Need answers fast? Your friendly Spider-Dev is live on Discord:
Install Foreman on Ubuntu Server
This article is for those looking for a detailed and straightforward guide on installing Foreman on Ubuntu Server.
Foreman is open-source software for deploying, configuring and monitoring physical and virtual servers. Foreman can integrate with Ansible, Puppet, Chef, Salt and other configuration management software products.
IMPORTANTOpenSSH must be installed on the server, and port 22 must be open in order to be able to connect to the server using the SSH protocol.
To install OpenSSH on a server, you can use the command:
sudo apt install openssh-serverNOTETo connect to the server from a Windows system, you can use tools like PuTTY or MobaXterm.
NOTEThis guide walks you through connecting to a server with the iTerm2 terminal emulator on macOS.
CAUTIONYou will need to open the following TCP ports for access to the services:
- TCP port 80 - for the configuration deployment service.
- TCP port 443 - to access the Foreman control panel.
- TCP port 8140 - for Puppet Agent to work.
- TCP port 5648 - for client and Smart Proxy operation.
- TCP port 9090 - for communication with Smart Proxy.
We connect to the server on which you plan to install Foreman.
Let’s name the server using the command:
sudo hostnamectl set-hostname foreman.heyvaldemar.netThis tutorial uses foreman.heyvaldemar.net as the Foreman server name.
The server with the agent installed must resolve the name of the Foreman server, and also the Foreman server must resolve the name of the client-server.
Make sure the server name has the correct DNS entry and also update the “/etc/hosts” file on the server with the command:
echo "10.170.18.186 foreman.heyvaldemar.net puppet.heyvaldemar.net foreman puppet" | sudo tee -a /etc/hostsThis tutorial uses foreman.heyvaldemar.net as the Foreman server name.
Restart the hostamed service for the changes to the server name to take effect using the command:
sudo systemctl restart systemd-hostnamed
Let’s check the correctness of the server name using the command:
hostname
Now let’s replace the current shell process with a new one using the command:
exec bash
Now you need to download and install the Puppet Server repository configuration package.
Download the Puppet Server repository configuration package using the command:
wget https://apt.puppetlabs.com/puppet6-release-bionic.deb
Install the Puppet Server repository configuration package using the command:
sudo dpkg -i puppet6-release-bionic.deb
Next, we connect the Foreman repository using the command:
echo "deb http://deb.theforeman.org/ bionic 2.4" | sudo tee /etc/apt/sources.list.d/foreman.list
Next, connect the Foreman plugin repository using the command:
echo "deb http://deb.theforeman.org/ plugins 2.4" | sudo tee -a /etc/apt/sources.list.d/foreman.list
Now let’s add the official Foreman key using the command:
wget -q https://deb.theforeman.org/pubkey.gpg -O- | sudo apt-key add -
Update the local package index to the latest changes in the repositories using the command:
sudo apt update
Now install Foreman Installer using the command:
sudo apt -y install foreman-installer
Now install Foreman using the command:
sudo foreman-installer
In the next step, you will receive the username and password of an account with Foreman administrator rights.
Save this data in a safe place.
Puppet binaries are located in the “/opt/puppetlabs/bin/” directory, which is not in the “PATH” environment variable by default and in the “secure_path” variable that is used for “sudo” operations.
NOTEThe path to the executable files is irrelevant for the Puppet services since the start of the services does not depend on the “PATH” and “secure_path”.
By adding the path to executable files to variables, you can use:
sudo puppet agent -tInstead:
sudo /opt/puppetlabs/bin/puppet agent -tAdd the path to the Puppet executable files to the “secure_path” variable.
Open the “sudoers” configuration file in a text editor using the command:
sudo visudo
Find the variable “secure_path”, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin.
In order to save the changes in the “sudoers” file, press “Ctrl + x”.
Now you need to confirm the changes in the file.
Click on the “y” button.
Press the “Enter” button to confirm saving the file.
Now let’s add the path to the Puppet executables to the “PATH” environment variable.
Open the “environment” configuration file in a text editor using the command:
sudo vim /etc/environment
Press the “i” button to enter edit mode, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin.
Now press the “Esc” button to exit edit mode, then type "
You can now install the NTP module to help you install, configure, and manage the NTP service on client operating systems.
Install the NTP module using the command:
sudo puppet module install puppetlabs-ntp -i /etc/puppetlabs/code/modules/
Now you need to import the NTP module into your Foreman control panel.
From the workstation, go to the link https://foreman.heyvaldemar.net, where foreman.heyvaldemar.net is the name of my subdomain to access the Foreman control panel. You will need to specify your domain or subdomain through which your Foreman control panel will be accessible from the Internet.
This guide uses Mozilla Firefox as the web browser to connect to the Foreman Control Panel.
In the next step, you can see the warning “Warning: Potential Security Risk Ahead”.
Click on the “Advanced” button.
Next, click on the “Accept the Risk and Continue” button.
Default login for Foreman administrator account: admin
NOTEThe password for the administrator account was generated after the Foreman installation was completed.
Specify the username and password of an account with Foreman administrator rights, and click on the “Log in” button.
From the menu on the left, select “Configure”, then “Classes”.
Next, click on the button “Import environments from foreman.heyvaldemar.net.
This tutorial uses foreman.heyvaldemar.net as the Foreman server name.
Select the environment for which you want to import the module, and click on the “Update” button.
The module has been successfully imported into the selected environment.
Next, we connect to the server on which you plan to install Puppet Agent.
Let’s name the server using the command:
sudo hostnamectl set-hostname puppet-agent.heyvaldemar.netThis tutorial uses puppet-agent.heyvaldemar.net as the name of the server with the Puppet agent installed.
The server with the agent installed must resolve the name of the Foreman server, and also the Foreman server must resolve the name of the client-server.
Make sure the server name has the correct DNS entry and also update the “/etc/hosts” file with the IP address and client-server name using the command:
echo "10.170.18.152 puppet-agent.heyvaldemar.net puppet-agent" | sudo tee -a /etc/hostsThis tutorial uses puppet-agent.heyvaldemar.net as the name of the server with the Puppet agent installed.
Next, add the IP address and name of the Foreman server to the “/etc/ hosts” file using the command:
echo "10.170.18.186 foreman.heyvaldemar.net puppet.heyvaldemar.net foreman puppet" | sudo tee -a /etc/hostsThe presence of this record will allow the server with the agent installed to resolve the Foreman server name even without a DNS record.
Restart the hostamed service for the changes to the server name to take effect using the command:
sudo systemctl restart systemd-hostnamed
Let’s check the correctness of the server name using the command:
hostname
Now let’s replace the current shell process with a new one using the command:
exec bash
Now you need to download and install the Puppet Agent repository configuration package.
Download the Puppet Agent repository configuration package using the command:
wget https://apt.puppetlabs.com/puppet6-release-bionic.deb
Install the Puppet Agent repository configuration package using the command:
sudo dpkg -i puppet6-release-bionic.deb
Update the local package index to the latest changes in the repositories using the command:
sudo apt update
Now install Puppet Agent using the command:
sudo apt install -y puppet-agent
Puppet binaries are located in the “/opt/puppetlabs/bin/” directory, which is not in the “PATH” environment variable by default and in the “secure_path” variable that is used for “sudo” operations.
NOTEThe path to the executable files is irrelevant for the Puppet services since the start of the services does not depend on the “PATH” and “secure_path”.
By adding the path to executable files to variables, you can use:
sudo puppet agent -tInstead:
sudo /opt/puppetlabs/bin/puppet agent -tAdd the path to the Puppet executable files to the “secure_path” variable.
Open the “sudoers” configuration file in a text editor using the command:
sudo visudo
Find the variable “secure_path”, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin.
Now you need to confirm the changes in the file.
Click on the “y” button.
Press the “Enter” button to confirm saving the file.
Now let’s add the path to the Puppet executables to the “PATH” environment variable.
Open the “environment” configuration file in a text editor using the command:
sudo vim /etc/environment
Press the “i” button to enter edit mode, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin.
Now press the “Esc” button to exit edit mode, then type "
Next, you need to make changes to the Puppet configuration file by opening it in a text editor using the command:
sudo vim /etc/puppetlabs/puppet/puppet.conf
Press the “i” button to switch to edit mode, add a new section [main] with the following parameters:
[main]certname = puppet-agent.heyvaldemar.netserver = foreman.heyvaldemar.netenvironment = productionruninterval = 15mNOTEIn this tutorial, Puppet Agent is installed on the
puppet-agent.heyvaldemar.netserver. You will need to specify your server through which your Puppet Agent will be accessible from the Internet or on the local network of your organization.
Foreman is also installed on the foreman.heyvaldemar.net server. You will need to specify your server through which your Foreman will be accessible from the Internet or from the local network of your organization.
NOTEThe “runinterval” parameter specifies the time interval between agent requests to the Foreman server.
Now press the “Esc” button to exit edit mode, then type "
Launch Puppet Agent and enable it to autostart when the operating system starts up using the command:
sudo puppet resource service puppet ensure=running enable=true
Now you need to approve the certificate request for the server on which the Puppet Agent is installed so that the client can subsequently receive the configuration from the Foreman server.
Return to the Foreman control panel and select “Infrastructure” from the menu on the left, then “Smart Proxies”.
Next, find the Foreman server, and in the “Actions” section, in the drop-down list, select “Certificates”.
This tutorial uses foreman.heyvaldemar.net as the Foreman server name.
Now we find the client-server and in the “Actions” section, select “Sign”.
This tutorial uses puppet-agent.heyvaldemar.net as the name of the server with the Puppet agent installed.
The certificate for the client-server has been successfully approved.
You can now configure automatic certificate approval.
Go to the “Autosign entries” section and click on the “Create Autosign Entry” button.
Next, you can specify the domain for which Foreman will automatically approve certificates.
NOTEYou must specify
*Before the domain, so that all members of the specified domain will automatically approve certificates.
Click on the “Save” button.
Automatic certificate approval is configured.
We return to the server with the Puppet Agent installed.
Now you need to get the configuration for the client from the Puppet server using the command:
sudo puppet agent -t
The configuration for the client from the Foreman server was successfully received.
Social Channels
- 🎬 YouTube
- 🐦 X (Twitter)
- 🐘 Mastodon
- 🧵 Threads
- 🧊 Bluesky
- 🎥 TikTok
- 📣 daily.dev Squad
- ✈️ Telegram
- 🐈 GitHub
Community of IT Experts
- 👾 Discord
Is this content AI-generated?
No. Every article on this blog is written by me personally, drawing on decades of hands-on IT experience and a genuine passion for technology.
I use AI tools exclusively to help polish grammar and ensure my technical guidance is as clear as possible. However, the core ideas, strategic insights, and step-by-step solutions are entirely my own, born from real-world work.
Because of this human-and-AI partnership, some detection tools might flag this content. You can be confident, though, that the expertise is authentic. My goal is to share road-tested knowledge you can trust.