Get the highlights in your inbox every week.
Foreman: A robust tool for sysadmins
How to get started with the Foreman sysadmin tool
Foreman offers a powerful set of system management tools, from process automation to security compliance and more. Here's how to get started.
Is your system management tool robust enough?
As your organization grows, so does your workload—and the IT resources required to manage it. There is no "one-size-fits-all" system management solution, but a centralized, open source tool such as Foreman can help you manage your company's IT assets by provisioning, maintaining, and updating hosts throughout the complete lifecycle.
Foreman becomes even more powerful when integrated with other open source projects and plugins, and I will discuss these in more detail below. To get started, however, let's consider key functions of an effective system management tool.
Host provisioning is for deploying instances or virtual machines on bare-metal, on-premises, or a cloud provider's data center.
Content management refers to publishing, promoting, and managing various versions of repositories and packages in the CDN and systems across the life cycle (i.e., development, testing, QA, and production).
Patch/errata management includes bug fixes and advisory or enhancement packages. An effective systems management tool should identify applicable errata regularly and patch registered systems promptly.
Subscription or license management enables the purchase, renewal, and extension of subscriptions through a systems management portal. This information should be updated frequently in the user account for each system.
Health monitoring and reporting enables real-time system checkups. This should include updates, errata, compliance, workload, and system performance metrics for registered hosts and running services.
Remote execution is for running arbitrary commands on hosts or groups of hosts to perform similar activities remotely. These commands can be customized; for example, to provision templates or partition tables.
Identity and policy lets you create different users and roles and manage various permission policies. This function should also support Kerberos and LDAP integration and authentication.
Alerts and notification audits administrator and user activities. This tool should instantly detect what changes are made in each node, when they are made, and where potential risk may exist.
Automation applies to repetitive tasks. A top systems management tool should help identify and automate these processes.
Foreman and open source plugins
Foreman's basic functions include host provisioning, discovery of unknown nodes, and upgrading instances on bare-metal, hyper-visor, and cloud data centers. Plugins can greatly enhance these capabilities.
Smart Proxy, also known as Foreman Proxy, is an extended subsystem that performs operations through instructions from Foreman. It can be hosted on a physical, on-premises, or third-party cloud or on a hypervisor. In a large distributed organization, placing a Smart Proxy near instances reduces network latency.
Here are some open source projects that integrate with Foreman:
Katello is a repository and subscription-management plugin. It downloads content from upstream repositories and manages local yum, puppet repos, and content versions in different life-cycle environments. Katello comprises two important services:
- Candlepin runs within Katello, managing subscriptions and licenses for all registered systems.
- Pulp handles repositories and packages. It supports RPMs, errata, kickstart trees, metadata, etc. You can sync remote content such as EPEL locally, and upload custom content into a pulp repository.
OpenScap manages security compliance and vulnerability on managed hosts. It uses the Security Content Automation Protocol (SCAP) to assess, measure, and enforce security policies. Foreman then lets you create, upload, and assign them to hosts or host groups. A client running the SCAP scan script can upload the report to Foreman Proxy, and administrators can use it for assessment.
Remote Execution enables Foreman to simultaneously execute random commands on multiple hosts. Variables in these commands can take hosts' facts, class parameters, or host parameters specified by users while triggering the execution.
The Ansible plugin allows you to import hosts along with facts every time you run the playbook or an Ansible module. In short, it automates processes and defines a list of roles that can be enforced on managed hosts.
Docker automates the deployment of applications within Linux containers. In Foreman, containers are deployed only on compute resources of the Docker provider type, enabling rapid application deployment and simplifying testing and maintenance.
Part of the Foreman installer, Puppet helps to configure puppet environments on hosts. The Puppet master, running on the Foreman server, is configured under Apache and Passenger by default. Puppet integration is optional with the 3.0 release.
Hammer is a CLI tool that provides command-line options equivalent to most web UI functions.
You are only four steps away from your first Foreman installation. Let's perform a quick installation, log into GUI, and start playing with Foreman.
For the initial setup, you must first open four mandatory ports and enable the Puppet, EPEL, and Foreman repositories. The following installation steps were performed on CentOS 7; however, other platforms that support Foreman installation include Fedora, Red Hat Enterprise Linux, Ubuntu, Oracle Linux, etc.
Step 1: Open the necessary ports in the firewall.
|80||TCP||HTTP access to Foreman web UI, provisioning templates using Apache + Passenger|
|443||TCP||HTTPS access to Foreman web UI, provisioning templates using Apache + Passenger|
# firewall-cmd --permanent --add-port="69/udp"
# firewall-cmd --permanent --add-port="80/tcp"
# firewall-cmd --permanent --add-port="443/tcp"
# firewall-cmd --permanent --add-port="8140/tcp"
# firewall-cmd --reload
Step 2: Download Puppet, EPEL, and Foreman RPMs.
# yum -y install https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
# yum -y install http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# yum -y install https://yum.theforeman.org/releases/1.15/el7/x86_64/foreman-release.rpm
Step 3: Install and execute the Foreman installer RPM.
To list all the options available during installation, use Foreman installer Help. Use -v to enable verbose installation and -i for user interactive mode. In this example, I will proceed with non-interactive default options.
# yum -y install foreman-installer
# foreman-installer --help
Step 4: After installation, the installer with give you Foreman URL details, a default login user admin, and an auto-generated random password. Launch the Foreman https: URL on your browser and log in.
Foreman is a powerful sysadmin tool that can be both fun and challenging to work with. Let us know what you think of it. Also, please share your thoughts on any other open source projects you find useful.