Moved from Spacewalk to Foreman?

While the incremental update feature was added partially to help issues like this, I understand it doesn’t fully solve the issue. Perhaps it could be useful to you if you haven’t tried it yet.

I’ve never used Spacewalk before, and Foreman+Katello was my first introduction into system management tools. It sounds great that Spacewalk automatically updates packages. Katello sync plans can help you get closer to this, but it gets trickier for automatically publishing content views. You would need to set it up yourself with some combination of hammer and cron probably. An older thread exists where a user voiced very similar concerns Update management with Katello 3.5

If you don’t need to filter any packages (definitely a big “if”!), you could have your hosts assigned to the Library lifecycle environment and the default content view. If you had a sync plan set up for the hosts’ repositories, the available packages would always be up to date.

On the subject of automation, it would be worth checking out Foreman Ansible Modules if you’re interested in Ansible at all.

It would be interesting to have an automated way to keep content views up to date. Something like a content view publish plan could perhaps meet the requirement and keep the code simple. Or, perhaps a content view setting where CV publishes happen automatically if related repositories are re-synced. Just food for thought.

1 Like

I will look into that. Thank you for the advice.

Maybe I was not clear enough here, sorry for the confusion :smiley: Spacewalk automatically showed all applicable updates/errata in the host view, it did not automatically apply it. So in Foreman/Katello words, that would be in the content host view. Right now you will not see anything there unless you published a new CV version. Makes sense, since that is the way its supposed to work. However, you don’t know if you have to publish a new CV version, as you do not get any info about updated repos from upstream, no emails or any other notification nor can you make a “diff” of the current CV to the current repo state.

Exactly what I would be looking for. As the library is pretty much not used for anything (no clients subscribe to it, not synced to smart proxies) it should automatically import all changes from the repos, maybe via a scheduled job. So you can at least see if in your 10+ repos something has changed, pretty much the same as you see on an aggregated CV when another child view has been published.

I think even going automatically from Library to Testing would be acceptable in many cases, how else you going to test otherwise? Again, that could be configurable.

Especially some form of reporting outside of errata updates would be important. And of course the ability to import CentOS 7 errata :slight_smile:

I completely understand your pain. Was the first kinda huh moment when finishing the Katello installation for me too.

I have since converted most of the config adoption to Ansible, as it allows for a much more controlled process of rolling out changes. It can be done at the right moment in time, just before a certain service is started, it can be combined with installing the correct RPMs and enable the right services. In SW these tasks were all separated and hard to control.

However, not every aspect is covered in read-to-use Ansible roles. I found some good ones for basic functions, but in many cases I had to write my own Ansible roles. Since you can check in the templates plus the yaml files into any kind of version control system, it becomes manageable in a way.

Having said that, a unique selling point for Foreman/Katello would be an Ansible role which can perform the basic task of deploying a file, fully integrated into the GUI of Foreman, so that probably 80% of the use cases to build your own Ansible role would be covered.

Yes, that was very much a “huh” moment for me as well, and a thorough deal-killer. I had just gotten things set up so high-level admins could use SW 2.10 to push updated zone files via a config channel and then bounce named via an action chain. It’s the simplest, most brain-dead way for non-vi / non-cli /non-emacs users to get the job done.

Is that optimal in my world? Not always, but the presence of choice and simplicity often overrides “latest greatest whiz-bang” when dealing with people who would look at YAML and also have a “huhwhu?” moment.

I suspect as CentOS 7 finally ages out and we move to (possibly) RockyLinux, Foreman will come back to the forefront as our lifecycle management tool of choice. By then, hopefully it’s a bit more polished and presentable in the areas where it still shows rough edges.

That said, no one should take this as suggesting Foreman is junk or garbage. It’s quite an effort, with a lot of moving pieces. As a small-time FOSS coder myself, I appreciate some of the challenges of herding cats and trying to “just make it work”. :slight_smile:

1 Like

Gotcha, I misread :slight_smile:

Aside from an automated publishing option, maybe some sort of icon next to the content view if it has out of date packages might be interesting. @katello I’m curious if anyone else has any ideas.

