Install Foreman on Ubuntu Server

20 April 2021

This article is for those looking for a detailed and straightforward guide on installing Foreman on Ubuntu Server.

Foreman is open-source software for deploying, configuring and monitoring physical and virtual servers. Foreman can integrate with Ansible, Puppet, Chef, Salt and other configuration management software products.

In this guide, we will consider the case when you already have a server with the Ubuntu Server 18.04 LTS operating system installed on it.

You can read more about how to install Ubuntu Server 18.04 LTS in my guide “Install Ubuntu Server 18.04 LTS”.

In addition, OpenSSH must be installed on the server, and port 22 must be open in order to be able to connect to the server using the SSH protocol.

To install OpenSSH on a server, you can use the command:

sudo apt install openssh-server

If you plan to connect to the server using the Windows operating system, you can use PuTTY or MobaXterm.

This guide describes how to connect to a server using the iTerm2 terminal emulator installed on the macOS operating system.

Please note that you will need to open the following TCP ports to access your server:

• TCP port 80 - for the configuration deployment service.
• TCP port 443 - to access the Foreman control panel.
• TCP port 8140 - for Puppet Agent to work.
• TCP port 5648 - for client and Smart Proxy operation.
• TCP port 9090 - for communication with Smart Proxy.

We connect to the server on which you plan to install Foreman.

Let’s name the server using the command:

sudo hostnamectl set-hostname foreman.heyvaldemar.net

This tutorial uses “foreman.heyvaldemar.net” as the Foreman server name.

The server with the agent installed must resolve the name of the Foreman server, and also the Foreman server must resolve the name of the client-server.

Make sure the server name has the correct DNS entry and also update the “/etc/hosts” file on the server with the command:

echo "10.170.18.186 foreman.heyvaldemar.net puppet.heyvaldemar.net foreman puppet" | sudo tee -a /etc/hosts

This tutorial uses “foreman.heyvaldemar.net” as the Foreman server name.

Restart the hostamed service for the changes to the server name to take effect using the command:

sudo systemctl restart systemd-hostnamed

Let’s check the correctness of the server name using the command:

hostname

Now let’s replace the current shell process with a new one using the command:

exec bash

Now you need to download and install the Puppet Server repository configuration package.

Download the Puppet Server repository configuration package using the command:

wget https://apt.puppetlabs.com/puppet6-release-bionic.deb

Install the Puppet Server repository configuration package using the command:

sudo dpkg -i puppet6-release-bionic.deb

Next, we connect the Foreman repository using the command:

echo "deb http://deb.theforeman.org/ bionic 2.4" | sudo tee /etc/apt/sources.list.d/foreman.list

Next, connect the Foreman plugin repository using the command:

echo "deb http://deb.theforeman.org/ plugins 2.4" | sudo tee -a /etc/apt/sources.list.d/foreman.list

Now let’s add the official Foreman key using the command:

wget -q https://deb.theforeman.org/pubkey.gpg -O- | sudo apt-key add -

Update the local package index to the latest changes in the repositories using the command:

sudo apt update

Now install Foreman Installer using the command:

sudo apt -y install foreman-installer

Now install Foreman using the command:

sudo foreman-installer

In the next step, you will receive the username and password of an account with Foreman administrator rights.

Save this data in a safe place.

Puppet binaries are located in the “/opt/puppetlabs/bin/” directory, which is not in the “PATH” environment variable by default and in the “secure_path” variable that is used for “sudo” operations.

Note that the path to the executable files is irrelevant for the Puppet services since the start of the services does not depend on the “PATH” and “secure_path”.

By adding the path to executable files to variables, you can use:

sudo puppet agent -t

Instead:

sudo /opt/puppetlabs/bin/puppet agent -t

Add the path to the Puppet executable files to the “secure_path” variable.

Open the “sudoers” configuration file in a text editor using the command:

sudo visudo

Find the variable “secure_path”, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin.

In order to save the changes in the “sudoers” file, press “Ctrl + x”.

Now you need to confirm the changes in the file.

Click on the “y” button.

