1.21 Organisations and Locations

In 1.21, all users are getting organisations and locations turned on.

From the release notes…

This change will allow simplifying the code base and providing a better and more stable experience to all users.

Apologies for the negativity, but so far, I’ve not had a better user experience. I’m a long time foreman user, but actually quite confused.
(This is a new install using 1.21-rc4. I figured since 1.21 was almost out, starting off with 1.20 would be wasted time. I also, wrongly, thought puppet 6 support was in 1.21.)

Does everything need to be in both an organization and location (and how do they differ)?
My puppet smart proxy wasn’t in either. As an admin user importing environments, this seemed to work fine. But when I tried to configure an API user with limited privileges (import_environments and view_smart_proxies), the API just returned "error": {"message":"Resource smart_proxy not found by id '1'"}

Now that my smart proxy is in the ‘Default Organization’ and ‘Default Location’ this seems to work ok. My role isn’t in a location or organisation though. Is this a problem?

My hosts have been created in Foreman but not assigned to any org/location. I see there’s a setting to provide a default if special facts don’t exist. Perhaps these settings should be set to the default org/location automatically (instead of being ‘empty’)?

Sorry! Quite a few questions! Any guidance would be much appreciated. I don’t think I’ll be the only one needing some help understanding the new features though and how I might make the most of them (instead of just putting up with them!).

There really isn’t much in the manual, and outside of the release notes, there are plenty of references to organisations/locations being optional. (I’ve opened https://github.com/theforeman/theforeman.org/issues/1313 with some examples.)

Many thanks,


thank you for the writeup of your problems so far. I will try to help out where I can.
I have to point out though that I can only write from my experiences using Katello, which has had Organizations and Locations like forever.

I would recommend you do put everything in an organization and location. Not doing so can easily lead to problems with permissions like your described smart proxy problems. Access to nearly all Foreman objects (smart-proxys, hosts, operatingsystems, etc) is granted or denied based on assigned organizations and locations.
As to where they differ, this is hard for me to tell. With Katello, organizations are mainly used to seperate content related stuff and licenses; locations can be used to seperate everything else while still beeing able to access content in the same organization.

Whether this will become a problem or not depends on your scenario. It will not become a problem if
a) you manage org/loc associoations on a per user base (which can be lot of work depending on the number of users)
b) all your users are admins (I assume this is not the case)

Otherwise, I would advise to associate organizations/locations to your roles.

To my knowledge, this setting only applies to hosts that are freshly imported from facts, not ones that are already there. I assume the current “out-of-the-box” settings are like they are now because this allows users to customize their setup before default organization/location are entangled to badly with everything else. I do not know the thought process behind this though.

I hope this gives you a first insight to this topic.

I would also like to point out that while this is not technically a breaking change, this feels like a somewhat big change for a minor release to me. I can see the reasoning behind the change, but maybe this would have been better off being pushed back to Foreman 2?