Hello,
our Intro section needs a facelift. I think we are not good in explaining what Foreman do/is in more detail, we stay at the “management overview” level which is not enough. This thread is my attempt to improve.
https://theforeman.org/introduction.html
I am gonna paste the content of the introduction text here in this OP, turn this into wiki and make some changes. I would like to get review, corrections and most importantly filling more items into the new Notable features section as I will be only adding provisioning things. If you make any changes please let me know in the comments here.
Introduction
What is Foreman?
Foreman is an open source project that helps system administrators manage servers throughout their lifecycle, from provisioning and configuration to orchestration and monitoring. Provisioning support gives you easy control of setting up new servers, and using configuration management (Puppet, Ansible, Chef and Salt are supported), you can easily automate repetitive tasks. With Foreman, you can quickly deploy applications, and proactively manage change, both on-premise with VMs and bare-metal or in the cloud. Foreman scales well to multiple locations (offices, data centres, etc) and multiple organisations, allowing you to grow without losing your single source of infrastructure truth.
Foreman, provides comprehensive, interaction facilities including a web frontend, CLI and RESTful API which enables you to build higher level business logic on top of a solid foundation. It is deployed in many organizations, managing from 10s to 10,000s of servers. Several commercial products are based on Foreman.
High-level overview
- Discover, provision and upgrade your entire bare-metal infrastructure
- Create and manage instances in virtualization environment and across private and public clouds
- Install operating systems via PXE, local media or from templates or images
- Control and gather reports from your configuration management software
- Group your hosts and manage them in bulk, regardless of location
- Review historical changes for auditing or troubleshooting
- Web user interface, JSON REST API and CLI for Linux
- Extend as needed via a robust plugin architecture
Notable features
Installation and usability
- Easy POC installation: With a dedicated one-command installer (which uses Puppet underneath), Foreman can be easily evaluated or customized as required.
- Plugin architecture: Most Foreman features are provided as plugins for either Foreman Core application or Foreman Proxy service.
- Bookmarks: Saved host search statements as bookmarks for repetitive use.
- Web User Interface: Powerful web UI built on modern technologies.
- API/CLI: Powerful API, whole infrastructure can be managed via external tools.
- Community powered: Foreman ships with many configuration and remote execution templates maintained by the community.
Inventory
- Hosts inventory: Inventory of managed servers (nodes).
- Host groups: Host grouping with common options, parameters and support for field inheritance.
- NIC discovery: Automatic creation of network interfaces (regular, bond, bridge, VLAN), Operating System and Architecture (according to facts reported by hosts).
- Common search: Powerful search across whole application with smart completion.
- Subnet & Domain inventory: Manage any number of networks via Foreman Proxy DHCP & DNS modules (including VLANs).
- IPAM: Manage DHCP reservations on various providers like ISC DHCP, MS DHCP or Infoblox, free IP addresses can be allocated on the fly or via Foreman database.
- DNS and identity management: DNS or realm entries can be automatically created for each host in Foreman inventory.
Provisioning
- Manage PXE: Foreman provides full management of PXE configuration of PXELinux, Grub, Grub2 and iPXE for maximum network boot flexibility.
- Install OS: Initiate unattended provisioning of various Operating Systems via extensive set of templates and snippets maintained by the community.
- Build VMs: Integrate with hypervisors like VMWare vCenter, Red Hat Enterprise Virtualization, oVirt or libvirt to create instances directly from Foreman UI/API/CLI either from images or via PXE.
- Create cloud instances: Integrate with clouds like OpenStack, Rackspace, Amazon EC2 or Google Compute Engine directly from Foreman UI/API/CLI.
- Host network configuration: Provisioning templates which create network configuration for installed hosts including bonding, bridging and VLAN trunk support.
- Configuration management bootstrap: Template snippets for bootstrapping initial configuration of configuration management software including signing client keys with CA.
- IPv6: Foreman can manage IPv6 addresses on non-provisioning interfaces (PXE provisioning on IPv6 is [work in progress](link to redmine bug goes here))
- Templating engine: Templates based on ERB for OS installation recipes (Kickstart, Preseed), jobs (SSH scripts, Ansible jobs), partitioning schemes and other types.
