orcharhino ask me anything Workshop on 23.03.2021

The orcharhino ask me anything workshop is a platform where orcharhino consultants, developers, and the support team answer questions that they are repeatedly asked by orcharhino users in their daily work.

Participants from ATIX were Jan Bundesmann (IT consultant), Maximilian Kolb (technical content creator), Markus Bucher (software developer) and Richard Stempfl (support team). They answered the following questions:

1. Will you also support CentOS 8 forks like AlmaLinux or RockyLinux?

Maximilian Kolb: “The background to this question is that CentOS 8 will be deprecated at the end of 2021; CentOS 8 Stream is not a downstream product of RHEL and therefore not as stable.

Both Alma Linux and RockyLinux look promising as an alternative to CentOS 8. We are looking into both projects and will support one or both for managed hosts once they’ve stabilized. There’s currently an installable RC for Alma Linux which we have already successfully deployed internally via orcharhino.

So yes, we want to support one or both for managed hosts if & when they’re stable. The host OS for orcharhino itself will most likely not include CentOS 8. Since upgrading the orcharhino base system to EL8 is still some way off on the roadmap, there are not yet any final decisions on how this will be handled in detail.”

2. What’s on the 2021/2022 roadmap?

Jan Bundesmann: “We aim at four more releases this year (plus/minus one).

This summer, we will focus on including Foreman 2.3 (with Katello in version 3.18) while maintaining Pulp at version 2. In that period, you will see some upgrades concerning Application Centric Deployment.

Alternatives for CentOS are another topic: how to include Alma Linux and RockyLinux? Which changes have to be done to templates? Do we provide new clients? With orcharhino 6.0, we will migrate to Pulp 3. At that point, we will upgrade Foreman to version 2.5 and Katello to version 4.1.

orcharhino 6.0 will focus on the Pulp 2 to 3 migration itself (as well as the upstream features that will be naturally included by the Foreman and Katello updates). Subsequent orcharhino releases can then focus on new features that are currently blocked by Pulp 2. Examples include:

    1. Debian/Ubuntu installations from synced content.
    2. Advanced filtering options (by version/with dependency resolution) for Debian and Ubuntu.

At some point, we will include the foreman_webhooks that replace the foreman_hooks. We will publish first releases that work on EL8 next year.”

3. How do I get errata for CentOS 7 if I don’t get the repositories from ATIX? Can I run an errata service locally like for Debian?

Jan Bundesmann: “Providing CentOS 7 repositories containing errata is a service we offer to our customers. Due to the nature of the errata extraction and inclusion in the repository, users cannot install such a service on premises.”

4. Are there plans to make Debian repositories in Katello directly usable for PXE/iPXE installations?

Markus Bucher: “The background to this question is that it’s currently possible to install CentOS, OL, and RHEL directly from synced content. At the moment, this is not available for Debian, since Pulp 2 (and by extension Katello) is not capable of synchronizing Debian installer files. We think this is a useful feature for Debian offline installations. The Debian plugin for Pulp 3 includes a working proof of concept for synchronizing installer files now. Adding this functionality to Katello will become our main focus once the transition to Pulp 3 (coming with Katello 4.1) is complete.

Timeframe: One of the follow-up releases of orcharhino 6.0 which is scheduled for the end of 2021.”

5. Is it possible to control Bare Metal hardware via orcharhino (IPMI/BMC or the like)?

Jan Bundesmann: “There is a proxy-function called “BMC” for that purpose. Once installed, you can store the IP of the server’s management interface and gain control over the power management of your servers through the orcharhino management UI. If you need more complex functions, you can implement them as hooks but be aware that it is highly recommended to be prepared for a future migration to Foreman webhooks.”

6. How can I customize templates and what do I need to be aware of?

Richard Stempfl:orcharhino includes different types of templates, for provisioning, reports, jobs, and quite a few more.
In the common use of orcharhino, it’s not necessary to adjust the templates, but if the templates need to be adjusted, the following should be noted:
First of all, the locked templates should never be unlocked, otherwise, they will not be updated.
To use a template as a sample for a new template, you can clone the templates on the templates overview page and will then be redirected to the edit page where you can adjust your template to your needs.
For provisioning templates on the edit site, there is also a tab with documentation for syntax and some variables. 
For provisioning and partitioning templates, the cloned templates must be assigned to the appropriate operating system and assign to the operating system itself.
The cloned templates are not included in the update process and are not provided with updates and continuous improvements. You must then implement these improvements yourself in your custom templates.”

7. What is the difference between installation media and synced content? Why are they differentiated?

Jan Bundesmann: “Context to this question is that during the installation of a new host with orcharhino, you can choose the medium in the operating system tab. Available options are “Synced content” and “All media”. Depending on the choice, you have different options in the subsequent dropdown menu “Media”. With “All media” you can decide for one of the “Installation media” you have assigned to your operating system. It is just a reference to an online installation medium. orcharhino extracts kernel and initial ramdisk image from there and puts them in its tftp-directory or on a boot disk for the host. Most distributions ship kernel and initrd with their repos.

From now on the question is, why not take these files directly, when we synced them earlier. This is an additional function implemented in Katello, basically a foreman plugin, while the installation media belong to foreman itself. That’s the reason why those types of installation media are differentiated in the orcharhino management UI.

Note: You can only choose from synced content, if your host is attached to a content source and a content view containing repos that provide the relevant files.”

8. How can I maintain hosts on a minor release of the operating system, for example RHEL 7.8 rather than upgrading to RHEL 7.9?

Richard Stempfl: “To keep a RHEL host on a specific version it is necessary to have the relevant repositories on orcharhino. As soon as these repositories are available on orcharhino they can be published in a content view.
It is also possible to have all versions in one content view, we will split them in the next step. Now we create an activation key for a version. Now you can do this for every version you like to run. With this activation key, the host gets only the operating system version you’ve set. Please note if another version is available in the content view, it is possible to change the version on the host via the subscription-manager. Changing the version is also possible afterward on the content host page. If you never want to change the version, you can also create a content view which contains only one version to avoid mistakes. If you like to stay on a minor version, it is advisable to use the ExtendedUpdateSupport repository to get updates.” 

9. Is there a plan to group SLES repos in the “Products” overview?

Maximilian Kolb: “Regarding the Content > Products page: There is no relation between repository type like yum and deb and the operating system; i.e., both EL and SLES use type yum. There’s no way to distinguish between product usage in regard to OS. Katello does not know which products correspond to which operating system. A possible workaround is to rename products by hand and use filter bars.

Regarding the SCC Manager page: Creating subcategories for something like SLES, openSUSE, and CAAS is not feasible due to the SUSE naming scheme.”

10. Will it be possible soon to also synchronize SLES repos “on_demand” instead of “immediate”?

Maximilian Kolb: “Setting the download policy for SLES repositories to ‘on_demand’ is currently not working. This will be a feature of orcharhino 6.0.”

11. We manage about 3300 servers through our orcharhino with multiple orcharhino proxies. What is the best practice to update many hosts in a small time frame?

Jan Bundesmann: “This is a clear “It depends”. I assume the problem is how to distribute the load both over the smart proxies and the time – within an overall short time frame. I collected some generic hints: Make sure that you group your managed hosts in a way that you can address the groups separately (host groups, locations, etc.). Distribute the content and the hosts over your orcharhino proxies in a way that upgrades do not query the same repository host. You probably use remote execution to trigger the package upgrades. Consider using ansible-runner that works through the hosts in batches of 100. Perform regular upgrade to keep the overall volume small.“

The presentation is available for download here.