Hi all, my name is Clemens

The header encourages us to introduce ourselves, but the thread for that is closed ;-/

OK, so I introduce myself this way, nobody is forced to read it.

About me:

49 year old system administrator, mostly CentOS 5-8 (earlier also RHEL), private laptop Fedora 31 KDE.
Living in Finland, wife, 3 kids + 2 dogs.
At the moment unemployed, so lot of time to try out new things

Previous experiences with deployment tools:

Used RHN Satellite long ago (RHEL 5 based?)
At work recent years, mostly self-made scripts and later Ansible.
Very limited experience with Vagrant/Chef.

My infra / data center
I have in my garage some decommissioned blade servers (all of them Centos 7 with KVM), and a ProCurve Switch.

On those I run a couple of VMs with stuff for the family, like a fileserver and mediaserver (serviio); a DHCP server because the Zyxel ADSL gateway every few days got stuck (clients not getting and IP address), some web server (playground) for my wife, … all kind of stuff.

A job I applied to listed foreman as prerequisite, so I thought I try it out a bit.

What I have managed to do so far:

  • installed one foreman server… and next day a foremen/katello server
    (foreman 2.0 and katello 3.15, I guess).
  • provides PXE kickstart booting via tftp and vsftp
  • DHCP and DNS at the moment still use “old, own VMs”, edit files manually
    ( to do: make foreman do that with a proxy?)
  • customized some of the kickstart/paritioning templates a bit
  • connected one of the three blade servers as libvirt provider
  • created on 1-2 VMs using all above.
    (needed several attempts, sda vs. vda, another installation failed with an exception I don’t understand, …)

So on the long run my goal is to rebuild some of the VMs I had installed semi-automatically (kickstart, some scripting, plus some handful of basic stuff interactively (ifcfg, aliases, ssh keys, …) with foreman.

Why I am here:

I have created the computing resource for one of the blades; but when I want to create a new host, it still forces me to create a network with a MAC address?
The first VM I installed, I created it in virt-manager, then paused the boot to create it in foreman and enter the Mac address I got from the virt-manager gui.

So my question was, can’t foreman do the creation of the VM on the hypervisor itself?
Didn’t find anything with a Google search, so I thought I try this forum.

Used the search function to find is there any threads about my problem. Didn’t find any.
So I thought, I ask about it… first introducing myself.

Meanwhile… I have found the answer :wink:
==> Compute resources needs to be set up properly…

I had seen the “Compute profiles”, so I thought all is well. Looking at them again, I noticed one has to select a Compute resource for each profile. And after I had done that, now I can in the Create host dialog I can choose a profile, and now it allows the creation without that I have to specify a Mac address manually. Cool!

Well now the VM starts installing; but clicking on virt-manager it says “Viewer was disconnected”.
But starting a virt-viewer from the hypervisors commandline, it works…
(might be because my virt-manager connects as me but foreman connects as root …???).

And the installation fails again, because it can’t find sda. (by default I use virtio disk devices, which appear inside as /dev/vda/ , but the kickstart defaults to sda… need to figure out how to pass in that
“dev” parameter (( dev = host_param(‘part_device’) || ‘sda’ )).

Time do to more troubleshooting.

As said: Hello everybody!
Greetings from beautiful Finland!


Welcome Clemens,
Thanks so much for taking the time to introduce yourself. We are very happy to have you here and it is always interesting for us to know people’s motivations for using Foreman.
It has heartened me that you have gotten so far so fast with a basic setup, and that you were able to troubleshoot and figure things out yourself to some extent.

Over the last while, we have been trying to open source Red Hat documentation and make these docs available for the wider Foreman community. So far, we have a provisioning guide, with information about provisioning with compute resources, as well as a host management guide that might help you with what you are currently struggling with. These are still the ‘unofficial’ guides as we have not fully migrated everything, but they might be of help to you in your preparation for interview:


As you are a sys admin, you are no doubt adept at searching for answers and finding solutions yourself, but if you hit upon anything specific, feel free to ask.

