1. Preparing for Foreman upgrade
Review the following prerequisites and available upgrade paths before upgrading your current Foreman installation to Foreman nightly.
1.1. Upgrade path overview
You can upgrade from Foreman 3.15 to Foreman nightly. The upgrade process includes the following high-level steps:
-
Upgrading your Foreman server to nightly.
-
Upgrading your Smart Proxy servers to nightly.
You can upgrade your Smart Proxies separately over multiple maintenance windows because versions 3.15 and 3.14 remain compatible with your upgraded Foreman server nightly. Upgrading Smart Proxies separately can be useful in the following situations:
-
If you want to have several smaller outage windows instead of one larger window.
-
If Smart Proxies in your organization are managed by several teams and are located in different locations.
Smart Proxies at version 3.15 and 3.14 retain all of their previous functionality. New functionality added in the nightly release is available only after you upgrade your Smart Proxies to nightly.
1.2. Planning Foreman upgrade
Upgrading to Foreman nightly affects your entire Foreman infrastructure. Plan carefully before proceeding.
-
Read the Foreman nightly Release notes.
-
Consider whether any of your integrations need updating. Some Foreman API endpoints, Hammer CLI commands, and modules from the Foreman Ansible Collection can differ between versions of Foreman.
Foreman services are shut down during the upgrade. Ensure to plan for the required downtime. The upgrade process duration varies depending on your hardware configuration, network speed, and the amount of data that is stored on the server:
-
On average installations, upgrading Foreman server takes up to 30 minutes and upgrading a single Smart Proxy server takes up to 10 minutes.
-
On very large installations, upgrading Foreman server can take up to 1 – 2 hours and upgrading a single Smart Proxy server can take up to 15 – 30 minutes.
1.3. Following the progress of the upgrade
Because of the lengthy upgrade time, use a utility such as tmux
to suspend and reattach a communication session.
You can then check the upgrade progress without staying connected to the command shell continuously.
If you lose connection to the command shell where the upgrade command is running, you can see the logs in /var/log/foreman-installer/foreman.log
to check if the process completed successfully.
-
tmux(1)
man page on your system
2. Upgrading Foreman
Upgrading Foreman includes upgrading your Foreman server and upgrading Smart Proxy servers.
2.1. Upgrading a connected Foreman server
Use this procedure for a Foreman server with access to the public internet
Warning
|
If you customize configuration files, manually or using a tool such as Hiera, these changes are overwritten when the maintenance script runs during upgrading or updating.
You can use the --noop option with the foreman-installer to test for changes.
|
-
If you have edited any of the default templates, back up the files either by cloning or exporting them.
-
To confirm if a template has been edited, view its History before you upgrade. Alternatively, view the changes in the audit log after you upgrade. In the Foreman web UI, navigate to Monitor > Audits and search for the template to see a record of changes made.
-
The recommended template backup method is cloning. Cloning prevents templates from being overwritten in future updates or upgrades.
-
If you use the export backup method, restore your changes by comparing the exported template and the default template, and then manually apply your changes.
-
-
Stop all Foreman services:
# foreman-maintain service stop
-
Take a snapshot or create a backup:
-
On a virtual machine, take a snapshot.
-
On a physical machine, create a backup.
-
-
Start all Foreman services:
# foreman-maintain service start
-
Optional: If you made manual edits to DNS or DHCP configuration in the
/etc/zones.conf
or/etc/dhcp/dhcpd.conf
files, back up the configuration files because the installer only supports one domain or subnet, and therefore restoring changes from these backups might be required. -
Optional: If you made manual edits to DNS or DHCP configuration files and do not want to overwrite the changes, enter the following command:
# foreman-installer \ --foreman-proxy-dhcp-managed=false \ --foreman-proxy-dns-managed=false
-
In the Foreman web UI, navigate to Hosts > Discovered hosts. On the Discovered Hosts page, power off and then delete the discovered hosts. From the Select an Organization menu, select each organization in turn and repeat the process to power off and delete the discovered hosts. Make a note to reboot these hosts when the upgrade is complete.
-
Stop all Foreman services:
# foreman-maintain service stop
-
Update repositories in
/etc/apt/sources.list.d/foreman.list
to consume content for Foreman nightly:deb http://deb.theforeman.org/ My_Distribution_Code_Name nightly deb http://deb.theforeman.org/ plugins nightly
Replace My_Distribution_Code_Name with the proper distribution code name based on the operating system of your Foreman server:
-
bookworm
for Debian 12 -
jammy
for Ubuntu 22.04
-
-
Update to Foreman nightly:
# apt-get update # apt-get upgrade
-
Run
foreman-installer
:# foreman-installer
-
Determine if the system needs a reboot:
$ ls /run/reboot-required
-
If the
/run/reboot-required
file exists, reboot the system:# reboot
2.2. Performing post-upgrade tasks
-
Optional: If the default provisioning templates have been changed during the upgrade, recreate any templates cloned from the default templates. If the custom code is executed before and/or after the provisioning process, use custom provisioning snippets to avoid recreating cloned templates. For more information about configuring custom provisioning snippets, see Creating Custom Provisioning Snippets in Provisioning hosts.
Appendix A: Troubleshooting permission issues
Foreman upgrades perform pre-upgrade checks. If the pre-upgrade check discovers permission issues, it fails with an error similar to the following one:
2024-01-29T20:50:09 [W|app|] Could not create role 'Ansible Roles Manager': ERF73-0602 [Foreman::PermissionMissingException]: some permissions were not found:
If you see an error like this on your Foreman server, identify and remedy the permission issues.
-
On your Foreman server, identify permission issues:
# foreman-maintain health check --label duplicate_permissions
-
Fix permission issues:
# foreman-rake db:seed
-
Rerun the check to ensure no permission issues remain:
# foreman-maintain health check --label duplicate_permissions