Common Issues

I can't login with the 'admin' account and 'rake permissions:reset' gives me an error.

Your account was created without an FQDN email address. Login to your SQL server and run "update users set mail='' where login='admin';"

I'm getting a 400 from my foreman-proxy when trying to:

Allocate DHCP addresses.

Make sure both dhcpd.conf and the dhcp leases file are both readable by your foreman-proxy user.

Run Puppet CA

Puppet needs special sudo permissions. Pay close attention to the manual at this section - http://theforeman.org/manuals/1.2/index.html#4.3.2SmartProxySettings - specifically, "Puppet Certificate Authority Section".

Other FAQ

Does Foreman support Puppet 4?

Support for Puppet 4 has been added from Foreman 1.12.0. Follow https://theforeman.org/manuals/latest/quickstart_guide.html to install it.

Does Foreman support Puppet 3?

Support for Puppet 3 has been added in Foreman 1.1 (proxy and web UI). The PuppetThreeWorkarounds page has additional details about pre-1.1 issues.

Upgrade puppet from v2 to v3 gotchas

/etc/sudoers.d/foreman-proxy still contains the old puppet commands which will cause the provision URL not to work, errors will be in /var/log/foreman-proxy/proxy.log about sudo failing, error in /var/log/foreman/production.log is about Failed to remove hosts.domain.com's puppet certificate: 406 Not Acceptable. Solution is to edit the file and change its content to:

foreman-proxy ALL = NOPASSWD : /usr/bin/puppet cert *, /usr/bin/puppet kick *
Defaults:foreman-proxy !requiretty

Might need a service restart, server reboot certainly works.

The config.ru file used for Passenger also changes. Update the /etc/puppet/rack/config.ru file as per the Puppet release notes diff.

How does Foreman work with PuppetDB?

Foreman does not use PuppetDB, nor does PuppetDB use Foreman. While they can both be used at the same time if you wish, there is no integration between these two tools.

In the past Foreman used to use the ActiveRecord based Storeconfigs setup, to access facts but this is now deprecated (see Puppet Facts for the correct way to configure this now).

Reports can now be stored in PuppetDB (since version 1.1.0) but Foreman uses its own report storage to present reports to you, and will not use the reports stored in PuppetDB.

If you wish to use an alternative to PuppetDB exported resources, you can utilize foreman search API - see This Blog Entry

The puppetdb_foreman plugin can be used to deactivate nodes in PuppetDB automatically when they are deleted from Foreman's database.

I'm not using Storeconfigs, how can I still use Foreman?

See Puppet Facts

I'm using Storeconfigs, how can I populate various settings in Foreman that are required for hands free (unattended) installations?

See Puppet Facts

I don't want to use Foreman for unattended installations can I disable it?

see Unattended_installations

How can I migrate from an other External Node Classifier to Foreman ?

see External Nodes

How do I configure my database ?

see Database configuration

Can I switch from SQLite to MySQL and keep my data ?

see Database_configuration

How do I start a Rails Console?

Use

cd /usr/share/foreman
rails console

or if you use RHEL6

scl enable ruby193 "rails console"

Warning: Make a backup of your data if you are going to commit any data changes via console.

How do I log my Foreman environments to a different location other than '/var/log'?
cd ~foreman/config/environments
vi production.rb

Add the following line

config.paths["log"] = "/new/log/directory/#{Rails.env}.log" 

Production.log will now be found and updated at the path specified. Remember to update your logrotations.
Repeat for other environments.

What is a good set of API permissions for the AWS account used by Foreman?

This is a safe place to start. (Written in AWS IAM syntax.)

{"Version": "xxx",
"Statement": [{ "Effect": "Allow", "Action": [
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeImages",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeRegions",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeAddresses",
"ec2:DescribeTags",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
"ec2:DescribeVolumeStatus",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:CreateNetworkInterface",
"ec2:CreateKeyPair",
"ec2:RunInstances",
"ec2:StopInstances",
"ec2:StartInstances",
"ec2:TerminateInstances",
"ec2:AttachVolume",
"ec2:AssociateAddress",
"ec2:DestroyKeyPair",
"ec2:GetConsoleOutput" 
], "Resource": "*" }]}

What about other operating systems?

see Other_operating_system

Will Foreman manage non OpenSource services (e.g. DNS/DHCP etc) ?

Yes! we understand that many enterprises relay on non opensource infrastrucutre as well. We support MS DNS and DHCP services
If you have any additional requirements, please enter a feature request.

Whats planned for the next major release?

See the roadmap

If you want additional features, please open a new feature request here !

I want to contribute, how can I do ?

see Contribute

How do I create resources or use defined types in Foreman?

See Instantiate_Puppet_resources

Does Foreman work with Hiera?

Yes, you can use either or both. Puppet can get class parameter values from an ENC such as Foreman, or from Hiera. The choice of which to use depends on what your aims and requirements are - see this Ask Puppet question and answer for a comparison.

If a parameter is set to "Override" in Foreman and is given a value, then Puppet will use this value. If the "Use Puppet default" checkbox is ticked either for the default value or for a host override, then Foreman won't send a value. Click "YAML" on a host page to check, or run node.rb.

If Foreman isn't supplying a value then Puppet will try Hiera or other data bindings, then will use the class default value if set. Set up your Hiera configuration, usually at /etc/puppet/hiera.yaml (often this is a symlink to/from /etc/hiera.yaml) and it should work as normal.