Switching from content proxy to another

Sebs · December 13, 2024, 5:58pm

After version 3.12, RHEL 9 became supported for hosting Foreman components.

So we tried to switch from our old server (host1) to a new server we deployed (host4).
Everything was fine, and the new server is correctly responding to the trafic.
However, we couldn’t figure how to make the switch fore the content proxy.
At this time we have two content proxy running but only the former content proxy is bound to foreman content section.

We would like to know how to make the switch between old proxy-content to the new one ?

Former proxy is still present in the published at attribute of content view.

While we can force the host register to use the new one, all the default registration key, and publication still refer to host1 instance.

Any help would be welcome.

jeremylenz · December 13, 2024, 10:02pm

I don’t understand the problem you are facing. Need some clarification here.

You can set up your Foreman+Katello in multiple ways:

A) Foreman+Katello server with the built-in smart proxy, and no external smart proxies;

or

B) Foreman+Katello server with the built-in smart proxy, and 1 or more external smart proxies

Is your setup A or B?
Are you trying to switch the main server or an external smart proxy?

Former proxy is still present in the published at attribute of content view.

Where do you see this? Can you provide a screenshot or more details?

Sebs · December 13, 2024, 10:35pm

The setup is more B.
The link is present in the repositories view.
https://app04/products/26/repositories/323
Here’s a screenshot.
Sorry, I had to redact out all the urls.
2024-12-13 23_20_14-Repository_ haproxy stream - repo

The actual foreman is running on app04 however it still connects to app01 for the katello section.

jeremylenz · December 16, 2024, 2:17pm

I take this to mean

you have the main Foreman+Katello server (app04) and the external smart proxy (app01)
Previously you only used app04 and registered hosts to app04
Now you’ve added the external smart proxy app01, and wish to switch hosts’ registration and content consumption to app01.

Hopefully this is correct? let me know.

The “Change content source” feature is probably what you’re looking for. It will reconfigure the subscription-manager on each host to point to the new external smart proxy, without needing to reregister.

The “Published At” on the repository screen will not change AFAIU. Instead you’d just need to make sure that

the hosts’ lifecycle environment is synced on the external smart proxy (Infrastructure > Smart Proxies > app01 > Edit)
the Change Content Source procedure has been run for all hosts → Managing hosts

Sebs · December 17, 2024, 7:31pm

app04 is the new server under rhel9.
app01 is the old server running rocky 8 (a.k.a. rhel8 clone).

the hosts’ lifecycle environment is synced on the external smart proxy (Infrastructure > Smart Proxies > app01 > Edit)

I don’t know exactly what to change. Alternate Content Source HTTP is empty.

Change content host is only providing the old proxy.

And most important, if I shutdown the old app1 service, katello is unable to access any service.

jeremylenz · December 17, 2024, 7:48pm

The new smart proxy does not appear to have the ‘Pulpcore’ service.

You should have a Lifecycle Environments tab there, like this:

If you go to the Overview of the smart proxy, ‘Pulpcore’ should be listed as a feature. If you don’t have that, try clicking ‘Refresh features.’

Did you follow the Katello instructions when you installed it? Installing a Smart Proxy Server nightly on Enterprise Linux

Sebs · December 17, 2024, 8:33pm

pulpcore is indeed listed as a feature but we don’t have an environment tab.
Is that a new feature of foreman 3.13 ?

iballou · December 17, 2024, 9:35pm

Smart proxies with content/Pulp have always had the Lifecycle Environments tab – it’s how you select what content to sync to your smart proxy.

I think there might be a misunderstanding on our end – from the screenshot above of your repository, it looks like app01 is your Foreman server? Since your haproxy stream repo is published at app01-blah, that means your primary smart proxy is on the app01 server.

Does that mean app01 and app04 are both Foreman/Katello servers? Or is app01 supposed to be the “primary” smart proxy where your Library synced content goes?

I’m curious what steps you took to set up app04 since there’s a bit of confusion about the infrastructure set up.

Sebs · December 17, 2024, 9:45pm

Does that mean app01 and app04 are both Foreman/Katello servers? Or is app01 supposed to be the “primary” smart proxy where your Library synced content goes?

Indeed, both are katello/foreman instances.
We started with the app01. The plan was to switch to app04 since only el9 is supported now with a safe fallback as app01 if the plan did not go well.

jeremylenz · December 17, 2024, 9:57pm

Thanks for clearing that up!

So your setup is A, not B.

If you have set up a new Foreman instance, it will exist completely outside your old one, and know nothing about it.

On the new Foreman instance, you will have to

import a manifest (if using Red Hat content)
create products/repos and sync all your content again
create all your content views / lifecycle environments and publish, if applicable
create new activation keys
Generate a new registration command for host registration

On your existing hosts, you will have to run subscription-manager clean and then run the generated command to reregister your hosts.

Then, you can decommission the old Foreman instance.

In hindsight, I would not have recommended this path – a LEAPP upgrade of the old instance probably would have been easier. But this is what you can do now, if you want to use the new instance you created.

jeremylenz · December 17, 2024, 10:05pm

And to clarify some more: One Foreman instance should not be registered to another, or configured to use the database of another, or be connected in any way.

Sebs · December 17, 2024, 10:07pm

You mean Foreman is not able to run in High availability mode ?

jeremylenz · December 17, 2024, 10:09pm

Correct, there is no HA for Foreman server. There is load balancing but only for external smart proxies.

I have heard of some folks setting up HA Foreman in the community but it’s not supported or documented.

Sebs · December 17, 2024, 10:17pm

We did HA for several years from 2.x to 3.1 in a previous job without any issue but the notification.
We were running around 3k vms with 2x instances of foreman.

I think rails is inherently HA ready so what is preventing foreman to be HA ?

I’d like to consider diferent options before rebuilding an complete external foreman:

Could we just remove the app04 and do a leapp upgrade of app01 ?
Is it possible to move the proxy-content to another host ?

jeremylenz · December 17, 2024, 10:36pm

Yes, this is possible and supported. Upgrading Foreman to 3.12