Getting Started


Foreman 1.20 can do both TFTP and UEFI HTTP Boot now. Another alternative is iPXE but you need to have luck to have hardware supported by iPXE.


Just for grins, I ran foreman-installer --full-help … Over 1,600 lines of options.
That’s a lot of trial and error, and wiping it clean and starting over a few times isn’t practical.

I’ve reviewed my notes, and don’t think that I could boil it down into a simple set of instructions
on how I got to where I am now. Lost. But I do believe that starting over with what has been shared here
will end up saving me some time in the long run.

Yes, @lzap, I agree. Installation Scenarios should be expanded. But with so many combinations,
there won’t be a one size fits all approach. Perhaps include an example of some of the more common ones.
The most important one I’ve found so far is to start with Katello. That little caveat needs to be more prominent. I didn’t realize that I wanted/needed it until after installing and configuring 5 nodes, DHCP, DNS, NTP, SSH, and was looking into adding additional modules …

I read the book, Mastering Puppet, Second Addition. The problem with books is that by the time they get printed and released, they are obsolete. This one was on Puppet version 4.2, and only had 5 pages about Foreman, and then, only as a Puppet reporting tool.

I am still searching for anything more in depth about Foreman, other than a $3,100 4-day training course.


@Peek I have created a Github repo that contains my automated install script. At the moment, it does the following:

  • Disables the firewall
  • Installs all the yum repo definitions necessary to install Foreman, Katello, Puppet, EPEL
  • Creates an answer file which has several plugins enabled
  • Installs Foreman, Katello, ISC DHCP, Bind and TFTP
  • Changes /etc/resolv.conf to use the newly created local DNS server
  • Performs a full backup (using foreman-maintain) of the install to this point
  • Sets the default Org and Location in Foreman
  • Creates 5 products and their associated GPG keys and yum repos
    • CentOS 7
    • EPEL 7
    • Puppet 5
    • Katello Agent
    • Lynis
  • Synchronizes the repos
  • Creates a content view
  • Performs an incremental backup, using foreman-maintain

Note that I haven’t fully broken out all my local names into the local.conf file, so if you were to run the script, without modification, you would see some personalized names in Foreman.

I’m still learning as I go, so any feedback that you or anyone else has, about my script or how it sets up Foreman/Katello, would be very helpful.




UEFI iPXE doesn’t function like ye olde “ROMs”… May I enlighten you on a topic that has already taken to much time hostage, yet is simpler than one would expect, yet very few are aware of?


  1. Download & drop the iPXE “UEFI version” onto a FAT32 formatted USB drive.
  2. Boot into the “UEFI Built-in Shell” of a physical machine.
  3. At the shell prompt, type:
    Shell> map
    — Which will list all the mapped drives
    — Lets assume the USB drive is FS3
    — Type fs3: at the prompt
    Shell> fs3:
    — Do a listing of the files on the partition
    Shell> ls
    — Execute iPXE by simply typing it’s name
    Shell> iPXE.efi

Lo and behold :partying_face: Were you aware of this before ?

The only burning question being: How to “flash” the iPXE.efi file to NVRAM of a physical machine?


With the Foreman/Katello host’s Smart Proxy now featuring:

  • DHCP
  • DNS
  • Dynflow
  • Logs
  • Pulp
  • Puppet
  • Puppet CA
  • Templates and
  • TFTP

What would be the advisable “area” a noob should be focusing on ?

Setting up for the first unattended auto deployment …


When this error starts popping up, simply disable the DHCP proxy:

foreman-installer --scenario katello -i --foreman-proxy-dhcp=false

Immediately follow it up with a rerun of the foreman-installer specifying the FQDN’s as opposed to the IPs, and it’s all happy again.

"foreman-installer --scenario katello -i


Well, Foreman supports this workflow as well via Bootdisk plugin. You generate bootable ISO which you can dd to USB stick as well and it’s fully automatic. However we do support BIOS out of box and UEFI hasn’t yet landed. There were several attempts to implement this, latest being:

AFAIK NVRAM cannot be used to flash bootloaders, it’s only used for variables, settings essentially. Bootloaders are required to reside on ESP, you can however set the path to EFI loader on the ESP partition.


Yet with “HTTP Boot” the EFI bootloader resides on a web server as opposed to the ESP partition.

Yet one cannot set an HTTP URL, unless the particular device’s UEFI implementation has the “HTTP driver” compiled in. UEFI being modular in design.

HTTP Boot” (aka “Boot from URL”) is supported since UEFI specification 2.5. With specification 2.7 having been available since May 2017. Why is Intel devices then running UEFI specification 2.6 which is crippled as to not allow “HTTP Boot”?..