On a personal note, I have always wanted to visit Finland since I wrote a history paper on Finland in school, but the opportunity has yet to present itself. Greetings from cloudy Ireland :slight_smile:

All the best,



so fast

Well it took a while to get to where I am now. From my katello server VM I can see it was installed 26.5., so 9 days ago, and the first foreman server perhaps 1-2 days before that…

The job where I had applied to, haven’t heard from them, so… I guess that won’t get anywhere. But anyway, I decided to keep going trying to use foreman… as said I have “my own datacenter” and managing all my VMs them starts to get tedious :slight_smile:
From what I’ve seen so far, I definitely like it better than Ansible. But then, perhaps that was because we were using Ansible the wrong way…

All in all I am a “big fan” of Red Hat. So it’s nice that there is a community version of Red Hat Satellite - if I understood it right, RHN Satellite is nowadays based on foreman, right?

Got the parameter “use sda vs. use vda” now working, I think.

IIRC, RHN Satellite (also known as Satellite 5) is based on Spacewalk, while Satellite 6 is based on Foreman.


Welcome. Good choice, devops professionals are top-payed jobs according to StackOverflow 2020 survey :slight_smile:


(Note we have two documentations at the moment, our official one and this one which I often link which is a work in progress. I suggest you to read the WIP one first and then head over to the official docs).

Libvirt is great but our support is limited, images needs to be given by path and you cannot customize much. I suggest you to deploy oVirt for serious virtualization.

If you are going to PXE/HTTPUEFI boot it, regardless if it’s a VM or not Foreman will insist on MAC address. It does not read MAC addresses from Compute Resources at all, there is no such integration.

However if you are going to create a VM through Compute Resource, then you can leave MAC address blank and Foreman will read it. Tha main workflow here is launching an image and then register the host either using cloud-init (user data) or finish script (Foreman ssh into the VM and executes a script).


In libvirt, only one Spice/VNC can be connected. If you try to connect via Foreman JavaScript console it will drop the other connection and vice versa I think.

Well, this depends on the partition table you use. Our “Kickstart default” should work fine as it uses “auto partition”:

clearpart --all --initlabel
autopart <%= host_param('autopart_options') %>

Read the WIP docs and let us know what’s not clear from there, we want to improve it for newcomers and you appear to be skilled enough to figure on your own. So please do share your feedback on these docs:


Edit: I see @mcorr was already explaining the state of docs! :slight_smile:

Oh Finland is the best, I’ve never been there yet. Definitely on my radar. Greetings from Czechia :slight_smile:

One more thing - you can’t go wrong with reading Red Hat Satellite 6 docs, they are full of good content. It’s just Foreman with Katello and many other plugins in red color. Alternatively, you can take Satellite 6 course which is also available as an online course I think if you really don’t have time.

1 Like

I was able to solve some issues.


Which disk to use, I use as default value now “vda”, and in case where needed I would pass in something different as host parameter, in this case “part_device”.
In fact I was able to reinstall one of the bare metal servers this way, by setting this to:

part_devive string /dev/disk/by-path/pci-0000:02:00.0-scsi-0:1:0:100:
This is super useful, because that server has two RAID disks, a faster 136 GB and a smaller bigger 600 GB, and of course I want to install the system to the small disk.
That might be a useful trick to “advertize” somewhere.

I did now also set keyboard and timezone as global params.

Now I am struggling with two things:

vnc connection

Looks very much like as if the difference whether opening the viewer works or not depends on the VNC config; all my other VMs it is set to “only bind to localhost”. The VM katello creates for me defaults to “All interfaces”, and as long as it is this setting, the console viewer in the virt-manager GUI does not work.

(But it works from a different computer with this:

virt-viewer -c qemu+ssh://clemens@fuji3.kt21c.net/system

But one can change that setting only when VM is not running. So when VM was ready, I changed that to localhost, and after starting it, voilà, opening console works like a charm. I edited come kvm default conf, it still created next VM as “All interfaces”.
So perhaps I have to dig in the libvirt plugin for katello, can override this there…

default root password (for libvirt kickstart provisioning)

The other is the root password.

