In this guide, the terms upgrade, update, and migrate have the following meanings:

Upgrading

The process of advancing your Foreman server and Smart Proxy server installations from a y-stream release to the next, for example Foreman 3.4 to Foreman 3.5. For more information, see Upgrading Overview.

Updating

The process of advancing your Foreman server and Smart Proxy server installations from a z-stream release to the next, for example Foreman 3.5.0 to Foreman 3.5.1.

Migrating

The process of moving an existing Foreman installation to a new instance.

1. Upgrading Overview

Review prerequisites and available upgrade paths below before upgrading your current Foreman installation to Foreman 3.5.

Note that you can upgrade Smart Proxies separately from Foreman. For more information, see Upgrading Smart Proxies Separately from Foreman.

1.1. Prerequisites

Upgrading to Foreman 3.5 affects your entire Foreman infrastructure. Before proceeding, complete the following:

  • Read the Foreman 3.5 Release Notes.

  • Plan your upgrade path. For more information, see Upgrade Paths.

  • Plan for the required downtime. Foreman services are shut down during the upgrade. The upgrade process duration might vary depending on your hardware configuration, network speed, and the amount of data that is stored on the server.

    Upgrading Foreman takes approximately 1 – 2 hours.

    Upgrading Smart Proxy takes approximately 10 – 30 minutes.

  • Ensure that you have sufficient storage space on your server. For more information, see Preparing your Environment for Installation in Installing Foreman 3.5 Server with Katello 4.7 Plugin on RHEL/CentOS and Preparing your Environment for Installation in Installing Smart Proxy server.

  • Back up your Foreman server and all Smart Proxy servers. For more information, see Backing Up Foreman server and Smart Proxy server in Administering Foreman.

  • Plan for updating any scripts you use that contain Foreman API commands because some API commands differ between versions of Foreman.

Warning
If you customize configuration files, manually or using a tool such as Hiera, these changes are overwritten when the installation script runs during upgrading or updating. You can use the --noop option with the foreman-installer script to test for changes.

1.2. Upgrade Paths

You can upgrade to Foreman 3.5 from Foreman 3.4.

Foreman servers and Smart Proxy servers on earlier versions must first be upgraded to Foreman 3.4. For more information, see the Foreman 3.4 Upgrade documentation.

High-Level Upgrade Steps

The high-level steps in upgrading Foreman to 3.5 are as follows:

  1. Upgrade Foreman server to 3.5. For more information, see Upgrading Foreman server.

  2. Upgrade all Smart Proxy servers to 3.5. For more information, see Upgrading Smart Proxy Servers.

  3. Upgrade to https://yum.theforeman.org/client/3.5/ on all content hosts. For more information, see Upgrading Content Hosts.

1.3. Following the Progress of the Upgrade

Because of the lengthy upgrade time, use a utility such as tmux to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously. For more information, see the tmux manual page.

If you lose connection to the command shell where the upgrade command is running you can see the logs in /var/log/foreman-installer/katello.log to check if the process completed successfully.

1.4. Upgrading Smart Proxies Separately from Foreman

You can upgrade Foreman to version 3.5 and keep Smart Proxies at version 3.4 until you have the capacity to upgrade them too.

All the functionality that worked previously works on 3.4 Smart Proxies. However, the functionality added in the 3.5 release will not work until you upgrade Smart Proxies to 3.5.

Upgrading Smart Proxies after upgrading Foreman can be useful in the following example scenarios:

  1. If you want to have several smaller outage windows instead of one larger window.

  2. If Smart Proxies in your organization are managed by several teams and are located in different locations.

  3. If you use a load-balanced configuration, you can upgrade one load-balanced Smart Proxy and keep other load-balanced Smart Proxies at one version lower. This allows you to upgrade all Smart Proxies one after another without any outage.

2. Upgrading Foreman

Use the following procedures to upgrade your existing Foreman to Foreman 3.5:

2.1. Upgrading Foreman server

This section describes how to upgrade Foreman server from 3.4 to 3.5. You can upgrade from any minor version of Foreman server 3.4.

