Foreman is an open source tool that helps you to provision, configure, manage and monitor the servers. With the help of configuration management tools such as Puppet, Chef, Salt, and Foreman’s smart proxy architecture, you can easily automate repetitive tasks, quickly deploy applications, and proactively manage change.
Foreman provides comprehensive, interaction facilities including a web frontend, CLI and RESTful API which enables you to do the above tasks, supports both on-premise with VMs and bare-metal or in the cloud.
- Discover, provision and upgrade your entire bare-metal infrastructure
- Create and manage instances across private and public clouds
- Group your hosts and manage them in bulk, regardless of location
- Review historical changes for auditing or troubleshooting
- Extend as needed via a robust plugin architecture
- Automatically build images (on each platform) per system definition to optimize deployment
Foreman can be installed on following operating systems,
- RHEL / CentOS / Fedora / Oracle Linux
- Ubuntu / Debian
- Solaris 8, 10
- OpenSUSE / SLES
It can provision systems on bare metal (physical) as well as the following cloud providers,
- Amazon EC2
- Google Compute Engine
- oVirt and RHEV
With Foreman, we can manage 10s to 10,000s of physical or virtual servers via a web browser.
Before installing Foreman, make sure you have setup a FQDN for your server.
Note: You should do this on both CentOS and Ubuntu.
Make an entry, like this.
192.168.12.10 server.itzgeek.local server
Also, do not forget to setup the valid hostname for the above host entry.
Enter your machine hostname, like below.
Install Foreman on CentOS 7 / RHEL 7:
Foreman can be installed in different methods. The recommended way is with the puppet based Foreman Installer but you may also use your distribution’s package manager or install directly from source.
The Foreman installer is a collection of Puppet modules that installs everything required for a full working Foreman setup. It uses native OS packaging (e.g. RPM and .deb packages) and adds necessary configuration for the complete installation.
The Foreman installer will install the necessary components such as the Foreman web UI, Smart Proxy, Passenger (for the puppet master and Foreman itself), and optionally TFTP, DNS and DHCP servers.
Configure EPEL, Puppet and Foreman repositories.
### CentOS 7 / RHEL7 ### rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm rpm -ivh http://yum.theforeman.org/releases/1.9/el7/x86_64/foreman-release.rpm ### Enable the RHEL Optional and RHSCL repos on RHEL 7 ### yum-config-manager --enable rhel-7-server-optional-rpms rhel-server-rhscl-7-rpms
Run the following command to download Foreman installer.
yum -y install foreman-installer
Now, run the Foreman installer to start installing Foreman.
The installation run is non-interactive, but the configuration can be customized by supplying any of the options listed in foreman-installer –help, or by running foreman-installer -i for interactive mode.
Once the installation is completed, you will see an output like below where you would find the initial username and password to access the Foreman.
Success! * Foreman is running at https://server.itzgeek.local Initial credentials are admin / M7RP5J3cffycuJtV * Foreman Proxy is running at https://server.itzgeek.local:8443 * Puppetmaster is running at port 8140 The full log is at /var/log/foreman-installer/foreman-installer.log
The following ports are used by the components of Foreman, needs to be allowed in IP tables (FirewallD) / Hardware Firewall.
|53||TCP & UDP||DNS Server|
|67, 68||UDP||DHCP Server|
|69||UDP||* TFTP Server|
|80, 443||TCP||* HTTP & HTTPS access to Foreman web UI – using Apache + Passenger|
|3000||TCP||HTTP access to Foreman web UI – using standalone WEBrick service|
|3306||TCP||Separate MySQL database|
|5910 – 5930||TCP||Server VNC Consoles|
|5432||TCP||Separate PostgreSQL database|
|8140||TCP||* Puppet Master|
|8443||TCP||Smart Proxy, open only to Foreman|
Run following commands to allow above ports in FirewallD.
firewall-cmd --permanent --add-port=53/tcp firewall-cmd --permanent --add-port=67-69/udp firewall-cmd --permanent --add-port=80/tcp firewall-cmd --permanent --add-port=443/tcp firewall-cmd --permanent --add-port=3000/tcp firewall-cmd --permanent --add-port=3306/tcp firewall-cmd --permanent --add-port=5910-5930/tcp firewall-cmd --permanent --add-port=5432/tcp firewall-cmd --permanent --add-port=8140/tcp firewall-cmd --permanent --add-port=8443/tcp firewall-cmd --reload
Please skip to Configuring Foreman.