Almost everytime when I do changes to the host, it forces me to type the root password again.
It says there “try to set this as global or host_group specific default”; I have created a global param “root_pw” and “root_pass”, and I think it didn’t pick up either of them :frowning:

Mac address

I think the problem with the mac address was more, that I thought it wants the mac… (I just noticed, it marks the network tab as with error), when in fact it was that it needed the network name and lan entries.
Well, kind of makes sense, how shall it otherwise know to where to write the pxe stuff :slight_smile:

To understand how to integrate DHCP I’d refer to the Foreman manual
Foreman :: Manual as well. Something the new docs don’t explain is that you can also install a Foreman Proxy with only the DHCP feature on your existing DHCP server. Even in the katello scenario. The same goes for DNS.


Something the new docs don’t explain is that you can also install a Foreman Proxy with only the DHCP feature on your existing DHCP server…

Yes, thanks, I had read this but haven’t got it done yet. So, some manual (or some youtube video :wink: does mention it, can’t remember …

That’s what I meant with:

( to do: make foreman do that with a proxy?)

So, I would have to install the a foreman-proxy onto the server that has the dhcpd and DNS server, right? One more item for my ever growing to-do-list :slight_smile:

Exactly that. Foreman :: Manual documents the flow. Note it can modify your existing DHCP setup. There are many options to tune this, for example --foreman-proxy-dhcp-managed false to not manage the DHCP server. There’s a similar one for DNS. With that a lot of installer options become irrelevant since they’re just there to manage the DHCP server.

If you’re going this route, you should know there’s a --noop flag.

1 Like

Default root password (for new libvirt VMs):

Default root password: that was too simple. It’s not a “global parameter” to be set for host or hostgroup, as I thought (at least I didn’t get that working). Instead, one can set it under:

Administer => Settings => “Provisioning” tab => there is an entry for “Root password” (8th line from the bottom). Putting there the encrypted password (something like $6$Aoivwzui1JMkS66L$SxXNmMs… ) seemed to work.

For next host creation it did not nag any more about root password not set. It’s perhaps a bit confusing that the field is still empty and marked as mandatory (has a “*”) but at least creation worked / it did not force me to re-type (cleartext) password into that field over and over again (everytime the host required re-eding, because something else was still wrong/missing, like network stuff).

I wrote earlier:

Looks very much like as if the difference whether opening the viewer works or not depends on the VNC config; all my other VMs it is set to “only bind to localhost”. The VM katello creates for me defaults to “All interfaces”, and as long as it is this setting, the console viewer in the virt-manager GUI does not work.

vnc connection:

This, too, can be set in those global settings (same like the root password).

Administer => Settings => “Provisioning” tab => there is an entry “Libvirt default console address”, approx. the 20th line.

By default this was/is set to ; so the xml for the created VM has that - which means “All addresses”.

I don’t know is this a common problem, or do I have that only because my hypervisors have several network interfaces (one is “empty” for the host itself and has only the bridge for the VMs).

I changed that setting to, and now the created VM has for the VNC the “Localhost Only” entry, and with that opening a VM from virt-viewer and clicking on the “screen” icon (most-left entry, just left of the light bulb where one could change settings/config for the VM), work, the console (where the kickstart installation is ongoing) opens nicely.

In foreman itself the blue “Console” button still does not work - next screen says “Password:” (though I have no password defined), and then a red bar saying “Disconnected” (same behavior as when it was set to “All Addresses”). See picture below:

But anyway, things start to work, bit by bit.

Foreman uses for-libvirt library which has a XML template hardcoded in. Few things are parametrized, but chances are that some are not. You can file a PR into fog-libvirt.

Most likely your browser or an extension for password management. We’ve seen this in the past.

Even plaintext form should be accepted. If you set your operating system family and password hash correctly, Foreman will encrypt it.

This will only work if you have valid X509 certificate, you appear to have “broken lock” icon. Ignoring will not help, browsers will not allow javascript to do the connection.

