Help needed: Improving Introduction section on the site


our Intro section needs a facelift. I think we are not good in explaining what Foreman do/is in more detail, we stay at the “management overview” level which is not enough. This thread is my attempt to improve.

I am gonna paste the content of the introduction text here in this OP, turn this into wiki and make some changes. I would like to get review, corrections and most importantly filling more items into the new Notable features section as I will be only adding provisioning things. If you make any changes please let me know in the comments here.


What is Foreman?

Foreman is an open source project that helps system administrators manage servers throughout their lifecycle, from provisioning and configuration to orchestration and monitoring. Provisioning support gives you easy control of setting up new servers, and using configuration management (Puppet, Ansible, Chef and Salt are supported), you can easily automate repetitive tasks. With Foreman, you can quickly deploy applications, and proactively manage change, both on-premise with VMs and bare-metal or in the cloud. Foreman scales well to multiple locations (offices, data centres, etc) and multiple organisations, allowing you to grow without losing your single source of infrastructure truth.

Foreman, provides comprehensive, interaction facilities including a web frontend, CLI and RESTful API which enables you to build higher level business logic on top of a solid foundation. It is deployed in many organizations, managing from 10s to 10,000s of servers. Several commercial products are based on Foreman.

High-level overview

  • Discover, provision and upgrade your entire bare-metal infrastructure
  • Create and manage instances in virtualization environment and across private and public clouds
  • Install operating systems via PXE, local media or from templates or images
  • Control and gather reports from your configuration management software
  • Group your hosts and manage them in bulk, regardless of location
  • Review historical changes for auditing or troubleshooting
  • Web user interface, JSON REST API and CLI for Linux
  • Extend as needed via a robust plugin architecture

Notable features

Installation and usability

  • Easy POC installation: With a dedicated one-command installer (which uses Puppet underneath), Foreman can be easily evaluated or customized as required.
  • Plugin architecture: Most Foreman features are provided as plugins for either Foreman Core application or Foreman Proxy service.
  • Bookmarks: Saved host search statements as bookmarks for repetitive use.
  • Web User Interface: Powerful web UI built on modern technologies.
  • API/CLI: Powerful API, whole infrastructure can be managed via external tools.
  • Community powered: Foreman ships with many configuration and remote execution templates maintained by the community.


  • Hosts inventory: Inventory of managed servers (nodes).
  • Host groups: Host grouping with common options, parameters and support for field inheritance.
  • NIC discovery: Automatic creation of network interfaces (regular, bond, bridge, VLAN), Operating System and Architecture (according to facts reported by hosts).
  • Common search: Powerful search across whole application with smart completion.
  • Subnet & Domain inventory: Manage any number of networks via Foreman Proxy DHCP & DNS modules (including VLANs).
  • IPAM: Manage DHCP reservations on various providers like ISC DHCP, MS DHCP or Infoblox, free IP addresses can be allocated on the fly or via Foreman database.
  • DNS and identity management: DNS or realm entries can be automatically created for each host in Foreman inventory.


  • Manage PXE: Foreman provides full management of PXE configuration of PXELinux, Grub, Grub2 and iPXE for maximum network boot flexibility.
  • Install OS: Initiate unattended provisioning of various Operating Systems via extensive set of templates and snippets maintained by the community.
  • Build VMs: Integrate with hypervisors like VMWare vCenter, Red Hat Enterprise Virtualization, oVirt or libvirt to create instances directly from Foreman UI/API/CLI either from images or via PXE.
  • Create cloud instances: Integrate with clouds like OpenStack, Rackspace, Amazon EC2 or Google Compute Engine directly from Foreman UI/API/CLI.
  • Host network configuration: Provisioning templates which create network configuration for installed hosts including bonding, bridging and VLAN trunk support.
  • Configuration management bootstrap: Template snippets for bootstrapping initial configuration of configuration management software including signing client keys with CA.
  • IPv6: Foreman can manage IPv6 addresses on non-provisioning interfaces (PXE provisioning on IPv6 is [work in progress](link to redmine bug goes here))
  • Templating engine: Templates based on ERB for OS installation recipes (Kickstart, Preseed), jobs (SSH scripts, Ansible jobs), partitioning schemes and other types.
  • Compute Resources: Modules or plugins for integration with hypervisors and cloud infrastructure.
  • Compute Profiles: Common compute profiles across multiple clouds or virtualization (e.g. xxsmall, large, medium).

Server discovery

  • Host discovery: Boot unknown hardware from network or via local media (USB stick) and let it register to Foreman for automatic, semi-automatic or fully manual provisioning.
  • Provisioning of discovered nodes: Automatic, semi-automatic or fully manual provisioning of discovered hardware via WebUI/CLI/API.

Large teams support

  • Host parameters: Flexible parameters engine for hosts and associated objects (subnets, domains, host groups) with dynamically generated ones called Smart Variables/Class Parameters.
  • Foreman proxies: Components running inside data centres, subnets or remote sites providing connection to managed nodes and services using REST HTTPS API.
  • Authentication: Username and password authentication with brute-force protection, POSIX LDAP, FreeIPA and MSAD authentication integration.
  • Authorization: Fine-grained role-based access controls (RBAC) for users, roles, LDAP mapping
  • Authorization filters: Ability to assign authorization permissions to filtered objects (e.g. hostnames starting with ‘test-’).
  • Multi-tenancy: Most resources in Foreman can be assigned to Organizations and Locations as a flexible authorization mechanism for multiple organizations or sites.
  • Kerberos: Foreman supports automatically creating FreeIPA Realm entries for new hosts.
  • HTTP Proxy: For some communication of managed nodes or Foreman itself.


