Foreman cookbook

Trying to reproduce puppet-foreman_proxy and puppet-foreman with Chef cookbooks.

Installs and configures Foreman and Foreman-smartproxy.

It can:

  • Install and configure Foreman Web ui
  • Install and configure a Foreman Smartproxy with dhcp, bmc, tftp, ...
  • Register smartproxies


This cookbook depends on theses external cookbooks:

  • apt
  • apache2
  • ark
  • bind
  • database
  • dhcp
  • git
  • hostname
  • hostsfile
  • mysql
  • postgresql
  • tftp

and requires:

  • Chef > 12
  • Ruby > 1.9


Currently testing on Ubuntu, Debian.


Foreman web ui

include_recipe 'foreman'

Install foreman smart proxy

Don't forget to edit attributes to be sure oauth have the same parameters and value as the foreman.

include_recipe 'foreman::proxy'



Key Type Description Default
['foreman']['path'] String Foreman installation path /usr/share/foreman
['foreman']['version'] String Foreman version stable
['foreman']['config_path'] String Configuration path /etc/foreman
['foreman']['config']['init'] String Init config path /etc/default/foreman
['foreman']['config']['init_tpl'] String Init config template foreman.default.erb
['foreman']['use_repo'] Boolean Use Foreman repository true
['foreman']['repo']['uri'] String Repository uri
['foreman']['repo']['components'] Array Repository components [stable]
['foreman']['repo']['key'] String Repository key
['foreman']['plugins'] Array Plugins installed via the package manager [foreman-libvirt, ruby-foreman-chef]
['foreman']['server_name'] String Server name to use for apache and fqdn foreman.example
['foreman']['environment'] String Foreman environment production
['foreman']['admin']['username'] String Admin username admin
['foreman']['admin']['password'] String Admin password changeme
['foreman']['admin']['first_name'] String Admin first name nil
['foreman']['admin']['last_name'] String Admin last name nil
['foreman']['admin']['email'] String Admin email nil
['foreman']['initial_organisation'] String Admin organisation nil
['foreman']['initial_location'] String Admin location nil
['foreman']['user'] String System user foreman
['foreman']['group'] String System group foreman
['foreman']['group_users'] Array System groups for foreman user []
['foreman']['db']['manage'] Boolean Manage the database true
['foreman']['db']['install'] Boolean Install the database true
['foreman']['db']['host'] String Database host nil
['foreman']['db']['port'] String Database port nil
['foreman']['db']['adapter'] String Database adapter postgresql
['foreman']['db']['real_adapter'] String Ruby adapter name postgresql
['foreman']['db']['ssl_mode'] Boolean Database in ssl nil
['foreman']['db']['database'] String Database name foreman
['foreman']['db']['username'] String Database username foreman
['foreman']['passenger']['install'] Boolean Install apache passenger mod true
['foreman']['passenger']['high_performance'] Boolean Mod passenger high performance true
['foreman']['passenger']['rack_autodetect'] Boolean Mod passenger rack autodetect false
['foreman']['passenger']['max_pool_size'] Integer Mod passenger max pool size nil
['foreman']['passenger']['pool_idle_time'] Integer Mod passenger pool idle time nil
['foreman']['passenger']['max_requests'] Integer Mod passenger max requests nil
['foreman']['passenger']['stat_throttle_rate'] Integer Mod passenger stat throttle rate nil
['foreman']['passenger']['use_global_queue'] Boolean Mod passenger global queue nil
['foreman']['passenger']['default_ruby'] String Mod passenger default ruby nil
['foreman']['passenger']['prestart'] Boolean Mod passenger prestart true
['foreman']['passenger']['min_instances'] Integer Mod passenger minimum instances 1
['foreman']['passenger']['start_timeout'] Integer Mod passenger start tiemout 600
['foreman']['passenger']['ruby'] String Mod passenger ruby path /usr/bin/ruby
['foreman']['passenger']['package'] String Mod passenger package libapache2-mod-passenger
['foreman']['ssl'] Boolean Foreman in Ssl true
['foreman']['ssl_dir'] String Ssl directory /etc/foreman/certs
['foreman']['ssl_ca_file'] String Ssl ca file /etc/foreman/certs/ca.crt
['foreman']['ssl_ca_key_file'] String Ssl ca key file /etc/foreman/certs/ca.key
['foreman']['ssl_cert_file'] String Ssl cert file /etc/foreman/certs/server.crt
['foreman']['ssl_cert_key_file'] String Ssl cert key file /etc/foreman/certs/server.key
['foreman']['ssl_cert_csr_file'] String Ssl cert csr file /etc/foreman/certs/server.csr
['foreman']['unattended'] Boolean Foreman unattented true
['foreman']['authentication'] Boolean Foreman authentication true
['foreman']['locations_enabled'] Boolean Foreman enable locations false
['foreman']['organizations_enabled'] Boolean Foreman enable organizations false
['foreman']['oauth_active'] Boolean Foreman oauth true
['foreman']['oauth_map_users'] Boolean Foreman oauth map users false
['foreman']['oauth_consumer_key'] String Foreman oauth consumer key Random string
['foreman']['oauth_consumer_secret'] String Foreman oauth consumer secret Random string
['foreman']['websockets_encrypt'] Boolean Foreman encrypt websockets true
['foreman']['websockets_ssl_key'] Boolean Foreman websockets ssl key /etc/ssl/certs/foreman.example.pem
['foreman']['websockets_ssl_cert'] Boolean Foreman websockets ssl cert /etc/ssl/privates_keys/foreman.example.pem


