1. Upgrading overview

Review the following prerequisites and available upgrade paths before upgrading your current orcharhino installation to orcharhino 7.2.

1.1. Upgrade paths

You can upgrade to orcharhino 7.2 from orcharhino 7.1. For complete instructions on how to upgrade, see Upgrading orcharhino.

The high-level steps in upgrading orcharhino to 7.2 are as follows:

  1. Upgrade your orcharhino Server:

    1. Upgrade your orcharhino Server to 7.2.

  2. Upgrade your orcharhino Proxy Servers:

    1. Upgrade all orcharhino Proxy Servers to 7.2.

orcharhino Proxies at version 7.1 will keep working with your upgraded orcharhino Server 7.2. After you upgrade orcharhino Server to 7.2, you can upgrade your orcharhino Proxies separately over multiple maintenance windows.

orcharhino services are shut down during the upgrade. Ensure to plan for the required downtime. The upgrade process duration might vary depending on your hardware configuration, network speed, and the amount of data that is stored on the server.

  • Upgrading orcharhino Server takes approximately 1 – 2 hours.

  • Upgrading orcharhino Proxy Server takes approximately 10 – 30 minutes.

Hammer and API considerations

If you have any scripts that use the Hammer CLI tool, ensure that you modify these scripts according to the changes in Hammer. If you have any integrations that use the orcharhino REST API, ensure that you modify these integrations according to the changes in the API. For more information about changes in Hammer and API, see Release notes.

1.2. Prerequisites

Upgrading to orcharhino 7.2 affects your entire orcharhino infrastructure. Before proceeding, complete the following:

Warning
 If you customize configuration files, manually or using a tool such as Hiera, these changes are overwritten when the maintenance script runs during upgrading or updating. You can use the --noop option with the foreman-installer to test for changes.

1.3. Upgrading orcharhino Proxies separately from orcharhino

You can upgrade orcharhino to version 7.2 and keep orcharhino Proxies at version 7.1 until you have the capacity to upgrade them too.

All the functionality that worked previously works on 7.1 orcharhino Proxies.

However, the functionality added in the 7.2 release will not work until you upgrade orcharhino Proxies to 7.2.

Upgrading orcharhino Proxies after upgrading orcharhino can be useful in the following example scenarios:

  1. If you want to have several smaller outage windows instead of one larger window.

  2. If orcharhino Proxies in your organization are managed by several teams and are located in different locations.

  3. If you use a load-balanced configuration, you can upgrade one load-balanced orcharhino Proxy and keep other load-balanced orcharhino Proxies at one version lower. This allows you to upgrade all orcharhino Proxies one after another without any outage.

1.4. Following the progress of the upgrade

Because of the lengthy upgrade time, use a utility such as tmux to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously. For more information, see the tmux manual page.

If you lose connection to the command shell where the upgrade command is running you can see the logs in /var/log/foreman-installer/katello.log to check if the process completed successfully.

2. Upgrading orcharhino

Use the following procedures to upgrade your existing orcharhino to orcharhino 7.2.

2.1. orcharhino Server upgrade considerations

This section describes how to upgrade orcharhino Server from 7.1 to 7.2. You can upgrade from any minor version of orcharhino Server 7.1.

Before you begin

  • Review Prerequisites.

  • Note that you can upgrade orcharhino Proxies separately from orcharhino. For more information, see Upgrading orcharhino Proxies separately from orcharhino.

  • Review and update your firewall configuration. For more information, see Preparing your environment for installation in Installing orcharhino Server.

  • Ensure that you do not delete the manifest from the Customer Portal or in the orcharhino management UI because this removes all the entitlements of your content hosts.

