Foreman 1.24 test week

Foreman 1.23 RC1 and RC2 is out and it’s the time to put our effort into making sure that all most important features work. This time little bit late, however better then never. It’s easy to get your hands dirty and help us with testing:

  1. Install Foreman RC version (the most up to date one)
  2. Pick a scenario from this post or add your own scenario
  3. If you find an issue, file it in the RedMine and make a comment in this thread linking the issue
  4. Mark the scenario as checked in this OP (this is an editable wiki post), here is syntax of checked and unchecked lines (you can click on checkboxes directly with mouse):
    • Unchecked
    • Checked
    • Checked (alternative syntax with no special semantics - both are equal)


  • Install Foreman using existing script/forklift/beaker
    • RHEL / CentOS latest stable version
    • Debian stable
    • Ubuntu stable LTS
  • Install Foreman manually by following our installation guide
    • RHEL / CentOS latest stable version
    • Debian stable
    • Ubuntu stable LTS
  • Upgrade existing Foreman deployment (advertise in RedMine it was an upgraded instance if you encounter bug)
    • RHEL / CentOS latest stable version
    • Debian stable
    • Ubuntu stable LTS
  • Sanity checks
    • Installation on Red Hat distro with SELinux turned on
    • Packages passenger and tfm-rubygem-passenger are from the same repo (foreman) and in the same version
    • Logging in with a user that has limited permissions works properly


  • Bare-metal or virtualized PXE provisioning (host exits build mode and reboots)
    • BIOS host with CentOS 8
    • BIOS host with CentOS 7
    • UEFI host with CentOS
    • BIOS host with Debian or Ubuntu
    • UEFI host with Debian or Ubuntu
    • BIOS host with Atomic OS
  • Compute Resources (VM is successfully created, finish or cloud-init is executed)
    • Create VMware host (Image Based/Network Based)
    • Create OpenStack host (Image Based)
    • Create Ovirt host (Image Based/Network Based)
    • Create Libvirt host (Image Based/Network Based)
    • Creare AWS host (Image Based)
    • Create GCE host
    • Create Azure host
  • Puppet manifest import (classes are imported, parameters recognized)
  • Puppet configuration (class is assigned to a host, agent performs changes, reports and facts appears correctly)
  • Log in using user from LDAP (user account is created from LDAP)
  • Log in using user from FreeIPA (user account is created from FreeIPA)

Foreman Discovery

  • Bare-metal or virtualized provisioning via Provision - Customize Host (host exits build mode and reboots)
    • BIOS with discovery from PXE
    • UEFI with discovery from PXE
    • BIOS with discovery PXE-less
    • UEFI with discovery PXE-less
  • Provision a host via discovery rule
  • Provision a host via Customize UI button
  • Provision a host without hostgroup via Customize UI button
  • Provision a host via hammer via hostgroup
  • Provision a host via hammer via auto provisioning rule

Foreman Bootdisk

  • Bootdisk basic provisioning (host exits build mode and reboots)
    • Full host image
    • Host image
    • Generic image
    • Subnet image

Foreman Ansible

  • Import Roles
    • With/From Smart-Proxy
  • Assign Roles
    • Hostgroup
    • Hosts
  • Play Roles
    • Hostgroup
    • Hosts
  • Run shipped Ansible playbook (job), e.g. to install ansible role from galaxy

Foreman Remote Execution

  • Run some job, e.g. ‘ls /etc’ on a system that was provisioned from Foreman, it should work out of the box
  • Run some job against the Foreman host itself, only key configuration should be needed

Foreman Puppet run

  • Trigger Puppet run on host through SSH

Foreman Openscap

  • Create new content file, define a policy, assign it to a host and deploy the foreman_scap_client using puppet
  • Verify ARF report gets uploaded upon foreman_scap_client run and full version of it can be rendered
  • Create tailoring file, assign it to the policy and rerun client with the tailoring file

Foreman Virt Who Configure

  • Create a configuration definition and run it e.g. through REX on some provisioned host. It should succeed as long as it has access to sat tools repo on RHEL, epel (I think) on centos.
    note: plugin works, the configuration requires new virt-who that is currently in fedora 30, not in epel

Foreman Templates

  • hammer import-templates --lock true # sync newest templates from community-templates repo, see audits
  • mkdir /repo; chown foreman /repo; hammer export-templates --repo /repo # may need setenforce 0

This page is a wiki, feel free to update it and add new scenarios as you test them.

