How to install Foreman with Puppet 4 and helpful documentation
This is my first blog post and I would like to introduce a brand new topic “DevOps” on Jexia and would like to tell you a bit about Foreman. This how to blog is going to help you get comfortable with this test environment where you can learn how Foreman works and how to install it.

Today’s post is divided into four segments:
- Introduction what is Foreman and why I picked Foreman.
- How to install Foreman on Centos 7 (Redhat) with PuppetMaster (Puppet Version 4.8+).
- Most common Errors and Failures you can get in Foreman 1.15.0.
- Vagrant Version of Foreman written in Ansible.
1. Introduction
Before I guide you through the installation process, let’s talk a bit about what Foreman actually is. This will give you an “inside view” of why I picked Foreman and not some other open-source tool with similar functionality.
Yes, you can find a few other open source automation/management tools you can use. And I could spend time reviewing each one… but fortunately, I can just refer you to an already excellent post on the subject. All of today’s most popular automation/management tools (that are also open source) are conveniently reviewed here.
Any of them can be a good choice depending on your needs, but Foreman does have some key advantages you may enjoy. Foreman is the onlyone to have Puppet specific support like Puppet Master and PuppetDB as well as Ansible, Chef and Salt. It also easily integrates with today’s most popular cloud platforms such as Openstack, Ovirt and VMware. Combine that with an awesome API, great documentation and IRC support — and you can easily understand why this tool was my first pick.
Okay, so what is Foreman? This is how Foreman describes themselves: “Foreman is a complete lifecycle management tool for physical and virtual servers. We give system administrators the power to easily automate repetitive tasks, quickly deploy applications, and proactively manage servers, on- premise or in the cloud.”
In this tutorial, we are going to be using this tool as a Puppet Server (Master) to deploy new VM’s using cloud platform such as Openstack and Ovirt. We are also explore another use case of Foreman, which assigning Puppet Classes to VM. We will make that happen by creating a simple Bash script in Jenkins, which will send API calls to Foreman. This allows you to configure your VM and assign Puppet classes to it.
It seems we have some work ahead of us. Okay, so let’s start.
2. How to Install Foreman on Centos 7
Prerequisites:
NB! For the purposes of this tutorial, we’re going to use a VM with a clean install of CentOS 7. The IP address is 192.168.33.10, and the hostname is foreman.jexia.com. Of course, if you’re following along and using Foreman on your own system, you must use your own IP and hostname.
Before installing Foreman, make sure you have setup a FQDN for your server:
vi /etc/hostsCreate an entry like this:
192.168.33.10 foreman.jexia.com foremanOf course, remember to use your own IP address and hostname:
vi /etc/hostnameEnter your machine hostname, like below:
foreman.jexia.comor just use the hostnamectl command in Centos 7:
hostnamectl set-hostname foreman.jexia.comInstall Foreman on CentOS 7 / RHEL 7:
Foreman can be installed in a variety of ways. It’s recommended though, that you use your distribution’s package manager to do so.
The Foreman installer is a collection of Puppet modules that install everything required for a fully working Foreman setup. It uses native OS packaging (e.g. RPM and .deb packages) and applies the necessary configuration to make the installation complete.
The Foreman installer will install the necessary components such as the Foreman Web UI, Smart Proxy, Passenger (for the Puppet Master and Foreman itself), and optionally — TFTP, DNS and DHCP servers.
Next, you should configure the EPEL, Puppet 4 and Foreman repositories.
EPEL:
yum install epel-release -yPuppet 4:
yum install http://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm -yForeman 1.15.0
yum install -y http://yum.theforeman.org/releases/1.15/el7/x86_64/foreman-release.rpmThen, enable the RHEL Optional and RHSCL repos on RHEL 7
yum-config-manager --enable rhel-7-server-optional-rpms rhel-server-rhscl-7-rpmRun the following command to download Foreman installer:
yum -y install foreman-installerTo see the commands, that are available to you, you can use this command:
foreman-installer --helpNow, run the Foreman installer to start the installation process:
foreman-installerKeep in mind the installation process may take up to 30 minutes. Once the installation is completed, you will see a similar output like the one below where you will find the initial username and password you can use to access Foreman.
Success!
* Foreman is running at https://foreman.jexia.com
Initial credentials are admin / M7RP5J3cffycuJtV
* Foreman Proxy is running at https://foreman.jexia.com:8443
* Puppetmaster is running at port 8140
The full log is at /var/log/foreman-installer/foreman-installer.logHere is also an example of a custom Foreman installation which you can use to customize your own:
foreman-installer --foreman-initial-location=Apeldoorn --foreman-initial-organization=Jexia --puppet-server=true --puppet-autosign-entries='*' \
--enable-foreman --enable-foreman-cli --enable-foreman-proxy --enable-puppet --enable-foreman-plugin-ansible --enable-foreman-plugin-bootdisk \
--enable-foreman-plugin-default-hostgroup --enable-foreman-plugin-docker --enable-foreman-plugin-expire-hosts --enable-foreman-plugin-hooks --enable-foreman-plugin-host-extra-validator\
--enable-foreman-plugin-memcache --enable-foreman-plugin-remote-execution --enable-foreman-plugin-setup --enable-foreman-plugin-tasks --enable-foreman-plugin-templates \
--enable-foreman-proxy-plugin-dynflow --enable-foreman-proxy-plugin-remote-execution-ssh --foreman-admin-email=info@jexia.com --foreman-admin-first-name=Jexia \
--foreman-admin-last-name=COM --foreman-admin-password=strongpassword --foreman-admin-username=admin --foreman-i
nitial-organization=Jexia --foreman-locations-enabled=true\
--foreman-oauth-consumer-key="mYkEy" --foreman-oauth-consumer-secret="mYkEy" --foreman-organizations-enabled=true --foreman-puppetrun=true --foreman-unattended=true \
--foreman-proxy-oauth-consumer-key="mYkEy" --foreman-proxy-oauth-consumer-secret="mYkEy" --foreman-proxy-oauth-effective-user=admin --foreman-proxy-plugin-version=latest \
--foreman-proxy-puppet=true --puppet-server-foreman=true --puppet-server-foreman-url=https://foreman.jexia.comFirewall Configuration
The following ports are used by Foreman components, so take that into account if you use Firewalld or a hardware firewall. These ports have to be made available to Foreman.

To make those ports available to Foreman in FirewallD, run this command:
firewall-cmd --permanent --add-port=80/tcp --add-port=443/tcp --add-port=3000/tcp --add-port=5910-5930/tcp --add-port=8140/tcp --add-port=8443/tcp
firewall-cmd --reloadNote! Firewalld also has the ability to add service https instead of port 443.
Optional! When you are using DNS, DHCP or TFTP in Foreman, your FirewallD configuration should look like this:
firewall-cmd --permanent --add-port=53/tcp --add-port=67-69/udp --add-port=80/tcp --add-port=443/tcp --add-port=3000/tcp\
--add-port=5910-5930/tcp --add-port=8140/tcp --add-port=8443/tcp
firewall-cmd --reloadConfigure Foreman (Optional)
If your Foreman host is not visible in Hosts –> All Hosts tab, you should run the command below, which will send the first Puppet report to Foreman, automatically creating the host in Foreman’s database.
puppet agent --testInfo: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for foreman.jexia.com
Info: Applying configuration version ‘1445821177’
Notice: Finished catalog run in 0.56 seconds
Access Foreman Web Console
Open up your favorite web browser, navigate to https://your-ip-address or https://FQDN
You should get a login page, where you can enter your Foreman credentials:
Once you are logged in, you will see an overview page:
To get a list of available hosts, go to Hosts –> All Hosts from the menu. Since we do not have any Puppet clients, the “All Hosts” tab would only list your Foreman hosts.
It is recommended to change the password for your Admin user for security reasons. To do that, click UserName (Top right) –> My Account, and you’ll be presented with the option to change your password.
Let’s Install some modules
An installation of Foreman makes no sense without puppet classes, since our main purpose is to install Foreman and use it as an automation tool.
That’s why we are going to install some puppet modules. One of the easy and common modules in puppet is the NTP module. To install it in your Foreman run in Foreman VM, run this:
[root@foreman ~]# puppet module install -i /etc/puppetlabs/code/environments/production/modules/ saz/ntp
Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules ...
Notice: Downloading from https://forgeapi.puppet.com ...
Notice: Installing -- do not interrupt ...
/etc/puppetlabs/code/environments/production/modules
└── saz-ntp (v2.5.0)In Foreman’s web console, go to Configure > Puppet Classes and click Import from hostname to read the available Puppet classes from the puppet master and populate Foreman’s database:
Select the NTP module and click the update button:
Go to Hosts –> All Hosts and edit the Foreman host:
Go to the Puppet Classes tab and expand the ntp module, then click the + icon to add the ntp class to the host, then click submit.
Lastly, run the following command on the Foreman host to see if the NTP service has been automatically reconfigured by Puppet and the NTP module.
puppet agent — testCongrats, now you’ve installed Foreman on Centos 7.
