Foreman – life cycle systems management tool for provisioning, configuring and monitoring of physical and virtual servers

Foreman is a free and open source project that gives you the power to easily automate repetitive tasks, quickly deploy applications, and proactively manage your servers lifecyle, on-premises or in the cloud.

From provisioning and configuration to orchestration and monitoring, Foreman integrates with your existing infrastructure to make operations easier. It offers a powerful set of system management tools.

A Foreman installation will always contain a central foreman instance that is responsible for providing the Web based GUI, node configurations, initial host configuration files, etc. However, if the foreman installation supports unattended installations then other operations need to be performed to fully automate this process. The smart proxy manages remote services and is generally installed with all Foreman installations to manage TFTP, DHCP, DNS, Puppet, Puppet CA, Ansible, Salt, and Chef.

Features include:

  • Installation and usability
    • Easy POC installation: With a dedicated one-command installer with answer file support and automation, Foreman can be easily evaluated or customized as required.
    • Plugin architecture: Most Foreman features are provided as plugins for either Foreman Core application or Foreman Proxy service.
    • Web User Interface: Powerful web UI built on modern technologies.
    • API/CLI: Powerful API, whole infrastructure can be managed via external tools.
    • Community powered: Foreman ships with many configuration and remote execution templates maintained by the community.

    Inventory

    • Hosts inventory: Inventory of managed servers (nodes).
    • Host groups: Host grouping with common options, parameters and support for field inheritance.
    • NIC discovery: Automatic creation of network interfaces (regular, bond, bridge, VLAN), Operating System and Architecture (according to facts reported by hosts).
    • Common search: Powerful search across whole application with smart completion.
    • Bookmarks: Saved common search queries as bookmarks for repetitive use.
    • Subnet & Domain inventory: Manage any number of networks via Foreman Proxy DHCP & DNS modules (including VLANs).
    • IPAM: Manage DHCP reservations on various providers like ISC DHCP, MS DHCP or Infoblox, free IP addresses can be allocated on the fly or via Foreman database.
    • DNS and identity management: DNS or realm entries can be automatically created for each host in Foreman inventory.

    Provisioning

    • Manage PXE: Foreman provides full management of PXE configuration of PXELinux, Grub, Grub2 and iPXE for maximum network boot flexibility.
    • Install OS: Initiate unattended provisioning of various Operating Systems via extensive set of templates and snippets maintained by the community.
    • Build VMs: Integrate with hypervisors like VMWare vCenter, Red Hat Enterprise Virtualization, oVirt or libvirt to create instances directly from Foreman UI/API/CLI either from images or via PXE.
    • Create cloud instances: Integrate with clouds like OpenStack, Rackspace, Amazon EC2 or Google Compute Engine directly from Foreman UI/API/CLI.
    • Host network configuration: Provisioning templates which create network configuration for installed hosts including bonding, bridging and VLAN trunk support.
    • Configuration management bootstrap: Template snippets for bootstrapping initial configuration of configuration management software including signing client keys with CA.
    • IPv6: Foreman can manage IPv6 addresses on non-provisioning interfaces (PXE provisioning on IPv6 is work in progress).
    • Templating engine: Templates based on ERB for OS installation recipes (Kickstart, Preseed), jobs (SSH scripts, Ansible jobs), partitioning schemes and other types.
    • Compute Resources: Modules or plugins for integration with hypervisors and cloud infrastructure.
    • Compute Profiles: Common compute profiles across multiple clouds or virtualization (e.g. xxsmall, large, medium).

    Server discovery

    • Host discovery: Boot unknown hardware from network or via local media (USB stick) and let it register to Foreman for automated or on-demand provisioning.
    • Provisioning of discovered nodes: Automatic, semi-automatic or fully manual provisioning of discovered hardware via WebUI/CLI/API.

    Large teams support

    • Host parameters: Flexible parameters engine for hosts and associated objects (subnets, domains, host groups) with dynamically generated hierarchical Key/Value maps called Smart Variables/Class Parameters.
    • Foreman proxies: Components running inside data centres, subnets or remote sites providing connection to managed nodes and services using REST HTTPS API.
    • Authentication: Username and password authentication with brute-force protection, POSIX LDAP, FreeIPA and MSAD authentication integration.
    • Authorization: Fine-grained role-based access controls (RBAC) for users, roles, LDAP mapping.
    • Authorization filters: Ability to assign authorization permissions to filtered objects (e.g. hostnames starting with ‘test-‘).
    • Multitenancy: Most resources in Foreman can be assigned to Organizations and Locations as a flexible authorization mechanism for multiple organizations or sites.
    • Kerberos: Foreman supports automatically creating FreeIPA Realm entries for new hosts.
    • HTTP Proxy: For some communication of managed nodes or Foreman itself.

    Reporting and monitoring

    • Dashboard: Fully configurable dashboard with widgets and statistics.
    • Facts: Inventory of facts reported by configuration management agents (Facter, Ansible, Salt grains).
    • Trends: Track changes in Foreman infrastructure over time, including key Foreman resources or facts.
    • Audit: Detailed audit trail with per-field granularity and diff feature for config templates and reports.
    • Report templates: Thanks to report templates you can generate custom text reports based on data that are available in Foreman. The output can be csv, yaml, json. Templates can contain additional logic and the report can be customized when it’s generated.

