Install foreman on exsiting Puppet-Server with 100+ Hosts and create those hosts for foreman

hi all,

I install foreman on Puppet Server which has 100 Hosts, what the best way to create those Hosts for foreman? Only via API ? because the certfiticates are already signed, so foreman doesnt show those Servers right ?

Foreman and Proxy versions:
Foreman version 2.3.2

Thanks in advance


It depends on what you want to do with the hosts once you have them in Foreman. You could perhaps install Foreman on separate machine and just install the puppet enc script that would send facts for every hosts asking for the resource catalog. Foreman can create hosts based on such information automatically. See Foreman :: Manual for more details. Also this blog post can be interesting in your case. If you already have Foreman on the same machine, you could reconfigure it to use the existing Puppet certificates. The key is the enc script sends the data to Foreman, hosts should start appear then.


What Marek said, plus I recommend the default hostgroup plugin for directly upgrading the hosts to managed hosts and organizing them during import via Puppet report.


thank you for your answr @Marek_Hulan.

I’ll have a close look at blog post, because they dont allow me to install it on new machine! so bevore I make a mistake I have to know what I do.

In that case Foreman will read the Puppet Server certs and create for every one new host right ? but I have to enable the reports for the “old” hosts or I dont need that ?

Thanks @Dirk ( Vielen Dank )

Is the a command line to see which plugins I already activated ?

Not sure about a cli option, but probably the easiest solution is in the GUI under Administer > About on the Plugins tab.

Thank you @Dirk ,

GUI -> Administer -> System Status -> Plugins ( no plugins found )

In that case I have to activated the hostgroup plugin right?
Is there a list of the plugins ? some where?

Yes, and give it some mapping of attributes to hostgroups.

There is a list at Foreman :: Plugin Manuals with documentation of the “bigger” ones.
Furthermore in our training material is a section with some I recommend for some workflow including an explanation why: GitHub - NETWAYS/foreman-training: Open Source Training for Foreman Lifecycle Management Tool

Thank you so much for the helpful links and informations. @Dirk

I read in another article here, that if we install foreman on exsising puppet server, that the
installer pretty much destroys any existing Puppet setup.

Foreman on existing puppet master

I’ll think about seperate server for foreman! if thats so complicated!

I depends on how you do and how much you changed on the puppet server, the thread you linked is quite old and I did it successfully but carefully in the past.

Other strategy working fine is having it on a separate machine which I typically recommend when scale up or high availability is already planned.

Or setup up foreman with a fresh puppet and move the systems.

1 Like

Foreman does not care that much about client certificates of managed machines. It needs to trust puppet server callback though. The data flows like this:

host -----------> puppet server -----------> foreman

Therefore puppet server callback must trust Foreman’s SSL certificate and must use client certificate that Foreman trusts. The installer by default uses the same CA certificate, which is created by puppet CA.

1 Like

Thank you so much @Dirk thats good Idea!

thank you @Marek_Hulan , do I have to change anything when I run foreman-installer on Puppetserver ? for example to not override/delete my certifications ?

I wish I know, I think if the installer sees the file, it does not override it, but if possible, I’d test first (there’s noop mode which could help seeing what the installer would perform)

1 Like

Very good idea, thank you so much @Marek_Hulan