Migrating the Uyuni Server to a Containerized Environment

To migrate a Uyuni 4.3 Server to a container, a new machine is required.

An in-place migration from Uyuni 4.3 to 5.0 will remain unsupported because of the change of the underlying operating system from SUSE Linux Enterprise Server 15 SP4 to SLE Micro 5.5.

The traditional contact protocol is no longer supported in Uyuni 5.0 and later. Before migrating from Uyuni 4.3 to 2024.08, any existing traditional clients including the traditional proxies must be migrated to Salt.

For more information about migrating traditional Uyuni 4.3 clients to Salt clients, see https://documentation.suse.com/suma/4.3/en/suse-manager/client-configuration/contact-methods-migrate-traditional.html.

Self trusted GPG keys are not migrated. GPG keys that are trusted in the RPM database only are not migrated. Thus synchronizing channels with spacewalk-repo-sync can fail.

The administrator must migrate these keys manually from the 4.3 installation to the container host after the actual server migration.

  1. Copy the keys from the 4.3 server to the container host of the new server.

  2. Later, add each key to the migrated server with the command mgradm gpg add <PATH_TO_KEY_FILE>.

The current migration procedure does not include functionality for renaming hostnames. As a result, the fully qualified domain name (FQDN) of the new server will remain the same as that of the old server. Additionally, the IP address must remain unchanged to ensure that the clients can contact the server. After the migration, it will be necessary to manually update the DHCP and DNS records to point to the new server.

1. Initial Preparation on the Old 4.3 Server

Procedure: Initial preparation on the 4.3 server

  1. Stop the Uyuni services:

    spacewalk-service stop

  2. Stop the PostgreSQL service:

    systemctl stop postgresql

2. Prepare the SSH Connection

Procedure: Preparing the SSH connection

  1. Ensure that for root an SSH key exists on the new 2024.08 server. If a key does not exist, create it with:

    ssh-keygen -t rsa

  2. The SSH configuration and agent should be ready on the new server for a passwordless connection to the 4.3 server.

    To establish a passwordless connection, the migration script relies on an SSH agent running on the new server. If the agent is not active yet, initiate it by running eval $(ssh-agent). Then add the SSH key to the running agent with ssh-add followed by the path to the private key. You will be prompted to enter the password for the private key during this process.

  3. Copy the public SSH key to the Uyuni 4.3 Server (<oldserver.fqdn>) with ssh-copy-id. Replace <oldserver.fqdn> with the FQDN of the 4.3 server:

    ssh-copy-id <old server.fqdn>
    The SSH key will be copied into the old server's [path]``~/.ssh/authorized_keys`` file.
For more information, see the [literal]``ssh-copy-id`` manpage.

  4. Establish an SSH connection from the new server to the old Uyuni Server to check that no password is needed. Also there must not by any problem with the host fingerprint. In case of trouble, remove old fingerprints from the ~/.ssh/known_hosts file. Then try again. The fingerprint will be stored in the local ~/.ssh/known_hosts file.

3. Perform the Migration

When planning your migration from Uyuni 4.3 to Uyuni 5.0, ensure that your target instance meets or exceeds the specifications of the old setup. This includes, but is not limited to, Memory (RAM), CPU Cores, Storage, and Network Bandwidth.
Procedure: Performing the Migration

  1. This step is optional. If custom persistent storage is required for your infrastructure, use the mgr-storage-server tool.

    • For more information, see mgr-storage-server --help. This tool simplifies creating the container storage and database volumes.

    • Use the command in the following manner:

      mgr-storage-server <storage-disk-device> [<database-disk-device>]

      For example:

      mgr-storage-server /dev/nvme1n1 /dev/nvme2n1

      This command will create the persistent storage volumes at /var/lib/containers/storage/volumes.

      For more information, see List of persistent storage volumes.

  2. Execute the following command to install a new Uyuni server. Replace <oldserver.fqdn> with the FQDN of the 4.3 server:

    mgradm migrate podman <oldserver.fqdn>

  3. Migrate trusted SSL CA certificates.

Trusted SSL CA certificates that were installed as part of an RPM and stored on Uyuni 4.3 in the /usr/share/pki/trust/anchors/ directory will not be migrated. Because SUSE does not install RPM packages in the container, the administrator must migrate these certificate files manually from the 4.3 installation after migration:

  1. Copy the file from the 4.3 server to the new server. For example, as /local/ca.file.

  2. Copy the file into the container with:

    mgradm cp /local/ca.file server:/etc/pki/trust/anchors/

After successfully running the mgradm migrate command, the Salt setup on all clients will still point to the old 4.3 server.

To redirect them to the 2024.08 server, it is required to rename the new server at the infrastructure level (DHCP and DNS) to use the same Fully Qualified Domain Name and IP address as 4.3 server.