Key Type Description Default
['foreman-proxy']['version'] String Foreman proxy version stable
['foreman-proxy']['register'] Boolean Register foreman proxy in foreman true
['foreman-proxy']['config_path'] String Foreman proxy config path /etc/foreman-proxy
['foreman-proxy']['daemon'] Boolean Foreman proxy daemon true
['foreman-proxy']['user'] String Foreman proxy user foreman-proxy
['foreman-proxy']['group'] String Foreman proxy group foreman-proxy
['foreman-proxy']['group_users'] Array System groups for foreman-proxy user []
['foreman-proxy']['plugins'] Array Plugins installed via the package manager for the smartproxy [ruby-smart-proxy-chef]
['foreman-proxy']['log_file'] String Log file /var/log/foreman-proxy/proxy.log
['foreman-proxy']['log_level'] String Log level ERROR
['foreman-proxy']['puppetrun'] Boolean Puppetrun false
['foreman-proxy']['puppetrun_listen_on'] String Puppetrun listen on https
['foreman-proxy']['puppetca'] Boolean Puppetca false
['foreman-proxy']['puppetca_listen_on'] String Puppetca listen on https
['foreman-proxy']['puppet'] Boolean Puppet false
['foreman-proxy']['puppet_home'] String Puppet home directory /var/lib/puppet
['foreman-proxy']['puppet_url'] String Puppet url https://foreman.example:8140
['foreman-proxy']['puppet_use_environement_api'] Boolean Puppet environment api nil
['foreman-proxy']['puppet_autosign_location'] String Puppet autosign location /etc/puppet/autosign.conf
['foreman-proxy']['puppet_group'] String Puppet group puppet
['foreman-proxy']['puppet_ssl_dir'] String Puppet ssl directory /var/lib/puppet/ssl
['foreman-proxy']['puppetssh_sudo'] Boolean Puppet ssh use sudo false
['foreman-proxy']['puppetssh_command'] String Puppet ssh command /usr/bin/puppet agent --ontine --no-usecacheonfailure
['foreman-proxy']['puppetssh_user'] String Puppet ssh user root
['foreman-proxy']['puppetssh_keyfile'] String Puppet ssh key file /etc/foreman-proxy/id_rsa
['foreman-proxy']['puppetssh_wait'] Boolean Puppet ssh wait false
['foreman-proxy']['http'] Boolean Foreman http false
['foreman-proxy']['http_port'] String Foreman http port 8000
['foreman-proxy']['ssl'] Boolean Foreman use ssl true
['foreman-proxy']['https_port'] String Foreman ssl port 8443
['foreman-proxy']['ssl_ca_file'] String Foreman ssl ca file /etc/foreman/certs/ca.crt
['foreman-proxy']['ssl_cert_file'] String Foreman ssl cert file /etc/foreman/certs/server.crt
['foreman-proxy']['ssl_cert_key_file'] String Foreman ssl cert key file /etc/foreman/certs/server.key
['foreman-proxy']['registered_name'] String Foreman proxy registered name foreman.example
['foreman-proxy']['registered_proxy_url'] String Foreman proxy registered url https://foreman.example:8443
['foreman-proxy']['foreman_base_url'] String Foreman base url https://foreman.example
['foreman-proxy']['foreman_ssl_ca'] String Foreman ssl ca /etc/foreman/certs/ca.crt
['foreman-proxy']['foreman_ssl_cert'] String Foreman ssl cert /etc/foreman/certs/server.crt
['foreman-proxy']['foreman_ssl_key'] String Foreman ssl key /etc/foreman/certs/server.key
['foreman-proxy']['trusted_hosts'] Array Foreman proxy trusted hosts [foreman.example]
['foreman-proxy']['api_package'] String Apipie bindings ruby package ruby-apipie-bindings
['foreman-proxy']['dns'] Boolean Install dns server true
['foreman-proxy']['dns_listen_on'] String Dns listen on https
['foreman-proxy']['dns_managed'] Boolean Dns is managed by Chef true
['foreman-proxy']['dns_provider'] String Dns provider nsupdate
['foreman-proxy']['dns_interface'] String Dns interface eth0
['foreman-proxy']['dns_ttl'] String Dns ttl 86400
['foreman-proxy']['dns_server'] String Dns server
['foreman-proxy']['dns_realm'] String Dns realm FOREMAN.EXAMPLE
['foreman-proxy']['dns_tsig_keytab'] String Dns tsig keytab /etc/foreman-proxy/dns.keytab
['foreman-proxy']['dns_tsig_principal'] String Dns tsig princial foremanproxy/foreman.example@FOREMAN.EXAMPLE
['foreman-proxy']['dns_keyfile'] String Dns key file /etc/bind/rndc.key
['foreman-proxy']['dns_nsupdate'] String Dns nsupdate dnsutils