  • If you have edited any of the default templates, back up the files either by cloning or exporting them. Cloning is the recommended method because that prevents them being overwritten in future updates or upgrades. To confirm if a template has been edited, you can view its History before you upgrade or view the changes in the audit log after an upgrade. In the orcharhino management UI, navigate to Monitor > Audits and search for the template to see a record of changes made. If you use the export method, restore your changes by comparing the exported template and the default template, manually applying your changes.

orcharhino Proxy considerations

  • If you use content views to control updates to the base operating system of orcharhino Proxy Server, or for orcharhino Proxy Server repository, you must publish updated versions of those content views.

  • Note that orcharhino Server upgraded from 7.1 to 7.2 can use orcharhino Proxy Servers still at 7.1.

Warning

If you implemented custom certificates, you must retain the content of both the /root/ssl-build directory and the directory in which you created any source files associated with your custom certificates.

Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.
FIPS mode

You cannot upgrade orcharhino Server from a RHEL base system that is not operating in FIPS mode to a RHEL base system that is operating in FIPS mode.

To run orcharhino Server on a Red Hat Enterprise Linux base system operating in FIPS mode, you must install orcharhino on a freshly provisioned RHEL base system operating in FIPS mode. For more information, see Preparing your environment for installation in Installing orcharhino Server.

2.2. Upgrading a connected orcharhino Server

Use this procedure for a orcharhino Server with access to the public internet

Warning
 If you customize configuration files, manually or using a tool such as Hiera, these changes are overwritten when the maintenance script runs during upgrading or updating. You can use the --noop option with the foreman-installer to test for changes.
Upgrade orcharhino Server

  1. Stop all orcharhino services:

    # foreman-maintain service stop

  2. Take a snapshot or create a backup:

    • On a virtual machine, take a snapshot.

    • On a physical machine, create a backup.

  3. Start all orcharhino services:

    # foreman-maintain service start

  4. Optional: If you made manual edits to DNS or DHCP configuration in the /etc/zones.conf or /etc/dhcp/dhcpd.conf files, back up the configuration files because the installer only supports one domain or subnet, and therefore restoring changes from these backups might be required.

  5. Optional: If you made manual edits to DNS or DHCP configuration files and do not want to overwrite the changes, enter the following command:

    # foreman-installer \
--foreman-proxy-dhcp-managed=false \
--foreman-proxy-dns-managed=false

  6. In the orcharhino management UI, navigate to Hosts > Discovered hosts. On the Discovered Hosts page, power off and then delete the discovered hosts. From the Select an Organization menu, select each organization in turn and repeat the process to power off and delete the discovered hosts. Make a note to reboot these hosts when the upgrade is complete.

  7. Determine if the system needs a reboot:

    # dnf needs-restarting --reboothint

  8. If the previous command told you to reboot, then reboot the system:

    # reboot

2.3. Performing post-upgrade tasks

  • Optional: If you are using the oVirt compute resource, you can pre-migrate your data by executing the foreman-rake ovirt:drop task on your orcharhino Server. You can set OVIRT_PRETEND=true to preview the changes. The oVirt compute resource will be officially phased out in a future release and this migration will be triggered automatically during a future upgrade. ATIX AG also recommends removing the oVirt package by executing dnf remove foreman-ovirt to prevent users from adding a new oVirt compute resource.

  • Optional: If the default provisioning templates have been changed during the upgrade, recreate any templates cloned from the default templates. If the custom code is executed before and/or after the provisioning process, use custom provisioning snippets to avoid recreating cloned templates. For more information about configuring custom provisioning snippets, see Running custom code during host provisioning in Provisioning hosts.

  • Pulp is introducing more data about container manifests to the API. This information allows Katello to display manifest labels, annotations, and information about the manifest type, such as if it is bootable or represents flatpak content. As a result, migrations must be performed to pull this content from manifests into the database.

This migration takes time, so a pre-migration runs automatically after the upgrade to 7.2 to reduce future upgrade downtime. While the pre-migration is running, orcharhino Server is fully functional but uses more hardware resources.

2.4. Upgrading orcharhino Proxy Servers

This section describes how to upgrade orcharhino Proxy Servers from 7.1 to 7.2.

Before you begin

  • Review Prerequisites.