    Remote execution (plugin)

    • Job invocations: Running arbitrary commands or scripts on remote hosts using different providers, such as SSH or Ansible. This includes scheduling future runs, recurring execution, concurrency control, watching the progress and output live.

    Puppet integration

    • Puppet classes: Ability to import and parse Puppet source code base and recognize class parameters for deep mapping integration through the application.
    • Puppet CA: Integration with puppet CA for automatic, semi-automatic or fully automatic client cert sign process.
    • Puppet ENC: Puppet node classifier (source of input) for Puppet Master.
    • Configuration reports: Inventory of reports from configuration management systems with diff feature and runtime statistics and graphs.

    Ansible integration (plugin)

    • Ansible roles: Ability to import and parse Ansible source code for deeper integration. In combination with remote execution, provides configuration management like user experience with Ansible. User assign roles to hosts/hostgroups and then enforces the policy defined by these roles on a host. Every such Ansible run updates host facts and generates new configuration report. Roles behaviour can be customized by Foreman parametrization that is passed to the Ansible inventory.
    • Ansible inventory: Source inventory for Ansible.
    • Configuration reports: Inventory of reports from configuration management systems with diff feature and runtime statistics and graphs.

    Compliance management (plugin)

    • Compliance management: Define a compliance policy using OpenSCAP standards and tooling, and then enforce it in infrastructure. Supports existing XCCDF profiles and tailoring of them according to user needs.

    Content management (plugin)

    • Yum and Puppet Repositories: Create, organize, and manage local yum and puppet repositories. Sync remote repositories or upload content directly to build a library of content that serves as the basis for building custom builds of your content.
    • Content snapshots: Take your local content and filter out packages, errata and puppet modules to create custom builds into units called Content Views. Make your custom builds available to your hosts by moving it through environment paths that mimic traditional development workflows (Dev → QE → Stage → Production).
    • Package and Errata Updates: Use your locally managed content to install package and errata updates to a host or group of hosts.
    • Host collections: A mechanism to statically group multiple Content Hosts. This enables administrators to group Content Hosts based on the needs of their organization. For example, Content Hosts could be grouped by function, department or business unit.
    • Standard Operating Environment: Create and maintain a Standard Operating Environment (SOE).

Website: theforeman.org
Support: Documentation, Wiki, GitHub Code Repository
Developer: Paul Kelly and Ohad Levy, and many contributors
License: GNU General Public License v3.0

Foreman

Foreman is written in Ruby and JavaScript. Learn Ruby with our recommended free books and free tutorials. Learn JavaScript with our recommended free books and free tutorials.

Back to Server Provisioning Home Page


Popular series
Guide to LinuxNew to Linux? Read our Linux for Starters series. We start right at the basics and teach you everything you need to know to get started with Linux.
Free and Open Source SoftwareThe largest compilation of the best free and open source software in the universe. Each article is supplied with a legendary ratings chart helping you to make informed decisions.
ReviewsHundreds of in-depth reviews offering our unbiased and expert opinion on software. We offer helpful and impartial information.
Alternatives to Proprietary SoftwareReplace proprietary software with open source alternatives: Google, Microsoft, Apple, Adobe, IBM, Autodesk, Oracle, Atlassian, Corel, Cisco, Intuit, and SAS.
Linux Around The WorldLinux Around The World showcases events and usergroups that are relevant to Linux enthusiasts.
AudioSurveys popular streaming services from a Linux perspective: Amazon Music Unlimited, Myuzi, Spotify, Deezer, Tidal.
Saving Money with LinuxSaving Money with Linux looks at how you can reduce your energy bills running Linux.
System ToolsEssential Linux system tools focuses on small, indispensable utilities, useful for system administrators as well as regular users.
ProductivityLinux utilities to maximise your productivity. Small, indispensable tools, useful for anyone running a Linux machine.
Home ComputersHome computers became commonplace in the 1980s. Emulate home computers including the Commodore 64, Amiga, Atari ST, ZX81, Amstrad CPC, and ZX Spectrum.
Now and ThenNow and Then examines how promising open source software fared over the years. It can be a bumpy ride.
Linux at HomeLinux at Home looks at a range of home activities where Linux can play its part, making the most of our time at home, keeping active and engaged.
Linux CandyLinux Candy reveals the lighter side of Linux. Have some fun and escape from the daily drudgery.
DockerGetting Started with Docker helps you master Docker, a set of platform as a service products that delivers software in packages called containers.
Android AppsBest Free Android Apps. We showcase free Android apps that are definitely worth downloading. There's a strict eligibility criteria for inclusion in this series.
Programming BooksThese best free books accelerate your learning of every programming language. Learn a new language today!
Programming TutorialsThese free tutorials offer the perfect tonic to our free programming books series.
Stars and StripesStars and Stripes is an occasional series looking at the impact of Linux in the USA.
Share this article

Share your Thoughts

This site uses Akismet to reduce spam. Learn how your comment data is processed.