Should Foreman/Katello Master be configured to register to itself for patching?


#1

As I was building out a new Katello Master and Smart Proxy, I noticed the Smart Proxy install steps have it registered, via subscription-manager, to the Katello Master, but the Katello master wasn’t registered to itself.

I can find multiple reasons for registering itself to the repositories it hosts and reasons why it is a bad idea.

What do others doing with regard to patching on their Katello Master? How about patching the proxy servers?


#2

RH sells Satellite (a combination of Foreman/Katello with some more plugins) and explicitly doesn’t support this. The reason (which I suspect you already thought about yourself) is that doing upgrades is hard. You basically need yourself fully up and running but during the upgrade you can’t guarantee that. Technically you can do it, but I’d avoid this.

Proxies can probably work fine.


#3

Registring Smart Proxies to you main Katello instance definetly works fine. We ahve been running this kind of setup for years now and have never experienced any issues with that.
About the main Katello/Foreman instance, this is not as easy. As ekohl already mentioned, you will face problems during updates of the Foreman/Katello stack. We also run our Katello as self-registered, but every Update of Foreman was a pain. By now, we switched to some sort of “mixed mode” where the server is still self-registered but updates to the Foreman stack are done via upstream repos. This works somewhat well, but still requires additionall steps on nearly every update. Basically, you can do that and it will probably work, but you must be willing to invest extra time and effort for each Foreman release.


#4

Thanks everyone for the feedback. I assumed it was the case, as it was with Spacewalk, but I wanted to be sure it hadn’t changed when it went to Katello.