Install Foreman on Ubuntu 14.04:
Make sure you have setup a FQDN mentioned in prerequisites. Now, we will install Foreman on Ubuntu.
Setup a puppet repository,
apt-get -y install ca-certificates wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb dpkg -i puppetlabs-release-trusty.deb
Enable the Foreman repo.
echo "deb http://deb.theforeman.org/ trusty 1.9" > /etc/apt/sources.list.d/foreman.list echo "deb http://deb.theforeman.org/ plugins 1.9" >> /etc/apt/sources.list.d/foreman.list wget -q http://deb.theforeman.org/pubkey.gpg -O- | apt-key add -
Download the Foreman installer.
apt-get update && apt-get -y install foreman-installer
Run the Foreman installer.
Once the installation is completed, you will see an output like below,
Success! * Foreman is running at https://ubuntu.itzgeek.local Initial credentials are admin / xGPmeMyAEmwx7J3T * Foreman Proxy is running at https://ubuntu.itzgeek.local:8443 * Puppetmaster is running at port 8140 The full log is at /var/log/foreman-installer/foreman-installer.log
Note down intial username and password, you need this for accessing Foreman’s dashboard.
Configure Foreman (Optional):
If your Foreman host is not visible in Hosts –> All Hosts tab, you should run below command which will send the first Puppet report to Foreman, automatically creating the host in Foreman’s database.
puppet agent --test Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for server.itzgeek.local Info: Applying configuration version '1445821177' Notice: Finished catalog run in 0.56 seconds
Puppet 3+ will show a warning the first time that the node can’t be found, this can be ignored.
Access Foreman Web Console:
Open up your favourite web browser, navigate to https://your-ip-address or https://FQDN
You should get login page, enter your Foreman credentials.
Once you logged in, you will get an overview page. Like below.
To list down the available hosts, goto Hosts –> All Hosts from Menu. Since we do not have any puppet clients, All Hosts tab would only list your Foreman host, with an “O” status. This indicates its status is OK, with no changes made on the last Puppet run. If your Foreman host is not shown here, check out configuring Foreman.
It is recommended to change the password of Admin user for security reasons. To do that, click UserName (Top right) –> My Account, you would end up with an option to change a password.
Download and Install NTP module:
One of the more important requirement of puppet is to have an accurate time-keeping, to do this, we will install Puppet NTP module for managing the NTP service.
If you have Puppet 2.7.14 or higher, install the module automatically from Puppet Forge to our “production” environment (the default).
Use following command to install NTP module on Foreman (Puppet master) host.
[[email protected] ~]# puppet module install -i /etc/puppet/environments/production/modules saz/ntp Notice: Preparing to install into /etc/puppet/environments/production/modules ... Notice: Downloading from https://forgeapi.puppetlabs.com ... Notice: Installing -- do not interrupt ... /etc/puppet/environments/production/modules └── saz-ntp (v2.3.2)
In Foreman’s web console, go to Configure > Puppet Classes and click Import from hostname (server.itzgeek.local) to read the available Puppet classes from the puppet master and populate Foreman’s database.
Select the NTP module and click the update button.
After clicking the update button, you will see something like below. The “ntp” class will appear in the Puppet class list if installed correctly. Click on NTP class on the left.
Now, Click the Smart Class Parameter and then select server list on the left side. Tick the Override checkbox so Foreman manages the “server list” parameter of the class, then click Submit.
Note: Change the default value if you want to use your own NTP servers.
Go to Hosts –> All Hosts, edit the Foreman host.
Go to Puppet Classes tab and expand the ntp module and click the + icon to add the ntp class to the host, then click submit.
This time, it will take you automatically to the host details page. Click on YAML, it will show the ntp class and the server list parameter, as passed to Puppet via the ENC (external node classifier) interface.
At last, run the following command on the Foreman host to see the NTP service automatically reconfigured by Puppet and the NTP module.
puppet agent --test
Verify the installation of NTP module by going to Hosts –> All Hosts –> Select Foreman Host –> Reports –> Select latest report.
That’s All. Puppet master is now ready to accept agents / nodes. It’s time to add some new hosts to Foreman. Stay tuned.