Press the “Enter” button to confirm saving the file.

Now let’s add the path to the Puppet executables to the “PATH” environment variable.

Open the “environment” configuration file in a text editor using the command:

sudo vim /etc/environment

Press the “i” button to enter edit mode, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin.

Now press the “Esc” button to exit edit mode, then type “:x” and press the “Enter” button to save your changes and exit the editor.

You can now install the NTP module to help you install, configure, and manage the NTP service on client operating systems.

Install the NTP module using the command:

sudo puppet module install puppetlabs-ntp -i /etc/puppetlabs/code/modules/

Now you need to import the NTP module into your Foreman control panel.

From the workstation, go to the link https://foreman.heyvaldemar.net, where foreman.heyvaldemar.net is the name of my subdomain to access the Foreman control panel. You will need to specify your domain or subdomain through which your Foreman control panel will be accessible from the Internet.

This guide uses Mozilla Firefox as the web browser to connect to the Foreman Control Panel.

In the next step, you can see the warning “Warning: Potential Security Risk Ahead”.

Click on the “Advanced” button.

Next, click on the “Accept the Risk and Continue” button.

Default login for Foreman administrator account: admin

Please note that the password for the administrator account was generated after the Foreman installation was completed.

Specify the username and password of an account with Foreman administrator rights, and click on the “Log in” button.

From the menu on the left, select “Configure”, then “Classes”.

Next, click on the button “Import environments from foreman.heyvaldemar.net.

This tutorial uses “foreman.heyvaldemar.net” as the Foreman server name.

Select the environment for which you want to import the module, and click on the “Update” button.

The module has been successfully imported into the selected environment.

Next, we connect to the server on which you plan to install Puppet Agent.

Let’s name the server using the command:

sudo hostnamectl set-hostname puppet-agent.heyvaldemar.net

This tutorial uses “puppet-agent.heyvaldemar.net” as the name of the server with the Puppet agent installed.

The server with the agent installed must resolve the name of the Foreman server, and also the Foreman server must resolve the name of the client-server.

Make sure the server name has the correct DNS entry and also update the “/etc/hosts” file with the IP address and client-server name using the command:

echo "10.170.18.152 puppet-agent.heyvaldemar.net puppet-agent" | sudo tee -a /etc/hosts

This tutorial uses “puppet-agent.heyvaldemar.net” as the name of the server with the Puppet agent installed.

Next, add the IP address and name of the Foreman server to the “/etc/ hosts” file using the command:

echo "10.170.18.186 foreman.heyvaldemar.net puppet.heyvaldemar.net foreman puppet" | sudo tee -a /etc/hosts

The presence of this record will allow the server with the agent installed to resolve the Foreman server name even without a DNS record.

Restart the hostamed service for the changes to the server name to take effect using the command:

sudo systemctl restart systemd-hostnamed

Let’s check the correctness of the server name using the command:

hostname

Now let’s replace the current shell process with a new one using the command:

exec bash

Now you need to download and install the Puppet Agent repository configuration package.

Download the Puppet Agent repository configuration package using the command:

wget https://apt.puppetlabs.com/puppet6-release-bionic.deb

Install the Puppet Agent repository configuration package using the command:

sudo dpkg -i puppet6-release-bionic.deb

Update the local package index to the latest changes in the repositories using the command:

sudo apt update

Now install Puppet Agent using the command:

sudo apt install -y puppet-agent

Puppet binaries are located in the “/opt/puppetlabs/bin/” directory, which is not in the “PATH” environment variable by default and in the “secure_path” variable that is used for “sudo” operations.

Note that the path to the executable files is irrelevant for the Puppet services since the start of the services does not depend on the “PATH” and “secure_path”.

By adding the path to executable files to variables, you can use:

sudo puppet agent -t

Instead:

sudo /opt/puppetlabs/bin/puppet agent -t

Add the path to the Puppet executable files to the “secure_path” variable.

Open the “sudoers” configuration file in a text editor using the command:

sudo visudo

Find the variable “secure_path”, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin.

Now you need to confirm the changes in the file.

Click on the “y” button.