A very informative UEFI course:

Zip File** Lesson 0: Introduction and Defining Specifications Role in Firmware - Overview
Zip File** Lesson 1: Pre-EFI (PEI) and Security (SEC) Phases
Zip File** Lesson 2: Driver Execution Environment (DXE)
Zip File** Lesson 3: UEFI Drivers
Zip File** Lesson 4: Firmware and Data Storage
Zip File** Lesson 5: Boot Device Selection (BDS) and Human Interface Infrastructure (HII)


So question, when you make changes to Foreman using the foreman-installer, how do you keep track of the changes over time? Are you storing the answers file in Git? Would scenarios play into this?

I was looking at making changes to Foreman directly from Puppet manifests, as we would do for MySQL, Apache and most other software. Unfortunately, I couldn’t get very far-- I can’t figure out what many of the parameters should be.


Finally came up with a list of plugins to include, and after installing katello with the proper repos,
I ran the installer interactively with the following:

# foreman-installer --interactive --scenario katello \
> --enable-foreman-proxy \
> --foreman-proxy-tftp=true \
> --foreman-proxy-tftp-servername= \
> --foreman-proxy-dhcp=true \
> --foreman-proxy-dhcp-interface=ens192 \
> --foreman-proxy-dhcp-gateway= \
> --foreman-proxy-dhcp-nameservers="" \
> --foreman-proxy-dns=true \
> --foreman-proxy-dns-interface=ens192 \
> \
> \
> --foreman-proxy-dns-forwarders= \
> --enable-foreman-plugin-discovery \
> --enable-foreman-proxy-plugin-discovery \
> --enable-foreman-cli-discovery \
> --enable-foreman-plugin-docker \
> --enable-foreman-proxy-plugin-dynflow \
> --enable-foreman-plugin-memcache \
> --enable-foreman-proxy-plugin-monitoring \
> --enable-foreman-plugin-openscap \
> --enable-foreman-proxy-plugin-openscap \
> --enable-foreman-cli-openscap \
> --enable-foreman-proxy-plugin-pulp \
> --enable-foreman-plugin-puppetdb \
> --enable-foreman-plugin-remote-execution \
> --enable-foreman-proxy-plugin-remote-execution-ssh \
> --enable-foreman-cli-remote-execution \
> --enable-foreman-plugin-tasks \
> --enable-foreman-cli-tasks \
> --enable-foreman-plugin-templates \
> --enable-foreman-cli-templates \
> --enable-foreman-plugin-digitalocean \
> --foreman-proxy-foreman-base-url=
ERROR: Unrecognised option '--enable-foreman-plugin-docker'

See: ‘foreman-installer --help’
[root@foreman ~]#

Did I miss something about including extra options to the installer command line? I'm pretty sure that --enable-foreman-plugin-docker is in the list.


As a followup …

[root@foreman ~]# foreman-installer --help
ERROR: No installation scenario was selected, the installer cannot continue.
       Even --help content is dependent on selected scenario.
       Select scenario with --scenario SCENARIO or list available scenarios with --list-scenarios.
[root@foreman ~]# foreman-installer --list-scenarios
Available scenarios
  Foreman (use: --scenario foreman)
        Default installation of Foreman
  Foreman Proxy (use: --scenario foreman-proxy-content)
        Install a stand-alone Foreman Proxy.
  Katello (use: --scenario katello)
        Install Foreman with Katello
[root@foreman ~]# 


Taking a stab in the dark here, but is it complaining that the foreman plugins I want
are not included in the /etc/foreman-installer/scenarios.d/katello-answers.yaml file?

  enabled: true
  pulpnode_enabled: false
foreman::plugin::ansible: false
foreman::plugin::bootdisk: false
foreman::plugin::chef: false
foreman::plugin::default_hostgroup: false
foreman::plugin::discovery: false
foreman::plugin::hooks: false
foreman::plugin::openscap: false
foreman::plugin::puppetdb: false
foreman::plugin::remote_execution: false
foreman::plugin::setup: false
foreman::plugin::tasks: true
foreman::plugin::templates: false
foreman_proxy::plugin::ansible: false
foreman_proxy::plugin::chef: false
foreman_proxy::plugin::dhcp::infoblox: false
foreman_proxy::plugin::dns::infoblox: false
foreman_proxy::plugin::openscap: false
foreman_proxy::plugin::remote_execution::ssh: false
foreman_proxy::plugin::discovery: false
foreman::compute::ec2: false
foreman::compute::gce: false
foreman::compute::libvirt: false
foreman::compute::openstack: false
foreman::compute::ovirt: false 
foreman::compute::rackspace: false
foreman::compute::vmware: false
foreman::cli: true
foreman::cli::openscap: false
foreman::cli::discovery: false
foreman::cli::tasks: false
foreman::cli::templates: false
foreman::cli::remote_execution: false

It looks like katello has a list of defaults.
Should katello be built with options at install time, or can the answers file be edited to include them?
Is there a list of available classes?


Sorry for the long list of replies here, but …

The installer options list includes more than what is available in the foreman-installer.

Run interactively, the Main Config list includes:

Main Config Menu
1. [✓] Configure certs
2. [✓] Configure foreman
3. [✓] Configure foreman_cli
4. [✗] Configure foreman_cli_discovery
5. [✗] Configure foreman_cli_openscap
6. [✗] Configure foreman_cli_remote_execution
7. [✗] Configure foreman_cli_tasks
8. [✗] Configure foreman_cli_templates
9. [✗] Configure foreman_compute_ec2
10. [✗] Configure foreman_compute_gce
11. [✗] Configure foreman_compute_libvirt
12. [✗] Configure foreman_compute_openstack
13. [✗] Configure foreman_compute_ovirt
14. [✗] Configure foreman_compute_rackspace
15. [✗] Configure foreman_compute_vmware
16. [✗] Configure foreman_plugin_ansible
17. [✗] Configure foreman_plugin_bootdisk
18. [✗] Configure foreman_plugin_chef
19. [✗] Configure foreman_plugin_default_hostgroup
20. [✗] Configure foreman_plugin_discovery
21. [✗] Configure foreman_plugin_hooks
22. [✗] Configure foreman_plugin_openscap
23. [✗] Configure foreman_plugin_puppetdb
24. [✗] Configure foreman_plugin_remote_execution
25. [✗] Configure foreman_plugin_setup
26. [✓] Configure foreman_plugin_tasks
27. [✗] Configure foreman_plugin_templates
28. [✓] Configure foreman_proxy
29. [✓] Configure foreman_proxy_content
30. [✗] Configure foreman_proxy_plugin_ansible
31. [✗] Configure foreman_proxy_plugin_chef
32. [✗] Configure foreman_proxy_plugin_dhcp_infoblox
33. [✗] Configure foreman_proxy_plugin_discovery
34. [✗] Configure foreman_proxy_plugin_dns_infoblox
35. [✗] Configure foreman_proxy_plugin_openscap
36. [✓] Configure foreman_proxy_plugin_pulp
37. [✗] Configure foreman_proxy_plugin_remote_execution_ssh
38. [✓] Configure katello
39. [✓] Configure puppet
40. Display current config
41. Save and run
42. Cancel run without Saving
Choose an option from the menu...

missing from the Main Config Menu (that we need):


There are others missing, but we don’t need them …


If I run the installer non-interactively, it still complains that the options are Unrecognised.

# foreman-installer --scenario katello \
> --enable-foreman-plugin-digitalocean \
> --enable-foreman-plugin-docker \
> --enable-foreman-plugin-memcache \
> --enable-foreman-plugin-monitoring \
> --enable-foreman-proxy-plugin-dynflow \
> --enable-foreman-proxy-plugin-monitoring \
> --enable-foreman-proxy-plugin-pulp
ERROR: Unrecognised option '--enable-foreman-plugin-digitalocean'

See: 'foreman-installer --help'
[root@foreman ~]# 

Are these just non-supported plugins, or am I missing something basic here?


Docker is in the foreman scenario, but not in the katello scenario. Every scenario can expose a different set of classes, depending on which are relevant. In this particular case docker is not exposed because Katello already has a packaging dependency on it. Exposing the option would give the illusion it’s optional.


I think these options were mostly untested. Before we also had two different git repositories so keeping them in sync was hard. Now that we’ve merged them, it should be easier but there’s still some way to go. Most of those plugins make sense to add (except docker, which I mentioned in my previous reply). I’ve submitted a quick PR to expose a few more but you’re right we should go over the list a bit more.


The installer stores them itself - running foreman-installer with no args should produce the exact same configuration as last time you ran it.

Obviously, this data is stored in a file (in /etc/foreman-installer) so you can copy it from one machine to another if need be, just be careful of things like hostnames, IP addresses, etc. that may be unique to the host.


I just wanted to drop by and say how awesome it is to see new users supporting each other - self-sustaining communities are very much something I like to see :slight_smile:. As others have said, please do keep sharing your experiences, as we “old timers” don’t see the sharp edges any more. You guys rock :metal:!


Thank you, Greg. I’m just a clueless noob here, but an old-timer in a lot of other areas.
(I started out in the keypunch days, more than a decade before .com was allowed on the net…)
My first email address was UUCP style with a bang! But I digress …

That said, I really appreciate this community. I have received great support, and quick, quality responses.

In the interest of sharing my experiences, Ewoud answered one question, which begs another …

Our developers are moving towards Jenkins as part of their workflow. I would like to support them,
where it makes sense to integrate into the foreman/puppet model. (Jenkins -> Pipeline -> Docker).
If someone who has experience with this combination, please share.

I have installed Katello, and I am still trying for my first successful foreman-installer run with options.
If I cannot include Docker in the Katello scenario, must I run the installer again with the foreman scenario?
I am assuming that one cannot specify more than one scenario on the command line such as:

# foreman-installer -i --scenario katello --scenario foreman ...

But I feel like I am getting very close.
Which packaging dependency is included with katello, and would it conflict with the docker plugin
if I added that later?


@ekohl’s point is that Docker is included in Katello, and can’t be disabled. Thus, the option is meaningless in this scenario, as it cannot be removed. That’s what he means by “illusion of choice”