Very true, it’s not the first time we hear that. However it’s possible to deploy a cron job with a script that would regularly pull template of type “script” that could write those templates. But there is really no concept of a configuration channel or configuration in Foreman UI or API.

Good idea.

I’m waiting for Katello to make the el8 install jump before I begin a test migration of Spacewalk to Katello/Foreman. Forewarning that this is for a home install and not in any way for enterprise.

+1’ing emmitchell’s comment: the absence of configuration channels, configuration file tracking, and a configuration channel hierarchy is what gives me the most pause about the migration. Since this is a home setup, I can’t tell you the number of times I’ve updated a config file on a server only to forget I’d done it later on and have Spacewalk remind me (at which point I’d backfill the changes). It really saved my bacon and made rebuilds and the migrations from CentOS 7 to CentOS 8 relatively painless.

1 Like

We talked about this feature way back and IIRC the consensus was: configuration management tool is to solution to the problem, we should not be building another one. I can understand that Satellite 5 way of doing this was comfortable, right from the UI, no git involved, no writing of manifests, roles or modules.

Maybe it’s the time to reconsider this, I like the idea of building it on top of an existing configuration management tool (or tools). A plugin that would provide web UI and CLI to create configuration files and it would generate required ansible/puppet modules that could be easily imported into Foreman or Katello sounds nice. What exactly would you expect from such a tool? I am assuming ability to define a file (filename) and contents (as a ERB template) and associate this with hosts/hostgroups. Anything else?

The templates we ship by default are part of our repository.


If you think it’s useful for others, contributions are highly encouraged. This area is IMHO the easiest for users place for users to contribute back and it greatly helps other users.
1 Like

Interesting, I was under the impression that those ansible roles are to control Foreman/Katello as a service, not to deploy files or performing actions on the client servers. I will check up on that. Thank you!

We already had some thousand RHEL-hosts running with Katello repositories/contentviews/activationskeys and moved some hundred SLES-VMs from SUSE Manager 3.2 to Katello 3.14 in 2020 successfully but with some problems still remaining:

  • “Could not calculate errata status, ensure host is registered and the katello-host-tools package is installed (Errata)” – both SLES12 and SLES15
  • “System Purpose = Mismatched” – only SLES12
  • Katello served repos can not completely be enabled on SLES-VMs - therefore we manage the repos with a simple puppet template file instead of using an actication-key with the repos needed for SLES12SPx or SLES15SPy - have a look at: Entitlement certificate not containing all content (…SLES systems not getting all their repositories…)

Regarding your questions:

Any particular challenges that you faced?

Katello works and thinks different than SUSE Manager, so we had to reorg our brains from SUMA-speak to Katello-speak - done.

Any particular concept that you wished was explained better?

No, we already knew Katello due to managing RHEL with Katello :wink:

Any obstacles you hit?

The SCC plugin was/is not documented very well (this could be made better). Therefore we had much try and error to do :frowning:
After adding a “product” within the “SUSE Subscriptions” there’s no chance to remove/unsubscribe it afterwards. Or we don’t know due to missing documentation?!

Anything you learned that you wish you knew before?

We would have learned less, if there had been a better documentation :wink:

Any Foreman-related resources that were of particular use to you?

We needed to build some packages for katello-host-tools and some more for SLES15. It really would have been nice if these packages had already been built and would be/will be distributed by the foreman community:

katello-host-tools-3.5.1-2suse1500.noarch.rpm
katello-host-tools-tracer-3.5.1-2suse1500.noarch.rpm
python2-syspurpose-1.28.0-1.x86_64.rpm
subscription-manager-1.28.0-1.x86_64.rpm
subscription-manager-rhsm-1.28.0-1.x86_64.rpm
subscription-manager-rhsm-certificates-1.28.0-1.x86_64.rpm

Regarding the “calculate errata status” we are missing a goferd-RPM for SLES at all :frowning:

2 Likes

Just to add some small notes.