Before You Begin
  • Note that you can upgrade Smart Proxies separately from Foreman. For more information, see Upgrading Smart Proxies Separately from Foreman.

  • Review and update your firewall configuration prior to upgrading your Foreman server. For more information, see Preparing your environment for installation in Installing Foreman 3.5 Server with Katello 4.7 Plugin on RHEL/CentOS.

  • Ensure that you do not delete the manifest from the Customer Portal or in the Foreman web UI because this removes all the entitlements of your content hosts.

  • If you have edited any of the default templates, back up the files either by cloning or exporting them. Cloning is the recommended method because that prevents them being overwritten in future updates or upgrades. To confirm if a template has been edited, you can view its History before you upgrade or view the changes in the audit log after an upgrade. In the Foreman web UI, navigate to Monitor > Audits and search for the template to see a record of changes made. If you use the export method, restore your changes by comparing the exported template and the default template, manually applying your changes.

Smart Proxy Considerations
  • If you use Content Views to control updates to a Smart Proxy server’s base operating system, or for Smart Proxy server repository, you must publish updated versions of those Content Views.

  • Note that Foreman server upgraded from 3.4 to 3.5 can use Smart Proxy servers still at 3.4.

Warning

If you implemented custom certificates, you must retain the content of both the /root/ssl-build directory and the directory in which you created any source files associated with your custom certificates.

Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.

FIPS mode

You cannot upgrade Foreman server from a RHEL base system that is not operating in FIPS mode to a RHEL base system that is operating in FIPS mode.

To run Foreman server on a Red Hat Enterprise Linux base system operating in FIPS mode, you must install Foreman on a freshly provisioned RHEL base system operating in FIPS mode. For more information, see Preparing your environment for installation in Installing Foreman 3.5 Server with Katello 4.7 Plugin on RHEL/CentOS.

2.1.1. Upgrading a Connected Foreman server

Use this procedure for a Foreman server with access to the public internet

Warning
If you customize configuration files, manually or using a tool such as Hiera, these changes are overwritten when the installation script runs during upgrading or updating. You can use the --noop option with the foreman-installer script to test for changes.
Upgrade Foreman server
  1. Create a backup.

  2. Optional: If you made manual edits to DNS or DHCP configuration in the /etc/zones.conf or /etc/dhcp/dhcpd.conf files, back up the configuration files because the installer only supports one domain or subnet, and therefore restoring changes from these backups might be required.

  3. Optional: If you made manual edits to DNS or DHCP configuration files and do not want to overwrite the changes, enter the following command:

    # foreman-installer --foreman-proxy-dns-managed=false \
    --foreman-proxy-dhcp-managed=false
  4. Optional: If you use PostgreSQL as an external database, install the postgresql-evr package on the PostgreSQL server:

    # dnf install postgresql-evr
  5. In the Foreman web UI, navigate to Hosts > Discovered hosts. On the Discovered Hosts page, power off and then delete the discovered hosts. From the Select an Organization menu, select each organization in turn and repeat the process to power off and delete the discovered hosts. Make a note to reboot these hosts when the upgrade is complete.

  6. Check for running tasks

    # foreman-rake katello:upgrade_check
  7. Update operating system packages:

    # dnf update
  8. Update repositories

    # dnf update https://yum.theforeman.org/releases/3.5/el8/x86_64/foreman-release.rpm \
    https://yum.theforeman.org/katello/4.7/katello/el8/x86_64/katello-repos-latest.rpm
  9. Ensure the module streams are enabled:

    # dnf module enable katello:el8 pulpcore:el8
  10. Update the required packages:

    # dnf update
  11. Stop all services:

    # foreman-maintain service stop
  12. Run the installer:

    # foreman-installer
  13. Determine if the system needs a reboot:

    # dnf needs-restarting --reboothint
  14. Optional: If the previous command told you to reboot, then reboot the system:

    # reboot

2.2. Upgrading Smart Proxy Servers

This section describes how to upgrade Smart Proxy servers from 3.4 to 3.5.

Before You Begin
  • You must upgrade Foreman server before you can upgrade any Smart Proxy servers. Note that you can upgrade Smart Proxies separately from Foreman. For more information, see Upgrading Smart Proxies Separately from Foreman.

