Foreman is a free and open source project that gives you the power to easily automate repetitive tasks, quickly deploy applications, and proactively manage your servers lifecyle, on-premises or in the cloud.
From provisioning and configuration to orchestration and monitoring, Foreman integrates with your existing infrastructure to make operations easier. It offers a powerful set of system management tools.
A Foreman installation will always contain a central foreman instance that is responsible for providing the Web based GUI, node configurations, initial host configuration files, etc. However, if the foreman installation supports unattended installations then other operations need to be performed to fully automate this process. The smart proxy manages remote services and is generally installed with all Foreman installations to manage TFTP, DHCP, DNS, Puppet, Puppet CA, Ansible, Salt, and Chef.
Key Features
- Installation and usability
- Easy POC installation: With a dedicated one-command installer with answer file support and automation, Foreman can be easily evaluated or customized as required.
- Plugin architecture: Most Foreman features are provided as plugins for either Foreman Core application or Foreman Proxy service.
- Web User Interface: Powerful web UI built on modern technologies.
- API/CLI: Powerful API, whole infrastructure can be managed via external tools.
- Community powered: Foreman ships with many configuration and remote execution templates maintained by the community.
Inventory
- Hosts inventory: Inventory of managed servers (nodes).
- Host groups: Host grouping with common options, parameters and support for field inheritance.
- NIC discovery: Automatic creation of network interfaces (regular, bond, bridge, VLAN), Operating System and Architecture (according to facts reported by hosts).
- Common search: Powerful search across whole application with smart completion.
- Bookmarks: Saved common search queries as bookmarks for repetitive use.
- Subnet & Domain inventory: Manage any number of networks via Foreman Proxy DHCP & DNS modules (including VLANs).
- IPAM: Manage DHCP reservations on various providers like ISC DHCP, MS DHCP or Infoblox, free IP addresses can be allocated on the fly or via Foreman database.
- DNS and identity management: DNS or realm entries can be automatically created for each host in Foreman inventory.
Provisioning
- Manage PXE: Foreman provides full management of PXE configuration of PXELinux, Grub, Grub2 and iPXE for maximum network boot flexibility.
- Install OS: Initiate unattended provisioning of various Operating Systems via extensive set of templates and snippets maintained by the community.
- Build VMs: Integrate with hypervisors like VMWare vCenter, Red Hat Enterprise Virtualization, oVirt or libvirt to create instances directly from Foreman UI/API/CLI either from images or via PXE.
- Create cloud instances: Integrate with clouds like OpenStack, Rackspace, Amazon EC2 or Google Compute Engine directly from Foreman UI/API/CLI.
- Host network configuration: Provisioning templates which create network configuration for installed hosts including bonding, bridging and VLAN trunk support.
- Configuration management bootstrap: Template snippets for bootstrapping initial configuration of configuration management software including signing client keys with CA.
- IPv6: Foreman can manage IPv6 addresses on non-provisioning interfaces (PXE provisioning on IPv6 is work in progress).
- Templating engine: Templates based on ERB for OS installation recipes (Kickstart, Preseed), jobs (SSH scripts, Ansible jobs), partitioning schemes and other types.
- Compute Resources: Modules or plugins for integration with hypervisors and cloud infrastructure.
- Compute Profiles: Common compute profiles across multiple clouds or virtualization (e.g. xxsmall, large, medium).
Server discovery
- Host discovery: Boot unknown hardware from network or via local media (USB stick) and let it register to Foreman for automated or on-demand provisioning.
- Provisioning of discovered nodes: Automatic, semi-automatic or fully manual provisioning of discovered hardware via WebUI/CLI/API.
Large teams support
- Host parameters: Flexible parameters engine for hosts and associated objects (subnets, domains, host groups) with dynamically generated hierarchical Key/Value maps called Smart Variables/Class Parameters.
- Foreman proxies: Components running inside data centres, subnets or remote sites providing connection to managed nodes and services using REST HTTPS API.
- Authentication: Username and password authentication with brute-force protection, POSIX LDAP, FreeIPA and MSAD authentication integration.
- Authorization: Fine-grained role-based access controls (RBAC) for users, roles, LDAP mapping.
- Authorization filters: Ability to assign authorization permissions to filtered objects (e.g. hostnames starting with ‘test-‘).
- Multitenancy: Most resources in Foreman can be assigned to Organizations and Locations as a flexible authorization mechanism for multiple organizations or sites.