  • Dashboard: Fully configurable dashboard with widgets and statistics.
  • Facts: Inventory of facts reported by configuration management agents (Facter, Ansible, Salt grains).
  • Trends: Track changes in Foreman infrastructure over time, including key Foreman resources or facts.
  • Audit: Detailed audit trail with per-field granularity and diff feature for templates.

Remote execution (plugin)

  • Job invocations: Running arbitrary commands or scripts on remote hosts using different providers, such as SSH or Ansible. This includes scheduling future runs, recurring execution, concurrency control, watching the progress and output live.

Puppet integration

  • Puppet classes: Ability to import and parse Puppet source code base and recognize class parameters for deep mapping integration through the application.
  • Puppet CA: Integration with puppet CA for automatic, semi-automatic or fully automatic client cert sign process.
  • Puppet ENC: Puppet node classifier (source of input) for Puppet Master.
  • Configuration reports: Inventory of reports from configuration management systems with diff feature and runtime statistics and graphs.

Ansible integration (plugin)

  • Ansible roles: Ability to import and parse Ansible source code for deeper integration. In combination with remote execution, provides configuration management like user experience with Ansible. User assign roles to hosts/hostgroups and then enforces the policy defined by these roles on a host. Every such Ansible run updates host facts and generates new configuration report. Roles behaviour can be customized by Foreman parametrization that is passed to the Ansible inventory.
  • Ansible inventory: Source inventory for Ansible.
  • Configuration reports: Inventory of reports from configuration management systems with diff feature and runtime statistics and graphs.

Compliance management (plugin)

  • Compliance management: Define a compliance policy using OpenSCAP standards and tooling, and then enforce it in infrastructure. Supports existing XCCDF profiles and tailoring of them according to user needs.

Content management (plugin)

  • Yum and Puppet Repositories: Create, organize, and manage local yum and puppet repositories. Sync remote repositories or upload content directly to build a library of content that serves as the basis for building custom builds of your content.
  • Content snapshots: Take your local content and filter out packages, errata and puppet modules to create custom builds into units called Content Views. Make your custom builds available to your hosts by moving it through environment paths that mimic traditional development workflows (Dev → QE → Stage → Production).
  • Package and Errata Updates: Use your locally managed content to install package and errata updates to a host or group of hosts.
  • Host collections: A mechanism to statically group multiple Content Hosts. This enables administrators to group Content Hosts based on the needs of their organization. For example, Content Hosts could be grouped by function, department or business unit.
  • Standard Operating Environment: Create and maintain a Standard Operating Environment (SOE).
1 Like

Feel free to edit the wiki OP and correct or add new entries in no particular order. Once we agree on something here, I will reorder them and probably give them some titles or something. I think I am done for today with this, I captured most of the core features, although sometime I was really fuzzy (e.g. Puppet, Ansible).

Note I am ignoring plugins in this feature list, I don’t believe this is relevant for users who are evaluating what Foreman is capable of.

Well, you have couple of plugins there already (discovery, rex, ansible), and I think it’s the right thing to do: the newly coming user also deserves to know that there is a content management integration, and other goodies, that we might want to advertise.

I think the features should reduced/compiled based on users interest. There are several mentions of ansible, discovery, or thigs like Authorization and Authorization rules. Also, instead of using the names from plugins, it would be good IMO to uss words that connect to users workflows: as an example, the user doesn’t have a need to create a job invocation, but to perform remote commands

It might be also grouped into catogories (provisioning, 2-day management…), and also would be good to separate features (Discovery) and non-features (Authorization). Dunno how to name them, but hopefully, people feel the difference between this two examples.

1 Like

Plugins are absolutely critical to such an evaluation. Users will generally find that Foreman meets some of their needs, but not all. We have 90+ plugins, and making users aware of them goes a long way towards ensuring new users know they can meet all their needs (or have the option of writing a plugin themselves).

I agree we can’t cover all 90 plugins :stuck_out_tongue: but we should absolutely not ignore their existence. I like @iNecas’s suggestions around cateorization - perhaps our user stories are useful here?

1 Like

User Stories are always a good way to show people how to use software. I’ve seen a lot of interesting websites with examples on the front page about different scenarios and sizes which are covered by the product.

I think there are a few typical use cases which could give a descriptive example.

I’ve split everything into categories, reader is made aware what ships in a plugin as well. Please add more and review.

Bump, anything else before I incorporate this into the site? I would like to discuss it rather here with everybody than in a web PR with just one or two maintainers. I think there is no reason not to include @katello on that feature list!

I made a few edits, you might want to review the diff. Mostly typos, but I fixed up a few things in the wording, and removed a couple of smaller features that I think confuse rather than clarify the “sales pitch”. Otherwise, looks pretty good to me, thanks for doing this!

1 Like

Thanks, nice edits. I will wait until tomorrow and then proceed with the PR.

I just quickly scanned the last version, I think reports might be a good addition, brand new in 1.20 so we might want to add later. Also I’m thinking of salt and chef, though the level of support is different tham for puppet and ansible and perhaps shouldn’t be advertised as main features.

Thanks for great write up!

1 Like

Why not to create some Other features section with just a bullet each?

Salt and Chef are both briefly mentioned in the text part. +1 for reports though, that’s a powerful feature.

I’ve added Katello part, mostly a copy from

Can I ask you @Gwmngilfen to do quick language review of the last (Katello) part and I am filing a PR.

One minor change to the last line, otherwise :+1:

1 Like

Thanks, text unchanged:

And it’s merged!

1 Like