  • If you use Content Views to control updates to the base operating system of Smart Proxy server, update those Content Views with new repositories, publish, and promote their updated versions. For more information, see Managing Content Views in Managing Content.

  • Ensure the Smart Proxy’s base system is registered to the newly upgraded Foreman server.

  • Ensure the Smart Proxy has the correct organization and location settings in the newly upgraded Foreman server.

  • Review and update your firewall configuration prior to upgrading your Smart Proxy server. For more information, see Preparing Your Environment for Smart Proxy Installation in Installing an External Smart Proxy Server 3.5.

Warning

If you implemented custom certificates, you must retain the content of both the /root/ssl-build directory and the directory in which you created any source files associated with your custom certificates.

Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.

Upgrading Smart Proxy Servers
  1. Create a backup.

  2. Update repositories

    # dnf update https://yum.theforeman.org/releases/3.5/el8/x86_64/foreman-release.rpm \
    https://yum.theforeman.org/katello/4.7/katello/el8/x86_64/katello-repos-latest.rpm
  3. Ensure the module streams are enabled:

    # dnf module enable katello:el8 pulpcore:el8
  4. Update the required packages:

    # dnf update
  5. Run the installer:

    # foreman-installer
  6. Determine if the system needs a reboot:

    # dnf needs-restarting --reboothint
  7. Optional: If the previous command told you to reboot, then reboot the system:

    # reboot
  8. Optional: If you made manual edits to DNS or DHCP configuration files, check and restore any changes required to the DNS and DHCP configuration files using the backups made earlier.

2.3. Upgrading Content Hosts

The https://yum.theforeman.org/client/3.5/ repository provides katello-agent and katello-host-tools, which provide communication services for managing Errata.

Note
The Katello agent is deprecated and will be removed in a future Foreman version. Migrate your workloads to use the remote execution feature to update clients remotely. For more information, see Migrating from Katello Agent to Remote Execution in Managing Hosts. Foreman now supports a pull-based provider as a replacement for the Katello agent.

For deployments using katello-agent and goferd, update all clients to the new version of katello-agent. For deployments not using katello-agent and goferd, update all clients to the new version of katello-host-tools. Complete this action as soon as possible so that your clients are fully compatible with Foreman server.

Prerequisites
  • You must have upgraded Foreman server.

  • You must have enabled the new https://yum.theforeman.org/client/3.5/ repositories on the Foreman.

  • You must have synchronized the new repositories in the Foreman.

  • If you have not previously installed katello-agent on your clients and you want to install it, use the manual method. For more information, see CLI Procedure.

Warning

If you implemented custom certificates, you must retain the content of both the /root/ssl-build directory and the directory in which you created any source files associated with your custom certificates.

Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.

CLI Procedure
  1. Log into the client system.

  2. Enable the https://yum.theforeman.org/client/3.5/ repository for this version of Foreman.

    # yum install https://yum.theforeman.org/client/3.5/el7/x86_64/foreman-client-release.rpm
  3. Depending on your configuration, complete one of the following steps:

    • If your deployment uses katello-agent and goferd, enter the following command to install or upgrade katello-agent:

      # yum install katello-agent
    • If your deployment does not use katello-agent and goferd, enter the following command to install or upgrade katello-host-tools:

      # yum install katello-host-tools

2.4. Upgrading the External Database

You can upgrade an external database from Enterprise Linux 7 to Enterprise Linux 8 while upgrading Foreman from 3.4 to 3.5.

Prerequisites
  • Create a new Enterprise Linux 8 based host for PostgreSQL server that follows the external database on Enterprise Linux 8 documentation. For more information, see Using External Databases with Foreman.

Procedure
  1. Create a backup.

  2. Restore the backup on the new server.

  3. If Foreman reaches the new database server via the old name, no further changes are required. Otherwise reconfigure Foreman to use the new name:

    # foreman-installer \
    --foreman-db-host newpostgres.example.com \
    --katello-candlepin-db-host newpostgres.example.com \
    --foreman-proxy-content-pulpcore-postgresql-host newpostgres.example.com