This article is written for those who were searching for a detailed and simple for the understanding guide on how to install Foreman on Ubuntu Server.

Foreman is an open-source complete life cycle systems management tool for provisioning, configuring and monitoring of physical and virtual servers. Foreman has deep integration to configuration management software, with Ansible, Puppet, Chef, Salt and other solutions through plugins, which allows users to automate repetitive tasks, deploy applications, and manage change to deployed servers.

In this guide, we will consider the case when you already have a server with the Ubuntu Server 18.04 LTS operating system installed on it.

You can read more about how to install Ubuntu Server 18.04 LTS in my guide «Installing Ubuntu Server 18.04 LTS».

In addition, OpenSSH must be installed on the server, and port 22 must be open in order to be able to connect to the server using the SSH protocol.

To install OpenSSH on the server, you can use the command:

sudo apt-get install openssh-server

If you plan to connect to the server using the Windows operating system, you can use PuTTY, a freeware client for various remote access protocols, including SSH, Telnet, rlogin.

This guide covers connecting to a server using the iTerm2 terminal emulator installed on the macOS operating system.

Please note that you will need to open the following TCP ports to access your server:

  • 80 – for provisioning purposes.
  • 443 – to access the Foreman control panel.
  • 8140 – for Puppet Agent.
  • 5648 – for the client and Smart Proxy.
  • 9090 – for communication with Smart Proxy.

Connect to the server on which it is planned to install Foreman.

Name the server using the command:

sudo hostnamectl set-hostname foreman.heyvaldemar.net

In this guide, “foreman.heyvaldemar.net” is used as the name of the Foreman server.

The server with the agent installed must resolve the name of the Foreman server, and also the Foreman server must resolve the name of the client-server.

Verify that the server name has the correct DNS record, and update the /etc/hosts file on the server with the command:

echo "172.31.19.67 foreman.heyvaldemar.net puppet.heyvaldemar.net foreman puppet" | sudo tee -a /etc/hosts

In this guide, “foreman.heyvaldemar.net” is used as the name of the Foreman server.

Restart the hostamed service so that the changes made to the server name take effect using the command:

sudo systemctl restart systemd-hostnamed

Check the server name using the command:

hostname

Now replace the current shell process with a new one using the command:

exec bash

Now you need to download and install the Puppet Server repository configuration package.

Download the Puppet Server repository configuration package using the command:

wget https://apt.puppetlabs.com/puppet6-release-bionic.deb

Install the Puppet Server repository configuration package using the command:

udo dpkg -i puppet6-release-bionic.deb

Next, connect the Foreman repository using the command:

echo "deb http://deb.theforeman.org/ bionic 1.24" | sudo tee /etc/apt/sources.list.d/foreman.list

Next, connect the plugin repository for Foreman using the command:
 

echo "deb http://deb.theforeman.org/ plugins 1.24" | sudo tee -a /etc/apt/sources.list.d/foreman.list

Now add the official Foreman key using the command:

wget -q https://deb.theforeman.org/pubkey.gpg -O- | sudo apt-key add -

Update the local package index to the latest changes in the repositories using the command:

sudo apt update

Now install the Foreman Installer using the command:

sudo apt -y install foreman-installer

Now install Foreman using the command:

sudo foreman-installer

In the next step, you will receive the username and password of an account that has Foreman administrator rights.

Save this data in a safe place.

Puppet executables are located in the directory “/opt/puppetlabs/bin/”, which by default is not in the environment variable “PATH” and in the variable “secure_path”, which is used for “sudo” operations.

Please note that the path to the executable files does not matter for Puppet services since the launch of the services does not depend on “PATH” and “secure_path”.

By adding the path to the executable files to the variables, you can use sudo puppet agent -t instead of sudo /opt/puppetlabs/bin/puppet agent -t.

Add the path to the Puppet executables to the “secure_path” variable.

Open the “sudoers” configuration file in a text editor using the command:

sudo visudo

Find the “secure_path” variable, and at the end of the line, before the closing quote, add the path to the Puppet executables :/opt/puppetlabs/bin.

In order to save changes to the file “sudoers”, press “Ctrl + x”.

Now you need to confirm the changes to the file.

Press on the “y” button.

Press the “Enter” button to confirm the file is saved.

Now add the path to the Puppet executables to the “PATH” environment variable.

Open the “environment” configuration file in a text editor using the command:

sudo vim /etc/environment

Press the “i” button to switch to edit mode, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin.

Now press the “Esc” button to exit the editing mode, and then enter “:x” and press the “Enter” button to save the changes and exit the editor.

Now you can install the NTP module, which helps you install, configure, and manage the NTP service on client operating systems.

Install the NTP module using the command:

sudo puppet module install puppetlabs-ntp -i /etc/puppetlabs/code/modules/

Now you need to import the NTP module into the Foreman control panel.

From the workstation, follow the link https://foreman.heyvaldemar.net, where foreman.heyvaldemar.net is the name of my subdomain for accessing the Foreman control panel. You will need to specify your domain or subdomain by which your Foreman control panel will be accessible from the Internet.

In this guide, Mozilla Firefox is used as a web browser to connect to the Foreman control panel.

In the next step, you can see the warning “Warning: Potential Security Risk Ahead”.

Click on the “Advanced” button.

Next, click on the “Accept the Risk and Continue” button.

Default Foreman admin account login: admin

Please note that the password for the administrator account was generated after the installation of Foreman.

Specify the username and password of an account that has Foreman administrator rights and click on the “Log in” button.

In the menu on the left, select “Configure”, then “Classes”.

Next, click on the “Import environments from foreman.heyvaldemar.net” button.

In this guide, “foreman.heyvaldemar.net” is used as the name of the Foreman server.

Select the environment for which you want to import the module, and click on the “Update” button.

The module was successfully imported into the selected environment.

Next, connect to the server on which you plan to install the Puppet Agent.

Name the server using the command:

sudo hostnamectl set-hostname puppet-agent.heyvaldemar.net

In this guide, “puppet-agent.heyvaldemar.net” is used as the server name with the Puppet agent installed.

The server with the agent installed must resolve the name of the Foreman server, and also the Foreman server must resolve the name of the client-server.

Verify that the server name has the correct DNS record, and also update the “/etc/hosts” file by adding the IP address and name of the client-server using the command:

echo "172.31.27.184 puppet-agent.heyvaldemar.net puppet-agent" | sudo tee -a /etc/hosts

In this guide, “puppet-agent.heyvaldemar.net” is used as the server name with the Puppet agent installed.

Next, add the IP address and Foreman server name to the / etc / hosts file using the command:

echo "172.31.19.67 foreman.heyvaldemar.net puppet.heyvaldemar.net foreman puppet" | sudo tee -a /etc/hosts

Having this record will allow the server with the agent installed to resolve the Foreman server name even without a DNS record.

Restart the hostamed service so that the changes made to the server name take effect using the command:

sudo systemctl restart systemd-hostnamed

Check the server name using the command:

hostname

Now replace the current shell process with a new one using the command:

exec bash

Now you need to download and install the Puppet Agent repository configuration package.

Download the Puppet Agent repository configuration package using the command:

wget https://apt.puppetlabs.com/puppet6-release-bionic.deb

Install the Puppet Agent repository configuration package using the command:

sudo dpkg -i puppet6-release-bionic.deb

Update the local package index to the latest changes in the repositories using the command:

sudo apt update

Now install the Puppet Agent using the command:

sudo apt install -y puppet-agent

Puppet executables are located in the directory “/opt/puppetlabs/bin/”, which by default is not in the environment variable “PATH” and in the variable “secure_path”, which is used for “sudo” operations.

Please note that the path to the executable files does not matter for Puppet services since the launch of the services does not depend on “PATH” and “secure_path”.

By adding the path to the executable files to the variables, you can use sudo puppet agent -t instead of sudo /opt/puppetlabs/bin/puppet agent -t.

Add the path to the Puppet executables to the “secure_path” variable.

Open the “sudoers” configuration file in a text editor using the command:

sudo visudo

Find the “secure_path” variable, and at the end of the line, before the closing quote, add the path to the Puppet executables :/opt/puppetlabs/bin.

Now you need to confirm the changes to the file.

Press on the “y” button.

Press the “Enter” button to confirm the file is saved.

Now add the path to the Puppet executables to the “PATH” environment variable.

Open the “environment” configuration file in a text editor using the command:

sudo vim /etc/environment

Press the “i” button to switch to edit mode, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin.

Now press the “Esc” button to exit the editing mode, and then enter “:x” and press the “Enter” button to save the changes and exit the editor.

Next, you need to make changes to the Puppet configuration file by opening it in a text editor using the command:

sudo vim /etc/puppetlabs/puppet/puppet.conf

Press on the “i” button to enter the editing mode, add a new section “[main]” with the following parameters:

[main]
certname = puppet-agent.heyvaldemar.net
server = foreman.heyvaldemar.net
environment = production
runinterval = 15m

In this guide, the Puppet Agent is installed on the puppet-agent.heyvaldemar.net server. You will need to specify your server, through which your Puppet Agent will be available from the Internet or in the local network of your organization.

Foreman is also installed on the foreman.heyvaldemar.net server. You will need to specify your server, on which your Foreman will be available from the Internet or in your organization’s local network.

Please note that the “runinterval” parameter indicates the time interval between agent requests to the Foreman server.

Now press the “Esc” button to exit the editing mode, and then enter “:x” and press the “Enter” button to save the changes and exit the editor.

Start the Puppet Agent and include it in the autorun when the operating system starts up using the command:

sudo puppet resource service puppet ensure=running enable=true

Now you need to approve the certificate request for the server on which the Puppet Agent is installed so that later the client can receive the configuration from the Foreman server.

Return to the Foreman control panel and select “Infrastructure” in the menu on the left, then “Smart Proxies”.

Next, find the Foreman server and in the “Actions” section, in the drop-down list, select “Certificates”.

In this guide, “foreman.heyvaldemar.net” is used as the name of the Foreman server.

Now find the client server and in the “Actions” section, select “Sign”.

In this guide, “puppet-agent.heyvaldemar.net” is used as the server name with the Puppet agent installed.

The certificate for the client server has been successfully approved.

Now you can configure automatic certificate approval.

Go to the “Autosign entries” section and click on the “Create Autosign Entry” button.

Next, you can specify the domain for which Foreman will automatically approve certificates.

Please note that you must specify “*.” In front of the domain so that for all participants in the specified domain, certificates are automatically approved.

Click on the “Save” button.

Automatic certificate approval is configured.

Return to the server with the installed Puppet Agent.

Now you need to get the configuration for the client from the Puppet server using the command:

sudo puppet agent -t

The configuration for the client from the Foreman server was successfully received.

Author

Hi, I’m Vladimir Mikhalev, but my friends call me Valdemar. I have a lot of experience in the design and maintenance of various information systems. On my website, you will find detailed and clear guides for setting up IT solutions. Dive into the ocean, full of positive and technology! For cooperation: callvaldemar@gmail.com

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.