- Kerberos: Foreman supports automatically creating FreeIPA Realm entries for new hosts.
- HTTP Proxy: For some communication of managed nodes or Foreman itself.
Reporting and monitoring
- Dashboard: Fully configurable dashboard with widgets and statistics.
- Facts: Inventory of facts reported by configuration management agents (Facter, Ansible, Salt grains).
- Trends: Track changes in Foreman infrastructure over time, including key Foreman resources or facts.
- Audit: Detailed audit trail with per-field granularity and
difffeature for config templates and reports. - Report templates: Thanks to report templates you can generate custom text reports based on data that are available in Foreman. The output can be csv, yaml, json. Templates can contain additional logic and the report can be customized when it’s generated.
Remote execution (plugin)
- Job invocations: Running arbitrary commands or scripts on remote hosts using different providers, such as SSH or Ansible. This includes scheduling future runs, recurring execution, concurrency control, watching the progress and output live.
Puppet integration
- Puppet classes: Ability to import and parse Puppet source code base and recognize class parameters for deep mapping integration through the application.
- Puppet CA: Integration with puppet CA for automatic, semi-automatic or fully automatic client cert sign process.
- Puppet ENC: Puppet node classifier (source of input) for Puppet Master.
- Configuration reports: Inventory of reports from configuration management systems with diff feature and runtime statistics and graphs.
Ansible integration (plugin)
- Ansible roles: Ability to import and parse Ansible source code for deeper integration. In combination with remote execution, provides configuration management like user experience with Ansible. User assign roles to hosts/hostgroups and then enforces the policy defined by these roles on a host. Every such Ansible run updates host facts and generates new configuration report. Roles behaviour can be customized by Foreman parametrization that is passed to the Ansible inventory.
- Ansible inventory: Source inventory for Ansible.
- Configuration reports: Inventory of reports from configuration management systems with diff feature and runtime statistics and graphs.
Compliance management (plugin)
- Compliance management: Define a compliance policy using OpenSCAP standards and tooling, and then enforce it in infrastructure. Supports existing XCCDF profiles and tailoring of them according to user needs.
Content management (plugin)
- Yum and Puppet Repositories: Create, organize, and manage local yum and puppet repositories. Sync remote repositories or upload content directly to build a library of content that serves as the basis for building custom builds of your content.
- Content snapshots: Take your local content and filter out packages, errata and puppet modules to create custom builds into units called Content Views. Make your custom builds available to your hosts by moving it through environment paths that mimic traditional development workflows (Dev → QE → Stage → Production).
- Package and Errata Updates: Use your locally managed content to install package and errata updates to a host or group of hosts.
- Host collections: A mechanism to statically group multiple Content Hosts. This enables administrators to group Content Hosts based on the needs of their organization. For example, Content Hosts could be grouped by function, department or business unit.
- Standard Operating Environment: Create and maintain a Standard Operating Environment (SOE).
Website: theforeman.org
Support: Documentation, Wiki, GitHub Code Repository
Developer: Paul Kelly and Ohad Levy, and many contributors
License: GNU General Public License v3.0
Foreman is written in Ruby and JavaScript. Learn Ruby with our recommended free books and free tutorials. Learn JavaScript with our recommended free books and free tutorials.
Related Software
| Server Provisioning | |
|---|---|
| FAI | High quality tool for fully automatic installation of Linux systems |
| Foreman | Life cycle systems management tool |
| Cobbler | OS provisioning and profile management |
| m23 | Software distribution and management system |
| Confluent | Handle essential bootstrap and operation of scale-out server configurations |
| xCAT | Extreme Cluster Administration Toolkit |
| OpenQRM | Systems management platform |
| Uyuni | Configuration and infrastructure management solution |
Read our verdict in the software roundup.
| Network Inventory Management | |
|---|---|
| NetBox | Manage and document computer networks |
| Snipe-IT | Asset management system |
| Ralph | Simple yet full featured Asset Management, DCIM and CMDB |
| Foreman | Life cycle systems management tool |
| GLPI | Asset and IT management software |
| Racktables | Robust solution for datacenter and server room asset management |
| Nornir | Pluggable multi-threaded framework |
| openDCIM | Data Center Inventory Management application |
| Open-AudIT | Network auditing application |
| OCSING | Hardware and software inventory tool |
| opsi | Client management system to manage heterogeneous environments |
| Netdisco | Web-based network management tool |
| TeemIp | Manage network addressing data and related infrastructure records |
| FusionInventory | IT asset and inventory management |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |