Questions about provisioning template storage and update behavior


I have a few questions about provisioning templates, as in my foreman installation, the number of provisioning templates seems to explode and cleanup (and more parameters) is needed. I would like to put a bit of order into this, but need more clarified information (and am willing to put them into a docs PR).

  1. Where are the templates stored? I would like them to be in files, so that they can be more easily edited, diffed and version controllled, but I guess they’re in the database.

  2. If they’re in the database, can I freely tamper with them directly in the database or do I need to go through Foreman because there are additional data structures that need to be kept in sync?

  3. If they’re in the database, did anybody already write (and publish) an export/import script so that the templates can be put under independent version control?

  4. Does foreman have a “reverse snippet” functionality so that I can easily see in which templates a given snippet is used?

  5. How would a locally changed template behave if a new Foreman version contains an updated version? This is an issue similiar to the conffile issue in a file system: Does an update overwrite local changes? Does a local change prevent updates from happening? If a locally changed template is not overwritten, how will I know that there was an upstream change and how would that one look like?

  6. Are there any limits about using expanded host (group) parameters in a template? Is it wise do use host (group) parameters to influence template output? Or is that generally a bad idea (the templates in use her make heavy use of that and I’m not yet sure whether this is clever or stupid)?

I would also love to hear “war stories” about changing and cleaning up templates to find out how big a can of worms I am opening with that.

Thanks for helping!



first of all, sorry that I don’t provide an answer for all your questions, but: I would recommend to have a look at foreman_templates plugin. With this plugin you can manage all your templates in a git repository. A good practice is to have a cron job and sync the provisioning template git repository every day.

To your questions:
Templates are managed in a database. It’s possible to view the history of a template. You can preview a template including all snippets for each host.

What I miss is to have a method to preview a template actually BEFORE you roll out a system. Like, select operating system / hostgroup and then preview the template which would be used for a new host.

Best regards,



  1. They are in database, as stated correctly in previous comment

  2. If the only thing you change in db is provisionig template content, then it should be ok, but manual changes in db are not something I would recommend

  3. Answered in previous comment, thread for planned changes might be interesting for you as well

  4. No, we have the snippet helper that inserts the snippet content into template and that is it

  5. This is a tough one. The templates that are shipped by default are currently locked, that means user changes are prevented. They can be unlocked and modified, however update may overwrite these changes. Recommended workflow is to clone the template and modify the clone. That way you get to keep your custom changes on update and you have the original that may serve as a reference.

  6. I have no personal experience in heavy use of prams in templates, so I cannot tell. I guess it depends mostly on your specific use case and what you aim to achieve.

Hope this helps,

That looks very good. I like it. Will try it in a test instance. Is there a template export from foreman to the file system (for initial import) as well?

How well does that integrate with the templates from a foreman release? Are those pulled from the community_templates project regularly or where would I find the default templates released by the foreman project (that are put in the database on installation) in git?


I was not aware of the foreman_templates plugin. Will use that instead of tinkering around in the database.

That makes cloning and changing a snippet quite hard since one needs to clone and change all templates where a snippet is used.

This is the classic conffiles issue that Linux distributions have, that pops up if a template has been changed both locally and upstream. The approach taken by Foreman (overwriting local changes, requiring local changes to be made to copied templates to prevent them from being overwritten) is quite likely to exclude the local installation from receiving upstream updates, which is only ugly in the normal case, but dangerous in case of a security-relevant bug in a template. This should be revisited in Foreman.

It does, thanks!


Before each release, the templates are synced with what is in community-templates repo, so it is definitely a place to go for the latest template versions. There is also the export ability in foreman_templates.

Great, thanks. This Thread was very helpful, thanks to everybody who answered.