User Tools

Site Tools


Foreman Guide


The purpose of this guide is to walk through necessary steps to install Foreman within the context of OPNFV. To read the full user guide please visit

Install Foreman

Your provisioning server should have CentOS7 already installed (please use full install, not minimal). Before you install Foreman make sure you have some settings and packages:

Edit your yum.conf if your environment requires proxy:

vi /etc/yum.conf

Now add:


sudo yum update

sudo yum -y install bind-utils

sudo yum -y install bind

sudo yum -y install dhcp

sudo yum -y install tftp-server

Disable firewalld, selinux:

sudo systemctl stop firewalld

sudo systemctl disable firewalld

setenforce 0

edit SELINUX=permissive in /etc/selinux/config

Foreman requires your hostname and FQDN are set:

Edit the hostname and make the name of the host:

sudo vi /etc/hostname

and make it something like:


Also make an entry in /etc/hosts:

sudo vi /etc/hosts

And add both FQDN and hostname: foreman.localdomain foreman

In case the name changes have not taken place restart named service:

sudo systemctl restart systemd-hostnamed

Install puppet: sudo rpm –httpproxy=your_proxy_server –httpport=your_proxy_port -ivh

Now you are ready to move on and add the foreman repository:

sudo yum -y install epel-release

and get the foreman installer:

sudo yum -y install foreman-installer

Now run the installer with the right arguments for your setup:

sudo foreman-installer \\
   --enable-foreman-proxy \\
   --foreman-proxy-tftp=true \\
   --foreman-proxy-tftp-servername= \\
   --foreman-proxy-dhcp=true \\
   --foreman-proxy-dhcp-interface=eth2 \\
   --foreman-proxy-dhcp-gateway= \\
   --foreman-proxy-dhcp-range="" \\
   --foreman-proxy-dhcp-nameservers="" \\
   --foreman-proxy-dns=true \\
   --foreman-proxy-dns-interface=eth2 \\
   --foreman-proxy-dns-zone=localdomain \\ \\
   --foreman-proxy-dns-forwarders= \\
   --foreman-proxy-foreman-base-url=https://localhost \\
   --foreman-proxy-oauth-consumer-key=ag9QcrzYTZQVhsnuEb8zYVc6taL4jmXj \\

You should see the following

  * Foreman is running at https://foreman.localdomain
      Initial credentials are admin / N2cbeKHrMe9FNzdq
  * Foreman Proxy is running at https://foreman.localdomain:8443
  * Puppetmaster is running at port 8140
  The full log is at /var/log/foreman-installer/foreman-installer.log

Please notice the above message gives you the credentials to the Foreman GUI.

If you get a 401 Error, access the Foreman gui and go to Administer>Settings>Auth and copy the OAuth key and secrets and add them to the above foreman-installer command.

One thing that requires manual intervention is to go to Hosts→Installation Media and remove the minor version from the CentOS 7 entry as the minor version not only is not required but it also fail to access the http mirror for CentOS

Configuring and Using Foreman

Foreman is capable of building hosts (baremetal or virtual), applying Salt or Puppet modules to hosts, and serving as DHCP, TFTP, DNS servers. The following steps show what's necessary to setup Foreman for OPNFV purposes:

  1. Import puppet classes into Foreman to make Foreman aware of which to apply.
  2. Create HostGroups to manage host types (compute, network, control)
  3. Create/Configure Hosts.
  4. Optional: Setup Foreman to control hardware reboots, boot device, etc.

Using a Proxy?

If you are behind a firewall and need to use a proxy, then you need to add some extra global parameters in Foreman. Global paremeters are just global variables that Foreman will use along with make them available to puppet. See the Global Parameters section below for more info.

  • http-proxy -proxy ip address or host (ex: "")
  • http-proxy-port -proxy port to use (ex: "8080")
  • proxy_address -full proxy address (ex: "")

Once you add these global parameters, hosts will be kickstarted using that proxy address and repos required during puppet installation will also reference that proxy.

Adminstrator Settings

First make sure that your host is in a trusted puppet master, go to Administer in the top right → Settings and search for "trusted_puppetmaster_hosts". Then edit the value (keeping in mind it needs to be an array, so maintain the square brackets) with the foreman.localdomain value for your foreman server. To stop Foreman from modifying your configured network settings for each host, you should configure this setting. From the Foreman GUI, go to Administer in the top right → Settings → Provisioning Tab → ignore_puppet_facts_for_provisioning = true.