['foreman-proxy']['dhcp'] Boolean Proxy use dhcp true
['foreman-proxy']['dhcp_managed'] Boolean Install dhcp server true
['foreman-proxy']['dhcp_key_name'] String Dhcp key name nil
['foreman-proxy']['dhcp_key_secret'] String Dhcp key secret nil
['foreman-proxy']['dhcp_vendor'] String Dhcp vendor isc
['foreman-proxy']['dhcp_config'] String Dhcp config file node['dhcp']['config_file']
['foreman-proxy']['dhcp_leases'] String Dhcp leases files /var/lib/dhcp/dhcpd.leases
['foreman-proxy']['dhcp_interface'] String Dhcp interface eth0
['foreman-proxy']['dhcp_subnet'] String Dhcp subnet Ohai subnet
['foreman-proxy']['dhcp_netmask'] String Dhcp netmask Ohai netmask
['foreman-proxy']['dhcp_broadcast'] String Dhcp broadcast Ohai broadcast
['foreman-proxy']['dhcp_range'] Array Dhcp range []
['foreman-proxy']['dhcp_routers'] Array Dhcp routers [Ohai router]
['foreman-proxy']['dhcp_options'] Array Dhcp options ...
['foreman-proxy']['virsh_network'] String Virsh network default
['foreman-proxy']['bmc'] Boolean As bmc false
['foreman-proxy']['bmc_listen_on'] String Bmc listen on https
['foreman-proxy']['bmc_default_provider'] String Bmc default provider ipmitool
['foreman-proxy']['syslinux']['version'] String Syslinux version 6.03
['foreman-proxy']['syslinux']['url'] String Syslinux url ...
['foreman-proxy']['tftp'] Boolean As TFTP true
['foreman-proxy']['tftp_listen_on'] String TFTP listen on https
['foreman-proxy']['tftp_syslinux_root'] String TFTP syslinux root nil
['foreman-proxy']['tftp_root'] String TFTP root node['tftp']['directory']
['foreman-proxy']['tftp_dirs'] Array TFTP directories [pxelinux.cfg, boot]
['foreman-proxy']['servername'] String TFTP servername nil
['foreman-proxy']['realm'] Boolean As Realm false
['foreman-proxy']['real_listen_on'] String Realm listen on https
['foreman-proxy']['real_provider'] String Realm provider freeipa
['foreman-proxy']['real_keytab'] String Realm keytab /etc/foreman-proxy/freeipa.keytab
['foreman-proxy']['real_principal'] String Realm principal real-proxy@EXAMPLE.COM
['foreman-proxy']['freeipa_remove_dns'] Boolean Freeipa remove dns true
['foreman-proxy']['oauth_effective_user'] String Oauth effective user admin
['foreman-proxy']['oauth_consumer_key'] String Oauth consumer key Random password
['foreman-proxy']['oauth_consumer_secret'] String Oauth consumer secret Random password
['foreman-proxy']['templates'] Boolean As templates false
['foreman-proxy']['templates_listen_on'] String Templates listen on https
['foreman-proxy']['chef'] Boolean As Chef true
['foreman-proxy']['chef_authenticate_nodes'] Boolean Use Chef authenticate nodes true
['foreman-proxy']['chef_server_url'] String Chef server url
['foreman-proxy']['chef_smartproxy_clientname'] String Chef client name
['foreman-proxy']['chef_smartproxy_privatekey'] String Chef client private key /etc/chef/client.pem
['foreman-proxy']['chef_ssl_verify'] Boolean Verify chef ssl connection true
['foreman-proxy']['chef_ssl_pem_file'] String Chef ssl pem file /etc/chef/



This LWRP provides and easy way to register or unregister a smartproxy into foreman.


  • :create, register the smartproxy
  • :remove, unregister the smartproxy


  • smartproxy_name: Name of the smartproxy
  • base_url: Base url of foreman web api
  • effective_user: Foreman user
  • consumer_key: Oauth key
  • consumer_secret: Oauth secret
  • url: Url of the smartproxy
  • timeout: Request timeout


This LWRP reproduces the foreman-rake cli command.


  • :run, run foreman-rake command


  • rake_task: Rake task name
  • environement: Environement variables
  • timeout: Request timeout


This LWRP enable or disable proxy settings files.


  • :enable, enable setting file
  • :disable, disable setting file


  • module: Module name
  • listen_on: Module listen on which protocol
  • cookbook: Cookbook where is stored the template file
  • path: Path where the file will be created
  • owner: File owner
  • group: File group
  • mode: File mode
  • template_path: Template file path