1 Like

Foreman opens a websockify proxy. I’d suggest looking at the browser console (ctrl+shift+c in Firefox) to see if the problem is browser -> websockify or websockify -> vnc server. Note these are different ports and you might have it firewalled. It’ll allocate an available port between 5910 and 5930 for every console connection.

1 Like

Thanks for the comments. As said the root password thing I got working. Putting the encoded one is ok, better than to have cleartext in a GUI that “many might use”.

The display_listen, yes, I had found that template from disk, and as a hack hardcoded the display_listen part, and that worked. That template gets some defaults from somewhere, but I had no idea from where and how (I am not familar with ruby and rails much at all), but eventually I discovered that for this thing the default value can be adjusted in Settings. So, no need to hack or file change request.

OK, that x509 thing is a good pointer, I will check that.

Libvirt is great but our support is limited, images needs to be given by path and you cannot customize much. I suggest you to deploy oVirt for serious virtualization.

BTW, you said somewhere “for libvirt the support is not that great” - I kind of disagree. I think this works pretty well, though I used kickstart, not images. For now.

I as able to reinstall a physical machine (bare-metal) and several VMs, all with PXE, kickstart and a mirrored repository (cloned from a DVD), and was able to to adjustments how I wanted (sda vs. vda, add some snippet to kickstart to disable kdump, and such).

The biggest problem for me is that

  1. it’s tricky to find in which template/snippet one has to do the changes, and
  2. there is too many templates, many of which are totally irrelevant for me.

For 2., is it possible to uninstall or hide some of the Provisioning templates? There’s 106 of them, some of them I doubt I will ever need them (e.g. AutoYAST, CoreOS, Jumpstart, …).

I made two bookmarks for those which contain the word “kickstart” and those that conrain the word “clemens” (those which I had to clone to do modifications). But that is a bit clumsy. And always when one goes into a template, and comes back, list is reset to see all. (Well, have to remember to middle click to open it in separate tab…).

For 1., “what comes from where”: I think it’s so that I can go to the host and then in the Templates tab, I can see the template(s) that were or would be used, right?

Looks like the “Provisioning template” (3rd out of 8) is the “main kickstart” template. Some of the others serve a total different purpose, but some it feels have the same/overlapping content as the main kickstart file… like the ssh keys stuff and the “calling home” seems to exist in two variants? And the “Finish template” is listed as first… well yes, probably because it’s alphabetically… but “chronologically” (in which order they will play a role) would help a bit…

I guess I need to check things out a bit more detailed. Would be great, for example, if in the disk partitioning section of the main kickstart was framed in “START this comes from file/snippet…” and “END this comes from file …”.

Some of the files have a comment like that in top, which is great, e.g.:

# This file was deployed via 'Kickstart default PXELinux clemens' template

Ok, those ports are more likely the reason. For other stuff I had to open extra ports as well.

So far I mostly used kickstart instead of image-based. I have once tried out a tutorial how to create a machine from a base image, copy that, resize it, and then run some stuff on it to customize it. The manual way it was quite a big hassle, and it reported me for example problems like “can’t resize xfs filesystem” when trying to resize the “base” qcow image with qemu-img. Perhaps I used the wrong base image… Anyway, I tried it first manually to get a feeling at all, what this is about, before trying to orchestrate such a provisioning in foreman.

But yes, I guess this approach is more the future, it’s a lot faster than kickstart.

Regarding oVirt, does not ring a bell to me. (). Looks like this is the community edition of RHEL, in similar way as foreman is the community version of Satellite and JBosss AS (or Wildfly) for JBoss EAP.
(CentOS is a bit different, the community development work is more Fedora, and CentOS is only a “recompile/rebrand a released RHEL version afterwards”?).

I though somehow libvirt and virt-manager are the “free” versions of RHEV. Seems not.

So oVirt is the community equivalent of RHEV? Looks quite complicated what all needs to be set up for it (Jboss, …). Not sure how far I want to go with my “private little garage datacenter”.

I hope I find a job soon so that I can put my skill to use and get money for it :slight_smile: