Performing # dnf update on Foreman 3.7 server results in Errors

Receiving several ERRORS running “dnf update”
Expected outcome:
Successful update
Foreman and Proxy versions:
Foreman 3.7
Foreman and Proxy plugin versions:
3.7 / Katello 4.9.2
Distribution and version:

Other relevant data:

CentOS Stream 8 - AppStream 20 kB/s | 4.4 kB 00:00
Last metadata expiration check: 0:00:01 ago on Mon 06 Nov 2023 06:36:07 PM EST.
Problem 1: package tomcatjss-7.7.1-1.module_el8.6.0+1038+e795ee4b.noarch from @System requires pki-servlet-engine >= 1:9.0.7, but none of the providers can be installed

  • package tomcat-1:9.0.62-27.el8.noarch from appstream conflicts with pki-servlet-engine <= 1:9.0.50 provided by tomcat-1:9.0.62-10.el8.noarch from @System
  • cannot install both tomcat-1:9.0.62-27.el8.noarch from appstream and tomcat-1:9.0.62-10.el8.noarch from @System

Does this problem only happen with the foreman/katello repos enabled, or does it happen regardless?

Never tried disabling the Foreman/Katello repos, when performing the dnf update per the upgrade documentation. Should I do this as part of the troubleshooting? Seems to be something related to Katello, but I may be wrong.

Thanks for the response!

I wouldn’t run the actual update necessarily, but I’d wanna know if DNF comes up with an update solution, which if it still didn’t would suggest the problem is with the other repos. The packages being complained about in your output (tomcat, tomcatjss, and pki-servlet-engine) are all from the AppStream repository (and tomcat I think recently moved from EPEL), so that makes me wonder if the problem is with the CS8 repos and/or their interaction with EPEL more broadly rather than specific to Foreman/Katello. Are you getting up-to-date versions of all those repositories or might your mirrors be out-of-date? Especially when packages move from one to repo to another there can be breakage which only resolves if you’re using the latest version of all of the repositories.

I’ll also note I don’t think I even have tomcat installed on my Foreman host, just tomcatjss and pki-servlet-engine. If I could convince myself it weren’t actually being used, I’d be thinking about removing that package and see if that makes it easier for DNF to figure out an update solution. (I’m running a Tomcat process, looks like for Candlepin, but as far as I can tell it’s being provided by pki-servlet-engine, rather than the tomcat package, which is not installed).

Insert all the caveats about having backups, &c. (but if you’re following the upgrade documentation then you already have backups).