Getting Started: Installing Your First Puppet Server with Foreman in Under 30 Minutes
In previous posts, we covered the basics of Puppet and the typical infrastructure components needed to run it effectively. If that sounded like a lot of setup work, here’s the good news: with a suitable virtual machine and a few straightforward commands, you can have a fully functional Puppet environment — complete with Foreman as the web interface and External Node Classifier (ENC) — up and running in about half an hour. This guide walks through installing Puppet 8 together with Foreman 3.17 (or a later compatible version) on a fresh system. The process is simple thanks to the official Foreman installer, which bundles everything using native OS packages and sensible defaults.
System Requirements and Supported Platforms
The Foreman installer handles most of the heavy lifting. According to the official quickstart documentation, here’s what you need:
- Memory: At least 4 GB RAM is required. For smoother operation (especially with other services running), plan for 8 GB. In production environments, 8 GB has proven more than sufficient even with moderate workloads.
- Disk space: Around 40 GB is plenty for most setups. Puppet code, modules, and reports don’t consume much space unless you’re distributing large binaries (which is uncommon).
- Operating system:
- Enterprise Linux 9 family — tested on AlmaLinux 9, CentOS Stream 9, and similar. Rocky Linux 9 works well too.
- Debian 11/12
- Ubuntu 22.04
The installer sets up:
- Foreman web UI
- Smart Proxy
- Puppet server
- (Optional) TFTP, DNS, and DHCP services for provisioning
Note: This guide targets Enterprise Linux 9 (e.g., Rocky Linux 9 or AlmaLinux 9), as it’s a common choice for Puppet environments.
For small labs or testing, start with a virtual machine. Popular hypervisors include VMware, VirtualBox, Proxmox, XenServer — or KVM if you’re on a Linux workstation like I am. Once the VM is running and accessible via SSH, you’re ready to begin.
Quick tip on SELinux: Unless you’re already comfortable tuning it, set SELinux to permissive mode during initial setup (sudo setenforce 0 and edit /etc/selinux/config). You can harden it later.
Step-by-Step Installation
Follow these commands on a clean, freshly installed EL9 system:
-
Enable the Puppet 8 repository
sudo dnf -y install https://yum.puppet.com/puppet8-release-el-9.noarch.rpm -
Enable the Foreman 3.17 repository
sudo dnf -y install https://yum.theforeman.org/releases/3.17/el9/x86_64/foreman-release.rpm -
Install the Foreman installer package
sudo dnf -y install foreman-installer -
Run the installer The simplest (and recommended) way is non-interactive mode:
sudo foreman-installerIf you prefer to review and customize options step by step:
sudo foreman-installer -iThe installer runs in the background, downloads packages, configures services, and sets up everything automatically. It usually takes 10–20 minutes depending on your internet speed and hardware.
Once finished, you’ll see output similar to this:
* Foreman is running at https://your-hostname.example.com
Initial credentials are admin / randomly-generated-password-here
* Foreman Proxy is running at https://your-hostname.example.com:8443
The full log is at /var/log/foreman-installer/foreman-installer.logYour Puppet server and Foreman are now live!
Important: The initial admin password is randomly generated and shown only once — copy it immediately. You should change it right after logging in.
Post-Installation Essentials
Using an External PostgreSQL Database (Recommended for Production)
By default, Foreman installs and uses a local PostgreSQL instance. For better performance, scalability, or high availability, switch to an external database.
- Edit
/etc/foreman/database.yml(production section):production: adapter: postgresql host: postgres.example.net # Your DB server hostname or IP sslmode: require # Enforce TLS database: foreman username: foreman password: your-strong-password-here pool: 9 # Important for connection pooling - apply the changes:
sudo foreman-rake db:migrate sudo foreman-rake db:seedTip: If migrating from the local DB, export your existing data first and import it into the new server to preserve hosts, configurations, and history.
Firewall Configuration
Make sure these ports are open so agents can connect:
- 8140/tcp — Puppet server (for agent catalog pulls)
- 8443/tcp — Foreman Smart Proxy
Example using firewalld:
sudo firewall-cmd --permanent --add-port=8140/tcp
sudo firewall-cmd --permanent --add-port=8443/tcp
sudo firewall-cmd --reloadFirst Login and Basic Setup
- Open your browser and go to https://your-hostname.example.com (accept the self-signed certificate for now).
- Log in with
adminand the generated password. - Immediately change the password and set up organizations and locations — these help organize hosts and apply policies correctly.
You’re Ready to Start!
At this point, you have a complete, working Puppet server integrated with Foreman. Agents can now check in, receive catalogs, and report back. Additional components like PuppetDB, r10k for environment management, or compile masters for scaling can be added later. For small to medium setups, this minimal configuration handles hundreds of nodes without issue. In upcoming posts, we’ll cover:
- Registering your first Puppet agent
- Configuring environments and modules
- Integrating with the ConfDroid Forge modules
- Scaling with compile masters and PuppetDB
If you run into any snags during installation, feel free to drop a note at the feedback portal: https://feedback.confdroid.com. Happy automating — your Puppet + Foreman journey starts now! 🚀
Did you find this post helpful? You can support me.
Related posts
Author Profile
Latest entries
blog23.01.2026Puppet with Foreman – Installation- blog20.01.2026ConfDroid Puppet Modules – Pilot
blog19.01.2026ConfDroid Forge – Pilot- blog16.01.2026Puppet with Foreman – Infrastructure