  • You must upgrade orcharhino Server before you can upgrade any orcharhino Proxy Servers. Note that you can upgrade orcharhino Proxies separately from orcharhino. For more information, see Upgrading orcharhino Proxies separately from orcharhino.

  • If you use content views to control updates to the base operating system of orcharhino Proxy Server, update those content views with new repositories, publish, and promote their updated versions. For more information, see Managing content views in Managing content.

  • Ensure the orcharhino Proxy’s base system is registered to the newly upgraded orcharhino Server.

  • Ensure the orcharhino Proxy has the correct organization and location settings in the newly upgraded orcharhino Server.

  • Review and update your firewall configuration prior to upgrading your orcharhino Proxy Server. For more information, see Preparing Your Environment for orcharhino Proxy Installation in Installing orcharhino Proxy Server.

Warning

If you implemented custom certificates, you must retain the content of both the /root/ssl-build directory and the directory in which you created any source files associated with your custom certificates.

Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.
Upgrading orcharhino Proxy Servers

  1. Create a backup.

  2. Determine if the system needs a reboot:

    # dnf needs-restarting --reboothint

  3. If the previous command told you to reboot, then reboot the system:

    # reboot

  4. Optional: If you made manual edits to DNS or DHCP configuration files, check and restore any changes required to the DNS and DHCP configuration files using the backups made earlier.

Upgrading orcharhino Proxy Servers using remote execution

  1. Create a backup or take a snapshot.

    For more information on backups, see Backing Up orcharhino Server and orcharhino Proxy Server in Administering orcharhino.

  2. In the orcharhino management UI, navigate to Monitor > Jobs.

  3. Click Run Job.

  4. From the Job category list, select Maintenance Operations.

  5. From the Job template list, select orcharhino Proxy Upgrade Playbook.

  6. In the Search Query field, enter the host name of the orcharhino Proxy.

  7. Ensure that Apply to 1 host is displayed in the Resolves to field.

  8. In the target_version field, enter the target version of the orcharhino Proxy.

  9. In the whitelist_options field, enter the options.

  10. Select the schedule for the job execution in Schedule.

  11. In the Type of query section, click Static Query.

2.5. Upgrading the external database operating system

If your orcharhino uses an external database, you can upgrade the database from Enterprise Linux 8 to Enterprise Linux 9 while upgrading orcharhino from 7.1 to 7.2.

Prerequisites

  • Create a host running Enterprise Linux 9 for PostgreSQL server that follows the external database on Enterprise Linux 9 documentation. For more information, see Using external databases with orcharhino.

Procedure

  1. Create a backup of your existing external database.

  2. Restore the backup on the new Enterprise Linux 9 server.

  3. Verify that orcharhino can reach the new database:

    # PGPASSWORD='My_Foreman_Database_Password' psql -h postgres.example.com -p 5432 -U foreman -d foreman -c "SELECT 1 as ping"

  4. If your orcharhino Server can reach the new database server by using the old name, no further changes are required. Otherwise, reconfigure orcharhino to use the new name:

    # foreman-installer \
--foreman-db-host newpostgres.example.com \
--katello-candlepin-db-host newpostgres.example.com \
--foreman-proxy-content-pulpcore-postgresql-host newpostgres.example.com

Appendix A: Troubleshooting permission issues

orcharhino upgrades perform pre-upgrade checks. If the pre-upgrade check discovers permission issues, it fails with an error similar to the following one:

2024-01-29T20:50:09 [W|app|] Could not create role 'Ansible Roles Manager': ERF73-0602 [Foreman::PermissionMissingException]: some permissions were not found:

If you see an error like this on your orcharhino Server, identify and remedy the permission issues.

Procedure

  1. On your orcharhino Server, identify permission issues:

    # foreman-maintain health check --label duplicate_permissions

  2. Fix permission issues:

    # foreman-rake db:seed
Verification

  • Rerun the check to ensure no permission issues remain:

    # foreman-maintain health check --label duplicate_permissions