Foreman – Install and Configure on CentOS / RHEL 7.x

Foreman is an open source package that provisions bare metal and virtual machine instances in public and private clouds. After servers are provisioned, Foreman is able to configure servers using Puppet. Chef, Salt, Ansible, and Bash are also supported. Puppet is the default configuration tool installed with the Foreman server. For provisioning, Foreman is able to do PXE-less and PXE installations of Bare Metal & VM servers. When doing PXE-less provisioning the bootdisk or discovery plugins are necessary. For PXE provisioning, Foreman makes use of PXE, DHCP, DNS, TFTP, and kickstart (CentOS & RHEL).

Let’s review the steps required to install Foreman on CentOS / RHEL 7.x

Step:1 Install puppetlabs, (epel CentOS) and foreman installer

NOTE – The following three pre-reqs commands provided by the foreman documentation do not install foreman 1.16, 1.17, 1.18 or 1.19 without errors.

# rpm -ivh
# yum -y install epel-release
# yum -y install foreman-installer

To resolve discovered issues, execute the script to remove OS conflicts and install required prereqs that allow the foreman installer to function without errors

# ./

Step:2 Execute foreman installer

To begin the foreman installation


The initial URL, userID, and password to logon foreman will be provided when the installer completes

NOTE – By default, RHEL/CentOS 7 have a firewall enabled that will prevent accessing foreman after installation. You most disable and stop the firewall or open firewall ports.

To disable and stop the firewall –

# systemctl disable firewalld

# systemctl stop firewalld

NOTE – configures the firewall for use by foreman, disabling is not necessary

After the foreman-installer completes,

[root@foreman ~]# foreman-installer
Installing Done [100%] […………………………………………]
* Foreman is running at
Initial credentials are admin / 2uVBqqwMHZHJexpi
* Foreman Proxy is running at
* Puppetmaster is running at port 8140
The full log is at /var/log/foreman-installer/foreman.log

Step:3 Adding NTP

NTP is important to puppet, let’s install the ntp module

# puppet module install puppetlabs-ntp

Next, select Configure Tab -> Classes
Select Import, this will import the NTP module into foreman
Select the Module checkbox and Update
Select ntp class name and select Smart Class Parameter
Select the override checkbox to specify a local NTP Server(s)
Change the Key type Value from “String” to “Array” 
and Specify the NTP Server’s name in the Default value Box then Submit

To add the ntp class to a host, select Hosts options, then select the host (foreman server)

Select Edit, then Puppet Classes Tab

Select + option to add ntp class to the host


To automatically configure the NTP service, execute the following command on the foreman server:

# puppet agent –test

Select Hosts

Select the foreman server

Select Reports

Step:3 Adding SSL Certificates

Puppet uses SSL Certificates for secure communication between puppet master and nodes. The Puppet Master can only communicate with nodes after certificates are signed

To configure autosign for puppet nodes on a domain –

Select Infrastructure —> Select Smart Proxies —> Select Autosign  under Action Tab

Select New and specify the domain name (*

Select Save

Step:4 Add New hosts to Foreman

When adding new hosts to foreman, a puppet agent should be installed on the server to allow communications

On the new host execute the following commands –

# yum install puppet
# puppet agent -td