- Compute Resources: Modules or plugins for integration with hypervisors and cloud infrastructure.
- Compute Profiles: Common compute profiles across multiple clouds or virtualization (e.g. xxsmall, large, medium).
Server discovery
- Host discovery: Boot unknown hardware from network or via local media (USB stick) and let it register to Foreman for automatic, semi-automatic or fully manual provisioning.
- Provisioning of discovered nodes: Automatic, semi-automatic or fully manual provisioning of discovered hardware via WebUI/CLI/API.
Large teams support
- Host parameters: Flexible parameters engine for hosts and associated objects (subnets, domains, host groups) with dynamically generated ones called Smart Variables/Class Parameters.
- Foreman proxies: Components running inside data centres, subnets or remote sites providing connection to managed nodes and services using REST HTTPS API.
- Authentication: Username and password authentication with brute-force protection, POSIX LDAP, FreeIPA and MSAD authentication integration.
- Authorization: Fine-grained role-based access controls (RBAC) for users, roles, LDAP mapping
- Authorization filters: Ability to assign authorization permissions to filtered objects (e.g. hostnames starting with ‘test-’).
- Multi-tenancy: Most resources in Foreman can be assigned to Organizations and Locations as a flexible authorization mechanism for multiple organizations or sites.
- Kerberos: Foreman supports automatically creating FreeIPA Realm entries for new hosts.
- HTTP Proxy: For some communication of managed nodes or Foreman itself.
Monitoring
- Dashboard: Fully configurable dashboard with widgets and statistics.
- Facts: Inventory of facts reported by configuration management agents (Facter, Ansible, Salt grains).
- Trends: Track changes in Foreman infrastructure over time, including key Foreman resources or facts.
-
Audit: Detailed audit trail with per-field granularity and
difffeature for templates.
Remote execution (plugin)
- Job invocations: Running arbitrary commands or scripts on remote hosts using different providers, such as SSH or Ansible. This includes scheduling future runs, recurring execution, concurrency control, watching the progress and output live.
Puppet integration
- Puppet classes: Ability to import and parse Puppet source code base and recognize class parameters for deep mapping integration through the application.
- Puppet CA: Integration with puppet CA for automatic, semi-automatic or fully automatic client cert sign process.
- Puppet ENC: Puppet node classifier (source of input) for Puppet Master.
- Configuration reports: Inventory of reports from configuration management systems with diff feature and runtime statistics and graphs.
Ansible integration (plugin)
- Ansible roles: Ability to import and parse Ansible source code for deeper integration. In combination with remote execution, provides configuration management like user experience with Ansible. User assign roles to hosts/hostgroups and then enforces the policy defined by these roles on a host. Every such Ansible run updates host facts and generates new configuration report. Roles behaviour can be customized by Foreman parametrization that is passed to the Ansible inventory.
- Ansible inventory: Source inventory for Ansible.
- Configuration reports: Inventory of reports from configuration management systems with diff feature and runtime statistics and graphs.
Compliance management (plugin)
- Compliance management: Define a compliance policy using OpenSCAP standards and tooling, and then enforce it in infrastructure. Supports existing XCCDF profiles and tailoring of them according to user needs.
Content management (plugin)
- Yum and Puppet Repositories: Create, organize, and manage local yum and puppet repositories. Sync remote repositories or upload content directly to build a library of content that serves as the basis for building custom builds of your content.
- Content snapshots: Take your local content and filter out packages, errata and puppet modules to create custom builds into units called Content Views. Make your custom builds available to your hosts by moving it through environment paths that mimic traditional development workflows (Dev → QE → Stage → Production).
- Package and Errata Updates: Use your locally managed content to install package and errata updates to a host or group of hosts.
- Host collections: A mechanism to statically group multiple Content Hosts. This enables administrators to group Content Hosts based on the needs of their organization. For example, Content Hosts could be grouped by function, department or business unit.
- Standard Operating Environment: Create and maintain a Standard Operating Environment (SOE).
but we should absolutely not ignore their existence. I like 