Foreman configuration » History » Version 13

« Previous - Version 13/14 (diff) - Next » - Current version
Thom Carlin, 07/10/2014 01:41 PM

Foreman configuration

Configuration is broken into two parts. The config/settings.yaml file and the SETTINGS/Foreman Settings page. The configuration file contains a few low-level options that need to be set before Foreman starts but the majority of Foreman customization is managed from within the program on the Foreman Settings page.

The config/settings.yaml file

YAML start

The first non-comment line of this file must be three dashes.



This boolean option configures whether Foreman requires users to to login. If it is set then each user will be expected to authenticate themselves and all operations will occur, and be audited, under their identity. When this option is false then all activity will be executed under the admin account.

:login: true


This boolean option configures whether Foreman insists on using only https/ssl encrypted communication channels in the web interface. This does not configure the channels used to contact the smart-proxies. Note that certain operations will still accept a http connection even if this is set, for example, the downloading of a finish script.

:require_ssl: true


This boolean option configures whether Foreman will act as a simple node classifier for puppet, or support the full spectrum of operations required for managing a host's lifecycle. When set to true then foreman will provide full host building facilities for various operating systems.

:unattended: true

The 'SETTINGS/Foreman Settings' page


When Foreman needs to mail the administrator then this is the email address that it will contact.
Default: root@<your domain>.


When Foreman receives a fact upload from a machine that it has not previously come across it will create a host in its database. If the facts from that host did not contain information about the puppet environment then it will assign the default_puppet_environment environment to this host.
Default: production


A Smart-variable's match criteria are evaluated in a specific order and if this search order is not provided then Default_variables_Lookup_Path is used.
Default: ["fqdn", "hostgroup", "os", "domain"]


This is the directory into which the rake puppet:rdoc:generate task will place the web-based on-line documentation for your puppet classes. It should be under a web server's control and the default location is served by Foreman's own web server.
Default: public/puppet/rdoc


The return address applied to outgoing emails.
Default: Foreman-noreply@<your domain>


Whether Smart-variables should be included in the yaml node information provided to puppet.
Default: true


The number of entries that will be shown in the web interface for list operations.
Default: 20


If this option is set to true then an email will be sent to the host's owner whenever a report is received that contains errors. If the host is not owned or Foreman is not configured to use logins then send the email to the administrator.
Default: false


Emails may contain embedded references to Foreman's web interface. This option allows the hostname component of the URL to be configured.
Default: foreman.<your domain>


If this option is set to true then Foreman will not update a host's IP and MAC with the values that it receives in a host's facts and it will also include Foreman's values for IP and MAC to puppet in its node information.
Default: false


If this option is set to true then Foreman will manage a host's Puppet certificate signing. If it is set to false then some external mechanism is required to ensure that the host's certificate request is signed.
Default: true


This it the modulepath that foreman uses when processing puppet modules. It is usually able to determine this itself at runtime but if it is not able to find a value then modulepath is used.
Default: /etc/puppet/modules


This is the number of minutes between each run of puppet.
Default: 30


The default puppet server hostname. For larger organizations this is often a non fqdn so that a name like puppet can be a different host within each DNS domain.
Default: puppet

Path to puppet.conf.
Default: /etc/puppet/puppet.conf


If this option is set to true then Foreman will be able to trigger a puppet run on any host that it manages.
Default: false


If a root password is not provided whilst configuring a host then this encrypted password is used when building the machine. The plain text password "123123" has been encrypted to produce the default value.
Default: xybxa6JUkz63w
(To generate a new one you should use: openssl passwd "your_password" )


The default templating system used within Foreman allows unlimited interpolated variables and expressions. This could obviously be abused so a evaluation environment is provided that restricts the template variables and expressions to a whitelist. When this option is true then only known helper methods and instance variables will be available in template expansion.
Default: true


The SSL Certificate Authority file that Foreman will use when connecting to its smart-proxies.
Default: The CA file used by puppet


The SSL certificate that Foreman will use when connecting to its smart-proxies.
Default: The host certificate used by puppet


The SSL private key file that Foreman will use when connecting to its smart-proxies.
Default: The private key file used by puppet


If Foreman receives an environment fact from one of its hosts and if this option is true, it will update the host's environment with the new value. By default this is not the case as Foreman should manage the host's environment.
Default: false


Set this option to true if your Foreman installation shares puppet's storeconfig database.
Default: true if puppet uses store configs otherwise false.