upgrade with leapp or whatsoever, thus it would mean migration to new os major version every three years… That sort of defies the purpose and reason why I use EL to begin with: to be able to run those servers for an extended period of time…

I can understand not wanting to do an operating system major version migration every ~3 years.  (I am a Fedora Linux user, so I know the pain – even with how easy they have made it – of doing a sysupgrade every year.)

I presume a near future release of Foreman will run on CentOS stream 9.  I guess if people do not want to participate in the CentOS Stream community because of 9’s life cycle being too short, and things do not seem to work on the downstream distribution re-compiles of Red Hat Enterprise Linux (RHEL), one could sign up for the no-cost RHEL Individual Developer Subscription to get RHEL for free.  If one is using RHEL & Foreman in a corporate setting, one could talk to a Red Hat sales person about getting Red Hat Developer Subscription for Teams.

(Full disclosure:  I am a Red Hat employee, but not intending for this to be an ad.  I am just wanting to inform of alternate options.)

Can you elaborate what “constant issues during either yum or foreman updates” was? This makes me wonder if you had EPEL or another 3rd party repo enabled that was causing dependency hell. I found out recently that if I tried building my Satellite servers with saltstack that #1 - it’s not a supportable config by Red Hat (irrelevant for Foreman on Alma) and (to my real point) #2 that libsodium was being used from the Salt repos and that was causing me dependency issues when upgrading (because the Satellite repo had a different version of libsodium from salt’s repo, but salt’s was what got installed)… so our solution was to abandon salt for foreman/satellite and just use ansible and no 3rd party repos and it’s been much smoother sailing.

Just to make the list even more complete,
have been running Foreman + Katello very successfully over the last 1.5 years on Rocky Linux 8,
also the switch from the CentOS SIG Ansible to the AppStream Ansible on the 8.6 release was very graceful.

Tbh should be expected as it’s a RHEL clone.

I am running Foreman 3.4.1 on Rocky Linux 8.6 and it has been very reliable, with all the incremental upgrades going flawlessly. I started out with Foreman 1.5 on CentOS 6 seven or eight years ago. I am running just Foreman, not Katello, so I can’t speak to that.

One caveat, which applies to any platform: Keep up with Foreman release updates. Several years ago, I let a couple of years go by, and I was not able to upgrade from Foreman 1.7 to 1.8, or beyond that, because some of the dependencies were no longer available (a particular ruby version, as I recall.) Thus, I try not to get more than two or three releases behind the latest Foreman version.

Cheers!

1 Like