Press the “Enter” button to confirm saving the file.

Now let’s add the path to the Puppet executables to the “PATH” environment variable.

Open the “environment” configuration file in a text editor using the command:

sudo vim /etc/environment

Press the “i” button to enter edit mode, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin.

Now press the “Esc” button to exit edit mode, then type “:x” and press the “Enter” button to save your changes and exit the editor.

Next, you need to make changes to the Puppet configuration file by opening it in a text editor using the command:

sudo vim /etc/puppetlabs/puppet/puppet.conf

Press the “i” button to switch to edit mode, add a new section “[main]” with the following parameters:

[main]
certname = puppet-agent.heyvaldemar.net
server = foreman.heyvaldemar.net
environment = production
runinterval = 15m

In this tutorial, Puppet Agent is installed on the puppet-agent.heyvaldemar.net server. You will need to specify your server through which your Puppet Agent will be accessible from the Internet or on the local network of your organization.

Foreman is also installed on the foreman.heyvaldemar.net server. You will need to specify your server through which your Foreman will be accessible from the Internet or from the local network of your organization.

Note that the “runinterval” parameter specifies the time interval between agent requests to the Foreman server.

Now press the “Esc” button to exit edit mode, then type “:x” and press the “Enter” button to save your changes and exit the editor.

Launch Puppet Agent and enable it to autostart when the operating system starts up using the command:

sudo puppet resource service puppet ensure=running enable=true

Now you need to approve the certificate request for the server on which the Puppet Agent is installed so that the client can subsequently receive the configuration from the Foreman server.

Return to the Foreman control panel and select “Infrastructure” from the menu on the left, then “Smart Proxies”.

Next, find the Foreman server, and in the “Actions” section, in the drop-down list, select “Certificates”.

This tutorial uses “foreman.heyvaldemar.net” as the Foreman server name.

Now we find the client-server and in the “Actions” section, select “Sign”.

This tutorial uses “puppet-agent.heyvaldemar.net” as the name of the server with the Puppet agent installed.

The certificate for the client-server has been successfully approved.

You can now configure automatic certificate approval.

Go to the “Autosign entries” section and click on the “Create Autosign Entry” button.

Next, you can specify the domain for which Foreman will automatically approve certificates.

Please note that you must specify “*.” Before the domain, so that all members of the specified domain will automatically approve certificates.

Click on the “Save” button.

Automatic certificate approval is configured.

We return to the server with the Puppet Agent installed.

Now you need to get the configuration for the client from the Puppet server using the command:

sudo puppet agent -t

The configuration for the client from the Foreman server was successfully received.

---

My Courses

🎓 Dive into my comprehensive IT courses designed for enthusiasts and professionals alike. Whether you’re looking to master Docker, conquer Kubernetes, or advance your DevOps skills, my courses provide a structured pathway to enhancing your technical prowess.

My Services

💼 Take a look at my service catalog and find out how we can make your technological life better. Whether it’s increasing the efficiency of your IT infrastructure, advancing your career, or expanding your technological horizons — I’m here to help you achieve your goals. From DevOps transformations to building gaming computers — let’s make your technology unparalleled!

Refill My Coffee Supplies

💖 PayPal
🏆 Patreon
💎 GitHub
🥤 BuyMeaCoffee
🍪 Ko-fi

Follow Me

🎬 YouTube
🐦 Twitter
🎨 Instagram
🐘 Mastodon
🧵 Threads
🎸 Facebook
🧊 Bluesky
🎥 TikTok
💻 LinkedIn
📣 daily.dev Squad
🧩 LeetCode
🐈 GitHub

Is this content AI-generated?

Nope! Each article is crafted by me, fueled by a deep passion for Docker and decades of IT expertise. While I employ AI to refine the grammar—ensuring the technical details are conveyed clearly—the insights, strategies, and guidance are purely my own. This approach may occasionally activate AI detectors, but you can be certain that the underlying knowledge and experiences are authentically mine.

Previous post

Install PuppetDB on Ubuntu Server

Next post

Install Zabbix on Ubuntu Server