Appendix A: Configuring Inter-Server Synchronization (ISS) in Foreman
A.1. How to Configure Inter-Server Synchronization
Foreman uses Inter-Server Synchronization (ISS) to synchronize content between two Foreman servers including those that are air-gapped.
You can use ISS in cases such as:
-
If you want to copy some but not all content from your Foreman server to other Foreman servers. For example, you have Content Views that your IT department consumes from Foreman server, and you want to copy content from those Content Views to other Foreman servers.
-
If you want to copy all Library content from your Foreman server to other Foreman servers. For example, you have Products and repositories that your IT department consumes from Foreman server in the Library, and you want to copy all Products and repositories in that organization to other Foreman servers.
Note
|
You cannot use ISS to synchronize content from Foreman server to Smart Proxy server. Smart Proxy server supports synchronization natively. For more information, see Smart Proxy server Overview in Planning for Foreman. |
There are different ways of using ISS. The way you can use depends on your multi-server setup that can fall to one of the following scenarios.
A.1.1. ISS Network Sync in a Disconnected Scenario
In a disconnected scenario, there is the following setup:
-
The upstream Foreman server is connected to the Internet. This server consumes content from the Red Hat Content Delivery Network (CDN) or custom sources.
-
The downstream Foreman server is completely isolated from all external networks.
-
The downstream Foreman server can communicate with a connected upstream Foreman server over an internal network.
You can configure your downstream Foreman server to synchronize content from the upstream Foreman server over the network. See Configuring Foreman Server to Synchronize Content over a Network.
A.1.2. ISS Export Sync in an Air-Gapped Scenario
In an air-gapped scenario, there is the following setup:
-
The upstream Foreman server is connected to the Internet. This server consumes content from the Red Hat CDN or custom sources.
-
The downstream Foreman server is completely isolated from all external networks.
-
The downstream Foreman server does not have a network connection to a connected upstream Foreman server.
The only way for an air-gapped downstream Foreman server to receive content updates is by exporting payload from the upstream Foreman server, bringing it physically to the downstream Foreman server, and importing the payload. For more information, see Synchronizing Content Between Foreman servers in Managing Content.
Configure your downstream Foreman server to synchronize content using exports. See Configuring Foreman Server to Synchronize Content Using Exports.
A.2. Configuring Foreman Server to Synchronize Content Using Exports
If you deployed your downstream Foreman server as air-gapped, configure your Foreman server as such to avoid attempts to consume content from a network.
-
In the Foreman web UI, navigate to Content > Subscriptions.
-
Click the Manage Manifest button.
-
Switch to the CDN Configuration tab.
-
Select the Export Sync tab.
-
Click Update.
-
Log in to your Foreman server using SSH.
-
Set CDN configuration to sync using exports:
# hammer organization configure-cdn --name="My_Organization" --type=export_sync
A.3. Configuring Foreman Server to Synchronize Content over a Network
Configure a downstream Foreman server to synchronize repositories from a connected upstream Foreman server over HTTPS.
-
A network connection exists between the upstream Foreman server and the downstream Foreman server.
-
You imported the subscription manifest on both the upstream and downstream Foreman server.
-
On the upstream Foreman server, you enabled the required repositories for the organization. For more information, see Enabling Red Hat Repositories in Managing Content.
-
The upstream user is an admin or has the following permissions:
-
view_organizations
-
view_products
-
edit_organizations
(to download the CA certificate) -
view_lifecycle_environments
-
view_content_views
-
-
On the downstream Foreman server, you have imported the SSL certificate of the upstream Foreman server using the contents of
http://upstream-foreman.example.com/pub/katello-server-ca.crt
. For more information, see Importing SSL Certificates in Managing Content. -
The downstream user is an admin or has the permissions to create product repositories and organizations.
-
Navigate to Content > Subscriptions.
-
Click the Manage Manifest button.
-
Navigate to the CDN Configuration tab.
-
Select the Network Sync tab.
-
In the URL field, enter the address of the upstream Foreman server.
-
In the Username, enter your username for upstream login.
-
In the Password, enter your password or personal access token for upstream login.
-
In the Organization label field, enter the label of the upstream organization.
-
Optional: In the Lifecycle Environment Label field, enter the label of the upstream lifecycle environment. Default is
Library
. -
Optional: In the Content view label field, enter the label of the upstream Content View. Default is
Default_Organization_View
. -
From the SSL CA Content Credential menu, select a CA certificate used by the upstream Foreman server.
-
Click Update.
-
In the Foreman web UI, navigate to Content > Products.
-
Select the product that contains the repositories that you want to synchronize.
-
From the Select Action menu, select Sync Now to synchronize all repositories within the product.
You can also create a synchronization plan to ensure updates on a regular basis. For more information, see Creating a Synchronization Plan in Managing Content.
-
Connect to your downstream Foreman server using SSH.
-
View information about the upstream CA certificate:
# hammer content-credential show \ --name="My_Upstream_CA_Cert" \ --organization="My_Downstream_Organization"
Note the ID of the CA certificate for the next step.
-
Set CDN configuration to an upstream Foreman server:
# hammer organization configure-cdn --name="My_Downstream_Organization" \ --type=network_sync \ --url https://upstream-foreman.example.com \ --username upstream_username --password upstream_password \ --ssl-ca-credential-id "My_Upstream_CA_Cert_ID" \ --upstream-organization-label="_My_Upstream_Organization" \ [--upstream-lifecycle-environment-label="My_Lifecycle_Environment"] \ [--upstream-content-view-label="My_Content_View"]
The default lifecycle environment label is
Library
. The default Content View label isDefault_Organization_View
.