3. Common Errors and Failures you can see in Foreman 1.15.0.
SmartProxy
If you get a similar error in your log file, it means your registration of SmartProxy can’t be done or it`s failed. There are 2 ways to solve this.
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman2.domain]:Could not evaluate: Proxy foreman2.domain cannot be retrieved: unknown error (response 401)
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:7:in `proxy'
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:13:in `id'
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:17:in `exists?'
/usr/share/ruby/vendor_ruby/puppet/property/ensure.rb:81:in `retrieve`First Option:
You will need to disable registration adding below option to your foreman-installer.(--foreman-proxy-register-in-foreman=false) and then add the smart proxy manually via the UI or CLI.
Second Option:
hammer proxy create --name $HOSTNAME --url https://$HOSTNAME:8443hammer proxy refresh-features --name $HOSTNAME
Hammer is the Foreman CLI, and to be honest Hammer is great tool to debug a Foreman failure. Personally I advise you to make use of it.
Passenger
Error:
App 4480 stderr: --> passenger_native_support was compiled for Ruby API version 2.0.0, but you're currently running a Ruby interpreter with API version 2.2.0.
App 4480 stderr: Refusing to load existing passenger_native_support.
App 4480 stderr: --> No passenger_native_support.so found for current Ruby interpreter.
App 4480 stderr: This library provides various optimized routines that make
App 4480 stderr: Phusion Passenger faster. Please run 'sudo yum install passenger-devel-4.0.53'
App 4480 stderr: so that Phusion Passenger can compile one on the next run.
App 4480 stderr: --> Continuing without passenger_native_support.so.
App 4480 stderr: Log file /usr/share/foreman/log/production.log cannot be opened. Falling back to STDOUT
App 4480 stdout: WARN root : No appender set, logging to STDOUTThis is pointing to a wrong Passenger package, which means you are using an unsupported passenger package.
Disable EPEL Passenger packages:
rpm -qa | grep passengermod_passenger-4.0.53-4.el7.x86_64
tfm-rubygem-passenger-4.0.18-9.10.el7.x86_64
passenger-4.0.53-4.el7.x86_64
tfm-rubygem-passenger-native-libs-4.0.18-9.10.el7.x86_64
tfm-rubygem-passenger-native-4.0.18-9.10.el7.x86_64
To make it work:
yum remove passenger-4.0.53-4.el7.x86_64 mod_passenger-4.0.53-4.el7.x86_64
Then in /etc/yum.repos.d/epel.repo in the [epel] section add exclude=passenger* mod_passenger*
Then reinstall passenger and mod_passenger (which then pulls from theforeman repo)
yum install passenger mod_passengerPuppetDB
Puppetdb-4.3 uses PostgreSQL-9.4 or higher, so make sure your Foreman server or your PostgreSQL server is at least at version 9.4 (currently testing has started on PostgreSQL 9.6 ).
echo ‘postgresql::globals::version: 9.6’ >> /etc/foreman-installer/custom-hiera.yaml
echo ‘postgresql::globals::manage_package_repo: true’ >> /etc/foreman-installer/custom-hiera.yamlImportant!!! PuppetDB Password is not included in Foreman 1.15 by default. If your PuppetDB has by default password value other than ‘puppetdb’ please fill it out in /etc/puppetlabs/puppetdb/conf.d/database.ini or database.ini file of your puppetdb PATH.
4. Vagrant Version of Foreman written in Ansible.
You can find the original Github Repository at https://github.com/jexia-com/vagrant-foreman-ansible .
Vagrant-Foreman-Ansible
To get started, perform a git clone. Make sure you have Vagrant installed,VirtualBox or LibVirt, and Ansible .
The repository will install for you Foreman 1.15.+ with PuppetMaster and PuppetDB 4.+ version.
Before you start, please make sure you have in /etc/hosts file 192.168.33.10 as foreman.jexia.com.
To run this do`
sudo echo ‘192.168.33.10 foreman.jexia.com’ >> /etc/hostsStart with Git Clone
git clone https://github.com/jexia-com/vagrant-foreman-ansible.git
cd vagrant-foreman-ansible
vagrant up — provider virtualbox
or
vagrant up — provider libvirtOnce Vagrant is done provisioning the VMs, run Vagrant status to confirm all instances are running:
Visit the web UI by browsing to https://foreman.jexia.com
If you want to add another VM to Foreman, please do:
cd pullfm
vagrant up — provider virtualbox
or
vagrant up — provider libvirtThis VM will automatically install Puppet and connect to Foreman.
If you want to login into Vagrant VM run:
vagrant sshWhen you’re done, you can shut down the cluster using:
vagrant destroy -fIf you liked this post please give it a “like” 💚 and share it to spread the knowledge.

