I get that people need different software, but should they not have access to certain software through the Foreman server? E.g. you create an Activation key with all kinds of developer tools and leave it the the users to enable the repositories they need using subscription-manager.
But you’re right, green fields are easy, though I did sacrifice some flexibility by wrapping it all in the same kind of ‘package’. However, I feel that, so far, the pros outweigh the cons. But it really depends on the situation
Can you elaborate what you wish to accomplish? Are you installing Katello with an external CA, or do you wish to install a custom SSL certificate for the WebUI?
As I’ve mentioned ealier, Katello brings it’s own CA through Candlepin, so unless you need something specific, OotB it will ‘just’ work with a self-signed certificate
I don’t know if we have lost focus here, but my comment was about the scenario of migrating all existing client hosts from an old foreman server on EL7 to a new foreman server on EL8 because of the pending EL7 deprecation.
So client hosts already have been activated against the old server, people added subscriptions, enabled repositories and have everything they need against the old foreman server.
Now I have to connect the existing clients to the new foreman server, keeping all subscriptions and enabled repositories as they have on the old server. Of course, I can simply use my standard activation key against the new server and tell everyone they have to restore their subscriptions and repositories sets as they had on the old server. But I don’t want to do that for the obvious reasons.
And the part of the subscriptions and repository sets of the client hosts is the part which basically everyone has access to and is using. Everything else in foreman is mostly administered by me and a few other admins. So for those parts it’s possible to tell everyone not to make any changes on the old server in the hot phase of the migration or at least to tell me so that I can modify the ansible playbook accordingly.
But for the subscriptions and repository sets it’s much more volatile.