Kickstart Changes

The "Kickstart default" provisioning template will only bring up your first/management interface. For BGS we are using 3 separate networks (admin, public, private). For that reason we want the kickstart to bring up these interfaces and DHCP their addresses. To accomplish this we add the following ERB code to the kickstart template:

<% @host.interfaces.each do |interface| %>
<% if interface.identifier != "" %>
network --bootproto=dhcp --device=<%= interface.identifier %> --onboot=yes
<% end %>
<% end %>

As you can see from the above as long as the interface name is not null we configure it to be dhcp and onboot. Therefore we set the interface name of our BMC interface (we do not want Foreman to configure this) as null. See the "Using Foreman to Control Hardware" section below.

Using Puppet with Foreman

We need to have Foreman aware of the OPNFV classes. This section assumes you using Foreman to apply OPNFV puppet modules to your nodes and completed the Puppet modules install guide. These will invoke QuickStack and OpenStack puppet modules accordingly. Follow these steps:

  1. In Foreman go to Configure→Puppet classes
  2. Click Import from in top right.
  3. Foreman will prompt you asking which environments to import. Choose Add for all in production.
  4. Now go back to Configure→ Puppet classes and search for trystack. You should see trystack, trystack::compute, etc.

Global Parameters

Global parameters are variables that are used by Foreman as well as for the OPNFV puppet class. They can be found by going to Configure → Global Parameters. Please reference the variables listed in the puppet modules guide if you wish to use the OPNFV puppet module to deploy ODL + OpenStack.

Create HostGroups in Foreman

HostGroups are used to classify different types of hosts we want to provision. For OPNFV purposes we classify a node as compute or controller+networker. It is supported to create three separate nodes (compute, control, network) but for hte purposes of OPNFV we are consolodating controller+networker into one node. To configure HostGroups in Foreman:

  1. Configure → HostGroup
  2. Set "Name"=OpenStack Compute, Environment=production, Puppet CA/
  3. Puppet Classes tab → add trystack and trystack::compute
  4. Network tab→ select the management subnet you created
  5. Operating System tab → Operating System = CentOS7 you defined, Media = CentOS mirror, Partition table= Kickstart default
  6. Submit, repeat for trystack::controller_networker (control+network node).

Create Host in Foreman

Now that HostGroups are created you can create a host as a child of that HostGroup:

  1. Hosts →New Host
  2. Name= OSCompute1, select HostGroup you created, Environment=production
  3. Network tab → Set the MAC address for the NIC attached to the management network. Set the IP it should use.
  4. Operating System tab → Select OS, enable Build Mode, etc.
  5. Submit and now your host will show up.
  6. You can now click on your host and click Build (B). On the servers next pxe boot it will build off of foreman using kickstart default. Interested in using Foreman to control your hardware? See below.

Host Global Parameter Overriding

This section is applicable if using Global Parameters. It goes over what variable needs to be overriden if using the OPNFV puppet modules.

If using the same server hardware or VMs throughout your environment then you can get away with just setting the private interface name as the global value for ovs_tunnel_if (since they will all be the same name). However if you use different model servers or different NIC interfaces you need to override this parameter per host. To do this in Foreman Web GUI:

Go to your Host→Edit Click Parameters and find ovs_tunnel_if Click override, and enter the name of the private subnet interface for this host. Do this for all hosts that will run OVS (network and compute nodes).

Using Foreman to Control Hardware

If you are interested in allowing Foreman to control power, setting PXE boot, etc with your server's BMC/OOB management interface follow the steps below:

  1. Enable foreman-proxy to run BMC service. Modify /etc/foreman-proxy/settings.d, :enabled: true, :bmc_default_provider: ipmitool.
  2. Restart foreman-proxy and httpd.
  3. Go back to Foreman web browser, Infrastructure→Smartproxies.
  4. Click the drop down next to Certificates and select "Refresh Features"
  5. BMC should now show up in the feature list.
  6. Now go to your host, Network tab.
  7. Add an interface, select Type as BMC.
  8. Add the MAC address and IP, along with credentials and select IPMI as provider.
  9. Make sure you enabled IPMI on your hardware server's BMC configuration.
  10. Now go back to the host status page, next to "Start" you can drop down and pick Status.
  11. Now on the left pane, BMC should show up. Click it and you should see hte Chassis Power state.
  12. You now have the option when you "Build" to tell Foreman to reboot the server now.
foreman_guide.txt · Last modified: 2015/04/07 22:26 by Daniel Farrell