1 Like

Packages passenger and tfm-rubygem-passenger are from the same repo ( foreman ) and in the same version

[root@foreman-124-rc2 ~]# yum info passenger tfm-rubygem-passenger
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base:
 * centos-sclo-rh:
 * epel:
 * extras:
 * updates:
Installed Packages
Name        : passenger
Arch        : x86_64
Version     : 4.0.53
Release     : 4.el7
Size        : 5.9 M
Repo        : installed
From repo   : epel
Summary     : Phusion Passenger application server
URL         :
License     : Boost and BSD and BSD with advertising and MIT and zlib
Description : Phusion Passenger® is a web server and application server, designed to be fast,
            : robust and lightweight. It takes a lot of complexity out of deploying web apps,
            : adds powerful enterprise-grade features that are useful in production,
            : and makes administration much easier and less complex. It supports Ruby,
            : Python, Node.js and Meteor.

Name        : tfm-rubygem-passenger
Arch        : x86_64
Version     : 4.0.18
Release     : 10.12.el7
Size        : 627 k
Repo        : installed
From repo   : foreman
Summary     : Passenger Ruby web application server
URL         :
License     : Boost and BSD and BSD with advertising and MIT and zlib
Description : Phusion Passenger™ — a.k.a. mod_rails or mod_rack — makes deployment
            : of Ruby web applications, such as those built on the revolutionary
            : Ruby on Rails web framework, a breeze. It follows the usual Ruby on
            : Rails conventions, such as “Don’t-Repeat-Yourself”.

On CentOS 7.7 they seem to be from different repos and of different versions.

1 Like

There is a blocker bug caused by this change:

Discovery does not work because it gets new reservation during provisioning and the original lease (IP) which Foreman must use to do the reboot call is no longer available. This must be fixed. I will take a look tomorrow.

Easy help, instead of using host.ip which is now different (feature not bug) we can use host.facts["discovery_bootip"]. It will be always available even if user opt-in fact cleanup during deletion. @TimoGoebel patch incoming.

Not sure if this is a bug, but noticed this in the RC2:

[root@foreman ~]# cat /etc/systemd/system/dhcpd.service.d/interfaces.conf
ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid eth0

@tbrisker we’ve missed this bug to be added into RC3. Did I forget some flag so you would include it?

Let’s add it, it’s a blocker for the Web Console (cockpit) feature. Thanks!

This is already in RC3:

Yeah sorry! I had my local 1.24-stable branch in a bad shape (commited to it). Took me some time to figure it out, we actually need one more rule which I already merged and tested into develop. Unfortunately I’ve used Refs since I was under impression that the last patch was not released, which was not the case.

Can you merge and release also this one? I’ve tested it and it finally works fine:

If we are not doing RC4 than let’s just bump minor version? That should do it I guess.

FYI this prevents it:

$ cat .git/hooks/pre-commit
branch="$(git rev-parse --abbrev-ref HEAD)"

if [[ "$branch" == "master" || "$branch" == "develop" || "$branch" == *-stable ]]; then
  echo "You can't commit directly to master/stable/develop branch"
  exit 1

We’ve set DHCP that way for quite some time. This the recommended approach according to

Oh yeah, no. That’s great, what I mean is the ExecStart= empty line :slight_smile:

The RH manual recommends copying the full unit file and editing it while we use a drop in and only set what we need. When using drop ins, systemd needs to clear the previous ExecStart (otherwise it launches all) and this is doing by setting ExecStart=.

1 Like

Merged, it will be in 1.24.0 GA - i don’t expect another RC and we can’t do a minor version bump of just selinux since the core projects are versioned and released together.

1 Like

I’m not a developer but wanted to report an issue.
After the update to 1.24 RC3 we are not able to install or remove packages over the content host view.

We are getting an error message: The resource Host::Managed doesn’t define any available lock

We also tested this behavior with a fresh install. No error message found the foreman logs. No idea where too search now.

Thank you for testing out the release candidate @freduardo! You definitely don’t have to be a developer to do that - in fact, it is much more valuable when foreman users do these tests as they have access to real life data and not mocked data that developers often use when testing.

This sounds like possibly an issue in foreman-tasks, any idea @aruzicka?

1 Like

We’re trying to get to the bottom of it in another thread. Just from looking at the code it doesn’t make any sense. Hopefully I’ll manage to spin up a reproducer box tomorrow.