This is already on the devs’ list according to:

This will be gone in the future anyway and replaced by Remote Execution, which will get a pull-based provider for those needing this communication direction in the future.

2 Likes

One thing I’ve found, and I can’t tell if it’s a bug because of the repeatedly mentioned lack of documentation, but Pulp only syncs yum content to smart proxies so they lack the actual tree of files required to perform a Kickstart (squashfs.img etc.). This is a deal breaker for using Foreman in my environment for network-related reasons, besides all the other bugs and learning from trial and error that have to take place in order to get to the point of using Foreman from scratch, and the concerns about being able to back the thing up without just shutting it down and taking VM snapshots every day.

I know a few who are still holding Spacewalk installations in the air, waiting due to “all” the Pulp2/3 issues, presumably waiting a bit into the katello 4.0 release. And I can confirm most of what has been written by @rbremer, where Katello seems to be the biggest concept that people have a hard time getting their head around.

Regarding stability, then for me it is mainly the dreaded updates. I believe that I have only experience about two updates the last 2 years, that didn’t have any issues and just worked. A few of them I have created as topics here, and the others got resolved by reading other peoples topics with similar issues. I have maintained a few pure Foreman installations in the same time, and they have upgraded with no noticeable issue.
I only really remember the iPXE chain(?) template that got updated around 2.1 ish, with the foreman_url having the MAC parameter inside the function call, which got fixed in 2.3 and not backported (as I remember - a revert of the template would have been nice).

I typically try to wait to .3 or .4 Z-releases before upgrading, if possible, in order to try not to get affected by those upgrade issues. Sometimes I even bundle two minor releases together, and then setting aside the entire day to handle the issues,

When being used to Spacewalk just upgrading with no issues, then this is really a major thing, among the people I talk to. The typical response from people, have been that they rather just reinstall from scratch if any errors happens during upgrades.

We are hosting this event this coming Thursday, if any of the Spacewalk folks would like to come along: Introduction to Katello or I’d happily try and organise a separate session if there’s something more specific that people need.

I’m late to the game here, but I’m going to chime in (I’ve been absent since the first of the year to other higher priority projects/issues.)

I’ve been using Spacewalk/RHS5 for the better part of 10 years (first RHS5 install was on RHEL 5.4 or so.) I have burned it down and rebuilt it from scratch a couple of times, with some homebrewed Perl automation & the API calls. For most purposes, SW has worked very well, but the errata handling has been a major nightmare for me.

Conversion… I should have had this running on tFm/Katello 6 months ago. The Pulp2 to Pulp3 conversion on my trial server… I chased the nil pointer issue for several hours and figured I really just did not have enough time to chase. Nuked it from orbit with a fresh CentOS7 and latest stable build. Chasing CentOS repo sync issues at the moment.

In SW, I had channel families built and tied to online repositories for nightly downloads. I created dev, QA and prod channel sets as clones of the download sets, and rolled the content periodically when patching occurs. This was one of my hang-ups in the Katello world. This turns into a combination of content views and lifecycle environments. I also relied heavily on the underlying cobbler tools for provisioning, and I’ve managed to get operating systems configured, along with migrations of my rather custom kickstarts.

For any Spacewalk users contemplating this conversion… yes, it’s a very significant undertaking. My best advice is to pretty much forget how you did it in Spacewalk, learn the native Foreman and Katello tools and methodologies. If you try to shoehorn your Spacewalk methods into tFm/Katello, only madness lies down that road. For all intents and purposes, Spacewalk is dead.

2 Likes

Here is another spacewalk user coming to Foreman. I am not sure where to begin. I just installed successfully foreman and able to login to Web UI. trying to get myself familiar with the product and trying to find some guideline/howtos for basics, adding a client, setting up a repo/channels :slight_smile:

1 Like

Check out the content management guide and please let us know if you run into any errors due to the documentation.

2 Likes

Hello and welcome!
Here is an introduction to content management with Foreman also https://youtu.be/kWbfU_1zseU

Feel free to create a new topic describing the details of your setup and we will try to help!
Edit: I see you’ve already created another topic. Excellent!

1 Like